Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Morwill problems

Started by willynilly , Nov 14 2005 10:05 AM

  • This topic is locked This topic is locked
10 replies to this topic

#1 willynilly

willynilly

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 14 November 2005 - 10:05 AM

Hi,
I, like many others, have the Morwill virus/trojan. Have run Ad-Aware, my own McAffee virus removal with no relief. My google searches sometimes also redirect to a porn site too.

Please help, any help appreciated! Here's the hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:54:42 AM, on 11/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\fxssvc.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Nilesh\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Bho - {5D867A01-9CEC-4f2f-8454-AAAB35550396} - C:\WINDOWS\system32\lvgmgbdq.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,21/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O20 - Winlogon Notify: pmkkh - C:\WINDOWS\system32\pmkkh.dll (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    Advertisements

Register to Remove

#2 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 18 November 2005 - 07:37 PM

Hello willynilly, welcome to the forum. Sorry about the delay in responding :( If you still need help, Scan again with HijackThis, and copy/paste" a new log file into this thread.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#3 willynilly

willynilly

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 21 November 2005 - 09:58 AM

Thanks for responding,
Here is another scan as you requested, and thanks again for helping me.

Logfile of HijackThis v1.99.1
Scan saved at 10:50:28 AM, on 11/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Nilesh\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Bho - {5D867A01-9CEC-4f2f-8454-AAAB35550396} - C:\WINDOWS\system32\lvgmgbdq.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,21/mcgdmgr.cab
O20 - Winlogon Notify: pmkkh - C:\WINDOWS\system32\pmkkh.dll (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

#4 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 21 November 2005 - 04:36 PM

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link under to "SpySweeper" to download the program.
  • Install it.
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.
  • Along with a new HJT log.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#5 willynilly

willynilly

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 21 November 2005 - 09:57 PM

I did what you said, here's the session log and a new hjt log:

9:57 PM: | Start of Session, Monday, November 21, 2005 |
9:57 PM: Spy Sweeper started
9:57 PM: Sweep initiated using definitions version 574
9:57 PM: Starting Memory Sweep
9:57 PM: Found Adware: virtumonde
9:57 PM: Detected running threat: C:\WINDOWS\system32\lvgmgbdq.dll (ID = 153)
10:04 PM: Memory Sweep Complete, Elapsed Time: 00:06:45
10:04 PM: Starting Registry Sweep
10:05 PM: Registry Sweep Complete, Elapsed Time:00:00:51
10:05 PM: Starting Cookie Sweep
10:05 PM: Found Spy Cookie: 66.230.183 cookie
10:05 PM: jamie@66.230.183[1].txt (ID = 1993)
10:05 PM: Found Spy Cookie: ask cookie
10:05 PM: jamie@ask[1].txt (ID = 2245)
10:05 PM: Found Spy Cookie: belnk cookie
10:05 PM: jamie@ath.belnk[2].txt (ID = 2293)
10:05 PM: jamie@belnk[2].txt (ID = 2292)
10:05 PM: Found Spy Cookie: burstnet cookie
10:05 PM: jamie@burstnet[1].txt (ID = 2336)
10:05 PM: Found Spy Cookie: goclick cookie
10:05 PM: jamie@c.goclick[2].txt (ID = 2733)
10:05 PM: Found Spy Cookie: 2o7.net cookie
10:05 PM: jamie@clubmom.122.2o7[1].txt (ID = 1958)
10:05 PM: jamie@dist.belnk[1].txt (ID = 2293)
10:05 PM: Found Spy Cookie: starware.com cookie
10:05 PM: jamie@h.starware[1].txt (ID = 3442)
10:05 PM: Found Spy Cookie: nextag cookie
10:05 PM: jamie@nextag[1].txt (ID = 5014)
10:05 PM: Found Spy Cookie: reliablestats cookie
10:05 PM: jamie@stats1.reliablestats[2].txt (ID = 3254)
10:05 PM: Found Spy Cookie: burstbeacon cookie
10:05 PM: jamie@www.burstbeacon[2].txt (ID = 2335)
10:05 PM: jamie@www.starware[1].txt (ID = 3442)
10:05 PM: nilesh@2o7[2].txt (ID = 1957)
10:05 PM: nilesh@66.230.183[1].txt (ID = 1993)
10:05 PM: Found Spy Cookie: adrevolver cookie
10:05 PM: nilesh@adrevolver[1].txt (ID = 2088)
10:05 PM: nilesh@adrevolver[3].txt (ID = 2088)
10:05 PM: Found Spy Cookie: pointroll cookie
10:05 PM: nilesh@ads.pointroll[1].txt (ID = 3148)
10:05 PM: Found Spy Cookie: advertising cookie
10:05 PM: nilesh@advertising[1].txt (ID = 2175)
10:05 PM: Found Spy Cookie: apmebf cookie
10:05 PM: nilesh@apmebf[2].txt (ID = 2229)
10:05 PM: Found Spy Cookie: atlas dmt cookie
10:05 PM: nilesh@atdmt[2].txt (ID = 2253)
10:05 PM: Found Spy Cookie: banner cookie
10:05 PM: nilesh@banner[1].txt (ID = 2276)
10:05 PM: Found Spy Cookie: hitslink cookie
10:05 PM: nilesh@counter2.hitslink[2].txt (ID = 2790)
10:05 PM: Found Spy Cookie: coremetrics cookie
10:05 PM: nilesh@data.coremetrics[1].txt (ID = 2472)
10:05 PM: Found Spy Cookie: ru4 cookie
10:05 PM: nilesh@edge.ru4[1].txt (ID = 3269)
10:05 PM: Found Spy Cookie: humanclick cookie
10:05 PM: nilesh@hc2.humanclick[1].txt (ID = 2810)
10:05 PM: Found Spy Cookie: morwillsearch cookie
10:05 PM: nilesh@morwillsearch[2].txt (ID = 3008)
10:05 PM: nilesh@msnportal.112.2o7[1].txt (ID = 1958)
10:05 PM: Found Spy Cookie: mygeek cookie
10:05 PM: nilesh@mygeek[2].txt (ID = 3041)
10:05 PM: nilesh@nextag[1].txt (ID = 5014)
10:05 PM: Found Spy Cookie: qksrv cookie
10:05 PM: nilesh@qksrv[2].txt (ID = 3213)
10:05 PM: Found Spy Cookie: questionmarket cookie
10:05 PM: nilesh@questionmarket[2].txt (ID = 3217)
10:05 PM: Found Spy Cookie: realmedia cookie
10:05 PM: nilesh@realmedia[1].txt (ID = 3235)
10:05 PM: Found Spy Cookie: server.iad.liveperson cookie
10:05 PM: nilesh@server.iad.liveperson[2].txt (ID = 3341)
10:05 PM: Found Spy Cookie: xren_cj cookie
10:05 PM: nilesh@xren_cj[1].txt (ID = 3723)
10:05 PM: nilesh@xren_cj[2].txt (ID = 3723)
10:05 PM: Found Spy Cookie: adserver cookie
10:05 PM: nilesh@z1.adserver[1].txt (ID = 2142)
10:05 PM: Cookie Sweep Complete, Elapsed Time: 00:00:09
10:05 PM: Warning: System Error. Code: 3.
The system cannot find the path specified
10:05 PM: Starting File Sweep
10:05 PM: Warning: Failed to open file "c:\hiberfil.sys". The process cannot access the file because it is being used by another process
10:05 PM: Warning: Failed to open file "c:\pagefile.sys". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\documents and settings\jamie\local settings\temp\hsperfdata_jamie\3476". Access is denied
10:10 PM: Found Adware: winantispyware 2005
10:10 PM: winfixer2005setup.exe (ID = 158827)
10:10 PM: setup.exe (ID = 158822)
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs0181fa92-0f9b-4739-866c-518fb0be12ed.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs027aab09-b328-4d81-b7e5-81917be191b6.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs04e4a6a2-0a7a-4a27-9ec6-8929fcbd8dc0.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs056bce94-86c9-44ad-b7c8-ec3cef6888f6.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs076f8855-6155-4f5e-93cf-e23e763ee32c.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs0ba276f8-e00f-4ec1-9796-2236e59625f2.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs0c931130-0329-4bda-84df-91d3e00bbcaa.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs10505d83-0c89-449b-8336-14702e965548.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs10c225e6-9dc3-4de3-8f99-37fe0aeec6a9.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs112b2137-25b2-416e-a914-03a4c83001b3.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs17d52482-ece4-453a-bf47-6ca0799eb6cb.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs1a5cdda1-4985-429b-aa0d-c33a43451846.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs1c855526-edac-4d82-bf24-ecd9ebe40e06.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs1d0a7900-5795-4ed3-b5b4-ad4ad832c067.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs1e289ed2-b264-4aa3-9db6-f8fddbdc1d2a.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs1ed8044e-0c4d-4e00-8e94-e5b4cb859ce0.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs1fbb06a3-a06b-4c57-a087-efbf6b71a318.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs21658708-aa05-4bce-b13a-1e08ef0db190.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs235a38f8-98e0-4c03-b483-f9ff03ca2bf3.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs269db446-8865-4309-bade-18c87634f2f6.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2e574f10-4fc1-4de2-b441-30ec433c46f1.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs325f1fc9-6007-4547-aa91-2fc0bf00a657.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs348283f4-9eef-4a13-8c7d-4b3f03330170.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs371d4fef-e6dd-4066-b5d2-83b7640df62c.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs37bcab65-f63a-4cec-a98d-2286e24d8405.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs37c05cd3-88fc-440f-9275-2e6620697d14.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs38410b3e-caae-4932-904c-95411a7d1e56.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3a92e290-81fb-4ce2-bd24-cdc5e6f5de06.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3d36c618-693b-49ff-8396-ec796cde6eea.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4350894b-4db0-4e36-843f-bf9d31c67f20.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs446c3eab-d3a4-429a-a4d5-f06ceda8d7aa.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs49317968-fd6c-4910-aa2c-d66437f43177.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4a955aa1-0496-4b2d-a4e7-1ef75f19690d.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4bcb5645-aa55-4a86-8b1d-13d4b3a9b445.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4be2b213-a9dd-4229-9311-c62f40d09257.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4c397cf9-5b7e-456f-a9aa-bcc2471c2e1e.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4d667536-363f-4bc2-9e60-63a7395ce247.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5003b643-188b-45e3-99c4-d56ed44bb969.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs520014b8-4454-4384-bb4a-da81e23878dc.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs52192252-8347-4d47-bfab-1616869a792a.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5437e67f-f15c-4d9a-b6b3-9d329fad64e0.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs54d253df-1021-4e8d-983e-bd0f00503c53.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs571b49f8-4256-4057-806e-c97823ab9b24.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5bd7bc94-7ea1-4fd8-b5fd-a301cd94ffb4.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5beb95c9-9392-4e01-938a-bd79e4da1902.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5de63d1e-6c15-424f-ac49-5364de4146b7.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5e0509d7-dfaa-4574-91ea-d9bb9801ac82.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs61d90e34-582f-402f-98b6-62cae179f157.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6408b99e-8092-4daa-88f2-54a402fb5a3b.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs67745bbc-94f9-41c1-a47e-ce8114c961a8.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6bab96f4-467f-4b00-a89f-7c31db270f2f.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs73d5acb5-0a21-470d-9233-8bb82dae6bde.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs7631ac9d-6771-495d-828d-696760d2d874.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs77f943ac-912d-4579-8c73-ceb79fe160a6.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs790c1d79-fd53-4de2-9da5-87c73a32e3eb.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs7fdb9647-6f24-4fe6-82f9-7c96c518241e.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs80382bf1-75bf-4525-ad40-3b70f6ca781b.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs81f8d5be-eb29-4d43-83f4-5f4e0babf0aa.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs83c4c2ec-e1d4-4242-b3f6-e4905b9cbef1.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8a74fc01-9610-4146-b2e7-9b0acc178817.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8d1b0c75-2f03-43d9-a48b-56fac64a5327.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8e3051d2-bf4c-47b6-9711-1f7d08ab5e70.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8e3af4c8-ad57-4d58-9ff2-e3d6d1cabcbd.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8e3b3ae2-a7d1-45f5-8258-e2b6dd256551.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8e674164-dacd-4154-96b0-95177cba3d92.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9065a4cf-93e3-4ce6-9002-2bb5dc6a459a.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs970fb834-3ee9-47df-bbf4-d7111fc9f807.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9b2c0731-0f66-4253-a642-a01a87bbb703.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9bd56aa0-fa91-43d4-b79f-6da524aadcb1.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9ceb1ea7-79a9-4b02-aa33-a5ec1aa6158e.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9d89aae9-29ef-48b6-bbef-57b64adfcf29.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9e7716e0-5a26-46bc-b82d-7cdbea4aa5ea.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa417da7e-3c56-48ec-af8c-0fe35c948480.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa4aaf7bb-7b88-43b9-a66d-b69e6ac7e638.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa98d9f7c-7725-46f9-ac7a-cc57ed8ec2bf.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsad0d0fbe-c238-4624-9f82-ea9f4cbf4bc9.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsad1cfdb6-875e-41d6-bd94-0fb5d5d43ac1.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb9384290-dfc5-4cb8-8fae-52df28dca840.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsbe8dcef5-3e8e-4ad5-be9e-c6ce449e0a33.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsbe8ee2c0-bf72-4104-9a98-360fd857cd21.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc049a8dc-c674-485b-a632-f642097416ac.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc2dd7333-1c96-4e39-ab42-183799335079.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc36ba2f3-90f6-4520-8635-29690fcabb0d.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc655e18f-1ed8-4ca6-997d-f7c33e9dd898.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc65884fe-c535-4c91-8d00-31facbc3c03b.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscscf20299f-9577-41a6-b6ad-3b8a66397531.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd51049bf-2641-4116-81f7-f6911d30460d.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd7099eea-bd05-4e48-b410-6cd0798825fd.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd9601778-0a04-4fab-a0b0-835f4c1120a6.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsddf549bd-3d5d-4884-be65-b3da1ad8e505.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse3cdfdb4-67aa-4772-9bc3-31052ae34901.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse5e80878-8aad-4a39-8968-4d41e689f0fd.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscseeb0c059-ec43-45ca-81ec-9c4ec96e6b46.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsef9de55a-381d-48c8-8c9d-e848fa5a813e.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf327b3cd-3772-4a21-9477-4877534a9e7f.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf362d966-43b4-4b46-940b-52c1e15ad0f4.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf48ec2c9-09ac-444e-b565-6fb067cb73e7.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf4ef661e-bc7a-4b43-b6a8-a71aafd7e57d.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf8e99428-f250-409b-a0bc-cf0ceaef916c.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsfa17557f-b4f3-41ce-ac57-f39f776336a3.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsfa774cb2-14b8-44f0-a817-2e2903b8592c.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsfb95808d-3ef2-47d6-b6ed-e8014bf09dd2.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsfbe56984-3efb-4b40-a39e-8a6afe0b167d.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsffa931c9-a7e7-439a-bafe-287160cbf54f.tmp". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\nilesh\ntuser.dat". The process cannot access the file because it is being used by another process
10:10 PM: Warning: Failed to open file "c:\documents and settings\nilesh\ntuser.dat.log". The process cannot access the file because it is being used by another process
10:11 PM: Warning: Failed to open file "c:\documents and settings\nilesh\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
10:11 PM: Warning: Failed to open file "c:\documents and settings\nilesh\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
10:26 PM: Warning: Failed to open file "c:\program files\dell\support\ui\search\catalog.wci\cicl0001.000". The process cannot access the file because it is being used by another process
10:26 PM: Warning: Failed to open file "c:\program files\dell\support\ui\search\catalog.wci\cip10000.000". The process cannot access the file because it is being used by another process
10:26 PM: Warning: Failed to open file "c:\program files\dell\support\ui\search\catalog.wci\cip20000.000". The process cannot access the file because it is being used by another process
10:26 PM: Warning: Failed to open file "c:\program files\dell\support\ui\search\catalog.wci\cipt0000.000". The process cannot access the file because it is being used by another process
10:26 PM: Warning: Failed to open file "c:\program files\dell\support\ui\search\catalog.wci\cisl0001.000". The process cannot access the file because it is being used by another process
10:26 PM: Warning: Failed to open file "c:\program files\dell\support\ui\search\catalog.wci\cisp0000.000". The process cannot access the file because it is being used by another process
10:26 PM: Warning: Failed to open file "c:\program files\dell\support\ui\search\catalog.wci\cist0000.000". The process cannot access the file because it is being used by another process
10:26 PM: Warning: Failed to open file "c:\program files\dell\support\ui\search\catalog.wci\civp0000.000". The process cannot access the file because it is being used by another process
10:26 PM: Warning: Failed to open file "c:\program files\dell\support\ui\search\catalog.wci\index.000". The process cannot access the file because it is being used by another process
10:43 PM: Warning: Failed to open file "c:\windows\system32\catroot2\edb.log". The process cannot access the file because it is being used by another process
10:43 PM: Warning: Failed to open file "c:\windows\system32\catroot2\tmp.edb". The process cannot access the file because it is being used by another process
10:43 PM: Warning: Failed to open file "c:\windows\system32\config\default". The process cannot access the file because it is being used by another process
10:43 PM: Warning: Failed to open file "c:\windows\system32\config\default.log". The process cannot access the file because it is being used by another process
10:43 PM: Warning: Failed to open file "c:\windows\system32\config\sam". The process cannot access the file because it is being used by another process
10:43 PM: Warning: Failed to open file "c:\windows\system32\config\sam.log". The process cannot access the file because it is being used by another process
10:43 PM: Warning: Failed to open file "c:\windows\system32\config\security". The process cannot access the file because it is being used by another process
10:43 PM: Warning: Failed to open file "c:\windows\system32\config\security.log". The process cannot access the file because it is being used by another process
10:43 PM: Warning: Failed to open file "c:\windows\system32\config\software". The process cannot access the file because it is being used by another process
10:43 PM: Warning: Failed to open file "c:\windows\system32\config\software.log". The process cannot access the file because it is being used by another process
10:43 PM: Warning: Failed to open file "c:\windows\system32\config\system". The process cannot access the file because it is being used by another process
10:43 PM: Warning: Failed to open file "c:\windows\system32\config\system.log". The process cannot access the file because it is being used by another process
10:43 PM: df_kmd.sys (ID = 146298)
10:44 PM: File Sweep Complete, Elapsed Time: 00:39:31
10:44 PM: Full Sweep has completed. Elapsed time 00:47:27
10:44 PM: Traces Found: 41
10:45 PM: Removal process initiated
10:46 PM: Quarantining All Traces: virtumonde
10:46 PM: Quarantining All Traces: winantispyware 2005
10:46 PM: Quarantining All Traces: 2o7.net cookie
10:46 PM: Quarantining All Traces: 66.230.183 cookie
10:46 PM: Quarantining All Traces: adrevolver cookie
10:46 PM: Quarantining All Traces: adserver cookie
10:46 PM: Quarantining All Traces: advertising cookie
10:46 PM: Quarantining All Traces: apmebf cookie
10:46 PM: Quarantining All Traces: ask cookie
10:46 PM: Quarantining All Traces: atlas dmt cookie
10:46 PM: Quarantining All Traces: banner cookie
10:46 PM: Quarantining All Traces: belnk cookie
10:46 PM: Quarantining All Traces: burstbeacon cookie
10:46 PM: Quarantining All Traces: burstnet cookie
10:46 PM: Quarantining All Traces: coremetrics cookie
10:46 PM: Quarantining All Traces: goclick cookie
10:46 PM: Quarantining All Traces: hitslink cookie
10:46 PM: Quarantining All Traces: humanclick cookie
10:46 PM: Quarantining All Traces: morwillsearch cookie
10:46 PM: Quarantining All Traces: mygeek cookie
10:46 PM: Quarantining All Traces: nextag cookie
10:46 PM: Quarantining All Traces: pointroll cookie
10:46 PM: Quarantining All Traces: qksrv cookie
10:46 PM: Quarantining All Traces: questionmarket cookie
10:46 PM: Quarantining All Traces: realmedia cookie
10:46 PM: Quarantining All Traces: reliablestats cookie
10:46 PM: Quarantining All Traces: ru4 cookie
10:46 PM: Quarantining All Traces: server.iad.liveperson cookie
10:46 PM: Quarantining All Traces: starware.com cookie
10:46 PM: Quarantining All Traces: xren_cj cookie
10:47 PM: Preparing to restart your computer. Please wait...
10:47 PM: Removal process completed. Elapsed time 00:01:23
********
9:55 PM: | Start of Session, Monday, November 21, 2005 |
9:55 PM: Spy Sweeper started
9:56 PM: Your spyware definitions have been updated.
9:57 PM: | End of Session, Monday, November 21, 2005 |

Logfile of HijackThis v1.99.1
Scan saved at 10:53:24 PM, on 11/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Documents and Settings\Nilesh\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Bho - {5D867A01-9CEC-4f2f-8454-AAAB35550396} - C:\WINDOWS\system32\lvgmgbdq.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,21/mcgdmgr.cab
O20 - Winlogon Notify: pmkkh - C:\WINDOWS\system32\pmkkh.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

#6 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 22 November 2005 - 02:26 PM

Backup your Registry...
- Press "CTRL - ALT - DEL" keys all at the same time to start "Task Manager"
- In the Task Manager window click on "File", then from the drop-down menu select "New Task (Run...)"
- In the "Create New Task" window enter\type "regedit" (without quotes)
- Once Regedit opens click on the FILE menu and select Export
- Save the file as backup. Save the file somewhere you will remember and not delete.
IMPORTANT: make sure to set the export range to ALL




Download Registrar Lite from here:
http://www.resplende...oad/reglite.exe

Put it in its own folder. You may want to keep this program. It is an excellent free, registry editor.



Restart your computer in Safe Mode.

Press F8 after the Power-On Self Test (POST) is done. If the Windows Advanced Options Menu does not appear, try restarting and then pressing F8 several times after the POST screen.
Choose the Safe Mode option from the Windows Advanced Options Menu then press Enter.



Open Registrar Lite

Copy and paste the follow text into the address bar, then hit 'Go':
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

In the pane on the right are the values associated with that key.
We want to remove this one -> pmkkh.dll

Right click on it, and select delete.
If you get a confirmation question, respond OK then close out the program.



Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O2 - BHO: Bho - {5D867A01-9CEC-4f2f-8454-AAAB35550396} - C:\WINDOWS\system32\lvgmgbdq.dll (file missing)

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O20 - Winlogon Notify: pmkkh - C:\WINDOWS\system32\pmkkh.dll (file missing)

Close ALL windows and browsers except HijackThis and click "Fix checked"


Open C:\Windows\Prefetch\ Delete ALL files in this folder.


1. Open My Computer
2. Right click on your hard drive that you wish to clean (C drive, for example)
3. In the context menu that opens, select properties
4. Under the general tab you should select Disk Cleanup
5. Windows will scan your drive which will take a few seconds/minutes
6. A box will display the various files you can remove.
Check all boxes except compress old files (If listed)
7. Click OK and windows will comply.

Restart your computer.

Reboot and "copy/paste" a new log file into this thread.
Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#7 willynilly

willynilly

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 22 November 2005 - 10:03 PM

Thanks for your continued advice -- My google search engine works now (no more winfixer, no more morwill redirects). Do I still need to do what you outlined (backup registry, etc)? Thanks, willynilly

#8 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 23 November 2005 - 11:58 AM

Do I still need to do what you outlined (backup registry, etc)?

Yes, if you want to really clean your PC :thumbup:

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#9 willynilly

willynilly

    New Member

  • New Member
  • Pip
  • 5 posts

Posted 29 November 2005 - 05:57 PM

Ok, I did what you said, here's another hijack this log, I think all the carp** is gone!? (thanks again!). THe computer is running well, so far ( a little slower than usual, ?wireless connection issue). No more redirects with google.

Logfile of HijackThis v1.99.1
Scan saved at 6:49:43 PM, on 11/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Nilesh\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,21/mcgdmgr.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

#10 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 29 November 2005 - 06:16 PM

Good Job :thumbup:


Log looks good :D

Note: This will remove all previous Restore Points

Turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn it back on.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Remove the Check Turn off System Restore.
Click Apply, and then click OK.

Click Start> My Computer, select the Tools menu and then Folder Options, after the new window appears select the View tab…]
This time select the: Restore Defaults
Select: Apply, and click OK




If you dont have these three programs I would recommend that you get them. Spywareblaster, Spywareguard and IESPY AD. They will add 1000's of sites to your resticted zone and block some hijacks from happening. I also have a FREE FIREWALL and FREE ANTI VIRUS if you need one.

It is critical to have both a firewall and anti virus to protect your system.

Keep your system up to date and run Adaware & Spybot, once a week works, and hopefully you will be ok from here on. Both are available below.

Safe Surfing. :D

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#11 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 01 December 2005 - 03:59 PM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·