WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

WinAntiVirusPro pop ups

Started by SamAxe , May 11 2006 06:52 PM

This topic is locked

21 replies to this topic

#1 SamAxe

New Member

Authentic Member
12 posts

Posted 11 May 2006 - 06:52 PM

I've been infected with some spyware that is driving me insane. Whenever I start browsing the web I get several popups from WinAntiVirus Pro or Winfixer etc. How do I remove this. Norton Anitvirus hasn't help neither has SpyBot or AdAware or Webroot Spysweeper. I'm running W2K.

Advertisements

Register to Remove

#2 Siggyx

SuperHelper

Authentic Member
6,776 posts

Posted 11 May 2006 - 07:30 PM

Download hijackthis to its own folder C:/HJT for example. Extrat the zip file to that folder. Then close all browser windows, open hijackthis and click on scan. Once the scan has completed click on Save Log, this will produce a text file log. Highlight all of the information from in that text box then right click and copy. Come back to this post you made and click on "add reply" at the bottom right and a new window will open. Paste the hijackthis log into the new window hit add reply in that new window.

HJT download >>> http://www.softpedia.../10-17-69.shtml

#3 SamAxe

New Member

Authentic Member
12 posts

Posted 14 May 2006 - 01:01 PM

Here's my hijack this log.

Logfile of HijackThis v1.99.1
Scan saved at 1:13:51 PM, on 5/14/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\System32\QCONSVC.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\system32\IMWEBSTA.EXE
C:\WINNT\AGRSMMSG.exe
C:\WINNT\system32\PRPCUI.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINNT\system32\RunDll32.exe
C:\WINNT\system32\dla\tfswctrl.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINNT\Logi_MwX.Exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\IBM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\IBM\Bluetooth Software\BTStackServer.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hjt\HijackThis.exe
C:\WINNT\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nydailynews.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DPCUpdater Object - {61C07AF3-01A3-4B85-ADB2-4EFD04E1286C} - C:\WINNT\system32\cbxyy.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [IMWEBSTA.EXE] IMWEBSTA.EXE START
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\StorageGuard\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINNT\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPWRTOOLBOX] C:\Program Files\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exe "-i"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: BTTray.lnk = C:\Program Files\IBM\Bluetooth Software\BTTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! MLB StatTracker - http://aud5.sports.d...mlbst8408_x.cab
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - https://www-3.ibm.co...ad/tgctlins.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....iTunesSetup.exe
O16 - DPF: {59D04288-805E-4D43-BE09-83B1083E9E1E} (IUpdateAutoLaunch Control) - http://idenphones.mo...eAutoLaunch.ocx
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www-3.ibm.co...ad/IbmEgath.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://hoylegames.si...cherControl.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.c...ropper1_4us.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = grace.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = grace.com
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: cbxyy - C:\WINNT\system32\cbxyy.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\system32\ibmpmsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: QCONSVC - Unknown owner - C:\WINNT\System32\QCONSVC.EXE
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

#4 Siggyx

SuperHelper

Authentic Member
6,776 posts

Posted 14 May 2006 - 04:14 PM

Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free...mitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

Posted Image

______________________________

Please download the trial version of Ewido anti-malware 3.5 from here:
http://www.ewido.net/en/download/

Install Ewido anti-malware.
When installing, under Additional Options uncheck Install background guard and Install scan via context menu.
When you run Ewido for the first time, you could get a warning "Database could not be found!". Click Ok.
The program will prompt you to update. Click the Ok button.
The program will now go to the main screen.

You will need to update Ewido to the latest definition files.

On the left-hand side of the main screen click the Update Button.
Click on Start.

The update will start and a progress bar will show the updates being installed.
Once finished updating, close Ewido.

If you are having problems with the updater, you can use this link to manually update ewido.
Ewido manual updates. Make sure to close Ewido before installing the update.
______________________________

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter

Posted Image

This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

IMPORTANT: Do NOT run any other options until you are asked to do so!

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

Please post:

c:\rapport.txt
Ewido log
A new HijackThis log

Your may need several replies to post the requested logs, otherwise they might get cut off.

#5 SamAxe

New Member

Authentic Member
12 posts

Posted 14 May 2006 - 06:07 PM

Below are the logs you requested. First, while running the Ewido scan I received a dialog box with the following message:

The File "c:\inetpub\scripts\tk1.exe/Firedaemon.exe" cannot be removed because it is embedded in the archive "c:\inetpub\scripts\tk1.exe". Do you want to remove the whole archive? Yes/No.

I chose "NO" because I have no idea what this is. Should I have clicked "YES"?

RAPPORT.TXT Begin
-----------------------
SmitFraudFix v2.44

Scan done at 17:45:27.40, Sun 05/14/2006
Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195]

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrator\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

--------------------------
RAPPORT.TXT End
--------------------------

-----------------------------
EWIDO log Begin
-----------------------------
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 6:53:01 PM, 5/14/2006
+ Report-Checksum: 634F4302

+ Scan result:

HKLM\SOFTWARE\Microsoft\VisualStudio\Analyzer\Events\{6C736D71-BCBF-11D0-8A23-00AA00B58E10} -> Adware.CoolWebSearch : Cleaned with backup
C:\WINNT\system32\iifdb.dll -> Adware.Virtumonde : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administrator@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\NBLCEMU6\SysProtectScannerInstall[1].exe -> Downloader.Small : Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3SQ64WCP\WinAntiVirusPro2006FreeInstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.f : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@bfast[1].txt -> TrackingCookie.Bfast : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-pcsecurityshield.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@clickbank[2].txt -> TrackingCookie.Clickbank : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@builder.com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-bestbuy.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@trafic[1].txt -> TrackingCookie.Trafic : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@com[3].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@y-1shz2prbmdj6wvny-1sez2pra2dj6wjl4uhczkkpwmdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkysmczslpaqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1jc5idoaudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkykndjmepwqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkiukazkgowudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnywkcjwcpgsdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@y-1shz2prbmdj6wvny-1sez2pra2dj6wjliqpcjcfpqidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlisnajakoqwdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkykpajchpawdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4cncpccogudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@downloads-zdnet.com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjnyogazweo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjny-1jc5id.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjnychdpaco.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjlicnczkhp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjnycoczoco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@sales.liveperson[3].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjnyoldpcep.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjnyqjajilp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@login.tracking101[1].txt -> TrackingCookie.Tracking101 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wfk4uidjmbp.stats.esomniture[3].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjny-1gd5cl.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjlyomdjeko.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjkygocjagp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjkoggdzwao.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjkychdjgep.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjliahd5mbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjnyojdpgaq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjnyshazeeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjny-1pajgl.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wfk4uidjmbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjny-1jdzkl.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wfmieiczmlo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjnyujazwbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjk4alcjmdo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjny-1mczee.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjnyapc5sho.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjkoomczcdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wfkiaidzsfq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjnyapc5sho.stats.esomniture[3].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjnyehajmdo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjnygmd5skq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjnyogczscp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wflienajodq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wflyeiajado.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjnyolcpieq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjnyohdjghp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wflogldjwfp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wflocnczwfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjnycidzocq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjnyomajgap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjkychdjgep.stats.esomniture[3].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjkycidzkgq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjny-1ic5gb.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjnyaod5mbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjny-1mczee.stats.esomniture[3].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjnyokdjwlq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjkokpdpcbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjny-1kdpie.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjkookazabo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjnygmcpkao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjnyokdpolp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjnycmcpolo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjnygpazgbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wgkowicjelo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wfl4ekdzmgq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@sales.liveperson[4].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wfk4wic5ako.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjkoskdzihp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjnywpczcbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjny-1pcjof.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjnyagdpmeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wgkyqhcjwgq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjnycmc5whq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjkykjajabp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjnysmazscp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjny-1pcjia.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wflowmcpacp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@e-2dj6wjnywgdjkdo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@com[4].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@news.com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@sales.liveperson[6].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\isapi\TFTP580 -> Worm.Nimda.e : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup
C:\Inetpub\Scripts\TFTP1268 -> Worm.Nimda.e : Cleaned with backup
C:\Inetpub\Scripts\TFTP2032 -> Worm.Nimda.e : Cleaned with backup
C:\Inetpub\Scripts\tk1.exe/Firedaemon.exe -> Not-A-Virus.RemoteAdmin.Win32.RA.3826 : Error during cleaning

::Report End
-----------------------------
EWIDO log End
-----------------------------

-------------------------------------
New HIJACKTHIS log Begin
-------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 6:56:31 PM, on 5/14/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\System32\QCONSVC.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\system32\IMWEBSTA.EXE
C:\WINNT\AGRSMMSG.exe
C:\WINNT\system32\PRPCUI.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINNT\system32\RunDll32.exe
C:\WINNT\system32\dla\tfswctrl.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINNT\Logi_MwX.Exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\IBM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\IBM\Bluetooth Software\BTStackServer.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINNT\NOTEPAD.EXE
C:\WINNT\system32\NOTEPAD.EXE
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nydailynews.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DPCUpdater Object - {61C07AF3-01A3-4B85-ADB2-4EFD04E1286C} - C:\WINNT\system32\cbxyy.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [IMWEBSTA.EXE] IMWEBSTA.EXE START
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\StorageGuard\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINNT\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPWRTOOLBOX] C:\Program Files\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exe "-i"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: BTTray.lnk = C:\Program Files\IBM\Bluetooth Software\BTTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! MLB StatTracker - http://aud5.sports.d...mlbst8408_x.cab
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - https://www-3.ibm.co...ad/tgctlins.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....iTunesSetup.exe
O16 - DPF: {59D04288-805E-4D43-BE09-83B1083E9E1E} (IUpdateAutoLaunch Control) - http://idenphones.mo...eAutoLaunch.ocx
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www-3.ibm.co...ad/IbmEgath.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://hoylegames.si...cherControl.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.c...ropper1_4us.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = grace.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = grace.com
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: cbxyy - C:\WINNT\system32\cbxyy.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\system32\ibmpmsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: QCONSVC - Unknown owner - C:\WINNT\System32\QCONSVC.EXE
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

---------------------------
HIJACKTHIS LOG end
---------------------------

#6 Siggyx

SuperHelper

Authentic Member
6,776 posts

Posted 14 May 2006 - 07:38 PM

Please download VundoFix.exe from here:

http://www.atribune..../click.php?id=4

and save it to your desktop

Double-click VundoFix.exe to run it.

Checkmark the box "Run Vundo as task"

You will receive a message saying vundofix will close and re-open in a minute or less. Click OK

When VundoFix re-opens, click the Scan for Vundo button

Once it's done scanning, click the Remove Vundo button.

You will receive a prompt asking if you want to remove the files, click YES

Once you click yes, your desktop will go blank as it starts removing Vundo.

When completed, it will prompt that it will shutdown your computer, click OK.

Turn your computer back on.

NEXT

Please download the trial version of Ewido Security Suite here:

http://www.ewido.net/en/

Install it, and update the definitions to the newest files.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Then please run Ewido, and run a full scan. Save the logfile from the scan.

Restart your computer please post the contents of C:\vundofix.txt, the Ewido log and a new hijackthis log.

#7 SamAxe

New Member

Authentic Member
12 posts

Posted 15 May 2006 - 10:12 PM

Here are the new logs

VUNDO
--------

VundoFix V4.2.74

Checking Java version...

Sun Java not detected
Scan started at 9:10:46 PM 5/15/2006

Listing files found while scanning....

C:\WINNT\system32\cbxyy.dll
C:\WINNT\system32\yyxbc.ini
C:\WINNT\system32\yyxbc.bak2

Attempting to delete C:\WINNT\system32\cbxyy.dll
C:\WINNT\system32\cbxyy.dll Could not be deleted.

Attempting to delete C:\WINNT\system32\yyxbc.ini
C:\WINNT\system32\yyxbc.ini Has been deleted!

Attempting to delete C:\WINNT\system32\yyxbc.bak2
C:\WINNT\system32\yyxbc.bak2 Has been deleted!

Performing Repairs to the registry.
Done!

EWIDO
--------
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 11:03:42 PM, 5/15/2006
+ Report-Checksum: 754CE860

+ Scan result:

C:\Documents and Settings\Administrator\Cookies\administrator@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@adtech[1].txt -> TrackingCookie.Adtech : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@news.com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@bfast[2].txt -> TrackingCookie.Bfast : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@media.fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-oreilly.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@ehg-idg.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Inetpub\Scripts\tk1.exe/Firedaemon.exe -> Not-A-Virus.RemoteAdmin.Win32.RA.3826 : Error during cleaning

::Report End

HIJACKTHIS
--------------

Logfile of HijackThis v1.99.1
Scan saved at 11:08:50 PM, on 5/15/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\System32\QCONSVC.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\system32\IMWEBSTA.EXE
C:\WINNT\AGRSMMSG.exe
C:\WINNT\system32\PRPCUI.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINNT\system32\RunDll32.exe
C:\WINNT\system32\dla\tfswctrl.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINNT\Logi_MwX.Exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\IBM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\IBM\Bluetooth Software\BTStackServer.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nydailynews.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [IMWEBSTA.EXE] IMWEBSTA.EXE START
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\StorageGuard\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINNT\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPWRTOOLBOX] C:\Program Files\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exe "-i"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: BTTray.lnk = C:\Program Files\IBM\Bluetooth Software\BTTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! MLB StatTracker - http://aud5.sports.d...mlbst8408_x.cab
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - https://www-3.ibm.co...ad/tgctlins.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....iTunesSetup.exe
O16 - DPF: {59D04288-805E-4D43-BE09-83B1083E9E1E} (IUpdateAutoLaunch Control) - http://idenphones.mo...eAutoLaunch.ocx
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www-3.ibm.co...ad/IbmEgath.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://hoylegames.si...cherControl.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.c...ropper1_4us.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = grace.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = grace.com
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\system32\ibmpmsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: QCONSVC - Unknown owner - C:\WINNT\System32\QCONSVC.EXE
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

#8 Siggyx

SuperHelper

Authentic Member
6,776 posts

Posted 18 May 2006 - 08:15 PM

Sorry I was called out of town for work on an emergency. Can I see a new hijackthis log please.

#9 SamAxe

New Member

Authentic Member
12 posts

Posted 20 May 2006 - 06:22 AM

Thank you. Here's the new HJT log

Logfile of HijackThis v1.99.1
Scan saved at 7:19:45 AM, on 5/20/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\System32\QCONSVC.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\system32\IMWEBSTA.EXE
C:\WINNT\AGRSMMSG.exe
C:\WINNT\system32\PRPCUI.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINNT\system32\RunDll32.exe
C:\WINNT\system32\dla\tfswctrl.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINNT\Logi_MwX.Exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\IBM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\IBM\Bluetooth Software\BTStackServer.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nydailynews.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [IMWEBSTA.EXE] IMWEBSTA.EXE START
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\StorageGuard\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINNT\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPWRTOOLBOX] C:\Program Files\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exe "-i"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: BTTray.lnk = C:\Program Files\IBM\Bluetooth Software\BTTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! MLB StatTracker - http://aud5.sports.d...mlbst8408_x.cab
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - https://www-3.ibm.co...ad/tgctlins.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....iTunesSetup.exe
O16 - DPF: {59D04288-805E-4D43-BE09-83B1083E9E1E} (IUpdateAutoLaunch Control) - http://idenphones.mo...eAutoLaunch.ocx
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www-3.ibm.co...ad/IbmEgath.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://hoylegames.si...cherControl.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.c...ropper1_4us.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = grace.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = grace.com
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\system32\ibmpmsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: QCONSVC - Unknown owner - C:\WINNT\System32\QCONSVC.EXE
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

#10 Siggyx

SuperHelper

Authentic Member
6,776 posts

Posted 20 May 2006 - 09:36 AM

C:\Inetpub\Scripts\tk1.exe/Firedaemon.exe Please scan this file at this site >>> http://virusscan.jotti.org/ It will produce a log. Please post that log.

Advertisements

Register to Remove

#11 SamAxe

New Member

Authentic Member
12 posts

Posted 23 May 2006 - 06:01 PM

Heres the virusscan.jotti.org log Service load: 0% 100% File: tk1.exe Status: INFECTED/MALWARE MD5 809d03fe39eefd715f3c7bde445ee801 Packers detected: UPX, PE_PATCH, PETITE Scanner results AntiVir Found SecurityPrivacyRisk/RemoteAdmi.RA.2 riskware, SecurityPrivacyRisk/Moo.A riskware, Trojan/SmallDrop.1, IRC/Demfire.05 ArcaVir Found nothing Avast Found VBS:Malware AVG Antivirus Found Generic.JDR BitDefender Found Backdoor.Irc.Lambot.G, Backdoor.Irc.Demfire.C, Backdoor.IRC.Demfire.A ClamAV Found nothing Dr.Web Found Tool.FireDaemon, Tool.Moo, BackDoor.IRC.based F-Prot Antivirus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found not-a-virus:RemoteAdmin.Win32.RA.3826, Backdoor.IRC.Demfire, Backdoor.Win32.mIRC-based NOD32 Found Win32/Tkbot.A, Win32/FireDaemon application, IRC/Demfire Norman Virus Control Found nothing UNA Found nothing VirusBuster Found nothing VBA32 Found nothing

#12 Siggyx

SuperHelper

Authentic Member
6,776 posts

Posted 23 May 2006 - 08:14 PM

Download TheKillbox from here http://www.downloads...org/KillBox.zip Save to your Desktop and double click it to open it up. In the 'Enter Full Path and Filename to Delete' box, copy and paste these entries one by one, clicking 'Find and Kill This File' after each one:

C:\Inetpub\Scripts\tk1.exe/Firedaemon.exe

NEXT

Please download WebRoot SpySweeper from HERE >>> http://www.webroot.c...ode=af1&rc=3597 (It's a 2 week trial):
Click the Free Trial link under to "SpySweeper" to download the program.
Install it. Once the program is installed, it will open.
It will prompt you to update to the latest definitions, click Yes.
Once the definitions are installed, click Options on the left side.
Click the Sweep Options tab.
Under What to Sweep please put a check next to the following:
Sweep Memory
Sweep Registry
Sweep Cookies
Sweep All User Accounts
Enable Direct Disk Sweeping
Sweep Contents of Compressed Files
Sweep for Rootkits
Please UNCHECK Do not Sweep System Restore Folder.
Click Sweep Now on the left side.
Click the Start button.
When it's done scanning, click the Next button.
Make sure everything has a check next to it, then click the Next button.
It will remove all of the items found.
Click Session Log in the upper right corner, copy everything in that window.
Click the Summary tab and click Finish.
Paste the contents of the session log you copied into your next reply as well as a new hijackthsi log please.

#13 SamAxe

New Member

Authentic Member
12 posts

Posted 26 May 2006 - 04:27 PM

Sorry it took so long. I had trouble booting my laptop for a few days. Hopefully it was just a battery issue. MULTIPLE POSTS BECAUSE OF LENGTH Here's the spysweeper log. ******** 3:37 PM: | Start of Session, Friday, May 26, 2006 | 3:37 PM: Spy Sweeper started 3:37 PM: Sweep initiated using definitions version 686 3:37 PM: Starting Memory Sweep 3:43 PM: Memory Sweep Complete, Elapsed Time: 00:06:33 3:43 PM: Starting Registry Sweep 3:44 PM: Registry Sweep Complete, Elapsed Time:00:01:15 3:44 PM: Starting Cookie Sweep 3:44 PM: Found Spy Cookie: belnk cookie 3:44 PM: administrator@belnk[1].txt (ID = 2292) 3:44 PM: Found Spy Cookie: 2o7.net cookie 3:44 PM: administrator@2o7[1].txt (ID = 1957) 3:44 PM: Found Spy Cookie: atlas dmt cookie 3:44 PM: administrator@atdmt[2].txt (ID = 2253) 3:44 PM: Found Spy Cookie: trafficmp cookie 3:44 PM: administrator@trafficmp[1].txt (ID = 3581) 3:44 PM: Found Spy Cookie: adserver cookie 3:44 PM: administrator@adserver[1].txt (ID = 2141) 3:44 PM: Found Spy Cookie: casalemedia cookie 3:44 PM: administrator@casalemedia[1].txt (ID = 2354) 3:44 PM: Found Spy Cookie: mediaplex cookie 3:44 PM: administrator@mediaplex[1].txt (ID = 6442) 3:44 PM: Found Spy Cookie: revenue.net cookie 3:44 PM: administrator@ads1.revenue[1].txt (ID = 3258) 3:44 PM: Found Spy Cookie: ask cookie 3:44 PM: administrator@ask[1].txt (ID = 2245) 3:44 PM: Found Spy Cookie: sharewareonline cookie 3:44 PM: administrator@adserver.sharewareonline[1].txt (ID = 3366) 3:44 PM: Found Spy Cookie: tribalfusion cookie 3:44 PM: administrator@tribalfusion[2].txt (ID = 3589) 3:44 PM: Found Spy Cookie: alt cookie 3:44 PM: administrator@alt[2].txt (ID = 2217) 3:44 PM: Found Spy Cookie: zedo cookie 3:44 PM: administrator@zedo[2].txt (ID = 3762) 3:44 PM: Found Spy Cookie: go.com cookie 3:44 PM: administrator@rsi.espn.go[1].txt (ID = 2729) 3:44 PM: Found Spy Cookie: adultfriendfinder cookie 3:44 PM: administrator@adultfriendfinder[2].txt (ID = 2165) 3:44 PM: Found Spy Cookie: toplist cookie 3:44 PM: administrator@toplist[1].txt (ID = 3557) 3:44 PM: Found Spy Cookie: gostats cookie 3:44 PM: administrator@gostats[1].txt (ID = 2747) 3:44 PM: Found Spy Cookie: howstuffworks cookie 3:44 PM: administrator@howstuffworks[2].txt (ID = 2805) 3:44 PM: Found Spy Cookie: apmebf cookie 3:44 PM: administrator@apmebf[2].txt (ID = 2229) 3:44 PM: Found Spy Cookie: delfinproject cookie 3:44 PM: administrator@delfinproject[2].txt (ID = 2509) 3:44 PM: administrator@insider.espn.go[2].txt (ID = 2729) 3:44 PM: Found Spy Cookie: burstnet cookie 3:44 PM: administrator@burstnet[2].txt (ID = 2336) 3:44 PM: administrator@go[2].txt (ID = 2728) 3:44 PM: Found Spy Cookie: tradedoubler cookie 3:44 PM: administrator@tradedoubler[1].txt (ID = 3575) 3:44 PM: Found Spy Cookie: ru4 cookie 3:44 PM: administrator@edge.ru4[1].txt (ID = 3269) 3:44 PM: Found Spy Cookie: winantiviruspro cookie 3:44 PM: administrator@www.winantiviruspro[2].txt (ID = 3690) 3:44 PM: Found Spy Cookie: pointroll cookie 3:44 PM: administrator@ads.pointroll[1].txt (ID = 3148) 3:44 PM: administrator@cbs.112.2o7[1].txt (ID = 1958) 3:44 PM: Found Spy Cookie: yieldmanager cookie 3:44 PM: administrator@ad.yieldmanager[2].txt (ID = 3751) 3:44 PM: Found Spy Cookie: fastclick cookie 3:44 PM: administrator@fastclick[2].txt (ID = 2651) 3:44 PM: Found Spy Cookie: adknowledge cookie 3:44 PM: administrator@adknowledge[2].txt (ID = 2072) 3:44 PM: Found Spy Cookie: realmedia cookie 3:44 PM: administrator@realmedia[2].txt (ID = 3235) 3:44 PM: Found Spy Cookie: primaryads cookie 3:44 PM: administrator@aff.primaryads[2].txt (ID = 3190) 3:44 PM: Found Spy Cookie: statcounter cookie 3:44 PM: administrator@statcounter[1].txt (ID = 3447) 3:44 PM: Found Spy Cookie: tacoda cookie 3:44 PM: administrator@tacoda[1].txt (ID = 6444) 3:44 PM: Found Spy Cookie: specificclick.com cookie 3:44 PM: administrator@adopt.specificclick[2].txt (ID = 3400) 3:44 PM: Found Spy Cookie: falkag cookie 3:44 PM: administrator@as-us.falkag[2].txt (ID = 2650) 3:44 PM: administrator@z1.adserver[1].txt (ID = 2142) 3:44 PM: administrator@espn.go[1].txt (ID = 2729) 3:44 PM: Found Spy Cookie: webtrendslive cookie 3:44 PM: administrator@statse.webtrendslive[2].txt (ID = 3667) 3:44 PM: Found Spy Cookie: addynamix cookie 3:44 PM: administrator@ads.addynamix[2].txt (ID = 2062) 3:44 PM: administrator@revenue[2].txt (ID = 3257) 3:44 PM: administrator@sports.espn.go[1].txt (ID = 2729) 3:44 PM: administrator@media.fastclick[1].txt (ID = 2652) 3:44 PM: Found Spy Cookie: burstbeacon cookie 3:44 PM: administrator@www.burstbeacon[2].txt (ID = 2335) 3:44 PM: Found Spy Cookie: questionmarket cookie 3:44 PM: administrator@questionmarket[2].txt (ID = 3217) 3:44 PM: Found Spy Cookie: advertising cookie 3:44 PM: administrator@advertising[2].txt (ID = 2175) 3:44 PM: Cookie Sweep Complete, Elapsed Time: 00:00:04 3:44 PM: Starting File Sweep 3:44 PM: Warning: Failed to open file "c:\pagefile.sys". Access is denied 3:44 PM: Warning: Failed to open file "c:\hiberfil.sys". Access is denied 3:56 PM: Warning: Failed to open file "c:\winnt\system32\perflib_perfdata_300.dat". The process cannot access the file because it is being used by another process 3:56 PM: Warning: Failed to open file "c:\winnt\system32\perflib_perfdata_62c.dat". The process cannot access the file because it is being used by another process 3:57 PM: Warning: Failed to open file "c:\winnt\system32\config\software.log". The process cannot access the file because it is being used by another process 3:57 PM: Warning: Failed to open file "c:\winnt\system32\config\default.log". The process cannot access the file because it is being used by another process 3:57 PM: Warning: Failed to open file "c:\winnt\system32\config\security". The process cannot access the file because it is being used by another process 3:57 PM: Warning: Failed to open file "c:\winnt\system32\config\security.log". The process cannot access the file because it is being used by another process 3:57 PM: Warning: Failed to open file "c:\winnt\system32\config\system.alt". The process cannot access the file because it is being used by another process 3:57 PM: Warning: Failed to open file "c:\winnt\system32\config\sam". The process cannot access the file because it is being used by another process 3:57 PM: Warning: Failed to open file "c:\winnt\system32\config\sam.log". The process cannot access the file because it is being used by another process 3:57 PM: Warning: Failed to open file "c:\winnt\system32\config\system". The process cannot access the file because it is being used by another process 3:57 PM: Warning: Failed to open file "c:\winnt\system32\config\software". The process cannot access the file because it is being used by another process 3:57 PM: Warning: Failed to open file "c:\winnt\system32\config\default". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs5c4fc385-7688-479b-bdaf-537cda2cdaa0.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsc6c35f83-a296-40c7-9151-641f28231ecf.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs760107f0-66f3-4c09-97d2-38137f7ea3c6.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsce6095a5-f8df-4461-a73b-4a67bc1a0029.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs591bf235-09ab-403f-a702-67334dd9381c.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscscff842a7-1b2f-48a3-991b-6494f3f4d25a.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs7f081bf3-c8f4-4856-bccb-39a91fba9c5f.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs821f5a71-ede0-4a0b-a5db-0fc70c1590bb.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsf64726dd-7bbe-45a3-ae1e-b2eec8f51966.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs629b3188-21a0-4f86-934c-dfd59fc057e1.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs6b033434-0cdf-4c3b-8e3a-36346a3ddfa2.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsc5f4c4d3-fbb0-46b6-9c1c-1b70c995e36b.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsc2fd12c1-97d9-4986-9725-cbb439ed8317.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs70de5a93-ade7-412f-8b47-291cf345621b.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs40d45964-e5f2-48d6-93b2-683e2a8b856e.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs39d1a358-66de-4a3c-813e-5848e2d7ea6c.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs4b1e3ed7-5563-45fa-b7e9-7e8daadffef6.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs8991cf1c-0cd7-4fd2-9787-1a61e01b2a21.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs0949d60b-ada7-4fd8-93af-649746df6ece.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs84a6679f-9218-49fe-a7e5-4260a3b9478c.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs042e6e38-9994-4591-9122-d65c20af3e39.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscse7d2c295-efd7-4e92-9c91-33849bfd2fa1.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsae3b0538-b452-4de8-b854-74c7c5310a88.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscse0641eb7-7b55-49ac-93c3-d4ab0a6e100e.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs1822e249-66c5-418b-ae05-306bade7887d.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs62d21170-9776-4a11-a145-45bf6e80f310.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsb7f53a1f-e5c9-4534-956b-90182d8c076b.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs7eba381c-22df-48b9-97a5-9b35b6c47181.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs705b0722-5b9a-4b2f-a5d5-b8a4f39663e4.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsd54d260a-cb7d-4046-ac3f-f22f45cc91e7.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsef68c413-269d-43bd-ac46-a81f761cfbca.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs4ff7b21f-23f5-4ad3-8f8f-12cf83df3e87.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsd5631bd1-b22c-4a42-8e89-c42991650dc6.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs8c2c1b0c-cd8e-47b5-8d62-cbc6f3f719c3.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs60327267-7b95-472d-8169-ffde184a51da.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs901f4c52-d65a-4051-aacb-ac44abb9664c.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscse9ec1643-f687-46cb-bee3-dad834757002.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsd29b59c7-1aa3-45da-8d8d-699dd68dd89f.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs6b40d768-1fa5-481b-a01f-2f86111095f6.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs2b248713-6b3c-48e5-a46f-f7bf0f88a473.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs2291a483-620d-4e08-a2f5-71f793fbb880.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs642ba820-21bf-4513-a22b-af0a741c9079.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs59a8cda3-2ee4-4340-b9d0-875a6a4a0488.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsf565a0f2-c488-48fe-af75-f9789cd0e8e2.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs2b7b0281-499d-4382-9622-a72e4067320b.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs5f9cf60c-ae1e-4bb7-9ac4-0dca69e11f42.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs1803ad4c-d69c-4660-b20e-ef7aee778e49.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs8233e3a7-1c04-4870-a094-69d8da01f36c.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsd2f145a1-86c4-4c35-96a4-fd4cd1a4cf01.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs0ff6104a-5861-4b6c-90b8-6700d52eb028.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsae2c2214-b073-4f3c-8b07-30fb1dbaf166.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs2bb5eb32-d4df-452d-a2fc-3d4525607fbb.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs9011d718-96a8-411d-8509-3e2801d949f6.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs830d6219-d9b0-4a1e-ad58-c17562d89acc.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs1a0d2030-e18c-443d-a6a8-f570d23203be.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs1848ce80-e52d-45ef-b7af-4d6fbfccca8a.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs46e07d68-128a-47d3-a25c-1b2413f3fe37.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsbefd4c50-c988-46d2-9fce-8f202abffad5.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsda006d0a-5b75-473b-a092-6ec191404984.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsa173eaae-7b16-4ba7-86bd-bcc5752dc12a.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs833e8433-c831-4337-98dc-7a2b6b661e08.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs1ea39bf5-aba9-4178-929d-47373adff875.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs48ef4a02-b198-48ba-b486-36b05894af4e.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs98904383-380c-4123-8029-e935e266d4aa.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs7e515c69-cef8-4c64-afc5-2fbc08f73e02.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsdf92ac07-a115-4d17-b288-aa169bb1dd43.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscse2c041f3-a8f5-43bf-9b90-d9200d80774b.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs51074004-555f-4d5f-b883-687a33ed8f1f.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs4233d8ad-dafd-4c9c-b738-3c63196bd407.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs79c207a1-61f1-4ce0-b9ce-0c0aa0d7ed2d.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs03660e75-0ac0-4f57-bb9b-66004158fecd.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs5336a50a-dd7b-405b-a852-cb478987db91.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs2c9c42d6-b035-4661-933b-48e9276e422a.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs640b1562-aada-4f75-8e2f-4a4e50eb79f7.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs25429a0b-2793-486b-8356-a09a9dbc0bed.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs4bee8906-aa59-406e-855c-3abbbb2a9160.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs9829653f-fa66-4913-a84b-5d5739eef4ef.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs933603a5-00d6-4697-a560-8fe3e7845b05.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs0520cf1b-d3dd-4030-b80f-371962e86604.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsbe3586b8-d736-483b-b400-45179ea155d4.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs9ad713f4-b4b4-4c9b-8574-fd121b12653c.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsc731ff25-c76e-43eb-9f0d-71d821f19495.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs0b59914a-416a-488f-8685-2d58e92a533b.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs78c8b8fc-742e-4369-820c-1d380450e268.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsdf29ec12-c5ed-4daa-922a-ff1fa996462c.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscse29d08c8-7bc1-4add-ad82-47512152269d.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsbe86ff99-9149-4306-ae65-a6c3d417784d.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs1e8588b4-02ad-440e-b9fe-8b020a3766e2.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs97a1ef21-69b7-4db7-8014-040bce96ea05.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscse5a0387b-b03d-4973-b76f-454c4d57e02a.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsa1477f89-0db1-4c12-82b9-7223ff1a02aa.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs748ceb10-d9ca-4983-acb2-6dd82b5d1910.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs6bc57dda-2e6b-4932-8c46-ebec698fbac6.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs17ada797-efae-4abe-85f5-f30f3214b7d2.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsf50dc6e9-d911-43bc-a25e-6830ddf04faf.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscse914d040-9a36-48be-be97-ba3ab85418cf.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs973f679d-bbe6-477c-b860-11be27ade69c.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsd6e1fc7f-b21b-4ac8-ad16-567e502ae97b.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscse7ed8ddc-19ee-4d74-a5b6-248ecffd5ae3.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsb9c84899-a1bf-4b6d-86d9-96bb5f189765.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs1532bb2d-7035-4569-bcd9-3d8c7577917e.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsc55673ad-34a2-467d-8659-7a4c654244cb.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs1147b03f-d621-486d-8c42-1ed5020c4f66.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs38b0c551-f6fc-47e9-a150-e2c119501e4d.tmp". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\administrator\ntuser.dat". The process cannot access the file because it is being used by another process 4:21 PM: Warning: Failed to open file "c:\documents and settings\administrator\ntuser.dat.log". The process cannot access the file because it is being used by another process 4:23 PM: Warning: Failed to open file "c:\documents and settings\administrator\local settings\temp\temporary internet files\content.ie5\wpm1e1wf\schedules;arena=nfl;feat=schedules;type=psa;page=index;user=anonymous;myspl=no;fteam=nfl-none;fteam=nba-none;fteam=mlb-none;fteam=nhl-none;fteam=ncaaf-none;fteam=ncaab-n[1]". The system cannot find the path specified 4:23 PM: Warning: Failed to open file "c:\documents and settings\administrator\local settings\temp\temporary internet files\content.ie5\wpm1e1wf\schedules;arena=nfl;feat=schedules;type=psa;page=index;user=anonymous;myspl=no;fteam=nfl-none;fteam=nba-none;fteam=mlb-none;fteam=nhl-none;fteam=ncaaf-none;fteam=ncaab-n[2]". The system cannot find the path specified 4:33 PM: Warning: Failed to open file "c:\documents and settings\administrator\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process 4:33 PM: Warning: Failed to open file "c:\documents and settings\administrator\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process 4:45 PM: Warning: Failed to open file "c:\program files\microsoft sql server\mssql\data\mastlog.ldf". The process cannot access the file because it is being used by another process 4:45 PM: Warning: Failed to open file "c:\program files\microsoft sql server\mssql\data\model.mdf". The process cannot access the file because it is being used by another process 4:45 PM: Warning: Failed to open file "c:\program files\microsoft sql server\mssql\data\modellog.ldf". The process cannot access the file because it is being used by another process 4:45 PM: Warning: Failed to open file "c:\program files\microsoft sql server\mssql\data\msdbdata.mdf". The process cannot access the file because it is being used by another process 4:45 PM: Warning: Failed to open file "c:\program files\microsoft sql server\mssql\data\msdblog.ldf". The process cannot access the file because it is being used by another process 4:45 PM: Warning: Failed to open file "c:\program files\microsoft sql server\mssql\data\master.mdf". The process cannot access the file because it is being used by another process 4:45 PM: Warning: Failed to open file "c:\program files\microsoft sql server\mssql\data\pubs_log.ldf". The process cannot access the file because it is being used by another process 4:45 PM: Warning: Failed to open file "c:\program files\microsoft sql server\mssql\data\pubs.mdf". The process cannot access the file because it is being used by another process 4:45 PM: Warning: Failed to open file "c:\program files\microsoft sql server\mssql\data\northwnd.mdf". The process cannot access the file because it is being used by another process 4:45 PM: Warning: Failed to open file "c:\program files\microsoft sql server\mssql\data\northwnd.ldf". The process cannot access the file because it is being used by another process 4:45 PM: Warning: Failed to open file "c:\program files\microsoft sql server\mssql\data\tempdb.mdf". The process cannot access the file because it is being used by another process 4:45 PM: Warning: Failed to open file "c:\program files\microsoft sql server\mssql\data\templog.ldf". The process cannot access the file because it is being used by another process 4:45 PM: Warning: Failed to open file "c:\program files\microsoft sql server\mssql\data\ursatest_log.ldf". The process cannot access the file because it is being used by another process 4:45 PM: Warning: Failed to open file "c:\program files\microsoft sql server\mssql\data\ursadev_data.mdf". The process cannot access the file because it is being used by another process 4:45 PM: Warning: Failed to open file "c:\program files\microsoft sql server\mssql\data\ursadev_log.ldf". The process cannot access the file because it is being used by another process 4:45 PM: Warning: Failed to open file "c:\program files\microsoft sql server\mssql\data\ursa_data.mdf". The process cannot access the file because it is being used by another process 4:45 PM: Warning: Failed to open file "c:\program files\microsoft sql server\mssql\data\ursa_log.ldf". The process cannot access the file because it is being used by another process 4:45 PM: Warning: Failed to open file "c:\program files\microsoft sql server\mssql\data\ursatest.mdf". The process cannot access the file because it is being used by another process 4:45 PM: Warning: Failed to open file "c:\program files\microsoft sql server\mssql\data\friends_data.mdf". The process cannot access the file because it is being used by another process 4:45 PM: Warning: Failed to open file "c:\program files\microsoft sql server\mssql\data\friends_log.ldf". The process cannot access the file because it is being used by another process 5:09 PM: Warning: Invalid file - not a PKZip file 5:09 PM: Warning: Invalid file - not a PKZip file 5:09 PM: Warning: Invalid file - not a PKZip file 5:09 PM: Warning: Invalid file - not a PKZip file 5:09 PM: Warning: Invalid file - not a PKZip file 5:09 PM: Warning: Invalid file - not a PKZip file 5:09 PM: Warning: Invalid file - not a PKZip file 5:09 PM: Warning: Invalid file - not a PKZip file 5:09 PM: Warning: Invalid file - not a PKZip file 5:10 PM: Warning: Unable to sweep compressed file: System Error. Code: 8. Not enough storage is available to process this command 5:10 PM: File Sweep Complete, Elapsed Time: 01:25:48 5:10 PM: Full Sweep has completed. Elapsed time 01:33:46 5:10 PM: Traces Found: 47 5:11 PM: Removal process initiated 5:11 PM: Quarantining All Traces: 2o7.net cookie 5:11 PM: Quarantining All Traces: addynamix cookie 5:11 PM: Quarantining All Traces: adknowledge cookie 5:11 PM: Quarantining All Traces: adserver cookie 5:11 PM: Quarantining All Traces: adultfriendfinder cookie 5:11 PM: Quarantining All Traces: advertising cookie 5:11 PM: Quarantining All Traces: alt cookie 5:11 PM: Quarantining All Traces: apmebf cookie 5:11 PM: Quarantining All Traces: ask cookie 5:11 PM: Quarantining All Traces: atlas dmt cookie 5:11 PM: Quarantining All Traces: belnk cookie 5:11 PM: Quarantining All Traces: burstbeacon cookie 5:11 PM: Quarantining All Traces: burstnet cookie 5:11 PM: Quarantining All Traces: casalemedia cookie 5:11 PM: Quarantining All Traces: delfinproject cookie 5:11 PM: Quarantining All Traces: falkag cookie 5:11 PM: Quarantining All Traces: fastclick cookie 5:11 PM: Quarantining All Traces: go.com cookie 5:11 PM: Quarantining All Traces: gostats cookie 5:11 PM: Quarantining All Traces: howstuffworks cookie 5:11 PM: Quarantining All Traces: mediaplex cookie 5:11 PM: Quarantining All Traces: pointroll cookie 5:11 PM: Quarantining All Traces: primaryads cookie 5:11 PM: Quarantining All Traces: questionmarket cookie 5:11 PM: Quarantining All Traces: realmedia cookie 5:11 PM: Quarantining All Traces: revenue.net cookie 5:11 PM: Quarantining All Traces: ru4 cookie 5:11 PM: Quarantining All Traces: sharewareonline cookie 5:11 PM: Quarantining All Traces: specificclick.com cookie 5:12 PM: Quarantining All Traces: statcounter cookie 5:12 PM: Quarantining All Traces: tacoda cookie 5:12 PM: Quarantining All Traces: toplist cookie 5:12 PM: Quarantining All Traces: tradedoubler cookie 5:12 PM: Quarantining All Traces: trafficmp cookie 5:12 PM: Quarantining All Traces: tribalfusion cookie 5:12 PM: Quarantining All Traces: webtrendslive cookie 5:12 PM: Quarantining All Traces: winantiviruspro cookie 5:12 PM: Quarantining All Traces: yieldmanager cookie 5:12 PM: Quarantining All Traces: zedo cookie 5:12 PM: Removal process completed. Elapsed time 00:00:33 ******** 9:31 PM: | Start of Session, Wednesday, May 03, 2006 | 9:31 PM: Spy Sweeper started 9:31 PM: Sweep initiated using definitions version 670 9:31 PM: Starting Memory Sweep 9:36 PM: Memory Sweep Complete, Elapsed Time: 00:05:03 9:36 PM: Starting Registry Sweep 9:38 PM: Registry Sweep Complete, Elapsed Time:00:01:12 9:38 PM: Starting Cookie Sweep 9:38 PM: Found Spy Cookie: tvguide cookie 9:38 PM: administrator@rsi.tvguide[2].txt (ID = 3600) 9:38 PM: Found Spy Cookie: go.com cookie 9:38 PM: administrator@go[7].txt (ID = 2728) 9:38 PM: Found Spy Cookie: l2m.net cookie 9:38 PM: administrator@l2m[1].txt (ID = 2913) 9:38 PM: administrator@33362002a.l2m[1].txt (ID = 2914) 9:38 PM: Found Spy Cookie: smni cookie 9:38 PM: administrator@smni[1].txt (ID = 3389) 9:38 PM: administrator@msn.espn.go[1].txt (ID = 2729) 9:38 PM: administrator@tvguide[2].txt (ID = 3599) 9:38 PM: Found Spy Cookie: bannerspace cookie 9:38 PM: administrator@bannerspace[2].txt (ID = 2284) 9:38 PM: Found Spy Cookie: intelliquest cookie 9:38 PM: administrator@c.intelliquest[1].txt (ID = 2870) 9:38 PM: administrator@go[2].txt (ID = 2728) 9:38 PM: Found Spy Cookie: 2o7.net cookie 9:38 PM: administrator@112.2o7[1].txt (ID = 1958) 9:38 PM: administrator@games.espn.go[1].txt (ID = 2729) 9:38 PM: administrator@go[1].txt (ID = 2728) 9:38 PM: administrator@espn.go[1].txt (ID = 2729) 9:38 PM: administrator@sports.espn.go[1].txt (ID = 2729) 9:38 PM: Found Spy Cookie: netratingsselect cookie 9:38 PM: administrator@nnselect[4].txt (ID = 3065) 9:38 PM: administrator@rsi.espn.go[1].txt (ID = 2729) 9:38 PM: administrator@www.tvguide[2].txt (ID = 3600) 9:38 PM: administrator@smni[2].txt (ID = 3389) 9:38 PM: administrator@sports.espn.go[2].txt (ID = 2729) 9:38 PM: Found Spy Cookie: rc cookie 9:38 PM: administrator@rc[1].txt (ID = 3231) 9:38 PM: administrator@msn.espn.go[3].txt (ID = 2729) 9:38 PM: administrator@proxy.espn.go[3].txt (ID = 2729) 9:38 PM: administrator@espn.go[2].txt (ID = 2729) 9:38 PM: Found Spy Cookie: dbbsrv cookie 9:38 PM: administrator@www.jinthemc.com.0.fb.dbbsrv[1].txt (ID = 2500) 9:38 PM: administrator@tvguide[1].txt (ID = 3599) 9:38 PM: administrator@games.espn.go[3].txt (ID = 2729) 9:38 PM: administrator@c.intelliquest[2].txt (ID = 2870) 9:38 PM: administrator@rsi.espn.go[3].txt (ID = 2729) 9:38 PM: administrator@abcnews.go[1].txt (ID = 2729) 9:38 PM: administrator@rc[2].txt (ID = 3231) 9:38 PM: administrator@proxy.espn.go[1].txt (ID = 2729) 9:38 PM: Found Spy Cookie: belointeractive cookie 9:38 PM: administrator@belointeractive[1].txt (ID = 2294) 9:38 PM: administrator@homepage.belointeractive[2].txt (ID = 2295) 9:38 PM: administrator@ads.belointeractive[2].txt (ID = 2295) 9:38 PM: Found Spy Cookie: stats.klsoft.com cookie 9:38 PM: administrator@stats.klsoft[1].txt (ID = 3451) 9:38 PM: Found Spy Cookie: rightmedia cookie 9:38 PM: administrator@rightmedia[3].txt (ID = 3259) 9:38 PM: administrator@games.espn.go[6].txt (ID = 2729) 9:38 PM: administrator@smni[3].txt (ID = 3389) 9:38 PM: administrator@www.tvguide[1].txt (ID = 3600) 9:38 PM: administrator@buycom.122.2o7[1].txt (ID = 1958) 9:38 PM: Found Spy Cookie: popups.infostart cookie 9:38 PM: administrator@popups.infostart[2].txt (ID = 3159) 9:38 PM: Found Spy Cookie: bizrate cookie 9:38 PM: administrator@bizrate[2].txt (ID = 2308) 9:38 PM: administrator@l2m[2].txt (ID = 2913) 9:38 PM: Found Spy Cookie: ask cookie 9:38 PM: administrator@ask[2].txt (ID = 2245) 9:38 PM: administrator@c.intelliquest[3].txt (ID = 2870) 9:38 PM: administrator@msn.espn.go[2].txt (ID = 2729) 9:38 PM: Found Spy Cookie: starpulse cookie 9:38 PM: administrator@www.starpulse[1].txt (ID = 3440) 9:38 PM: Found Spy Cookie: trb.com cookie 9:38 PM: administrator@trb[1].txt (ID = 3587) 9:38 PM: Found Spy Cookie: tickle cookie 9:38 PM: administrator@cookie.tickle[1].txt (ID = 3530) 9:38 PM: administrator@go[4].txt (ID = 2728) 9:38 PM: administrator@espn.go[3].txt (ID = 2729) 9:38 PM: Found Spy Cookie: megago cookie 9:38 PM: administrator@obsessive.freeservers[2].txt (ID = 2983) 9:38 PM: Found Spy Cookie: about cookie 9:38 PM: administrator@about[1].txt (ID = 2037) 9:38 PM: administrator@trb[2].txt (ID = 3587) 9:38 PM: administrator@ask[1].txt (ID = 2245) 9:38 PM: administrator@tvguide[3].txt (ID = 3599) 9:38 PM: Found Spy Cookie: hyperbanner cookie 9:38 PM: administrator@ads06.hyperbanner[1].txt (ID = 2816) 9:38 PM: administrator@heavy.etv.go[1].txt (ID = 2729) 9:38 PM: administrator@etv.go[2].txt (ID = 2729) 9:38 PM: Found Spy Cookie: myaffiliateprogram.com cookie 9:38 PM: administrator@www.myaffiliateprogram[1].txt (ID = 3032) 9:38 PM: Found Spy Cookie: specificclick.com cookie 9:38 PM: administrator@adopt.specificclick[3].txt (ID = 3400) 9:38 PM: Found Spy Cookie: ugo cookie 9:38 PM: administrator@mediamgr.ugo[2].txt (ID = 3609) 9:38 PM: administrator@80233640a.l2m[2].txt (ID = 2914) 9:38 PM: administrator@movies.go[1].txt (ID = 2729) 9:38 PM: Found Spy Cookie: rn11 cookie 9:38 PM: administrator@rn11[1].txt (ID = 3261) 9:38 PM: Found Spy Cookie: exitfuel cookie 9:38 PM: administrator@exitfuel[1].txt (ID = 2635) 9:38 PM: administrator@nnselect[2].txt (ID = 3065) 9:38 PM: administrator@sports.espn.go[3].txt (ID = 2729) 9:38 PM: Found Spy Cookie: cgi-win cookie 9:38 PM: administrator@cgi-win[1].txt (ID = 2376) 9:38 PM: administrator@bannerspace[3].txt (ID = 2284) 9:38 PM: administrator@ads.specificclick[1].txt (ID = 3400) 9:38 PM: Found Spy Cookie: atwola cookie 9:38 PM: administrator@atwola[4].txt (ID = 2255) 9:38 PM: Found Spy Cookie: gorillanation cookie 9:38 PM: administrator@gorillanation[2].txt (ID = 2746) 9:38 PM: Found Spy Cookie: metareward.com cookie 9:38 PM: administrator@metareward[1].txt (ID = 2990) 9:38 PM: administrator@games.espn.go[2].txt (ID = 2729) 9:38 PM: administrator@msn.espn.go[4].txt (ID = 2729) 9:38 PM: Found Spy Cookie: emode cookie 9:38 PM: administrator@emode[1].txt (ID = 2603) 9:38 PM: administrator@bannerspace[1].txt (ID = 2284) 9:38 PM: administrator@www.tvguide[3].txt (ID = 3600) 9:38 PM: administrator@proxy.espn.go[2].txt (ID = 2729) 9:38 PM: administrator@my.espn.go[1].txt (ID = 2729) 9:38 PM: administrator@bannerspace[4].txt (ID = 2284) 9:38 PM: administrator@sdc.tvguide[2].txt (ID = 3600) 9:38 PM: administrator@search.about[1].txt (ID = 2038) 9:38 PM: administrator@abcnews.go[2].txt (ID = 2729) 9:38 PM: administrator@about[3].txt (ID = 2037) 9:38 PM: administrator@football.espn.go[2].txt (ID = 2729) 9:38 PM: administrator@bizrate[1].txt (ID = 2308) 9:38 PM: Found Spy Cookie: pokerroom cookie 9:38 PM: administrator@pokerroom[1].txt (ID = 3149) 9:38 PM: administrator@urbanlegends.about[1].txt (ID = 2038) 9:38 PM: administrator@mediamgr.ugo[3].txt (ID = 3609) 9:38 PM: administrator@ads.gorillanation[1].txt (ID = 2744) 9:38 PM: administrator@metareward[2].txt (ID = 2990) 9:38 PM: administrator@abc.go[1].txt (ID = 2729) 9:38 PM: administrator@ak-sports.espn.go[1].txt (ID = 2729) 9:38 PM: administrator@nnselect[3].txt (ID = 3065) 9:38 PM: Found Spy Cookie: dealtime cookie 9:38 PM: administrator@dealtime[2].txt (ID = 2505) 9:38 PM: Found Spy Cookie: did-it cookie 9:38 PM: administrator@did-it[1].txt (ID = 2523) 9:38 PM: Found Spy Cookie: a cookie 9:38 PM: administrator@a[1].txt (ID = 2027) 9:38 PM: Found Spy Cookie: customer cookie 9:38 PM: administrator@customer[1].txt (ID = 2481) 9:38 PM: administrator@stats.klsoft[2].txt (ID = 3451) 9:38 PM: Found Spy Cookie: one-time-offer cookie 9:38 PM: administrator@one-time-offer[1].txt (ID = 3095) 9:38 PM: Found Spy Cookie: howstuffworks cookie 9:38 PM: administrator@howstuffworks[2].txt (ID = 2805) 9:38 PM: administrator@go[5].txt (ID = 2728) 9:38 PM: administrator@sports.espn.go[4].txt (ID = 2729) 9:38 PM: administrator@stat.dealtime[2].txt (ID = 2506) 9:38 PM: Found Spy Cookie: askmen cookie 9:38 PM: administrator@www.askmen[1].txt (ID = 2248) 9:38 PM: administrator@frenchfood.about[2].txt (ID = 2038) 9:38 PM: administrator@atwola[3].txt (ID = 2255) 9:38 PM: administrator@www.myaffiliateprogram[2].txt (ID = 3032) 9:38 PM: administrator@stats.klsoft[3].txt (ID = 3451) 9:38 PM: Found Spy Cookie: informit cookie 9:38 PM: administrator@www.informit[1].txt (ID = 2864) 9:38 PM: administrator@atwola[2].txt (ID = 2255) 9:38 PM: administrator@espnradio.espn.go[1].txt (ID = 2729) 9:38 PM: administrator@gorillanation[1].txt (ID = 2746) 9:38 PM: administrator@ads.specificclick[3].txt (ID = 3400) 9:38 PM: administrator@tvguide[4].txt (ID = 3599) 9:38 PM: administrator@geography.about[1].txt (ID = 2038) 9:38 PM: administrator@ads.gorillanation[2].txt (ID = 2744) 9:38 PM: administrator@mediamgr.ugo[4].txt (ID = 3609) 9:38 PM: administrator@gorillanation[3].txt (ID = 2746) 9:38 PM: administrator@customer[2].txt (ID = 2481) 9:38 PM: administrator@r.espn.go[1].txt (ID = 2729) 9:38 PM: administrator@abcnews.go[3].txt (ID = 2729) 9:38 PM: administrator@howstuffworks[1].txt (ID = 2805) 9:38 PM: administrator@askmen[3].txt (ID = 2247) 9:38 PM: administrator@games.espn.go[4].txt (ID = 2729) 9:38 PM: administrator@sports-att.espn.go[2].txt (ID = 2729) 9:38 PM: administrator@one-time-offer[2].txt (ID = 3095) 9:38 PM: administrator@about[5].txt (ID = 2037) 9:38 PM: Found Spy Cookie: specificpop cookie 9:38 PM: administrator@specificpop[2].txt (ID = 3401) 9:38 PM: administrator@tvguide[6].txt (ID = 3599) 9:38 PM: administrator@ads.specificclick[2].txt (ID = 3400) 9:38 PM: administrator@msn.espn.go[5].txt (ID = 2729) 9:38 PM: administrator@espn.go[5].txt (ID = 2729) 9:38 PM: administrator@rsi.tvguide[1].txt (ID = 3600) 9:38 PM: administrator@tvguide[8].txt (ID = 3599) 9:38 PM: administrator@rsi.espn.go[2].txt (ID = 2729) 9:38 PM: administrator@my.espn.go[2].txt (ID = 2729) 9:38 PM: administrator@specificpop[1].txt (ID = 3401) 9:38 PM: Found Spy Cookie: hypertracker.com cookie 9:38 PM: administrator@hypertracker[1].txt (ID = 2817) 9:38 PM: Found Spy Cookie: precisead cookie 9:38 PM: administrator@adopt.precisead[2].txt (ID = 3182) 9:38 PM: administrator@espn.go[7].txt (ID = 2729) 9:38 PM: Found Spy Cookie: techtarget cookie 9:38 PM: administrator@whatis.techtarget[1].txt (ID = 3500) 9:38 PM: administrator@mediamgr.ugo[5].txt (ID = 3609) 9:38 PM: administrator@rc[3].txt (ID = 3231) 9:38 PM: administrator@customer[3].txt (ID = 2481) 9:38 PM: Found Spy Cookie: nextag cookie 9:38 PM: administrator@nextag[3].txt (ID = 5014) 9:38 PM: administrator@hypertracker[2].txt (ID = 2817) 9:38 PM: administrator@rightmedia[1].txt (ID = 3259) 9:38 PM: Found Spy Cookie: webtrendslive cookie 9:38 PM: administrator@S005-01-9-28-233860-106434[1].txt (ID = 3679) 9:38 PM: Found Spy Cookie: pricegrabber cookie 9:38 PM: administrator@pricegrabber[1].txt (ID = 3185) 9:38 PM: administrator@searchstorage.techtarget[1].txt (ID = 3500) 9:38 PM: administrator@stats.klsoft[4].txt (ID = 3451) 9:38 PM: administrator@pcworld.pricegrabber[1].txt (ID = 3186) 9:38 PM: Found Spy Cookie: xiti cookie 9:38 PM: administrator@xiti[1].txt (ID = 3717) 9:38 PM: administrator@proxy.espn.go[4].txt (ID = 2729) 9:38 PM: Found Spy Cookie: partypoker cookie 9:38 PM: administrator@partypoker[1].txt (ID = 3111) 9:38 PM: administrator@tvguide[5].txt (ID = 3599) 9:38 PM: Found Spy Cookie: 360i cookie 9:38 PM: administrator@ct.360i[2].txt (ID = 1962) 9:38 PM: Found Spy Cookie: burstbeacon cookie 9:38 PM: administrator@www.burstbeacon[3].txt (ID = 2335) 9:38 PM: Found Spy Cookie: burstnet cookie 9:38 PM: administrator@burstnet[3].txt (ID = 2336) 9:38 PM: administrator@sdc.tvguide[1].txt (ID = 3600) 9:38 PM: Found Spy Cookie: gamespy cookie 9:38 PM: administrator@gamespy[1].txt (ID = 2719) 9:38 PM: administrator@sports-att.espn.go[1].txt (ID = 2729) 9:38 PM: administrator@ct.360i[1].txt (ID = 1962) 9:38 PM: administrator@did-it[2].txt (ID = 2523) 9:38 PM: Found Spy Cookie: affiliate cookie 9:38 PM: administrator@affiliate[1].txt (ID = 2199) 9:38 PM: administrator@www.tvguide[5].txt (ID = 3600) 9:38 PM: administrator@espn.go[4].txt (ID = 2729) 9:38 PM: administrator@nextag[1].txt (ID = 5014) 9:38 PM: administrator@bannerspace[5].txt (ID = 2284) 9:38 PM: Found Spy Cookie: belnk cookie 9:38 PM: administrator@dist.belnk[2].txt (ID = 2293) 9:38 PM: Found Spy Cookie: adecn cookie 9:38 PM: administrator@adecn[1].txt (ID = 2063) 9:38 PM: administrator@dealtime[3].txt (ID = 2505) 9:38 PM: administrator@one-time-offer[3].txt (ID = 3095) 9:38 PM: administrator@stat.dealtime[3].txt (ID = 2506) 9:38 PM: administrator@www.burstbeacon[1].txt (ID = 2335) 9:38 PM: administrator@cars.about[1].txt (ID = 2038) 9:38 PM: Found Spy Cookie: ccbill cookie 9:38 PM: administrator@ccbill[2].txt (ID = 2369) 9:38 PM: Found Spy Cookie: seeq cookie 9:38 PM: administrator@www48.seeq[1].txt (ID = 3332) 9:38 PM: Found Spy Cookie: dcskqeg2voifwznnd6alhtnei_8f3u cookie 9:38 PM: administrator@dcskqeg2voifwznnd6alhtnei_8f3u[1].txt (ID = 2501) 9:38 PM: administrator@one-time-offer[4].txt (ID = 3095) 9:38 PM: administrator@belnk[2].txt (ID = 2292) 9:38 PM: administrator@go[3].txt (ID = 2728) 9:38 PM: administrator@atwola[1].txt (ID = 2255) 9:38 PM: administrator@askmen[1].txt (ID = 2247) 9:38 PM: administrator@about[2].txt (ID = 2037) 9:38 PM: administrator@apartments.about[1].txt (ID = 2038) 9:38 PM: Found Spy Cookie: adjuggler cookie 9:38 PM: administrator@rotator.adjuggler[2].txt (ID = 2071) 9:38 PM: administrator@sports.espn.go[5].txt (ID = 2729) 9:38 PM: administrator@burstnet[1].txt (ID = 2336) 9:38 PM: Found Spy Cookie: 888 cookie 9:38 PM: administrator@888[1].txt (ID = 2019) 9:38 PM: administrator@adopt.specificclick[2].txt (ID = 3400) 9:38 PM: administrator@stat.dealtime[4].txt (ID = 2506) 9:38 PM: administrator@S005-01-9-28-233860-106434[2].txt (ID = 3679) 9:38 PM: administrator@dealtime[1].txt (ID = 2505) 9:38 PM: administrator@www.myaffiliateprogram[3].txt (ID = 3032) 9:38 PM: Found Spy Cookie: infospace cookie 9:38 PM: administrator@infospace[1].txt (ID = 2865) 9:38 PM: administrator@did-it[4].txt (ID = 2523) 9:38 PM: administrator@www.seeq[1].txt (ID = 3332) 9:38 PM: Found Spy Cookie: screensavers.com cookie 9:38 PM: administrator@www.screensavers[2].txt (ID = 3298) 9:38 PM: Found Spy Cookie: paypopup cookie 9:38 PM: administrator@paypopup[2].txt (ID = 3119) 9:38 PM: Found Spy Cookie: go2net.com cookie 9:38 PM: administrator@go2net[1].txt (ID = 2730) 9:38 PM: Found Spy Cookie: 64.62.232 cookie 9:38 PM: administrator@64.62.232[2].txt (ID = 1987) 9:38 PM: Found Spy Cookie: adlegend cookie 9:38 PM: administrator@adlegend[1].txt (ID = 2074) 9:38 PM: administrator@i.screensavers[1].txt (ID = 3298) 9:38 PM: Found Spy Cookie: starware.com cookie 9:38 PM: administrator@starware[2].txt (ID = 3441) 9:38 PM: administrator@www.burstbeacon[4].txt (ID = 2335) 9:38 PM: administrator@rotator.adjuggler[1].txt (ID = 2071) 9:38 PM: administrator@espn.go[6].txt (ID = 2729) 9:38 PM: Found Spy Cookie: adknowledge cookie 9:38 PM: administrator@adknowledge[2].txt (ID = 2072) 9:38 PM: administrator@games.espn.go[5].txt (ID = 2729) 9:38 PM: administrator@888[2].txt (ID = 2019) 9:38 PM: Found Spy Cookie: reunion cookie 9:38 PM: administrator@reunion[2].txt (ID = 3255) 9:38 PM: Found Spy Cookie: hbmediapro cookie 9:38 PM: administrator@adopt.hbmediapro[2].txt (ID = 2768) 9:38 PM: administrator@my.espn.go[3].txt (ID =

#14 SamAxe

New Member

Authentic Member
12 posts

Posted 26 May 2006 - 04:28 PM

9:38 PM: Warning: Failed to open file "c:\pagefile.sys". Access is denied 9:38 PM: Warning: Failed to open file "c:\hiberfil.sys". Access is denied 9:47 PM: Warning: Failed to open file "c:\winnt\system32\perflib_perfdata_2e0.dat". The process cannot access the file because it is being used by another process 9:48 PM: Warning: Failed to open file "c:\winnt\system32\perflib_perfdata_3e0.dat". The process cannot access the file because it is being used by another process 9:48 PM: Warning: Failed to open file "c:\winnt\system32\perflib_perfdata_6d4.dat". The process cannot access the file because it is being used by another process 9:49 PM: Warning: Failed to open file "c:\winnt\system32\config\software.log". The process cannot access the file because it is being used by another process 9:49 PM: Warning: Failed to open file "c:\winnt\system32\config\default.log". The process cannot access the file because it is being used by another process 9:49 PM: Warning: Failed to open file "c:\winnt\system32\config\security". The process cannot access the file because it is being used by another process 9:49 PM: Warning: Failed to open file "c:\winnt\system32\config\security.log". The process cannot access the file because it is being used by another process 9:49 PM: Warning: Failed to open file "c:\winnt\system32\config\system.alt". The process cannot access the file because it is being used by another process 9:49 PM: Warning: Failed to open file "c:\winnt\system32\config\sam". The process cannot access the file because it is being used by another process 9:49 PM: Warning: Failed to open file "c:\winnt\system32\config\sam.log". The process cannot access the file because it is being used by another process 9:49 PM: Warning: Failed to open file "c:\winnt\system32\config\system". The process cannot access the file because it is being used by another process 9:49 PM: Warning: Failed to open file "c:\winnt\system32\config\software". The process cannot access the file because it is being used by another process 9:49 PM: Warning: Failed to open file "c:\winnt\system32\config\default". The process cannot access the file because it is being used by another process 9:57 PM: Found Adware: hiwire 9:57 PM: hiwire.inf (ID = 62166) 10:10 PM: The Spy Communication shield has blocked access to: 10:10 PM: The Spy Communication shield has blocked access to: 10:10 PM: The Spy Communication shield has blocked access to: 10:10 PM: The Spy Communication shield has blocked access to: 10:10 PM: The Spy Communication shield has blocked access to: 10:10 PM: The Spy Communication shield has blocked access to: 10:10 PM: Found Adware: apropos 10:10 PM: exec.exe (ID = 50118) 10:10 PM: The Spy Communication shield has blocked access to: 10:10 PM: The Spy Communication shield has blocked access to: 10:10 PM: The Spy Communication shield has blocked access to: 10:10 PM: The Spy Communication shield has blocked access to: 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs6c0eb344-2eaf-492c-b271-b5816eac7f23.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs7e74c535-7110-4031-8ab8-d5e185e4a23b.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsa9c6b3ca-8ccc-4ef7-b796-abb4fbc12c70.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs4f32e9df-3f65-4727-93a1-5fc4a20a5daf.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs55327f64-2479-4fe3-a689-326a3f15618c.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs0c620005-9499-4406-a2fa-0a5e700bcbcb.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs4ee4fe24-c3d2-4121-9659-69e89af3bceb.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsf2b79cbf-a8c4-4926-8ad2-f24a57547bc1.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs3c6ddd03-5c0a-4dbc-ae01-b9f4dc8fe439.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs5c749fa8-c463-4f2f-8569-e4e03cdd1ba3.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs58475be5-6b89-4993-b88e-bd6f810032aa.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs4c262cae-e4a1-4c27-a7c7-34c062a4e8ed.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs71f42ca8-f942-4997-bce3-446ce5fe7697.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs312b3683-6b76-4877-8db2-bc72630c3c90.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs487aa80a-5134-495e-b296-17ee749da7fb.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs34f47684-5e78-459e-9dea-f078d48246a9.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsa04d33da-f0b6-48d9-ab35-d1dfaa46a203.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs37e08c3b-6a94-4b34-9d37-3746a220ffc2.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsbb96f386-cf25-4a4b-b6c2-483894381f5b.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs533d5ac2-c7a9-4b17-b356-4faf32231f0e.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs351a9402-13c4-4f1b-ab41-41cce2789161.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs0a47f482-52a9-478d-aec2-9f0dde0adb74.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsb69ca262-33f3-4b20-9755-095b44371631.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs3da23fd9-064a-4215-bc2b-49b856edfef3.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs20fec442-5283-4715-b906-ba8f35385e80.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs283faddf-8c4c-4019-86bd-84330f77391f.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs0846234a-dab3-4791-8594-1d3253adb6a7.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs62738555-907e-4d35-85a7-cdb0107eb051.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsb9720587-7e8a-47c8-b0c8-e5ac40470ca4.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsa851d7fe-f651-46aa-9eb0-7433b698182d.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscse9650c0d-0182-46ce-b803-d7f95e1bd337.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsc4d9ac7b-f433-446c-ae3d-101e892c984b.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsc0ca6620-2811-414a-8be7-65899bf4b830.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs742bd8f7-0d2c-44eb-82c6-cf960f038bc8.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsbb856fae-ae7b-4c2f-999b-5e8df9725821.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsfa76434b-eb22-4bca-8146-3a46f5a8b6e9.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs2008139f-92f0-475c-ae7a-7c1db3cfa000.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsc7fe8cbb-984d-470b-a5fb-3ad13e791331.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscse41b629e-82ec-4c2b-a250-d75039f7c611.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsdf37dd2b-eaab-4d44-9b15-f8ca4651fd7f.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs8288dfa0-594b-4ce8-8c8c-44a2f7596e79.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs87db881e-4ca6-4a5e-a251-361bbd71b220.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs6f166209-794d-443f-b010-895de2a2dc28.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs246313cc-b47c-4775-af93-c837a126efe2.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs05db213a-0276-4519-a18b-88bd918d95cb.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs2f76dd57-08b9-4ab0-9799-863be66b616f.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsc42d36ed-09b8-4093-a997-6f0a85074e74.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs05b8ba71-58b8-4771-8a08-1f64b378aa82.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs9b6a4516-78de-40ed-bc5b-c3dc752168ed.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsebd5b80f-7558-444d-8771-11f65355fa3b.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs46734b39-9c08-4624-bdba-be1b4a713d7e.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsa993bc09-d366-41c4-bde1-5eaecf481301.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscse5a81621-09c7-4880-8b0a-7c0702f71d3f.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsd3c42a9f-2155-4d8b-8ae0-7ec81bddcd04.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs95ea3cee-3745-46a4-b03b-4ac9cb9e99f3.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsa31518f3-b9f1-4f67-917a-fb335d59a372.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs46b4d6a4-a790-4f27-95e6-ee03955d087a.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsa47e043c-f73f-405a-8c2d-e183e57cd7b0.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs738cb62e-4671-4b2b-ba67-d24ea7eaa3f1.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs59da26a4-53e7-40d9-8041-436b75744b91.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs119ad805-3cc0-483f-b73c-7627ff7862f5.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsc5e7335c-2dc2-4014-9b58-3239c135fc77.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs73ca1801-5ec1-4ff8-99e4-9f8ad6560e0e.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs1c834642-f6e9-4c8a-93fa-21e955182d88.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs6f9dde1c-1726-4de5-b9a5-edd835e09a8f.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs87623cea-d14c-4fd2-97b5-e4d2518371bf.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs639aa321-1874-4cfa-b6a2-acbe210862bf.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscse132eaac-adab-4c60-8196-44aba2666617.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscscacfffcb-74dc-4686-9f50-ee6577f0f425.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs1353d925-232d-4dc6-a9fb-11421c483d32.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsf3586773-6561-4131-88d5-d7c97280bd85.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs327f20fa-d6eb-4615-8565-e1b1879eed28.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs3c48cc92-afd7-4437-8a26-50c3d27c9dab.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs1de74004-c5a6-4f72-8edd-ae658f7a23a4.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs25fd75cd-8d56-4b8f-901c-131c7e2e2ae6.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs49862442-7996-4f6c-9a17-c628c9e1aaa9.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsad7f527b-f95a-4bcc-9be7-6e818c611e32.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs28d85543-c9b3-4d2c-8aff-847d7c0f592b.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscse24ced45-c16d-4a8b-9bc0-be77604d216c.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsb2558c32-c18e-40d2-94ff-25bb5ae1b67b.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs2527ee93-8ee4-4add-9783-0cffc14427a0.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsbe9760dc-4c32-4ec2-84dd-522450927d22.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs4474db9c-7092-48cc-af4c-d2b5130b68e0.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs880564d5-2123-4b65-bcda-6ce734bbd7b6.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs13c830bc-653c-46ef-ace3-169d87e92c7a.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscse1336dcc-2187-4fe5-bcb4-4d16ff306efa.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs5899e1b1-742a-480b-bdbd-9933e39c8a56.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs8cc04d52-8626-4233-a667-449d4582bc8a.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs200a44f3-be3d-4ce3-bc75-1b367fd5673c.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs4b67f58f-efac-4db3-b178-eba115467a0a.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs124651d2-c3c6-42ff-9783-ab67e7f2c764.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs63ab4788-b186-418f-93f4-ba22eb365d7d.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsde94feec-e04d-4cf6-b555-1628d9d9c6b6.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs2f7ff74a-5326-4a52-bfda-f4d0944a10ef.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsa721584d-3a7f-4e59-96c8-cdd3a0f9b83b.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs3ca4dd7f-7d25-4f7c-9c08-61e86d474c97.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsc46a2d39-a913-4e94-97e1-ba45d1f53608.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs91520f6f-2546-40e1-8ab7-e40c30e2ecf3.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs8bfaec72-0d43-4fd7-bc8f-4d4ae9155375.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs4bcf6997-1247-4832-bb67-ff5f9a923f8b.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs0d88262c-09fc-459d-9ba6-2560643bcacb.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs716c724f-448f-4bd9-a363-2a4e646e4095.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscsbd5810ba-df02-4576-ae9a-8a7baa6b998f.tmp". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\webroot\spy sweeper\temp\sscs494bdbb1-99ed-49d7-a595-7817e605b58d.tmp". The process cannot access the file because it is being used by another process 10:10 PM: The Spy Communication shield has blocked access to: 10:10 PM: The Spy Communication shield has blocked access to: 10:10 PM: The Spy Communication shield has blocked access to: 10:10 PM: The Spy Communication shield has blocked access to: 10:10 PM: Warning: Failed to open file "c:\documents and settings\administrator\ntuser.dat". The process cannot access the file because it is being used by another process 10:10 PM: Warning: Failed to open file "c:\documents and settings\administrator\ntuser.dat.log". The process cannot access the file because it is being used by another process 10:11 PM: Warning: Failed to open file "c:\documents and settings\administrator\local settings\temp\temporary internet files\content.ie5\wpm1e1wf\schedules;arena=nfl;feat=schedules;type=psa;page=index;user=anonymous;myspl=no;fteam=nfl-none;fteam=nba-none;fteam=mlb-none;fteam=nhl-none;fteam=ncaaf-none;fteam=ncaab-n[1]". The system cannot find the path specified 10:11 PM: Warning: Failed to open file "c:\documents and settings\administrator\local settings\temp\temporary internet files\content.ie5\wpm1e1wf\schedules;arena=nfl;feat=schedules;type=psa;page=index;user=anonymous;myspl=no;fteam=nfl-none;fteam=nba-none;fteam=mlb-none;fteam=nhl-none;fteam=ncaaf-none;fteam=ncaab-n[2]". The system cannot find the path specified 10:21 PM: Warning: Failed to open file "c:\documents and settings\administrator\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process 10:21 PM: Warning: Failed to open file "c:\documents and settings\administrator\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process 10:32 PM: The Spy Communication shield has blocked access to: 10:32 PM: The Spy Communication shield has blocked access to: 10:32 PM: The Spy Communication shield has blocked access to: 10:32 PM: The Spy Communication shield has blocked access to: 10:33 PM: The Spy Communication shield has blocked access to: 10:33 PM: The Spy Communication shield has blocked access to: 10:33 PM: The Spy Communication shield has blocked access to: 10:33 PM: The Spy Communication shield has blocked access to: 10:33 PM: The Spy Communication shield has blocked access to: 10:33 PM: The Spy Communication shield has blocked access to: 10:33 PM: The Spy Communication shield has blocked access to: 10:33 PM: The Spy Communication shield has blocked access to: 10:33 PM: The Spy Communication shield has blocked access to: 10:33 PM: The Spy Communication shield has blocked access to: 10:33 PM: Warning: Failed to open file "c:\program files\microsoft sql server\mssql\data\mastlog.ldf". The process cannot access the file because it is being used by another process 10:33 PM: Warning: Failed to open file "c:\program files\microsoft sql server\mssql\data\model.mdf". The process cannot access the file because it is being used by another process 10:33 PM: Warning: Failed to open file "c:\program files\microsoft sql server\mssql\data\modellog.ldf". The process cannot access the file because it is being used by another process 10:33 PM: Warning: Failed to open file "c:\program files\microsoft sql server\mssql\data\msdbdata.mdf". The process cannot access the file because it is being used by another process 10:33 PM: Warning: Failed to open file "c:\program files\microsoft sql server\mssql\data\msdblog.ldf". The process cannot access the file because it is being used by another process 10:33 PM: Warning: Failed to open file "c:\program files\microsoft sql server\mssql\data\master.mdf". The process cannot access the file because it is being used by another process 10:33 PM: Warning: Failed to open file "c:\program files\microsoft sql server\mssql\data\pubs_log.ldf". The process cannot access the file because it is being used by another process 10:33 PM: Warning: Failed to open file "c:\program files\microsoft sql server\mssql\data\pubs.mdf". The process cannot access the file because it is being used by another process 10:33 PM: Warning: Failed to open file "c:\program files\microsoft sql server\mssql\data\northwnd.mdf". The process cannot access the file because it is being used by another process 10:33 PM: Warning: Failed to open file "c:\program files\microsoft sql server\mssql\data\northwnd.ldf". The process cannot access the file because it is being used by another process 10:33 PM: Warning: Failed to open file "c:\program files\microsoft sql server\mssql\data\tempdb.mdf". The process cannot access the file because it is being used by another process 10:33 PM: Warning: Failed to open file "c:\program files\microsoft sql server\mssql\data\templog.ldf". The process cannot access the file because it is being used by another process 10:33 PM: Warning: Failed to open file "c:\program files\microsoft sql server\mssql\data\ursatest_log.ldf". The process cannot access the file because it is being used by another process 10:33 PM: Warning: Failed to open file "c:\program files\microsoft sql server\mssql\data\ursadev_data.mdf". The process cannot access the file because it is being used by another process 10:33 PM: Warning: Failed to open file "c:\program files\microsoft sql server\mssql\data\ursadev_log.ldf". The process cannot access the file because it is being used by another process 10:33 PM: Warning: Failed to open file "c:\program files\microsoft sql server\mssql\data\ursa_data.mdf". The process cannot access the file because it is being used by another process 10:33 PM: Warning: Failed to open file "c:\program files\microsoft sql server\mssql\data\ursa_log.ldf". The process cannot access the file because it is being used by another process 10:33 PM: Warning: Failed to open file "c:\program files\microsoft sql server\mssql\data\ursatest.mdf". The process cannot access the file because it is being used by another process 10:33 PM: Warning: Failed to open file "c:\program files\microsoft sql server\mssql\data\friends_data.mdf". The process cannot access the file because it is being used by another process 10:33 PM: Warning: Failed to open file "c:\program files\microsoft sql server\mssql\data\friends_log.ldf". The process cannot access the file because it is being used by another process 10:54 PM: File Sweep Complete, Elapsed Time: 01:15:56 10:54 PM: Full Sweep has completed. Elapsed time 01:22:31 10:54 PM: Traces Found: 340 11:09 PM: Removal process initiated 11:10 PM: Quarantining All Traces: apropos 11:10 PM: Quarantining All Traces: hiwire 11:10 PM: Quarantining All Traces: 2o7.net cookie 11:10 PM: Quarantining All Traces: 360i cookie 11:10 PM: Quarantining All Traces: 64.62.232 cookie 11:10 PM: Quarantining All Traces: 888 cookie 11:10 PM: Quarantining All Traces: a cookie 11:10 PM: Quarantining All Traces: about cookie 11:10 PM: Quarantining All Traces: addynamix cookie 11:10 PM: Quarantining All Traces: adecn cookie 11:10 PM: Quarantining All Traces: adjuggler cookie 11:10 PM: Quarantining All Traces: adknowledge cookie 11:10 PM: Quarantining All Traces: adlegend cookie 11:10 PM: Quarantining All Traces: adrevolver cookie 11:10 PM: Quarantining All Traces: advertising cookie 11:10 PM: Quarantining All Traces: affiliate cookie 11:10 PM: Quarantining All Traces: affiliatefuel.com cookie 11:10 PM: Quarantining All Traces: alt cookie 11:10 PM: Quarantining All Traces: ask cookie 11:10 PM: Quarantining All Traces: askmen cookie 11:10 PM: Quarantining All Traces: atlas dmt cookie 11:10 PM: Quarantining All Traces: atwola cookie 11:10 PM: Quarantining All Traces: banner cookie 11:10 PM: Quarantining All Traces: bannerspace cookie 11:10 PM: Quarantining All Traces: belnk cookie 11:10 PM: Quarantining All Traces: belointeractive cookie 11:10 PM: Quarantining All Traces: bizrate cookie 11:10 PM: Quarantining All Traces: burstbeacon cookie 11:10 PM: Quarantining All Traces: burstnet cookie 11:10 PM: Quarantining All Traces: cassava cookie 11:10 PM: Quarantining All Traces: cc214142 cookie 11:10 PM: Quarantining All Traces: ccbill cookie 11:10 PM: Quarantining All Traces: cgi-win cookie 11:10 PM: Quarantining All Traces: customer cookie 11:10 PM: Quarantining All Traces: dbbsrv cookie 11:10 PM: Quarantining All Traces: dcskqeg2voifwznnd6alhtnei_8f3u cookie 11:10 PM: Quarantining All Traces: dealtime cookie 11:10 PM: Quarantining All Traces: delfinproject cookie 11:10 PM: Quarantining All Traces: did-it cookie 11:10 PM: Quarantining All Traces: directtrack cookie 11:10 PM: Quarantining All Traces: emode cookie 11:10 PM: Quarantining All Traces: exitfuel cookie 11:10 PM: Quarantining All Traces: gamespy cookie 11:10 PM: Quarantining All Traces: go.com cookie 11:10 PM: Quarantining All Traces: go2net.com cookie 11:10 PM: Quarantining All Traces: gorillanation cookie 11:10 PM: Quarantining All Traces: hbmediapro cookie 11:10 PM: Quarantining All Traces: howstuffworks cookie 11:10 PM: Quarantining All Traces: hyperbanner cookie 11:10 PM: Quarantining All Traces: hypertracker.com cookie 11:10 PM: Quarantining All Traces: ic-live cookie 11:10 PM: Quarantining All Traces: informit cookie 11:11 PM: Quarantining All Traces: infospace cookie 11:11 PM: Quarantining All Traces: intelliquest cookie 11:11 PM: Quarantining All Traces: l2m.net cookie 11:11 PM: Quarantining All Traces: maxserving cookie 11:11 PM: Quarantining All Traces: mediaplex cookie 11:11 PM: Quarantining All Traces: megago cookie 11:11 PM: Quarantining All Traces: metareward.com cookie 11:11 PM: Quarantining All Traces: military cookie 11:11 PM: Quarantining All Traces: myaffiliateprogram.com cookie 11:11 PM: Quarantining All Traces: netratingsselect cookie 11:11 PM: Quarantining All Traces: nextag cookie 11:11 PM: Quarantining All Traces: one-time-offer cookie 11:11 PM: Quarantining All Traces: overture cookie 11:11 PM: Quarantining All Traces: partypoker cookie 11:11 PM: Quarantining All Traces: paypopup cookie 11:11 PM: Quarantining All Traces: pcstats.com cookie 11:11 PM: Quarantining All Traces: pokerroom cookie 11:11 PM: Quarantining All Traces: popups.infostart cookie 11:11 PM: Quarantining All Traces: precisead cookie 11:11 PM: Quarantining All Traces: pricegrabber cookie 11:11 PM: Quarantining All Traces: questionmarket cookie 11:11 PM: Quarantining All Traces: rc cookie 11:11 PM: Quarantining All Traces: reliablestats cookie 11:11 PM: Quarantining All Traces: reunion cookie 11:11 PM: Quarantining All Traces: revenue.net cookie 11:11 PM: Quarantining All Traces: rightmedia cookie 11:11 PM: Quarantining All Traces: rn11 cookie 11:11 PM: Quarantining All Traces: screensavers.com cookie 11:11 PM: Quarantining All Traces: seeq cookie 11:11 PM: Quarantining All Traces: servedby advertising cookie 11:11 PM: Quarantining All Traces: smni cookie 11:11 PM: Quarantining All Traces: specificclick.com cookie 11:11 PM: Quarantining All Traces: specificpop cookie 11:11 PM: Quarantining All Traces: starpulse cookie 11:11 PM: Quarantining All Traces: starware.com cookie 11:11 PM: Quarantining All Traces: stats.klsoft.com cookie 11:11 PM: Quarantining All Traces: tacoda cookie 11:11 PM: Quarantining All Traces: techtarget cookie 11:11 PM: Quarantining All Traces: tickle cookie 11:11 PM: Quarantining All Traces: trb.com cookie 11:11 PM: Quarantining All Traces: tvguide cookie 11:11 PM: Quarantining All Traces: ugo cookie 11:11 PM: Quarantining All Traces: videodome cookie 11:11 PM: Quarantining All Traces: websponsors cookie 11:11 PM: Quarantining All Traces: webtrendslive cookie 11:11 PM: Quarantining All Traces: winantiviruspro cookie 11:11 PM: Quarantining All Traces: xiti cookie 11:11 PM: Quarantining All Traces: yieldmanager cookie 11:11 PM: Removal process completed. Elapsed time 00:01:39 11:13 PM: Deletion from quarantine initiated 11:13 PM: Processing: 2o7.net cookie 11:13 PM: Processing: 360i cookie 11:13 PM: Processing: 64.62.232 cookie 11:13 PM: Processing: 888 cookie 11:13 PM: Processing: a cookie 11:13 PM: Processing: about cookie 11:13 PM: Processing: addynamix cookie 11:13 PM: Processing: adecn cookie 11:13 PM: Processing: adjuggler cookie 11:13 PM: Processing: adknowledge cookie 11:13 PM: Processing: adlegend cookie 11:13 PM: Processing: adrevolver cookie 11:13 PM: Processing: advertising cookie 11:13 PM: Processing: affiliate cookie 11:13 PM: Processing: affiliatefuel.com cookie 11:13 PM: Processing: alt cookie 11:13 PM: Processing: apropos 11:13 PM: Processing: ask cookie 11:13 PM: Processing: askmen cookie 11:13 PM: Processing: atlas dmt cookie 11:13 PM: Processing: atwola cookie 11:13 PM: Processing: banner cookie 11:13 PM: Processing: bannerspace cookie 11:13 PM: Processing: belnk cookie 11:13 PM: Processing: belointeractive cookie 11:13 PM: Processing: bizrate cookie 11:13 PM: Processing: burstbeacon cookie 11:13 PM: Processing: burstnet cookie 11:13 PM: Processing: cassava cookie 11:13 PM: Processing: cc214142 cookie 11:13 PM: Processing: ccbill cookie 11:13 PM: Processing: cgi-win cookie 11:13 PM: Processing: customer cookie 11:13 PM: Processing: dbbsrv cookie 11:13 PM: Processing: dcskqeg2voifwznnd6alhtnei_8f3u cookie 11:13 PM: Processing: dealtime cookie 11:13 PM: Processing: delfinproject cookie 11:13 PM: Processing: did-it cookie 11:13 PM: Processing: directtrack cookie 11:13 PM: Processing: emode cookie 11:13 PM: Processing: exitfuel cookie 11:13 PM: Processing: gamespy cookie 11:13 PM: Processing: go.com cookie 11:13 PM: Processing: go2net.com cookie 11:13 PM: Processing: gorillanation cookie 11:13 PM: Processing: hbmediapro cookie 11:13 PM: Processing: hiwire 11:13 PM: Processing: howstuffworks cookie 11:13 PM: Processing: hyperbanner cookie 11:13 PM: Processing: hypertracker.com cookie 11:13 PM: Processing: ic-live cookie 11:13 PM: Processing: informit cookie 11:13 PM: Processing: infospace cookie 11:13 PM: Processing: intelliquest cookie 11:13 PM: Processing: l2m.net cookie 11:13 PM: Processing: maxserving cookie 11:13 PM: Processing: mediaplex cookie 11:13 PM: Processing: megago cookie 11:13 PM: Processing: metareward.com cookie 11:13 PM: Processing: military cookie 11:13 PM: Processing: myaffiliateprogram.com cookie 11:13 PM: Processing: netratingsselect cookie 11:13 PM: Processing: nextag cookie 11:13 PM: Processing: one-time-offer cookie 11:13 PM: Processing: overture cookie 11:13 PM: Processing: partypoker cookie 11:13 PM: Processing: paypopup cookie 11:13 PM: Processing: pcstats.com cookie 11:13 PM: Processing: pokerroom cookie 11:13 PM: Processing: popups.infostart cookie 11:13 PM: Processing: precisead cookie 11:13 PM: Processing: pricegrabber cookie 11:13 PM: Processing: questionmarket cookie 11:13 PM: Processing: rc cookie 11:13 PM: Processing: reliablestats cookie 11:13 PM: Processing: reunion cookie 11:13 PM: Processing: revenue.net cookie 11:13 PM: Processing: rightmedia cookie 11:13 PM: Processing: rn11 cookie 11:13 PM: Processing: screensavers.com cookie 11:13 PM: Processing: seeq cookie 11:13 PM: Processing: servedby advertising cookie 11:13 PM: Processing: smni cookie 11:13 PM: Processing: specificclick.com cookie 11:13 PM: Processing: specificpop cookie 11:13 PM: Processing: starpulse cookie 11:13 PM: Processing: starware.com cookie 11:13 PM: Processing: stats.klsoft.com cookie 11:13 PM: Processing: tacoda cookie 11:13 PM: Processing: techtarget cookie 11:13 PM: Processing: tickle cookie 11:13 PM: Processing: trb.com cookie 11:13 PM: Processing: tvguide cookie 11:13 PM: Processing: ugo cookie 11:13 PM: Processing: videodome cookie 11:13 PM: Processing: websponsors cookie 11:13 PM: Processing: webtrendslive cookie 11:13 PM: Processing: winantiviruspro cookie 11:13 PM: Processing: xiti cookie 11:13 PM: Processing: yieldmanager cookie 11:13 PM: Deletion from quarantine completed. Elapsed time 00:00:06 3:35 PM: Your spyware definitions have been updated. 3:35 PM: Processing Internet Explorer Favorites Alerts 3:35 PM: Allowed IE Favorite: Home PC Firewall Guide 3:35 PM: Allowed IE Favorite: WinAntiVirusPro pop ups - TomCoyote Forums 3:35 PM: Allowed IE Favorite: HiJack This log - WinAntiVirusPro, etc. infection - TomCoyote Forums 3:35 PM: Allowed IE Favorite: WinAntiSpyware removal explanation 3:35 PM: Allowed IE Favorite: Malware Complaints View topic - Places to get help - If still infected. 3:35 PM: Allowed IE Favorite: HijackThis Quick Start - TomCoyote 3:35 PM: Allowed IE Favorite: Malware Problems (Winfixer and Winantiviruspro) [RESOLVED] - Geeks to Go! 3:35 PM: Allowed IE Favorite: Gladiator Security Forum HELP! Think you are Infected 3:35 PM: Allowed IE Favorite: Gladiator Security Forum WinAntiVirusPro and WinGuard killing me 3:35 PM: Allowed IE Favorite: Hijacked by Winfixer 2005 - WinAntiVirusPro 2005 - HijackThis - Dell Community Forum 3:35 PM: Allowed IE Favorite: InfoWorld - Careers 3:35 PM: Allowed IE Favorite: spring 06 jobs 3:35 PM: Allowed IE Favorite: Americas Job Hotspots 3:37 PM: | End of Session, Friday, May 26, 2006 | ******** 9:16 PM: | Start of Session, Wednesday, May 03, 2006 | 9:16 PM: Spy Sweeper started 9:16 PM: Messenger service has been disabled. 9:19 PM: Your spyware definitions have been updated. 9:31 PM: | End of Session, Wednesday, May 03, 2006

#15 SamAxe

New Member

Authentic Member
12 posts

Posted 26 May 2006 - 04:29 PM

New Hijack log

Logfile of HijackThis v1.99.1
Scan saved at 5:14:25 PM, on 5/26/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\System32\QCONSVC.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINNT\system32\IMWEBSTA.EXE
C:\WINNT\AGRSMMSG.exe
C:\WINNT\system32\PRPCUI.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINNT\system32\RunDll32.exe
C:\WINNT\system32\dla\tfswctrl.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINNT\Logi_MwX.Exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\IBM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\IBM\Bluetooth Software\BTStackServer.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nydailynews.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [IMWEBSTA.EXE] IMWEBSTA.EXE START
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\StorageGuard\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINNT\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPWRTOOLBOX] C:\Program Files\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exe "-i"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: BTTray.lnk = C:\Program Files\IBM\Bluetooth Software\BTTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! MLB StatTracker - http://aud5.sports.d...mlbst8408_x.cab
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - https://www-3.ibm.co...ad/tgctlins.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....iTunesSetup.exe
O16 - DPF: {59D04288-805E-4D43-BE09-83B1083E9E1E} (IUpdateAutoLaunch Control) - http://idenphones.mo...eAutoLaunch.ocx
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - https://www-3.ibm.co...ad/IbmEgath.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://hoylegames.si...cherControl.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.c...ropper1_4us.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = grace.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = grace.com
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\system32\ibmpmsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: QCONSVC - Unknown owner - C:\WINNT\System32\QCONSVC.EXE
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

Body Background

skin color theme