Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Surf Sidekick Removal

Started by Connie313 , Nov 08 2005 09:45 PM

  • This topic is locked This topic is locked
10 replies to this topic

#1 Connie313

Connie313

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 08 November 2005 - 09:45 PM

Hi,

I have Surf Sidekick and a couple other nasty creatures that I can't seem to get rid of with regular spyware removal programs. Here is the log from my Hijack This Scan. Any help on what to get rid of is greatly appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 10:38:00 PM, on 11/8/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Compaq\EAB\EabServr.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\System32\WLANSTA.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\1129601940\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1129601940\ee\AOLServiceHost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
c:\program files\common files\aol\1129601940\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1129601940\ee\AOLServiceHost.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.bellsouth.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PicShow Class - {4487598C-2EC7-43A2-870E-6D8D720FDD9F} - C:\WINDOWS\System32\pkshbiwt.dll (file missing)
O2 - BHO: (no name) - {4AA870AC-8427-42a4-B92E-ECD956197489} - (no file)
O2 - BHO: wb - {55BE9F0D-6CAF-4c3e-B125-5A13A8C9D0EC} - C:\WINDOWS\System32\nsx195.dll
O2 - BHO: IRiras Class - {95C60327-8E17-44D6-98EB-7EB70CC606DD} - C:\WINDOWS\System32\iraslsoh.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] c:\compaq\cpqsetup\cpqset.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [WLANSTA.EXE] WLANSTA.EXE START
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [RemoveCpl] RemoveCpl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129601940\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: RemindU - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O9 - Extra button: Advisor - {4AAC555D-352C-4029-ABE8-F06ED9BC532D} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (HKCU)
O12 - Plugin for .asx: C:\Program Files\Compaq\Netscape Custom NA XP\PLUGINS\npdsplay.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .wvx: C:\Program Files\Compaq\Netscape Custom NA XP\PLUGINS\npdsplay.dll
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups...plorer1_8us.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol....oach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1126315320446
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.c...ient/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://204.118.132.1.../ACNePlayer.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E46755A1-B337-46CA-A198-9F20A0D811BB}: NameServer = 205.188.146.145
O20 - AppInit_DLLs: repairs302972961.dll
O20 - Winlogon Notify: Unimodem - C:\WINDOWS\
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\okqezso.exe (file missing)

    Advertisements

Register to Remove

#2 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 11 November 2005 - 09:24 PM

Hello Connie313, welcome to the forum. Sorry about the delay in responding :( If you still need help, Scan again with HijackThis, and copy/paste" a new log file into this thread.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#3 Connie313

Connie313

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 12 November 2005 - 11:12 AM

Here is a new log file

Logfile of HijackThis v1.99.1
Scan saved at 12:09:23 PM, on 11/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Compaq\EAB\EabServr.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\System32\WLANSTA.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\AOL\1129601940\ee\AOLHostManager.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\AOL\1129601940\ee\AOLServiceHost.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\fxssvc.exe
c:\program files\common files\aol\1129601940\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1129601940\ee\AOLServiceHost.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.bellsouth.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PicShow Class - {4487598C-2EC7-43A2-870E-6D8D720FDD9F} - C:\WINDOWS\System32\pkshbiwt.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: wb - {55BE9F0D-6CAF-4c3e-B125-5A13A8C9D0EC} - C:\WINDOWS\System32\nsx195.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] c:\compaq\cpqsetup\cpqset.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [WLANSTA.EXE] WLANSTA.EXE START
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [RemoveCpl] RemoveCpl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129601940\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: RemindU - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O9 - Extra button: Advisor - {4AAC555D-352C-4029-ABE8-F06ED9BC532D} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (HKCU)
O12 - Plugin for .asx: C:\Program Files\Compaq\Netscape Custom NA XP\PLUGINS\npdsplay.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .wvx: C:\Program Files\Compaq\Netscape Custom NA XP\PLUGINS\npdsplay.dll
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups...plorer1_8us.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol....oach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1126315320446
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.c...ient/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://204.118.132.1.../ACNePlayer.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab
O20 - AppInit_DLLs: repairs302972961.dll
O20 - Winlogon Notify: Unimodem - C:\WINDOWS\
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\okqezso.exe (file missing)

#4 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 12 November 2005 - 11:19 AM

Looks like you already have Spysweeper.
Open it and check for updated definitions, please do so.
(This may take several minutes)

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.

Click on Sweep and allow it to fully scan your system.If you are prompted to restart the computer, do so immediately. This is a necessary step to kill the infection!

When the sweep has finished, click Remove. Click Select All and then Next

From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.

Exit Spy Sweeper.

Empty Recycle Bin

Reboot and "copy/paste" a new HJT log as well as the Resullts from Spy Sweeper file into this thread.
Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#5 Connie313

Connie313

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 13 November 2005 - 09:37 PM

I upgraded to the new version of Spy Sweeper and ran the full sweep. Here is the log file from Spy Sweeper. I then ran Hijack This. I'll post that log file after the Spy Sweeper.

Spy Sweeper Log
********
9:25 PM: | Start of Session, Sunday, November 13, 2005 |
9:25 PM: Spy Sweeper started
9:25 PM: Sweep initiated using definitions version 572
9:25 PM: Starting Memory Sweep
9:25 PM: Found Adware: ezula ilookup
9:25 PM: Detected running threat: C:\WINDOWS\System32\nsx195.dll (ID = 180772)
9:25 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
9:25 PM: Found Adware: surfsidekick
9:25 PM: Detected running threat: C:\WINDOWS\system32\repairs302972961.dll (ID = 186597)
9:26 PM: Detected running threat: C:\Program Files\SurfSideKick 3\SskBho.dll (ID = 186907)
9:29 PM: Detected running threat: C:\Program Files\SurfSideKick 3\SskCore.dll (ID = 186908)
9:32 PM: Memory Sweep Complete, Elapsed Time: 00:07:05
9:32 PM: Starting Registry Sweep
9:33 PM: Found Adware: bookedspace
9:33 PM: HKLM\software\configuration manager\cfgmgr52\ (250 subtraces) (ID = 104873)
9:34 PM: HKCR\clsid\{02ee5b04-f144-47bb-83fb-a60bd91b74a9}\ (3 subtraces) (ID = 143389)
9:34 PM: HKLM\software\classes\clsid\{02ee5b04-f144-47bb-83fb-a60bd91b74a9}\ (3 subtraces) (ID = 143392)
9:34 PM: HKLM\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143400)
9:34 PM: HKLM\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 143406)
9:34 PM: HKLM\software\surfsidekick3\ (2 subtraces) (ID = 143413)
9:34 PM: Found Adware: windows afa internet enhancement
9:34 PM: HKLM\software\microsoft\windows\currentversion\uninstall\wafaie\ (2 subtraces) (ID = 147277)
9:34 PM: Found Adware: icannnews
9:34 PM: HKCR\activexctrl\ (3 subtraces) (ID = 169450)
9:34 PM: HKCR\interface\{980ad470-04ea-4d1d-bd26-e178b7bda6d8}\ (8 subtraces) (ID = 169454)
9:34 PM: HKCR\interface\{fd39937a-c583-4aac-9332-8a3e44988a67}\ (8 subtraces) (ID = 169455)
9:34 PM: HKCR\typelib\{ee5ac3d6-6f43-4047-af0a-d66fc2cf8f42}\ (9 subtraces) (ID = 169456)
9:34 PM: HKLM\software\classes\activexctrl\ (3 subtraces) (ID = 169457)
9:34 PM: HKLM\software\classes\interface\{980ad470-04ea-4d1d-bd26-e178b7bda6d8}\ (8 subtraces) (ID = 169461)
9:34 PM: HKLM\software\classes\interface\{fd39937a-c583-4aac-9332-8a3e44988a67}\ (8 subtraces) (ID = 169462)
9:34 PM: HKLM\software\classes\typelib\{ee5ac3d6-6f43-4047-af0a-d66fc2cf8f42}\ (9 subtraces) (ID = 169463)
9:34 PM: Found Adware: rich editor
9:34 PM: HKLM\software\riched\ (40 subtraces) (ID = 373158)
9:34 PM: Found Trojan Horse: sysnet
9:34 PM: HKLM\software\microsoft\windows\currentversion\uninstall\sysnet\ (2 subtraces) (ID = 381857)
9:34 PM: HKLM\software\microsoft\windows\currentversion\app paths\lanbrd\ (2 subtraces) (ID = 550562)
9:34 PM: HKLM\software\microsoft\windows\currentversion\app paths\lanbrup\ (2 subtraces) (ID = 550565)
9:34 PM: HKLM\system\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\lanbrup.exe\ (1 subtraces) (ID = 552678)
9:34 PM: HKLM\software\lanbridge\ (36 subtraces) (ID = 609177)
9:34 PM: HKLM\software\microsoft\windows\currentversion\uninstall\lanbridge\ (2 subtraces) (ID = 609194)
9:34 PM: Found Adware: visfx
9:34 PM: HKLM\system\currentcontrolset\services\windows overlay components\ (12 subtraces) (ID = 712954)
9:34 PM: Found Adware: safesurf
9:34 PM: HKCR\funtools.picshow\ (5 subtraces) (ID = 730902)
9:34 PM: HKCR\funtools.picshow.1\ (3 subtraces) (ID = 730908)
9:34 PM: HKCR\clsid\{4487598c-2ec7-43a2-870e-6d8d720fdd9f}\ (11 subtraces) (ID = 730912)
9:34 PM: HKCR\typelib\{7638761f-0ce1-4e68-9692-d623527a6b7b}\ (9 subtraces) (ID = 730924)
9:34 PM: HKLM\software\classes\funtools.picshow\ (5 subtraces) (ID = 730957)
9:34 PM: HKLM\software\classes\funtools.picshow.1\ (3 subtraces) (ID = 730963)
9:34 PM: HKLM\software\classes\clsid\{4487598c-2ec7-43a2-870e-6d8d720fdd9f}\ (11 subtraces) (ID = 730967)
9:34 PM: HKLM\software\classes\typelib\{7638761f-0ce1-4e68-9692-d623527a6b7b}\ (9 subtraces) (ID = 730979)
9:34 PM: HKLM\software\picshow\ (48 subtraces) (ID = 730989)
9:34 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{4487598c-2ec7-43a2-870e-6d8d720fdd9f}\ (ID = 730994)
9:34 PM: Found Adware: winad
9:34 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediagatewayx.dll\ (2 subtraces) (ID = 763026)
9:34 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mediagatewayx.dll (ID = 763028)
9:34 PM: HKLM\software\microsoft\windows nt\currentversion\windows\ || appinit_dlls (ID = 819064)
9:34 PM: Found Adware: cas
9:34 PM: HKCR\clsid\{724d478a-2bd0-4db4-ae42-288b1e346ef7}\ (4 subtraces) (ID = 820366)
9:34 PM: HKCR\typelib\{1b8b502e-465b-4022-be4f-fb6d9f808a18}\ (9 subtraces) (ID = 820387)
9:34 PM: HKLM\software\italmanager\ (40 subtraces) (ID = 820452)
9:34 PM: HKLM\software\classes\clsid\{724d478a-2bd0-4db4-ae42-288b1e346ef7}\ (4 subtraces) (ID = 820519)
9:34 PM: HKLM\software\classes\typelib\{1b8b502e-465b-4022-be4f-fb6d9f808a18}\ (9 subtraces) (ID = 820540)
9:34 PM: HKLM\software\microsoft\windows\currentversion\uninstall\italmgr\ (2 subtraces) (ID = 820572)
9:34 PM: HKLM\system\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\ichckupd.exe\ (1 subtraces) (ID = 820614)
9:34 PM: HKLM\software\microsoft\windows\currentversion\app paths\italm\ (2 subtraces) (ID = 831468)
9:34 PM: HKLM\software\microsoft\windows\currentversion\app paths\ichckupd\ (2 subtraces) (ID = 831816)
9:34 PM: HKCR\clsid\{09d98db3-217f-4a37-950f-7fa1b08ce2b6}\ (11 subtraces) (ID = 926729)
9:34 PM: HKCR\clsid\{55be9f0d-6caf-4c3e-b125-5a13a8c9d0ec}\ (11 subtraces) (ID = 926741)
9:34 PM: HKCR\typelib\{4dfd0b10-93db-4d7e-9b34-3d92ca493be4}\ (9 subtraces) (ID = 926753)
9:34 PM: HKLM\software\classes\clsid\{09d98db3-217f-4a37-950f-7fa1b08ce2b6}\ (11 subtraces) (ID = 926763)
9:34 PM: HKLM\software\classes\clsid\{55be9f0d-6caf-4c3e-b125-5a13a8c9d0ec}\ (11 subtraces) (ID = 926775)
9:34 PM: HKLM\software\classes\typelib\{4dfd0b10-93db-4d7e-9b34-3d92ca493be4}\ (9 subtraces) (ID = 926787)
9:34 PM: HKLM\software\rasmon\ (33 subtraces) (ID = 966765)
9:34 PM: HKLM\software\microsoft\windows\currentversion\app paths\irassync\ (2 subtraces) (ID = 966820)
9:34 PM: HKLM\software\microsoft\windows\currentversion\uninstall\rasmon\ (2 subtraces) (ID = 966833)
9:34 PM: HKLM\system\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\irasyncd.exe\ (1 subtraces) (ID = 966837)
9:34 PM: HKU\S-1-5-21-3942531886-2346120412-4285710654-1003\software\microsoft\internet explorer\urlsearchhooks\ || {02ee5b04-f144-47bb-83fb-a60bd91b74a9} (ID = 143397)
9:34 PM: HKU\S-1-5-21-3942531886-2346120412-4285710654-1003\software\microsoft\windows\currentversion\run\ || surfsidekick 3 (ID = 143403)
9:34 PM: HKU\S-1-5-21-3942531886-2346120412-4285710654-1003\software\surfsidekick3\ (3 subtraces) (ID = 143412)
9:34 PM: HKU\S-1-5-21-3942531886-2346120412-4285710654-1003\software\cmapp\ (ID = 381792)
9:34 PM: Registry Sweep Complete, Elapsed Time:00:01:39
9:34 PM: Starting Cookie Sweep
9:34 PM: Found Spy Cookie: servlet cookie
9:34 PM: owner@servlet[4].txt (ID = 3345)
9:34 PM: owner@servlet[2].txt (ID = 3345)
9:34 PM: Found Spy Cookie: rn11 cookie
9:34 PM: owner@a.rn11[1].txt (ID = 3262)
9:34 PM: Found Spy Cookie: kmpads cookie
9:34 PM: owner@kmpads[1].txt (ID = 2909)
9:34 PM: Found Spy Cookie: belnk cookie
9:34 PM: owner@belnk[1].txt (ID = 2292)
9:34 PM: Found Spy Cookie: askmen cookie
9:34 PM: owner@www.askmen[1].txt (ID = 2248)
9:34 PM: Found Spy Cookie: upspiral cookie
9:34 PM: owner@www.upspiral[2].txt (ID = 3615)
9:34 PM: Found Spy Cookie: gorillanation cookie
9:34 PM: owner@gorillanation[2].txt (ID = 2746)
9:34 PM: Found Spy Cookie: mygeek cookie
9:34 PM: owner@mygeek[2].txt (ID = 3041)
9:34 PM: owner@servlet[1].txt (ID = 3345)
9:34 PM: Found Spy Cookie: hotbar cookie
9:34 PM: owner@adopt.hotbar[2].txt (ID = 4207)
9:34 PM: owner@dist.belnk[3].txt (ID = 2293)
9:34 PM: Found Spy Cookie: 888 cookie
9:34 PM: owner@888[1].txt (ID = 2019)
9:34 PM: Found Spy Cookie: nextag cookie
9:34 PM: owner@nextag[1].txt (ID = 5014)
9:34 PM: owner@nextag[3].txt (ID = 5014)
9:34 PM: Found Spy Cookie: 2o7.net cookie
9:34 PM: owner@2o7[2].txt (ID = 1957)
9:34 PM: Found Spy Cookie: hbmediapro cookie
9:34 PM: owner@adopt.hbmediapro[2].txt (ID = 2768)
9:34 PM: Found Spy Cookie: reliablestats cookie
9:34 PM: owner@stats1.reliablestats[2].txt (ID = 3254)
9:34 PM: Found Spy Cookie: yieldmanager cookie
9:34 PM: owner@yieldmanager[2].txt (ID = 3749)
9:34 PM: Found Spy Cookie: 3 cookie
9:34 PM: owner@64.226.3[1].txt (ID = 1960)
9:34 PM: Found Spy Cookie: coolsavings cookie
9:34 PM: owner@coolsavings[1].txt (ID = 2465)
9:34 PM: Found Spy Cookie: directtrack cookie
9:34 PM: owner@directtrack[1].txt (ID = 2527)
9:34 PM: Found Spy Cookie: azjmp cookie
9:34 PM: owner@azjmp[2].txt (ID = 2270)
9:34 PM: Found Spy Cookie: web-stat cookie
9:34 PM: owner@www.web-stat[2].txt (ID = 3649)
9:34 PM: Found Spy Cookie: commerce cookie
9:34 PM: owner@commerce[1].txt (ID = 2451)
9:34 PM: owner@www.nextag[2].txt (ID = 5015)
9:34 PM: owner@gorillanation[1].txt (ID = 2746)
9:34 PM: owner@kmpads[3].txt (ID = 2909)
9:34 PM: owner@ad.yieldmanager[3].txt (ID = 3751)
9:34 PM: owner@www.askmen[2].txt (ID = 2248)
9:34 PM: owner@doubleyourdating.directtrack[2].txt (ID = 2528)
9:34 PM: owner@www2.nextag[1].txt (ID = 5015)
9:34 PM: owner@yieldmanager[1].txt (ID = 3749)
9:34 PM: owner@azjmp[1].txt (ID = 2270)
9:34 PM: Found Spy Cookie: clickzs cookie
9:34 PM: owner@cz3.clickzs[2].txt (ID = 2413)
9:34 PM: owner@dist.belnk[4].txt (ID = 2293)
9:34 PM: Found Spy Cookie: primaryads cookie
9:34 PM: owner@1.primaryads[2].txt (ID = 3190)
9:34 PM: Found Spy Cookie: ic-live cookie
9:34 PM: owner@ic-live[1].txt (ID = 2821)
9:34 PM: Found Spy Cookie: starware.com cookie
9:34 PM: owner@www.starware[1].txt (ID = 3442)
9:34 PM: Found Spy Cookie: statcounter cookie
9:34 PM: owner@statcounter[2].txt (ID = 3447)
9:34 PM: owner@askmen[1].txt (ID = 2247)
9:34 PM: Found Spy Cookie: adecn cookie
9:34 PM: owner@adecn[1].txt (ID = 2063)
9:34 PM: owner@nextag[4].txt (ID = 5014)
9:34 PM: owner@adopt.hbmediapro[3].txt (ID = 2768)
9:34 PM: owner@h.starware[2].txt (ID = 3442)
9:34 PM: Found Spy Cookie: partypoker cookie
9:34 PM: owner@partypoker[1].txt (ID = 3111)
9:34 PM: owner@stats1.reliablestats[1].txt (ID = 3254)
9:34 PM: owner@mygeek[1].txt (ID = 3041)
9:34 PM: Found Spy Cookie: adjuggler cookie
9:34 PM: owner@rotator.adjuggler[2].txt (ID = 2071)
9:34 PM: Found Spy Cookie: a cookie
9:34 PM: owner@a[1].txt (ID = 2027)
9:34 PM: Found Spy Cookie: 82155961 cookie
9:34 PM: owner@82155961[1].txt (ID = 2017)
9:34 PM: Found Spy Cookie: enhance cookie
9:34 PM: owner@c.enhance[1].txt (ID = 2614)
9:34 PM: Found Spy Cookie: tracking cookie
9:34 PM: owner@tracking[2].txt (ID = 3571)
9:34 PM: Found Spy Cookie: cassava cookie
9:34 PM: owner@cassava[1].txt (ID = 2362)
9:34 PM: owner@ad.yieldmanager[2].txt (ID = 3751)
9:34 PM: owner@dist.belnk[2].txt (ID = 2293)
9:34 PM: owner@nextag[2].txt (ID = 5014)
9:34 PM: owner@server3.web-stat[2].txt (ID = 3649)
9:34 PM: Found Spy Cookie: burstbeacon cookie
9:34 PM: owner@www.burstbeacon[2].txt (ID = 2335)
9:34 PM: Found Spy Cookie: websponsors cookie
9:34 PM: owner@a.websponsors[2].txt (ID = 3665)
9:34 PM: Found Spy Cookie: mytemplatestorage cookie
9:34 PM: owner@www.mytemplatestorage[1].txt (ID = 3050)
9:34 PM: Found Spy Cookie: 91338698 cookie
9:34 PM: owner@91338698[1].txt (ID = 2025)
9:34 PM: owner@ad.yieldmanager[1].txt (ID = 3751)
9:34 PM: Cookie Sweep Complete, Elapsed Time: 00:00:05
9:34 PM: Starting File Sweep
9:34 PM: Warning: Failed to open file "c:\pagefile.sys". Access is denied
9:34 PM: Warning: Failed to open file "c:\hiberfil.sys". Access is denied
9:36 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\aol\c_america online 9.0a\idb\main.idx". The process cannot access the file because it is being used by another process
9:36 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\aol\c_america online 9.0a\idb\sysnews.lst". The process cannot access the file because it is being used by another process
9:36 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\aol\c_america online 9.0a\idb\app10313.lst". The process cannot access the file because it is being used by another process
9:36 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\aol\c_america online 9.0a\idb\app9515.lst". The process cannot access the file because it is being used by another process
9:36 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\aol\c_america online 9.0a\idb\app9141.lst". The process cannot access the file because it is being used by another process
9:36 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\aol\c_america online 9.0a\idb\app9762.lst". The process cannot access the file because it is being used by another process
9:36 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\aol\c_america online 9.0a\idb\app9067.lst". The process cannot access the file because it is being used by another process
9:36 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\aol\c_america online 9.0a\idb\style.lst". The process cannot access the file because it is being used by another process
9:36 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\aol\c_america online 9.0a\idb\apps.lst". The process cannot access the file because it is being used by another process
9:36 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\aol\c_america online 9.0a\idb\app9401.lst". The process cannot access the file because it is being used by another process
9:36 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\aol\c_america online 9.0a\idb\toolbar.lst". The process cannot access the file because it is being used by another process
9:36 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\aol\c_america online 9.0a\idb\app9076.lst". The process cannot access the file because it is being used by another process
9:36 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\aol\c_america online 9.0a\idb\spool.lst". The process cannot access the file because it is being used by another process
9:36 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\aol\c_america online 9.0a\idb\diction.lst". The process cannot access the file because it is being used by another process
9:36 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\aol\c_america online 9.0a\organize\callen1008". The process cannot access the file because it is being used by another process
9:36 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\aol\c_america online 9.0a\organize\cache\callen1005". The process cannot access the file because it is being used by another process
9:36 PM: Warning: Failed to read file "c:\documents and settings\all users\application data\aol\storage\server.lock". The process cannot access the file because another process has locked a portion of the file
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs258ed128-9298-4418-a5b9-6042bf595513.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3bdf2eb0-272f-44fb-a351-7ae4f6247ae5.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3be2225d-f653-4680-ae23-be63d0c9020f.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf8a8ece5-d041-49b4-b258-74950597d51b.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs1634b1bb-0d41-4775-ab36-c264b4809eeb.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscscd9b417d-17cd-4b7c-92d0-0665e45c91e8.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8680b90b-d23f-4fc9-a893-fa39cfe99bcf.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd99978c9-30bd-4617-99e8-901850d278ca.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsab8d6032-3346-452a-b71b-0f33228a5181.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs711de5ed-09a1-458d-98fb-9847ecdfa691.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs53cc497a-fcf4-424d-8e0d-ee5c3dd76acc.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs7cd41e15-b3e8-473c-9bbc-3470ebae585b.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs72d2c702-ca5b-441d-b19a-8a3da39bfbcb.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsfa3f8413-3ce6-45b3-a2cd-a4094cbd07e8.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsce9645c5-a160-4746-9289-7f275a2ee3b9.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs76dd07fb-d102-4776-84c1-33673698ea45.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9b46593f-05d6-43a2-a3b9-325d7803b295.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs642735e8-3d8b-4b17-a490-658d8d472dcc.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs74a29fac-e29d-4424-8358-12dd0b4285f3.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs79b7beba-3e95-4221-9d60-6042c76bb5bb.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs95ba5012-aa9c-4058-9863-e21773ea089b.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb0a3f138-4d8e-4237-a489-78350e13b191.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs14481482-361c-49c4-aa9d-b6fd46fab632.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse30d8c39-a2e6-4d64-b7b1-cfffcedfe917.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs939ebb3b-baa7-4724-b16c-397dc7375f68.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc799844f-de92-42ef-8ee5-8f58d0da82ba.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs1f1a14dc-7654-46c4-8999-4755f540df33.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3e806106-dee5-4f0b-aae9-621667c3a5ef.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs51e1d4f2-4523-409e-b008-5c8b49675594.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsbe72a16f-3cb3-44ee-849b-c7b7a36587fd.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsaa32b0e3-a0e3-4aec-9736-9a030080080a.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs15ac187c-172d-45c8-a40e-2f7f64b5de0c.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5baf19b2-6565-4a56-84ff-9bcecd7621c8.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2aa21793-190a-404b-a236-00d66fa6b45a.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5d3ef7c0-3b77-420b-bcf1-fefaa6603620.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs94f5f4e7-e37f-483c-b74e-3db1e98dfb26.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse7026dc2-7411-424e-ae7a-f2472ac2f0e8.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6c097fcf-a0d6-4c4e-aba0-0ccc53cee7eb.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsca801f37-bf2f-4b97-a538-f608b2f4b526.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse0c703ca-b455-4423-8254-98e2268cb9fe.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3629df83-c16c-43ee-9794-a2aa3e3d064b.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5aaf2371-7cf1-4cd9-a8d7-cf7d59540e87.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs23cba00b-024b-4044-87f5-c1f692e14425.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd79cd436-fceb-4b75-97e0-2e2810bd195e.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5c2c9101-6d57-4ddf-9a25-169bdb237197.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd872123e-281f-47d1-a628-2c491535613e.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd10e29c6-01b8-43e7-92dc-16fc8ddad1ad.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb1cc90be-d793-4856-92bd-8952c5185aa2.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsbd55de8f-ccb7-4691-bd37-7ff806cccb68.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9d9ec50a-efd9-4dc0-8e34-a269ece4f1df.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs757f4511-9ab4-47f2-9ce0-035c8267383b.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5875ec43-f26f-4923-986f-da20c434825b.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb61e4fb6-020e-4834-ab61-00180e166db7.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9dfcc328-852f-4240-a9e6-ac08466ca074.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs513931de-3786-49d2-9d67-a7ca47188522.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsebd48517-d0aa-43de-9ff0-6f3b64e25e2a.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8afbaf59-7a72-4835-bafa-2014491f2d3c.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc6bf8be6-7382-435d-999a-9a2fd436edd2.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs12d035b3-318b-4f00-8846-b6400dab8e9b.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsbad449e0-9b67-481e-a5df-5e8853b0867c.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsed474615-68d2-4e67-b4ad-9375b21ad623.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb73a2aec-ffd9-496a-b79e-c43176b03b29.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs778335af-aed9-41f4-8e79-d74d59068a38.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs651ef715-41cd-4cce-98f6-30f6f149ef03.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse0c38cde-7262-47c5-ad0c-ced6a12e34cd.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs843f28fa-ee9f-4b56-a6f1-ddf124391c8a.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsaa62af58-c582-45d8-bdaf-5bc66169dcf7.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsef0c6703-929a-4721-a698-f93c3ffbf8b4.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs082e3fdd-fa22-4877-92b2-0312db6c7a28.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa08c2070-f828-4f63-bd99-e286bf1f01bd.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd9f2ea7e-028b-4945-9ffc-0153ba7b4d07.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa4221640-9064-4662-9721-a866f8db7476.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9e05f6d4-2520-49e3-8f51-54660f08436f.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc27243ee-d6a6-42ee-8b33-2114f79aa84b.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5f3621d1-95d0-4f25-a311-89f42e1a1d99.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs45c48164-75c6-438d-be29-c45bb25e8f0d.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs38d6b68e-2ccd-4171-ae6e-c6bf82cd6764.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs52cefe80-d3d4-40d6-a3b4-19e5fa64e85f.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsbff212d4-3e77-4338-a72f-046d29ed0431.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs12fba994-0a69-4851-a229-290a01d119a7.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4bbd7f44-5703-45f5-a935-2d7f38c1107f.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsdec78111-3c46-40ec-abeb-8cb7163fadad.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6b3b5937-6eee-4f2b-a824-ec217cac06fc.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb8a44010-8ea7-4ff4-bc66-3a18f3e31ddd.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsfa07bc25-1355-43c2-bafb-39f952599f11.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse816e908-56e5-42e4-9754-acf6af896bc0.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse13bd5cd-508f-431e-a3ef-c037d78519d2.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs78a3940b-6f8b-451e-bc85-c4b12eeb49f2.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf2e022e3-4606-4a33-8363-1f2e334cc399.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6f763c67-4d8d-432c-9425-aa1eb44f6ce6.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd80b8c59-7f2f-41b9-8984-526b942f3979.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs54783935-e948-4a65-a9bf-f761cff9a9af.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsfcd9f0e9-cdd9-4ff1-a936-ab1b87c5b3d7.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscscfce022b-d752-4950-8f03-e63d4e3a5535.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsfcedcae5-2a2c-4d8c-80c1-8b1e10aab1e9.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs43ff04e0-a947-454e-9ba9-83ec484a2fba.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsca288e75-15a2-49f5-b7c7-a09fbc399c9f.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs08a9620a-2f98-48da-9138-afd233b88e53.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9a96ae30-0bec-4c08-930e-8b7805fe3c59.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs17dbcac0-5eaf-43de-9565-7e8ce947a499.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs7684da5d-b627-4810-9288-d21d4a0a963e.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs54606bc9-a355-42a4-84cc-01c2e2c8dd11.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse62351b0-5578-459e-942f-e94decffec3d.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse9aee9b1-a5e5-4896-a549-ab552e9215ef.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\owner\ntuser.dat". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\documents and settings\owner\ntuser.dat.log". The process cannot access the file because it is being used by another process
9:37 PM: sskknwrd.dll (ID = 77733)
9:38 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
9:38 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
9:38 PM: The Spy Communication shield has blocked access to: ads.surfsidekick.com
9:38 PM: The Spy Communication shield has blocked access to: ads.surfsidekick.com
9:38 PM: The Spy Communication shield has blocked access to: ads.surfsidekick.com
9:38 PM: The Spy Communication shield has blocked access to: ads.surfsidekick.com
9:39 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
9:39 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
9:39 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
9:39 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\8xurwd67\1842937249@headerspon,pagespon,localad,explore1,explore2,explore3,explore4,explore5,explore6,spotlight1,spotlight2,spotlight3,spotlight4,spotlight5,spotlight6,pagespon2,sw[1]". The system cannot find the path specified
9:39 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\cnct896p\1550025209@headerspon,pagespon,localad,explore1,explore2,explore3,explore4,explore5,explore6,spotlight1,spotlight2,spotlight3,spotlight4,spotlight5,spotlight6,pagespon2,sw[1]". The system cannot find the path specified
9:40 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
9:41 PM: Found Adware: directrevenue-abetterinternet
9:41 PM: drpmon[1].dll (ID = 120328)
9:41 PM: b2search_v17.exe (ID = 188142)
9:41 PM: thin_installer.exe (ID = 156514)
9:41 PM: snuninst.exe (ID = 115282)
9:41 PM: installer4_thin.exe (ID = 122354)
9:41 PM: selassix.tmp (ID = 187011)
9:41 PM: Found Adware: winantispyware 2005
9:41 PM: winfixer2005scannersetup.exe (ID = 134858)
9:41 PM: installerv5_thin.exe (ID = 156514)
9:41 PM: sntaudio.tmp (ID = 138228)
9:41 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
9:41 PM: wincmapp.exe (ID = 145805)
9:41 PM: crptclrs.tmp (ID = 156483)
9:41 PM: cmapp13.exe (ID = 156523)
9:41 PM: upd0002.exe (ID = 156532)
9:41 PM: vfx3.exe (ID = 155627)
9:41 PM: 111419.exe (ID = 156165)
9:41 PM: watch_free_porn.exe (ID = 156165)
9:41 PM: adwsetup_upd.exe (ID = 180807)
9:41 PM: ssk3_installerv5.exe (ID = 162632)
9:41 PM: adsetup.silent.1.13.exe (ID = 167465)
9:41 PM: un2.tmp (ID = 163864)
9:42 PM: setup.exe (ID = 134857)
9:42 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
9:59 PM: c:\program files\asys (1 subtraces) (ID = -2147477847)
9:59 PM: c:\program files\cmapp (ID = -2147477896)
9:59 PM: c:\program files\wincmapp (1 subtraces) (ID = -2147472758)
9:59 PM: c:\program files\fcengine (4 subtraces) (ID = -2147471607)
9:59 PM: c:\program files\surfsidekick 3 (3 subtraces) (ID = -2147480186)
9:59 PM: vfx8.0-1.exe (ID = 110122)
9:59 PM: plugin.dll (ID = 154761)
9:59 PM: fcengine.exe (ID = 154760)
9:59 PM: sskbho.dll (ID = 186907)
9:59 PM: sskcore.dll (ID = 186908)
9:59 PM: ssk.exe (ID = 186906)
9:59 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || SurfSideKick 3 (ID = 0)
9:59 PM: HKU\S-1-5-21-3942531886-2346120412-4285710654-1003\Software\Microsoft\Windows\CurrentVersion\Run || SurfSideKick 3 (ID = 0)
9:59 PM: tcuylisg.exe (ID = 51663)
9:59 PM: uwfx5_0001_lp1014netinstaller.exe (ID = 168841)
10:01 PM: nsx195.dll (ID = 180772)
10:01 PM: nsw18f.dll (ID = 180772)
10:01 PM: bk.exe (ID = 166386)
10:02 PM: rastmon.dll (ID = 187012)
10:02 PM: irasyncd.exe (ID = 187011)
10:02 PM: ssk3_b5.exe (ID = 162654)
10:02 PM: unrasmon.exe (ID = 187013)
10:02 PM: Found Adware: begin2search
10:02 PM: nsv1b0.dll (ID = 51054)
10:02 PM: pshwr.exe (ID = 138228)
10:02 PM: pinkkas21.ico (ID = 51041)
10:02 PM: Found Trojan Horse: trojan-downloader-mainstreamdollars
10:02 PM: ventura-hot_246765.exe (ID = 107491)
10:02 PM: Found Trojan Horse: trojan-downloader-traf34
10:02 PM: gsm3-0511.exe (ID = 81005)
10:02 PM: repairs302972961.dll (ID = 186597)
10:02 PM: bsva-egihsg52.exe (ID = 95082)
10:02 PM: installerv4.exe (ID = 122359)
10:03 PM: pdrpdb.dll (ID = 156482)
10:03 PM: ichckupd.exe (ID = 156483)
10:03 PM: nahbluff.exe (ID = 154779)
10:03 PM: installerv5.exe (ID = 162519)
10:03 PM: pinkkas2123.ico (ID = 51041)
10:03 PM: bingo_big3123.ico (ID = 51022)
10:03 PM: Warning: Failed to open file "c:\windows\system32\config\default.log". The process cannot access the file because it is being used by another process
10:03 PM: Warning: Failed to open file "c:\windows\system32\config\sam.log". The process cannot access the file because it is being used by another process
10:03 PM: Warning: Failed to open file "c:\windows\system32\config\security.log". The process cannot access the file because it is being used by another process
10:03 PM: Warning: Failed to open file "c:\windows\system32\config\software.log". The process cannot access the file because it is being used by another process
10:03 PM: Warning: Failed to open file "c:\windows\system32\config\system.log". The process cannot access the file because it is being used by another process
10:03 PM: Warning: Failed to open file "c:\windows\system32\config\default". The process cannot access the file because it is being used by another process
10:03 PM: Warning: Failed to open file "c:\windows\system32\config\security". The process cannot access the file because it is being used by another process
10:03 PM: Warning: Failed to open file "c:\windows\system32\config\software". The process cannot access the file because it is being used by another process
10:03 PM: Warning: Failed to open file "c:\windows\system32\config\system". The process cannot access the file because it is being used by another process
10:03 PM: Warning: Failed to open file "c:\windows\system32\config\sam". The process cannot access the file because it is being used by another process
10:05 PM: df_kmd.sys (ID = 134888)
10:06 PM: qbuninstaller.exe (ID = 90525)
10:06 PM: labpengs.tmp (ID = 125489)
10:06 PM: installer4_thin.exe (ID = 122354)
10:06 PM: snuninst.exe (ID = 115282)
10:09 PM: c:\windows\cfgmgr52 (76 subtraces) (ID = -2147479590)
10:12 PM: File Sweep Complete, Elapsed Time: 00:38:14
10:12 PM: Full Sweep has completed. Elapsed time 00:47:13
10:12 PM: Traces Found: 970
10:13 PM: Removal process initiated
10:14 PM: Quarantining All Traces: directrevenue-abetterinternet
10:14 PM: Quarantining All Traces: icannnews
10:14 PM: Quarantining All Traces: visfx
10:14 PM: Quarantining All Traces: begin2search
10:14 PM: Quarantining All Traces: cas
10:14 PM: Quarantining All Traces: sysnet
10:14 PM: Quarantining All Traces: trojan-downloader-mainstreamdollars
10:14 PM: Quarantining All Traces: trojan-downloader-traf34
10:14 PM: Quarantining All Traces: bookedspace
10:15 PM: Quarantining All Traces: ezula ilookup
10:15 PM: Quarantining All Traces: rich editor
10:15 PM: Quarantining All Traces: safesurf
10:15 PM: Quarantining All Traces: winad
10:15 PM: Quarantining All Traces: winantispyware 2005
10:15 PM: Quarantining All Traces: windows afa internet enhancement
10:15 PM: Quarantining All Traces: 2o7.net cookie
10:15 PM: Quarantining All Traces: 3 cookie
10:15 PM: Quarantining All Traces: 82155961 cookie
10:15 PM: Quarantining All Traces: 888 cookie
10:15 PM: Quarantining All Traces: 91338698 cookie
10:15 PM: Quarantining All Traces: a cookie
10:15 PM: Quarantining All Traces: adecn cookie
10:15 PM: Quarantining All Traces: adjuggler cookie
10:15 PM: Quarantining All Traces: askmen cookie
10:15 PM: Quarantining All Traces: azjmp cookie
10:15 PM: Quarantining All Traces: belnk cookie
10:15 PM: Quarantining All Traces: burstbeacon cookie
10:15 PM: Quarantining All Traces: cassava cookie
10:15 PM: Quarantining All Traces: clickzs cookie
10:15 PM: Quarantining All Traces: commerce cookie
10:15 PM: Quarantining All Traces: coolsavings cookie
10:15 PM: Quarantining All Traces: directtrack cookie
10:15 PM: Quarantining All Traces: enhance cookie
10:15 PM: Quarantining All Traces: gorillanation cookie
10:15 PM: Quarantining All Traces: hbmediapro cookie
10:15 PM: Quarantining All Traces: hotbar cookie
10:15 PM: Quarantining All Traces: ic-live cookie
10:15 PM: Quarantining All Traces: kmpads cookie
10:15 PM: Quarantining All Traces: mygeek cookie
10:15 PM: Quarantining All Traces: mytemplatestorage cookie
10:15 PM: Quarantining All Traces: nextag cookie
10:15 PM: Quarantining All Traces: partypoker cookie
10:15 PM: Quarantining All Traces: primaryads cookie
10:15 PM: Quarantining All Traces: reliablestats cookie
10:15 PM: Quarantining All Traces: rn11 cookie
10:15 PM: Quarantining All Traces: servlet cookie
10:15 PM: Quarantining All Traces: starware.com cookie
10:15 PM: Quarantining All Traces: statcounter cookie
10:15 PM: Quarantining All Traces: tracking cookie
10:15 PM: Quarantining All Traces: upspiral cookie
10:15 PM: Quarantining All Traces: websponsors cookie
10:15 PM: Quarantining All Traces: web-stat cookie
10:15 PM: Quarantining All Traces: yieldmanager cookie
10:15 PM: Quarantining All Traces: surfsidekick
10:16 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
10:16 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
10:16 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
10:16 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
10:16 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
10:16 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
10:16 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
10:16 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
10:16 PM: ActiveX Shield: found: Adware: surfsidekick, version 1.0.0.0 -- Installation denied
10:16 PM: surfsidekick is in use. It will be removed on reboot.
10:16 PM: Warning: Launched explorer.exe
10:16 PM: Warning: Quarantine process could not restart Explorer.
10:16 PM: Preparing to restart your computer. Please wait...
10:16 PM: Removal process completed. Elapsed time 00:02:54
********
9:24 PM: | Start of Session, Sunday, November 13, 2005 |
9:24 PM: Spy Sweeper started
9:25 PM: | End of Session, Sunday, November 13, 2005 |


HiJack This Log
Logfile of HijackThis v1.99.1
Scan saved at 10:28:33 PM, on 11/13/2005
Platform: Windows XP SP1

#6 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 13 November 2005 - 09:49 PM

Try posting your HijackThis log again please.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#7 Connie313

Connie313

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 13 November 2005 - 09:51 PM

Hijack This Log
Logfile of HijackThis v1.99.1
Scan saved at 10:28:33 PM, on 11/13/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Compaq\EAB\EabServr.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\System32\WLANSTA.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\Program Files\Common Files\AOL\1129601940\ee\AOLHostManager.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\AOL\1129601940\ee\AOLServiceHost.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\wanmpsvc.exe
c:\program files\common files\aol\1129601940\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\AOL\1129601940\ee\AOLServiceHost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.bellsouth.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.bellsouth.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] c:\compaq\cpqsetup\cpqset.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [WLANSTA.EXE] WLANSTA.EXE START
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [RemoveCpl] RemoveCpl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129601940\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Spy Sweeper Fix.lnk = C:\Program Files\Webroot\Spy Sweeper\SpySweeperFix.bat
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: RemindU - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O9 - Extra button: Advisor - {4AAC555D-352C-4029-ABE8-F06ED9BC532D} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (HKCU)
O12 - Plugin for .asx: C:\Program Files\Compaq\Netscape Custom NA XP\PLUGINS\npdsplay.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .wvx: C:\Program Files\Compaq\Netscape Custom NA XP\PLUGINS\npdsplay.dll
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups...plorer1_8us.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol....oach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1126315320446
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.c...ient/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn...pDownloader.cab
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://204.118.132.1.../ACNePlayer.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab
O20 - AppInit_DLLs: repairs302972961.dll
O20 - Winlogon Notify: Unimodem - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#8 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 13 November 2005 - 10:01 PM

1. Copy and paste this code box text into a text editor such as Notepad.

2. Save this text as ResetAppInit.reg. Make sure the "Save as type:" is "All Files (*.*)" and save it to your desktop. Include the word REGEDIT4

3. Double-click on ResetAppInit.reg. When it asks you to merge the information to the registry click Yes.



REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
4.Empty Recycle Bin

Reboot and "copy/paste" a new log file into this thread.
Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#9 Connie313

Connie313

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 13 November 2005 - 10:15 PM

Hijack This Log
Logfile of HijackThis v1.99.1
Scan saved at 11:10:28 PM, on 11/13/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Compaq\EAB\EabServr.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\System32\WLANSTA.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\AOL\1129601940\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1129601940\ee\AOLServiceHost.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\wanmpsvc.exe
c:\program files\common files\aol\1129601940\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\AOL\1129601940\ee\AOLServiceHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.bellsouth.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.home.bellsouth.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] c:\compaq\cpqsetup\cpqset.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [WLANSTA.EXE] WLANSTA.EXE START
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [RemoveCpl] RemoveCpl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129601940\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Spy Sweeper Fix.lnk = C:\Program Files\Webroot\Spy Sweeper\SpySweeperFix.bat
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: RemindU - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O9 - Extra button: Advisor - {4AAC555D-352C-4029-ABE8-F06ED9BC532D} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (HKCU)
O12 - Plugin for .asx: C:\Program Files\Compaq\Netscape Custom NA XP\PLUGINS\npdsplay.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .wvx: C:\Program Files\Compaq\Netscape Custom NA XP\PLUGINS\npdsplay.dll
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups...plorer1_8us.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol....oach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1126315320446
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.c...ient/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn...pDownloader.cab
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://204.118.132.1.../ACNePlayer.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab
O20 - Winlogon Notify: Unimodem - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\Compaq\Compaq Advisor\bin\compaq-rba.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Computer seems to be runing good. Surf Sidekick is not poping up and i'm not getting the message that my home page has been reset which is a good thing.

#10 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 14 November 2005 - 03:59 PM

We still have a ways to go.

You have the latest version of VX2. Download L2mfix from one of these two locations:

http://www.atribune....oads/l2mfix.exe
http://www.downloads....org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

if you receive, while running option #1, an error similar like: ''C:\windows\system32\cmd.exe
C:\windows\system32\autoexec.nt the system file is not suitable for running ms-dos and microsoft windows applications. choose close to terminate the application.."...then please use option 5 or the web page link in the l2mfix folder to solve this error condition. do not run the fix portion without fixing this first.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#11 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 27 November 2005 - 08:59 AM

Due to inactivity this topic will be closed. If you need help please start a new thread and post a new HJT log

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·