Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I Got KeyLogged Help Me Plz!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

I Got KeyLogged Help Me Plz!

Unread postby MagicFish » May 1st, 2007, 1:36 am

Here is my Hijackthis Logs

Logfile of HijackThis v1.99.1
Scan saved at 10:27:26 PM, on 4/30/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\PSIService.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINNT\system32\bpk.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.d2jsp.org/index.php?showforum=168
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - C:\WINNT\system32\bpkwb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [bpk] C:\WINNT\system32\bpk.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Vegas Poker 247 - {E913D28B-4327-4f36-B303-D08ADF847142} - C:\Documents and Settings\All Users\Start Menu\Programs\Vegas Poker 247\Vegas Poker 247.lnk (file missing)
O9 - Extra 'Tools' menuitem: Vegas Poker 247 - {E913D28B-4327-4f36-B303-D08ADF847142} - C:\Documents and Settings\All Users\Start Menu\Programs\Vegas Poker 247\Vegas Poker 247.lnk (file missing)
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/ ... poti_x.cab
O16 - DPF: Yahoo! Word Racer - http://download2.games.yahoo.com/games/ ... /wt1_x.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINNT\system32\PSIService.exe



Any help on this would be greatly apprieciated.
MagicFish
Active Member
 
Posts: 6
Joined: May 1st, 2007, 1:28 am
Advertisement
Register to Remove

Unread postby Shaba » May 1st, 2007, 5:30 am

Hi MagicFish

Yes, you seem to have Perfect Keylogger installed.

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

Image

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby MagicFish » May 1st, 2007, 8:12 pm

Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.8
ATI - Software Uninstall Utility
ATI Display Driver
AutoIt v3.2.2.0
Corel Paint Shop Pro Photo XI
Diablo II
HijackThis 1.99.1
Hotfix for MDAC 2.53 (KB911562)
Hotfix for MDAC 2.53 (KB927779)
J2SE Runtime Environment 5.0 Update 11
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
mm.BOT
MSN
MSN Messenger 7.0
MSXML 4.0 SP2 (KB927978)
Panda ActiveScan
PokerStars
QuickTime
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows 2000 (KB923689)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Spy Sweeper
SpywareBlaster v3.5.1
Update Rollup 1 for Windows 2000 SP4
Windows 2000 Hotfix - KB842773
Windows 2000 Hotfix - KB893756
Windows 2000 Hotfix - KB896358
Windows 2000 Hotfix - KB896422
Windows 2000 Hotfix - KB896423
Windows 2000 Hotfix - KB896424
Windows 2000 Hotfix - KB899587
Windows 2000 Hotfix - KB899589
Windows 2000 Hotfix - KB900725
Windows 2000 Hotfix - KB901017
Windows 2000 Hotfix - KB901214
Windows 2000 Hotfix - KB905414
Windows 2000 Hotfix - KB905495
Windows 2000 Hotfix - KB905749
Windows 2000 Hotfix - KB908519
Windows 2000 Hotfix - KB908531
Windows 2000 Hotfix - KB911280
Windows 2000 Hotfix - KB911567
Windows 2000 Hotfix - KB912919
Windows 2000 Hotfix - KB913580
Windows 2000 Hotfix - KB914388
Windows 2000 Hotfix - KB914389
Windows 2000 Hotfix - KB917008
Windows 2000 Hotfix - KB917422
Windows 2000 Hotfix - KB917537
Windows 2000 Hotfix - KB917736
Windows 2000 Hotfix - KB917953
Windows 2000 Hotfix - KB918118
Windows 2000 Hotfix - KB920213
Windows 2000 Hotfix - KB920670
Windows 2000 Hotfix - KB920683
Windows 2000 Hotfix - KB920685
Windows 2000 Hotfix - KB920958
Windows 2000 Hotfix - KB921398
Windows 2000 Hotfix - KB922582
Windows 2000 Hotfix - KB922616
Windows 2000 Hotfix - KB922760
Windows 2000 Hotfix - KB923191
Windows 2000 Hotfix - KB923414
Windows 2000 Hotfix - KB923694
Windows 2000 Hotfix - KB923980
Windows 2000 Hotfix - KB924191
Windows 2000 Hotfix - KB924270
Windows 2000 Hotfix - KB924667
Windows 2000 Hotfix - KB925454
Windows 2000 Hotfix - KB925486
Windows 2000 Hotfix - KB925902
Windows 2000 Hotfix - KB926247
Windows 2000 Hotfix - KB926436
Windows 2000 Hotfix - KB928090
Windows 2000 Hotfix - KB928843
Windows 2000 Hotfix - KB929969
Windows 2000 Hotfix - KB930178
Windows 2000 Hotfix - KB931784
Windows 2000 Hotfix - KB932168
Windows Installer 3.1 (KB893803)
Windows Media Player Hotfix [See Q828026 for more information]
Windows Media Player system update (9 Series)
WinRAR archiver
Yahoo! Messenger
MagicFish
Active Member
 
Posts: 6
Joined: May 1st, 2007, 1:28 am

Unread postby Shaba » May 2nd, 2007, 2:50 am

Hi

Open HijackThis, click do a system scan only and checkmark these:

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: PK IE Plugin - {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} - C:\WINNT\system32\bpkwb.dll
O4 - HKLM\..\Run: [bpk] C:\WINNT\system32\bpk.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm


Close all windows including browser and press fix checked.

Boot in safe mode

Delete these if present:

C:\WINNT\system32\bpkwb.dll
C:\WINNT\system32\bpk.exe

Empty Recycle Bin

Reboot

Post a fresh HijackThis log.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby MagicFish » May 2nd, 2007, 9:30 am

Logfile of HijackThis v1.99.1
Scan saved at 6:29:31 AM, on 5/2/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\PSIService.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.d2jsp.org/index.php?showforum=168
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] "mobsync.exe" /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Vegas Poker 247 - {E913D28B-4327-4f36-B303-D08ADF847142} - C:\Documents and Settings\All Users\Start Menu\Programs\Vegas Poker 247\Vegas Poker 247.lnk (file missing)
O9 - Extra 'Tools' menuitem: Vegas Poker 247 - {E913D28B-4327-4f36-B303-D08ADF847142} - C:\Documents and Settings\All Users\Start Menu\Programs\Vegas Poker 247\Vegas Poker 247.lnk (file missing)
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/ ... poti_x.cab
O16 - DPF: Yahoo! Word Racer - http://download2.games.yahoo.com/games/ ... /wt1_x.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINNT\system32\PSIService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
MagicFish
Active Member
 
Posts: 6
Joined: May 1st, 2007, 1:28 am

Unread postby Shaba » May 2nd, 2007, 9:44 am

Hi

Next step is to change all your online passwords and contact bank/credit card company if you have used their services via this computer.

Also, you should now install antivirus and firewall.

Looking over your log, it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:

1) Antivir PersonalEdition Classic- Free anti-virus software for Windows. Detects and removes more than 50,000 viruses. Free support.
2) avast! 4 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition - Free edition of the AVG anti-virus program for Windows.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

Looking over your log, it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

1) ZoneAlarm
2) Agnitum
3) Sunbelt/Kerio
4) Comodo

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

After those steps, please post a fresh HijackThis log :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby MagicFish » May 2nd, 2007, 9:22 pm

Logfile of HijackThis v1.99.1
Scan saved at 6:22:46 PM, on 5/2/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\PSIService.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.d2jsp.org/index.php?showforum=168
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] "mobsync.exe" /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/ ... poti_x.cab
O16 - DPF: Yahoo! Word Racer - http://download2.games.yahoo.com/games/ ... /wt1_x.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINNT\system32\PSIService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
MagicFish
Active Member
 
Posts: 6
Joined: May 1st, 2007, 1:28 am

Unread postby Shaba » May 3rd, 2007, 2:08 am

Hi

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:

    o Scan using the following Anti-Virus database:

    + Extended (If available otherwise Standard)

    o Scan Options:

    + Scan Archives
    + Scan Mail Bases

  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Post:

- a fresh HijackThis log
- kaspersky report
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby MagicFish » May 3rd, 2007, 7:58 pm

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, May 03, 2007 4:59:11 PM
Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 3/05/2007
Kaspersky Anti-Virus database records: 311775
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 47157
Number of viruses found: 3
Number of infected objects: 6
Number of suspicious objects: 0
Duration of the scan process: 00:53:37

Infected Object Name / Virus Name / Last Action
C:\WINNT\system32\config\software.LOG Object is locked skipped
C:\WINNT\system32\config\default.LOG Object is locked skipped
C:\WINNT\system32\config\SECURITY Object is locked skipped
C:\WINNT\system32\config\SECURITY.LOG Object is locked skipped
C:\WINNT\system32\config\SYSTEM.ALT Object is locked skipped
C:\WINNT\system32\config\SAM Object is locked skipped
C:\WINNT\system32\config\SAM.LOG Object is locked skipped
C:\WINNT\system32\config\SYSTEM Object is locked skipped
C:\WINNT\system32\config\SOFTWARE Object is locked skipped
C:\WINNT\system32\config\DEFAULT Object is locked skipped
C:\WINNT\system32\config\AppEvent.Evt Object is locked skipped
C:\WINNT\system32\config\SecEvent.Evt Object is locked skipped
C:\WINNT\system32\config\SysEvent.Evt Object is locked skipped
C:\WINNT\Debug\PASSWD.LOG Object is locked skipped
C:\WINNT\Debug\oakley.log Object is locked skipped
C:\WINNT\Debug\ipsecpa.log Object is locked skipped
C:\WINNT\SchedLgU.Txt Object is locked skipped
C:\WINNT\CSC\00000001 Object is locked skipped
C:\WINNT\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINNT\WindowsUpdate.log Object is locked skipped
C:\Documents and Settings\Default User\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Default User\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSBB0AD01A-56A5-4906-8EAE-44B6F2A0F917.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS4E4986CA-9221-47D4-97D3-75476AA6FE84.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS289537C6-FC4B-453D-8EF4-2ABDC2AB5172.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSA1ED1A90-7353-466C-B57C-978569C17E59.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSAAF0F2B6-BDEF-4105-A4E0-F4A0F8AD681D.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS54B93F00-8DB5-4CB2-BB86-B7582BE31DC8.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS8FC82398-3398-4C37-9790-A597110884D5.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS4906E9EF-4452-4B6F-94D3-CA9A5FB2BA52.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSC8F8226A-C0FE-4831-99AC-934A7A7CE989.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS640AB91B-B66F-483B-8401-4C2FBE31C13E.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS837F6DD1-46B9-438F-9130-0C6E615EE629.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS4418807C-1B0B-4456-92B4-B1FA190BA303.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS690ADDFF-D19C-4C74-A1A5-AF6F9BF33B5E.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSEB395694-E44B-4011-BE6A-ECBA4D21012D.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSBD53F2D7-B4E4-4D95-97B3-196FE18691F4.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS6CFB3D7B-E265-4D49-8035-108F7118AFE3.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS43E618F5-3C2D-4BBB-BF0C-835EF06D8242.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSCD868C48-6D21-45CC-9361-A596287F2CDE.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSA26CE452-191D-4F4E-9C62-CCC5EFAFA042.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS074DD074-93EA-4027-8406-3807521C601C.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS134E0AEC-137C-4DF0-82C6-FC3B6CD578B8.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS88F69788-D1EA-4751-8C97-5E5F275C4659.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS84905269-91E0-4FB0-8101-1EBB0A813293.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSAF19D0C4-914F-42AF-A3E1-50372F0A24B0.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSBC426423-A059-4F8B-8CF8-CA9407FD19CA.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS9EAD0909-2E42-4B7D-A591-A0A7EBEFAECA.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSDB57AFE1-CD6F-483A-B51D-767666D1E051.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS53E6AB04-D65E-4F55-BDAB-7FC1101B8856.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS6F1540AB-55D4-4D17-9F2A-C2808CCCD90E.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSAE122207-C57B-4CDF-AED7-7E2BED9E8353.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS8B792C97-140E-4495-A630-076525059C9B.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSE148F9C9-D7AA-40D8-ABDE-C9690FD8CB98.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS62E938E0-B708-4F96-B590-F8638A1F744A.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS340105BE-7D34-44D6-85BD-E4F271B50DA1.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSA589C7DD-7D6B-47CC-83E3-C6FBE626285A.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS424A71FB-1732-4AB8-B940-F6FE2FF00035.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS943FD6F7-D48E-4BE2-8FFB-B486A0789288.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS69AC9174-CC5E-4E79-BCB3-7D1504387765.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS4D434FBB-61D0-4217-8DF2-E427A3ABB900.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS6DCF0AE3-FA3E-4C98-B741-735C7F415A3D.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS8803BE57-9075-4E63-8F0D-53B98AFD1357.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS0E298F04-A980-4F48-9A0E-8AB1B77D527E.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS615AA7D9-5FF1-4EF4-8FB5-98CADE7F7E7A.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS9CEAD3B9-9A9B-4FD2-BAE4-30B5BD6C1E8E.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSA1943E6A-00C3-4BFE-B1C8-A68B9D198F67.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSD23E204F-39AF-4616-8537-B6F2450E6063.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSA6447BDE-AFA6-4402-91DA-582309347C49.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSC9BAEE4E-3BF2-487A-9E7C-43C887015748.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS186D4E86-DE3E-4271-B08B-E220638326FA.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS7B8E55AC-A6F0-4F57-A34F-89511E64FE3A.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSC906ECC6-FCBF-481A-A154-567B64A25F68.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSE0D948F2-CF0F-4358-B078-C9C3519F11E5.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSB9565268-8A03-40AD-AA4C-81E1CF09E5A9.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSCF15952E-AB17-4908-8F18-6D8EDFA9CAA4.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS259DE69E-A8B9-4DE8-A7F2-24415D092A87.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS58C11FED-E76B-42B3-A574-1E6E7D107024.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSD01CC9B3-BC9B-4754-9EFE-9305116224CF.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS54035981-F5B0-4FC9-B815-221FF9A8FD8A.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSB86C1485-313B-47D8-AAAF-01DE04E4399C.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS45DE1171-6955-4C15-BC59-4AB593BF481C.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSA4443F67-26F5-4DAF-A1C7-D100D9847A73.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSEB0B5C96-E94F-4A68-8C49-7ED014745099.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS0869775D-351D-4EAE-AA36-302FC8E81031.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS94BE9B75-C2A3-4FF0-920F-CC01D316BB62.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS802D7B08-1D8C-4A0E-91D5-F9BD4330C072.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSFBB1560B-567C-475D-A008-776C8001E9DD.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS5B1FCCC1-5ECC-44E5-B9D5-F9064D08923E.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS256964C0-BDC4-456C-9F45-E34FB17E5447.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS8DF9EE9E-F2CC-4732-80D0-E32C245708EA.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS515DAB77-965D-4FAB-AFE5-3B44DD0A37ED.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSFF226719-CDBB-42B2-9027-5015159DFA8C.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS3BBAF67F-C639-455D-80D1-4BB2A6469834.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSB7E4DE86-0DAB-4C10-9B59-28F4EC504452.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSBC5E954D-BEAA-46C3-A397-90534E042D39.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS83C5BEF8-47DA-484F-AB0B-282864EBA133.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS768E0227-0621-4035-A19E-C7926951BF23.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSC786DA22-5F74-4BC5-B5E9-BA2BF9861367.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS27EFE725-A11B-4219-A54A-8E5F319ED127.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS7F34C068-9839-416E-8785-73338A77E5C8.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS3E90A8BD-43F2-4E5E-94C1-C15E7636912E.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS993C8471-030A-41CA-AA63-16C30CE1D144.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS96EBD688-544D-4471-9267-F2771B063580.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS0AE6405B-E212-4BFA-ACA9-9D2E5132C372.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSBEB95196-BCE2-4D03-B9B8-5A8324541AF9.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS35C5A156-198D-4C77-A528-5319FB255049.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS6D7D1FD4-30B1-4E5C-9258-048D2FAFC539.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSF95E9B45-AB5B-41A8-B811-27A92D3D76C3.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSAF135132-9F5E-4EFF-AC76-C807BC132152.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS96FC421E-3FF8-4006-9B82-DD65BB904D59.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS14E99B8E-46BD-4ED8-A39F-384A8CA12A8D.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS640B690C-8454-418B-AA84-558421CDE714.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Comodo\Personal Firewall\Logs\cpf.lock Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF5060.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012007050320070504\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\09YJWDEJ\index[1].htm Infected: Exploit.HTML.IESlice.i skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\GXUNGTI7\index[1].htm Infected: Trojan-Downloader.JS.Small.dz skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-c7f7e15-2af6dd68.zip/BaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-c7f7e15-2af6dd68.zip/VaaaaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-c7f7e15-2af6dd68.zip/Baaaaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-c7f7e15-2af6dd68.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Administrator\Application Data\Webroot\Spy Sweeper\Logs\070502181842.ses Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\settings.dat Object is locked skipped

Scan process completed.
MagicFish
Active Member
 
Posts: 6
Joined: May 1st, 2007, 1:28 am

Unread postby MagicFish » May 3rd, 2007, 8:01 pm

Logfile of HijackThis v1.99.1
Scan saved at 5:00:21 PM, on 5/3/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\PSIService.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forums.d2jsp.org/index.php?showforum=168
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] "mobsync.exe" /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/ ... poti_x.cab
O16 - DPF: Yahoo! Word Racer - http://download2.games.yahoo.com/games/ ... /wt1_x.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINNT\system32\PSIService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe






KASPERSKY ONLINE SCANNER REPORT
Thursday, May 03, 2007 4:59:11 PM
Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 3/05/2007
Kaspersky Anti-Virus database records: 311775
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 47157
Number of viruses found: 3
Number of infected objects: 6
Number of suspicious objects: 0
Duration of the scan process: 00:53:37

Infected Object Name / Virus Name / Last Action
C:\WINNT\system32\config\software.LOG Object is locked skipped
C:\WINNT\system32\config\default.LOG Object is locked skipped
C:\WINNT\system32\config\SECURITY Object is locked skipped
C:\WINNT\system32\config\SECURITY.LOG Object is locked skipped
C:\WINNT\system32\config\SYSTEM.ALT Object is locked skipped
C:\WINNT\system32\config\SAM Object is locked skipped
C:\WINNT\system32\config\SAM.LOG Object is locked skipped
C:\WINNT\system32\config\SYSTEM Object is locked skipped
C:\WINNT\system32\config\SOFTWARE Object is locked skipped
C:\WINNT\system32\config\DEFAULT Object is locked skipped
C:\WINNT\system32\config\AppEvent.Evt Object is locked skipped
C:\WINNT\system32\config\SecEvent.Evt Object is locked skipped
C:\WINNT\system32\config\SysEvent.Evt Object is locked skipped
C:\WINNT\Debug\PASSWD.LOG Object is locked skipped
C:\WINNT\Debug\oakley.log Object is locked skipped
C:\WINNT\Debug\ipsecpa.log Object is locked skipped
C:\WINNT\SchedLgU.Txt Object is locked skipped
C:\WINNT\CSC\00000001 Object is locked skipped
C:\WINNT\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINNT\WindowsUpdate.log Object is locked skipped
C:\Documents and Settings\Default User\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Default User\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSBB0AD01A-56A5-4906-8EAE-44B6F2A0F917.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS4E4986CA-9221-47D4-97D3-75476AA6FE84.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS289537C6-FC4B-453D-8EF4-2ABDC2AB5172.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSA1ED1A90-7353-466C-B57C-978569C17E59.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSAAF0F2B6-BDEF-4105-A4E0-F4A0F8AD681D.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS54B93F00-8DB5-4CB2-BB86-B7582BE31DC8.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS8FC82398-3398-4C37-9790-A597110884D5.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS4906E9EF-4452-4B6F-94D3-CA9A5FB2BA52.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSC8F8226A-C0FE-4831-99AC-934A7A7CE989.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS640AB91B-B66F-483B-8401-4C2FBE31C13E.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS837F6DD1-46B9-438F-9130-0C6E615EE629.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS4418807C-1B0B-4456-92B4-B1FA190BA303.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS690ADDFF-D19C-4C74-A1A5-AF6F9BF33B5E.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSEB395694-E44B-4011-BE6A-ECBA4D21012D.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSBD53F2D7-B4E4-4D95-97B3-196FE18691F4.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS6CFB3D7B-E265-4D49-8035-108F7118AFE3.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS43E618F5-3C2D-4BBB-BF0C-835EF06D8242.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSCD868C48-6D21-45CC-9361-A596287F2CDE.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSA26CE452-191D-4F4E-9C62-CCC5EFAFA042.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS074DD074-93EA-4027-8406-3807521C601C.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS134E0AEC-137C-4DF0-82C6-FC3B6CD578B8.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS88F69788-D1EA-4751-8C97-5E5F275C4659.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS84905269-91E0-4FB0-8101-1EBB0A813293.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSAF19D0C4-914F-42AF-A3E1-50372F0A24B0.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSBC426423-A059-4F8B-8CF8-CA9407FD19CA.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS9EAD0909-2E42-4B7D-A591-A0A7EBEFAECA.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSDB57AFE1-CD6F-483A-B51D-767666D1E051.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS53E6AB04-D65E-4F55-BDAB-7FC1101B8856.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS6F1540AB-55D4-4D17-9F2A-C2808CCCD90E.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSAE122207-C57B-4CDF-AED7-7E2BED9E8353.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS8B792C97-140E-4495-A630-076525059C9B.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSE148F9C9-D7AA-40D8-ABDE-C9690FD8CB98.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS62E938E0-B708-4F96-B590-F8638A1F744A.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS340105BE-7D34-44D6-85BD-E4F271B50DA1.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSA589C7DD-7D6B-47CC-83E3-C6FBE626285A.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS424A71FB-1732-4AB8-B940-F6FE2FF00035.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS943FD6F7-D48E-4BE2-8FFB-B486A0789288.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS69AC9174-CC5E-4E79-BCB3-7D1504387765.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS4D434FBB-61D0-4217-8DF2-E427A3ABB900.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS6DCF0AE3-FA3E-4C98-B741-735C7F415A3D.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS8803BE57-9075-4E63-8F0D-53B98AFD1357.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS0E298F04-A980-4F48-9A0E-8AB1B77D527E.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS615AA7D9-5FF1-4EF4-8FB5-98CADE7F7E7A.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS9CEAD3B9-9A9B-4FD2-BAE4-30B5BD6C1E8E.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSA1943E6A-00C3-4BFE-B1C8-A68B9D198F67.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSD23E204F-39AF-4616-8537-B6F2450E6063.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSA6447BDE-AFA6-4402-91DA-582309347C49.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSC9BAEE4E-3BF2-487A-9E7C-43C887015748.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS186D4E86-DE3E-4271-B08B-E220638326FA.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS7B8E55AC-A6F0-4F57-A34F-89511E64FE3A.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSC906ECC6-FCBF-481A-A154-567B64A25F68.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSE0D948F2-CF0F-4358-B078-C9C3519F11E5.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSB9565268-8A03-40AD-AA4C-81E1CF09E5A9.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSCF15952E-AB17-4908-8F18-6D8EDFA9CAA4.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS259DE69E-A8B9-4DE8-A7F2-24415D092A87.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS58C11FED-E76B-42B3-A574-1E6E7D107024.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSD01CC9B3-BC9B-4754-9EFE-9305116224CF.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS54035981-F5B0-4FC9-B815-221FF9A8FD8A.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSB86C1485-313B-47D8-AAAF-01DE04E4399C.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS45DE1171-6955-4C15-BC59-4AB593BF481C.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSA4443F67-26F5-4DAF-A1C7-D100D9847A73.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSEB0B5C96-E94F-4A68-8C49-7ED014745099.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS0869775D-351D-4EAE-AA36-302FC8E81031.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS94BE9B75-C2A3-4FF0-920F-CC01D316BB62.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS802D7B08-1D8C-4A0E-91D5-F9BD4330C072.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSFBB1560B-567C-475D-A008-776C8001E9DD.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS5B1FCCC1-5ECC-44E5-B9D5-F9064D08923E.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS256964C0-BDC4-456C-9F45-E34FB17E5447.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS8DF9EE9E-F2CC-4732-80D0-E32C245708EA.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS515DAB77-965D-4FAB-AFE5-3B44DD0A37ED.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSFF226719-CDBB-42B2-9027-5015159DFA8C.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS3BBAF67F-C639-455D-80D1-4BB2A6469834.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSB7E4DE86-0DAB-4C10-9B59-28F4EC504452.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSBC5E954D-BEAA-46C3-A397-90534E042D39.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS83C5BEF8-47DA-484F-AB0B-282864EBA133.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS768E0227-0621-4035-A19E-C7926951BF23.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSC786DA22-5F74-4BC5-B5E9-BA2BF9861367.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS27EFE725-A11B-4219-A54A-8E5F319ED127.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS7F34C068-9839-416E-8785-73338A77E5C8.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS3E90A8BD-43F2-4E5E-94C1-C15E7636912E.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS993C8471-030A-41CA-AA63-16C30CE1D144.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS96EBD688-544D-4471-9267-F2771B063580.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS0AE6405B-E212-4BFA-ACA9-9D2E5132C372.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSBEB95196-BCE2-4D03-B9B8-5A8324541AF9.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS35C5A156-198D-4C77-A528-5319FB255049.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS6D7D1FD4-30B1-4E5C-9258-048D2FAFC539.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSF95E9B45-AB5B-41A8-B811-27A92D3D76C3.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSAF135132-9F5E-4EFF-AC76-C807BC132152.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS96FC421E-3FF8-4006-9B82-DD65BB904D59.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS14E99B8E-46BD-4ED8-A39F-384A8CA12A8D.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS640B690C-8454-418B-AA84-558421CDE714.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Comodo\Personal Firewall\Logs\cpf.lock Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF5060.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012007050320070504\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\09YJWDEJ\index[1].htm Infected: Exploit.HTML.IESlice.i skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\GXUNGTI7\index[1].htm Infected: Trojan-Downloader.JS.Small.dz skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-c7f7e15-2af6dd68.zip/BaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-c7f7e15-2af6dd68.zip/VaaaaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-c7f7e15-2af6dd68.zip/Baaaaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-c7f7e15-2af6dd68.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Administrator\Application Data\Webroot\Spy Sweeper\Logs\070502181842.ses Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\settings.dat Object is locked skipped

Scan process completed
MagicFish
Active Member
 
Posts: 6
Joined: May 1st, 2007, 1:28 am

Unread postby Shaba » May 4th, 2007, 2:01 am

Hi

*NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders. If you have anything in a temp folder, back it up or move it to a permanent folder prior to running CCleaner!

Download CCleaner from here to clean temp files from your computer.
  • Double click on the file to start the installation of the program.
  • Select your language and click OK, then next.
  • Read the license agreement and click I Agree.
  • Click next to use the default install location. Click Install then finish to complete installation.
  • Double click the CCleaner shortcut on the desktop to start the program.
  • On the "Windows" tab, under "Internet Explorer," uncheck "Cookies" if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
  • If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla.
  • Click on the "Options" icon at the left side of the window, then click on "Advanced."
    deselect "Only delete files in Windows Temp folders older than 48 hours."
  • Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program.
  • Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.
  • After CCleaner has completed its process, click Exit.


After that, please re-scan with kaspersky

Post:

- a fresh HijackThis log
- kaspersky report
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby Shaba » May 19th, 2007, 1:28 pm

Whilst we appreciate that you may be busy, it has been 14 days or more since we heard from you.

Infections can change and fresh instructions will now need to be given. This topic is now closed, if you still require assistance then please start a new topic in the Malware Removal Forum

If you wish this topic reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 71 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware