PC SLOW. Virus? Freezes too.

[maidmarian4]

I went through the five steps before posting, and have added the required txt files. Thank you for your help and TIME!
~Marian~


Incident Status Location

Adware:adware/24-7-search Not disinfected c:\windows\system32\unPPC.exe
Adware:adware/cws Not disinfected C:\Documents and Settings\Holland Family\Favorites\Health
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Holland Family\Cookies\holland family@2o7[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Holland Family\Cookies\holland family@ad.yieldmanager[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Holland Family\Cookies\holland family@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Holland Family\Cookies\holland family@adrevolver[3].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Holland Family\Cookies\holland family@ads.addynamix[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Holland Family\Cookies\holland family@ads.pointroll[1].txt
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Holland Family\Cookies\holland family@anm.co[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Holland Family\Cookies\holland family@atwola[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Holland Family\Cookies\holland family@azjmp[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Holland Family\Cookies\holland family@bluestreak[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Holland Family\Cookies\holland family@bs.serving-sys[2].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Holland Family\Cookies\holland family@clickbank[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Holland Family\Cookies\holland family@com[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Holland Family\Cookies\holland family@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Holland Family\Cookies\holland family@realmedia[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Holland Family\Cookies\holland family@serving-sys[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Holland Family\Cookies\holland family@target[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Holland Family\Cookies\holland family@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Holland Family\Cookies\holland family@tribalfusion[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Holland Family\Cookies\holland family@zedo[1].txt
Spyware:Spyware/New.net Not disinfected C:\Documents and Settings\Holland Family\Local Settings\Temp\SHNT288.exe

[maidmarian4]

Bumping this (per "rules" - 48 hrs since posted).

ALSO... Forgot to mention that the last couple of days my speakers have been sounding weird. I tried to play a video from online just 2 mins ago, and it plays the sound very very sloowwwly. Sounds just awful. Is this related? Or do I need new speakers???

[Ried]

Hello Marian and welcome to TSF,

We're not seeing the most important information--the main.txt that was produced by dss.exe.

Please navigate to C:\Deckard\System Scanner and locate the main.txt.

Copy/paste the contents directly into your reply, only attach logs/reports when requested.

[maidmarian4]

oops! Here it is (also attached):

Deckard's System Scanner v20070711.54
Run by Holland Family on 2007-07-20 at 08:12:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
65: 2007-07-20 14:15:54 UTC - RP322 - Deckard's System Scanner Restore Point
64: 2007-07-19 21:45:14 UTC - RP321 - Installed Disc2Phone
63: 2007-07-19 21:38:22 UTC - RP320 - Installed Microsoft Visual C++ 2005 Redistributable
62: 2007-07-18 02:01:43 UTC - RP319 - System Checkpoint
61: 2007-07-17 01:58:46 UTC - RP318 - System Checkpoint


-- First Restore Point --
1: 2007-04-21 23:01:23 UTC - RP258 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Holland Family.exe) --------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:23:02 AM, on 7/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe
C:\Program Files\dss.exe
C:\WINDOWS\system32\ssmarque.scr
C:\PROGRA~1\TRENDM~1\HIJACK~1\Holland Family.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [PPCInst6.330] C:\WINDOWS\system32\unPPC6000.EXE ppcremovefiles
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX 5.5 Basic) - http://www.bestmark.com/support/ScriptX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc.com/ppcos/ISP60...ad/ppcwebi.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.yorkphoto.com/YorkActivia.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1183840596656
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} (Pixami Drag/Drop Upload UI Control) - http://www.photoworks.com/pixami/DragDropUploader.cab
O16 - DPF: {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} (Quantum Streaming IE VersionManager Class) - http://qmedia.xlontech.net/100170/sd...ie06041001.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by122fd.bay122.hotmail.msn.co...x/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 6622 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20070719-225940-540 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 ham50 (Intel V92 HaM Data Fax Voice) - c:\windows\system32\drivers\intelh51.sys <Not Verified; Intel Corporation; Intel® Hardware accelerated Modem Driver>

S3 GMSIPCI - d:\install\gmsipci.sys (file missing)
S3 MSICPL - d:\install4\msicpl.sys (file missing)
S3 NTACCESS - d:\ntaccess.sys (file missing)
S3 SetupNTGLM7X - d:\ntglm7x.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Files created between 2007-06-20 and 2007-07-20 -----------------------------

2007-07-20 00:08:16 502308 --a------ C:\Program Files\dss.exe
2007-07-19 23:57:14 0 d-------- C:\ie-spyad
2007-07-19 23:57:01 536811 --a------ C:\Program Files\ie-spyad.exe
2007-07-19 23:50:10 0 d-------- C:\Program Files\SpywareBlaster <SPYWAR~1>
2007-07-19 23:43:42 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-07-19 23:43:29 0 d-------- C:\WINDOWS\LastGood
2007-07-19 22:54:34 0 d-------- C:\Program Files\Trend Micro <TRENDM~1>
2007-07-17 09:12:04 0 d-------- C:\Program Files\PhotoWorks <PHOTOW~1>
2007-07-17 00:40:15 0 d-------- C:\Documents and Settings\All Users\Application Data\{BA892C10-A262-42D0-B6AD-2ADE4916F871}
2007-07-10 22:03:37 0 d-------- C:\Documents and Settings\Holland Family\Application Data\Sony Setup
2007-07-10 19:22:55 0 d-------- C:\Program Files\Sony Ericcson Software <SONYER~1>
2007-07-08 21:39:41 0 d--h----- C:\Documents and Settings\All Users\Application Data\Move Networks


-- Find3M Report ---------------------------------------------------------------

2007-07-20 01:54:54 0 d-------- C:\Program Files\QuickTime <QUICKT~1>
2007-07-20 01:54:22 0 d-------- C:\Program Files\MSN Messenger <MSNMES~1>
2007-07-13 09:38:04 0 d-------- C:\Program Files\CyberLink <CYBERL~1>
2007-07-13 09:37:57 0 d--h----- C:\Program Files\InstallShield Installation Information <INSTAL~1>
2007-07-12 12:57:46 0 d-------- C:\Program Files\Yahoo!
2007-07-12 12:53:50 0 d-------- C:\Program Files\Programs for DealBarbiePays <PROGRA~1>
2007-07-12 06:40:18 0 d-------- C:\Documents and Settings\Holland Family\Application Data\AVG7
2007-06-12 01:05:56 0 d-------- C:\Program Files\Free Downloads <FREEDO~1>
2007-05-30 21:50:48 0 d-------- C:\Program Files\Siber Systems <SIBERS~1>
2007-04-26 00:56:24 5744128 --a------ C:\Program Files\techblock.exe <TECHBL~1.EXE>
2007-04-24 10:09:33 1067360 --a------ C:\Program Files\anim8orhelp.chm <ANIM8O~1.CHM>
2007-04-24 10:09:22 1182877 --a------ C:\Program Files\animv095dPDF.zip <ANIMV0~3.ZIP>
2007-04-24 09:52:01 848182 --a------ C:\Program Files\animv095c.zip <ANIMV0~1.ZIP>


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"High Definition Audio Property Page Shortcut"="HDAShCut.exe"
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"Share-to-Web Namespace Daemon"="C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"PPCInst6.330"="C:\\WINDOWS\\system32\\unPPC6000.EXE ppcremovefiles"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_KTGESBQXEBMK
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_RKPAVPROC
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_SDTHOOK


-- End of Deckard's System Scanner: finished at 2007-07-20 at 08:24:40 ---------

[Ried]

Thanks.

I'm not seeing any malware here that would cause the issues you've described.

Using 'My Computer', navigate to and delete the following File

c:\windows\system32\ unPPC.exe

--------------------------------------------------------------------

Clear Internet Explorer Cookies:

Launch Internet Explorer>Tools>Internet Options>Delete Cookies

--------------------------------------------------------------------

Clear your Temp and Temporary Internet Files: Go to Start > Run and type cleanmgr in the box. Let it scan your system for files to remove. Make sure Temporary Internet Files and Temporary Files are 'checked' and click OK.

--------------------------------------------------------------------

Let's see if this scanner finds anything lurking about:

Perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
    • Extended
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
• Click OK & have it scan My Computer
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

[maidmarian4]

KASPERSKY ONLINE SCANNER REPORT
Tuesday, July 24, 2007 6:57:11 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 24/07/2007
Kaspersky Anti-Virus database records: 367034


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\

Scan Statistics
Total number of scanned objects 54531
Number of viruses found 1
Number of infected objects 1
Number of suspicious objects 0
Duration of the scan process 03:13:42

Infected Object Name Virus Name Last Action
C:\Deckard\System Scanner\backup\DOCUME~1\HOLLAN~1\LOCALS~1\Temp\SHNT288.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped

C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\Holland Family\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Holland Family\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse Object is locked skipped

C:\Documents and Settings\Holland Family\Local Settings\Application Data\Microsoft\Messenger\maidmarian4@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped

C:\Documents and Settings\Holland Family\Local Settings\Application Data\Microsoft\Messenger\maidmarian4@hotmail.com\SharingMetadata\pending.dat Object is locked skipped

C:\Documents and Settings\Holland Family\Local Settings\Application Data\Microsoft\Messenger\maidmarian4@hotmail.com\SharingMetadata\Working\database_A474_3E7F_743E_5470\dfsr.db Object is locked skipped

C:\Documents and Settings\Holland Family\Local Settings\Application Data\Microsoft\Messenger\maidmarian4@hotmail.com\SharingMetadata\Working\database_A474_3E7F_743E_5470\fsr.log Object is locked skipped

C:\Documents and Settings\Holland Family\Local Settings\Application Data\Microsoft\Messenger\maidmarian4@hotmail.com\SharingMetadata\Working\database_A474_3E7F_743E_5470\fsrtmp.log Object is locked skipped

C:\Documents and Settings\Holland Family\Local Settings\Application Data\Microsoft\Messenger\maidmarian4@hotmail.com\SharingMetadata\Working\database_A474_3E7F_743E_5470\tmp.edb Object is locked skipped

C:\Documents and Settings\Holland Family\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Holland Family\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Holland Family\Local Settings\Application Data\Microsoft\Windows Live Contacts\maidmarian4@hotmail.com\real\members.stg Object is locked skipped

C:\Documents and Settings\Holland Family\Local Settings\Application Data\Microsoft\Windows Live Contacts\maidmarian4@hotmail.com\shadow\members.stg Object is locked skipped

C:\Documents and Settings\Holland Family\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Holland Family\Local Settings\History\History.IE5\MSHist012007072420070725\index.dat Object is locked skipped

C:\Documents and Settings\Holland Family\Local Settings\Temp\Perflib_Perfdata_108.dat Object is locked skipped

C:\Documents and Settings\Holland Family\Local Settings\Temp\Perflib_Perfdata_19c.dat Object is locked skipped

C:\Documents and Settings\Holland Family\Local Settings\Temp\Perflib_Perfdata_470.dat Object is locked skipped

C:\Documents and Settings\Holland Family\Local Settings\Temp\~DF11E7.tmp Object is locked skipped

C:\Documents and Settings\Holland Family\Local Settings\Temp\~DF1544.tmp Object is locked skipped

C:\Documents and Settings\Holland Family\Local Settings\Temp\~DFCE12.tmp Object is locked skipped

C:\Documents and Settings\Holland Family\Local Settings\Temp\~DFD133.tmp Object is locked skipped

C:\Documents and Settings\Holland Family\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Holland Family\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Holland Family\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{20C71176-0C46-46B9-A4CC-0700AC7492E0}\RP326\change.log Object is locked skipped

C:\WINDOWS\CSC\00000001 Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

[Ried]

Thank you.

Kaspersky is only reporting the backups from the dss.exe run. Delete this folder:

C:\Deckard\System Scanner

As your probem does not appear to be malware related, you would be better served discussing these issues in the Windows XP section of this forum.

[maidmarian4]

Thanks for your help and time anyway! :0) I will go to the Windows XP forum then.

[Ried]

You're welcome. Good luck.