WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

HJT Log - 2nd Computer

Started by JBYea , Nov 23 2005 10:51 PM

This topic is locked

14 replies to this topic

#1 JBYea

Authentic Member

Authentic Member
20 posts

Posted 23 November 2005 - 10:51 PM

Hi, Our computer was seriously infected and have spent last several days using various programs to delete nasties. I want to be sure that it is all gone. Would really appreciate a look at my log to see if we look clean.
There are a few programs and things in startup that look suspicious. Thanks
Jenny

Logfile of HijackThis v1.99.1
Scan saved at 8:40:27 PM, on 11/23/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\HPBPRO.EXE
C:\WINDOWS\SYSTEM\HPBOID.EXE
C:\PROGRAM FILES\WEBSVR\SYSTEM\INETSW95.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCSHLD9X.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\OASCLNT.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCTSKSHD.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFTRAY.EXE
C:\PROGRAM FILES\SONY\SONICSTAGE\SSAAD.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\WINDOWS\STARTUPMONITOR.EXE
C:\PROGRAM FILES\FCMAN\FCMAN.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\WRSSSDK.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFAGENT.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\RNATHCHK.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.comcast.net/home.html"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\brkvft1w.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%206%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\brkvft1w.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {2FB0A100-27CB-11DA-99E7-00E0294D6894} - C:\PROGRAM FILES\URJ9L5NB\URJ9L5NB.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [Microsoft WebServer] C:\Program Files\WebSvr\System\svctrl /init
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NSRDJMW] C:\WINDOWS\NSRDJMW.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [MCTskShd] C:\PROGRA~1\MCAFEE.COM\AGENT\mctskshd.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\SONY\SONICS~1\SSAAD.EXE
O4 - HKLM\..\Run: [SpySweeper] "C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE" /startintray
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\RunServices: [RNBOStart] C:\WINDOWS\SYSTEM\RNBOSENT\SENTSTRT.EXE
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [HP Port Resolver] C:\WINDOWS\SYSTEM\hpbpro.exe
O4 - HKLM\..\RunServices: [HP Status Server] C:\WINDOWS\SYSTEM\hpboid.exe
O4 - HKLM\..\RunServices: [Microsoft WebServer] C:\Program Files\WebSvr\System\inetsw95 -w3svc
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [McShld9x] C:\Program Files\McAfee.com\VSO\mcshld9x.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Z9u6RWjmh] MSLD500.EXE
O4 - HKCU\..\Run: [FCMan] "C:\Program Files\FCMan\FCMan.exe"
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\COMMON\YHEXBMESUS.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\COMMON\YHEXBMESUS.DLL
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra button: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...99/mcinsctl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

Advertisements

Register to Remove

#2 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 27 November 2005 - 12:35 PM

Hi Jenny,

Welcome back to the forum, I see a few things we need to clean up..

DO THIS FIRST
Your HIJACKTHIS program is current, but it is very important that it resides in its own folder.
We will use Hijackthis (HJT) to make changes to your system and HJT will make backups of those changes,
If HJT is not in its own folder, those backups could be lost.

Easy to fix,
* just go to MY COMPUTER > YOUR C:\ DRIVE and create a new folder and name it HIJACKTHIS .
* Now scroll to where you have HJT currently, right click on the HJT icon and select CUT .
* Now open the new folder you just created and right click within that folder and select PASTE .
* Now HJT should reside in C:\HIJACKTHIS\HIJACKTHIS.EXE

Please use the links in my signature to download and install both of the following free programs.

Spybot Search and Destroy 1.4

* If you have the older version 1.3, remove it via ADD-REMOVE PROGRAMS in the Control Panel.

Go to Start/ Control Panel/ Add-Remove Programs scroll to that program and click on Remove.

* During Installation, just follow all the defaults.
* Go to Mode and click on Advanced Mode
* Then to Updates Search for Updates
* If you get a Bad Checksum Error, just choose a different download location.
* Then to Settings/ File Sets and take the checkmark out of Usage Tracks
* Then to Tools/ Hosts Files click on Add Spybot S&D Hosts Files.
* Then to Tools/ IE Tweeks and put a checkmark in Lock the Hosts Files
* Then to Immunize. Up at the top by the GREEN SIGN, click on Immunize.
* Then to Search and Destroy/ Check for Problems
* Let it scan your system
* Then to Fix Problems and fix all it finds.

RE-BOOT your computer.

AD-AWARE SE PERSONAL 1.06

If you have an older version of Ad-Aware, no need to uninstall it, it will prompt you to uninstall it during
the set up process

* During installation, follow all the defaults.
* Start the program and Check for Updates
* Choose Perform a Full System Scan
* Take the checkmark out of Search for Negligable Files
* Run the scan
* When it is done, Right Click on One of the Entries/ Select All/ Next and let it remove all that if finds.

SHOW HIDDEN FILES AND FOLDERS

* Click on MY COMPUTER
* Then on your C: Drive
* Then to TOOLS/ FOLDER OPTIONS/ VIEW
* Choose the radio button to SHOW HIDDEN FILES AND FOLDERS
* Take the checkmark out of HIDE EXTENSIONS FOR KNOWN FILE TYPES
* Then APPLY/ OK

* Don't forget to reverse this once your computer is clean

Reboot your computer into Safemode

* Go to START/ SHUT OF YOUR COMPUTER/ RESTART
* As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly, this will bring up a menu.
* Use the UP AND DOWN ARROW KEYS to scroll up to SAFEMODE
* Then press the ENTER KEY ON YOUR KEYBOARD

Jenny, do not proceed with the fix until you move HJT to its own folder <-- Very Important

Open HJT Scan Only, close all windows and your browser, the only window you should have open is HJT, put a checkmark in the following entries and click on Fix Checked

* R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
* R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
* O2 - BHO: (no name) - {2FB0A100-27CB-11DA-99E7-00E0294D6894} - C:\PROGRAM FILES\URJ9L5NB\URJ9L5NB.dll (file missing)
* O4 - HKLM\..\Run: [NSRDJMW] C:\WINDOWS\NSRDJMW.EXE
* O4 - HKCU\..\Run: [Z9u6RWjmh] MSLD500.EXE
* O4 - HKCU\..\Run: [FCMan] "C:\Program Files\FCMan\FCMan.exe"

While still in Safemode, look for and delete the following files and folders in Red

C:\PROGRAM FILES\FCMAN
C:\PROGRAM FILES\URJ9L5NB
C:\WINDOWS\NSRDJMW.EXE
MSLD500.EXE <-- You have to do a search for this one.

Reboot back into normal mode

Run a couple of online virus scanners, just to be on the safeside.

Trendmicro Housecall
Panda Active Scan

Post a new log please along with the report from Panda Active Scan.

Ken

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#3 JBYea

Authentic Member

Authentic Member
20 posts

Posted 27 November 2005 - 03:48 PM

Hi Ken,
It mostly went ok.
I had already deleted FCMan by using the uninstall in the FCMan folder. I didn't know what it was so I deleted it that way yesterday.

When i rebooted to safe mode I could not find:
FCMan.exe as mentioned above
NRSDJMW.EXE
MSLD500.EXE
I searched for both using the search function of explorer and searched all of the c drive.

Also, I could not run either Housecall or Panda Active Scan. I got to the right place, clicked on scan now and nothing happened. perhaps something is being blocked by my McAfee or Spy sweeper. I didn't get any messages like that though.
So, below is the log file.

Let me know what you see!
Jenny

Logfile of HijackThis v1.99.1
Scan saved at 1:43:11 PM, on 11/27/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\HPBPRO.EXE
C:\WINDOWS\SYSTEM\HPBOID.EXE
C:\PROGRAM FILES\WEBSVR\SYSTEM\INETSW95.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCSHLD9X.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\OASCLNT.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCTSKSHD.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFTRAY.EXE
C:\PROGRAM FILES\SONY\SONICSTAGE\SSAAD.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\WINDOWS\STARTUPMONITOR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFAGENT.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\WRSSSDK.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.comcast.net/home.html"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\brkvft1w.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%206%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\brkvft1w.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O4 - HKLM\..\Run: [Microsoft WebServer] C:\Program Files\WebSvr\System\svctrl /init
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [MCTskShd] C:\PROGRA~1\MCAFEE.COM\AGENT\mctskshd.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\SONY\SONICS~1\SSAAD.EXE
O4 - HKLM\..\Run: [SpySweeper] "C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE" /startintray
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\RunServices: [RNBOStart] C:\WINDOWS\SYSTEM\RNBOSENT\SENTSTRT.EXE
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [HP Port Resolver] C:\WINDOWS\SYSTEM\hpbpro.exe
O4 - HKLM\..\RunServices: [HP Status Server] C:\WINDOWS\SYSTEM\hpboid.exe
O4 - HKLM\..\RunServices: [Microsoft WebServer] C:\Program Files\WebSvr\System\inetsw95 -w3svc
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [McShld9x] C:\Program Files\McAfee.com\VSO\mcshld9x.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\COMMON\YHEXBMESUS.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\COMMON\YHEXBMESUS.DLL
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra button: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...99/mcinsctl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

#4 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 27 November 2005 - 04:29 PM

Hello Again Jenny,

It looks like the scans removed those files for us, I don't see them on your log anymore.

But you missed these two, you can do it in normal mode, just make sure your browser is closed along with any open windows. So run them through HJT again.

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

I see you also are running Firefox, that is the second love of my life, my wife is first

, but some programs won't run on it and you have to resort to using IE for them, I know most of the online virus scanners will only work on IE, so open IE and give them another shot, this is just a precaution because as you stand now, I am not looking at anything earth shattering on your log, it all looks well.

If your able to run the scans, post the report from Panda along with a new HJT log, and at the point if nothing looks out of the ordinary, I have a bunch of tips and free programs for you to install to help leep you more secure.

Ken

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#5 JBYea

Authentic Member

Authentic Member
20 posts

Posted 27 November 2005 - 04:49 PM

Hmm, I know I checked those two files. So I ran HJT again, in scan only, with all other windows closed, then checked those two items, and hit fix selected items. Not much seemed to happen, just blanked out the items on the screen so I saved the log file. Did this twice, here is the log file. Looks like they are still there.

Also, one Housecall told me firefox wouldn't work so I (reluctantly) went to IE, and tried to run both and nothing happened. I just tried again. What should happen when you run these? Do you get some sort of message? Both programs just sort of stayed on the screen. Was it scanning and I didn't give them a chance to run??

Jenny

Logfile of HijackThis v1.99.1
Scan saved at 2:44:31 PM, on 11/27/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\HPBPRO.EXE
C:\WINDOWS\SYSTEM\HPBOID.EXE
C:\PROGRAM FILES\WEBSVR\SYSTEM\INETSW95.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCSHLD9X.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\OASCLNT.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCTSKSHD.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFTRAY.EXE
C:\PROGRAM FILES\SONY\SONICSTAGE\SSAAD.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\WINDOWS\STARTUPMONITOR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFAGENT.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\WRSSSDK.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.comcast.net/home.html"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\brkvft1w.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%206%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\brkvft1w.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O4 - HKLM\..\Run: [Microsoft WebServer] C:\Program Files\WebSvr\System\svctrl /init
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [MCTskShd] C:\PROGRA~1\MCAFEE.COM\AGENT\mctskshd.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\SONY\SONICS~1\SSAAD.EXE
O4 - HKLM\..\Run: [SpySweeper] "C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE" /startintray
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\RunServices: [RNBOStart] C:\WINDOWS\SYSTEM\RNBOSENT\SENTSTRT.EXE
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [HP Port Resolver] C:\WINDOWS\SYSTEM\hpbpro.exe
O4 - HKLM\..\RunServices: [HP Status Server] C:\WINDOWS\SYSTEM\hpboid.exe
O4 - HKLM\..\RunServices: [Microsoft WebServer] C:\Program Files\WebSvr\System\inetsw95 -w3svc
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [McShld9x] C:\Program Files\McAfee.com\VSO\mcshld9x.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\COMMON\YHEXBMESUS.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\COMMON\YHEXBMESUS.DLL
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra button: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...99/mcinsctl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

#6 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 28 November 2005 - 06:13 AM

Good Morning Jenny

,

Removing those two lines are not system critical, but they should not be there, still no harm if we can't get rid of them. Lets give it one more shot.

Something is preventing it from being removed, it may be Spysweeper.

To disable SpySweeper:

Open the program
Select: Options (on the left)
Select: Program Options
Uncheck: Load at windows startup
On the left, click: Shields, and uncheck all there items
Uncheck: Home Page Shield
Uncheck: Automatically restore default without notification

You can re enable these after we get rid of those two lines.

Then try removing them in Safemode

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

Reboot your computer

Download and Install CCleaner

* Click on Run Cleaner
* Run the Issues Scan < When it asks you to backup the Registry..Say Yes

Those online scanners, they sometimes appear that nothing is going on, but they take awhile, maybe 20 min or so depending on the size of your drive and your processor.

Here is another one , try this
BitDefender Online Scan

Post a new log and lets see if we were able to remove those two lines

Ken

Edited by ken545, 28 November 2005 - 06:22 AM.

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#7 JBYea

Authentic Member

Authentic Member
20 posts

Posted 28 November 2005 - 11:29 AM

Hi Ken, I am in the middle of your instructions and I just downloaded ccleaner and ran the Issues Scan. What is the next step. There is a list of "issues" a mile long. Do I click on Fix Selected Issues? (It didn't prompt me for the back up registry thing, but perhaps it will when I fix the issues.) When I get that done, I will post the HJT log, but I think that disabling Spysweeper worked. I will leave the computer in limbo till I hear back, hopefully you are not off to your "other" job yet. Thanks! Jenny

#8 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 28 November 2005 - 01:54 PM

Jenny, Yes, let the issues scan fix it all, this will clean out a lot of none needed entries in the registry, it will prompt you to back up when you proceed. Then post a new log when done, Ken

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#9 JBYea

Authentic Member

Authentic Member
20 posts

Posted 28 November 2005 - 04:40 PM

Hi,
Looks like those entries are back. Below is the log. This time when I deleted them in safe mode and reran HJT right then in safe mode, the entries were not there. Last time when I deleted them they reappeared immediately in safe mode. My internet explorer, was according to spysweeper, hijacked when I first started trying to clean up the mess that was this computer. Could this be related? I have included below (after the HJT log) the spysweeper logs for when I first ran it when the computer was really messed up.

Those two programs, Panda and Housecall still did not run. I let the computer sit for about an hour this time.

I did finish up the ccleaner stuff and it appeared to take care of all those issues.

Thanks
Jenny

Logfile of HijackThis v1.99.1
Scan saved at 2:21:34 PM, on 11/28/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\HPBPRO.EXE
C:\WINDOWS\SYSTEM\HPBOID.EXE
C:\PROGRAM FILES\WEBSVR\SYSTEM\INETSW95.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCTSKSHD.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFTRAY.EXE
C:\PROGRAM FILES\SONY\SONICSTAGE\SSAAD.EXE
C:\WINDOWS\STARTUPMONITOR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFAGENT.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\WRSSSDK.EXE
C:\PROGRAM FILES\CCLEANER\CCLEANER.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCSHLD9X.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\OASCLNT.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.comcast.net/home.html"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\brkvft1w.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%206%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\brkvft1w.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O4 - HKLM\..\Run: [Microsoft WebServer] C:\Program Files\WebSvr\System\svctrl /init
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [MCTskShd] C:\PROGRA~1\MCAFEE.COM\AGENT\mctskshd.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\SONY\SONICS~1\SSAAD.EXE
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE" /startintray
O4 - HKLM\..\RunServices: [RNBOStart] C:\WINDOWS\SYSTEM\RNBOSENT\SENTSTRT.EXE
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [HP Port Resolver] C:\WINDOWS\SYSTEM\hpbpro.exe
O4 - HKLM\..\RunServices: [HP Status Server] C:\WINDOWS\SYSTEM\hpboid.exe
O4 - HKLM\..\RunServices: [Microsoft WebServer] C:\Program Files\WebSvr\System\inetsw95 -w3svc
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [McShld9x] C:\Program Files\McAfee.com\VSO\mcshld9x.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\COMMON\YHEXBMESUS.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\COMMON\YHEXBMESUS.DLL
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra button: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...99/mcinsctl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

Session Log of Spysweeper when I first used it when computer was really really messed up.

********
2:22 AM: | Start of Session, Wednesday, November 23, 2005 |
2:22 AM: Spy Sweeper started
2:22 AM: Sweep initiated using definitions version 575
2:22 AM: Starting Memory Sweep
2:28 AM: Memory Sweep Complete, Elapsed Time: 00:06:32
2:28 AM: Starting Registry Sweep
2:28 AM: Found Trojan Horse: alwaysupdatednews
2:28 AM: HKU\.default\software\aun\ (4 subtraces) (ID = 103537)
2:28 AM: Found Adware: apropos
2:28 AM: HKCR\clsid\{b5ab638f-d76c-415b-a8f2-f3ceac502212}\ (7 subtraces) (ID = 103726)
2:28 AM: HKLM\software\classes\clsid\{b5ab638f-d76c-415b-a8f2-f3ceac502212}\ (7 subtraces) (ID = 103764)
2:28 AM: HKLM\software\classes\interface\{bc333116-6ea1-40a1-9d07-ecb192db8cea}\ (5 subtraces) (ID = 103774)
2:29 AM: Found Adware: cws-aboutblank
2:29 AM: HKCR\protocols\filter\text/html\ (2 subtraces) (ID = 114343)
2:29 AM: HKLM\software\classes\protocols\filter\text/html\ (2 subtraces) (ID = 115907)
2:29 AM: Found Adware: dealhelper
2:29 AM: HKLM\software\microsoft\windows\currentversion\uninstall\windh\ (3 subtraces) (ID = 124816)
2:29 AM: Found Adware: delfin
2:29 AM: HKLM\software\dvx\ (ID = 124854)
2:29 AM: HKLM\software\skin\ (1 subtraces) (ID = 124892)
2:29 AM: Found Adware: searchpounders hijacker
2:29 AM: HKLM\software\microsoft\windows\currentversion\uninstall\system monitor for windows 98/nt/xp/2000/2003_is1\ (14 subtraces) (ID = 141288)
2:29 AM: Found Adware: searchtoolbar
2:29 AM: HKU\.default\software\{12ee7a5e-0674-42f9-a76b-000000004d00}\ (3 subtraces) (ID = 141323)
2:30 AM: Found Trojan Horse: trojan-downloader-spywarewall
2:30 AM: HKLM\software\spywarewall\ (2 subtraces) (ID = 144793)
2:30 AM: HKLM\software\microsoft\windows\currentversion\uninstall\spywarewall\ (1 subtraces) (ID = 359536)
2:30 AM: Found Adware: visfx
2:30 AM: HKLM\software\microsoft\windows\currentversion\uninstall\ovmon\ (2 subtraces) (ID = 712951)
2:30 AM: Found Adware: safesurf
2:30 AM: HKCR\funtools.picshow\ (5 subtraces) (ID = 730902)
2:30 AM: HKCR\funtools.picshow.1\ (3 subtraces) (ID = 730908)
2:30 AM: HKCR\clsid\{4487598c-2ec7-43a2-870e-6d8d720fdd9f}\ (11 subtraces) (ID = 730912)
2:30 AM: HKCR\typelib\{7638761f-0ce1-4e68-9692-d623527a6b7b}\ (9 subtraces) (ID = 730924)
2:30 AM: HKLM\software\classes\funtools.picshow\ (5 subtraces) (ID = 730957)
2:30 AM: HKLM\software\classes\funtools.picshow.1\ (3 subtraces) (ID = 730963)
2:30 AM: HKLM\software\classes\clsid\{4487598c-2ec7-43a2-870e-6d8d720fdd9f}\ (11 subtraces) (ID = 730967)
2:30 AM: HKLM\software\classes\typelib\{7638761f-0ce1-4e68-9692-d623527a6b7b}\ (9 subtraces) (ID = 730979)
2:30 AM: HKLM\software\picshow\ (42 subtraces) (ID = 730989)
2:30 AM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{4487598c-2ec7-43a2-870e-6d8d720fdd9f}\ (ID = 730994)
2:30 AM: Found Adware: cas
2:30 AM: HKCR\typelib\{1b8b502e-465b-4022-be4f-fb6d9f808a18}\ (9 subtraces) (ID = 820387)
2:30 AM: HKLM\software\classes\typelib\{1b8b502e-465b-4022-be4f-fb6d9f808a18}\ (9 subtraces) (ID = 820540)
2:30 AM: HKLM\ovmon\ (ID = 826847)
2:30 AM: Found Adware: ezula ilookup
2:30 AM: HKLM\software\microsoft\webext\ (1 subtraces) (ID = 828947)
2:30 AM: Found Trojan Horse: 2nd-thought
2:30 AM: HKU\.DEFAULT\software\bundles\ (87 subtraces) (ID = 101988)
2:30 AM: HKU\.DEFAULT\software\aun\ (4 subtraces) (ID = 103544)
2:30 AM: Found Adware: browseraid
2:30 AM: HKU\.DEFAULT\software\a70f6a1d-0195-42a2-934c-d8ac0f7c08eb\ (1 subtraces) (ID = 105078)
2:30 AM: HKU\.DEFAULT\software\{12ee7a5e-0674-42f9-a76b-000000004d00}\ (3 subtraces) (ID = 141347)
2:30 AM: HKU\.DEFAULT\software\vb and vba program settings\spywarewall\ (3 subtraces) (ID = 144795)
2:30 AM: HKU\.DEFAULT\software\cmapp\ (ID = 381792)
2:30 AM: Registry Sweep Complete, Elapsed Time:00:01:32
2:30 AM: Starting Cookie Sweep
2:30 AM: Found Spy Cookie: atwola cookie
2:30 AM: allen design@atwola[2].txt (ID = 2255)
2:30 AM: Found Spy Cookie: cc214142 cookie
2:30 AM: allen design@ads.cc214142[2].txt (ID = 2367)
2:30 AM: Found Spy Cookie: belnk cookie
2:30 AM: anyuser@ath.belnk[1].txt (ID = 2293)
2:30 AM: Found Spy Cookie: ask cookie
2:30 AM: allen design@ask[2].txt (ID = 2245)
2:30 AM: Found Spy Cookie: go.com cookie
2:30 AM: allen design@go[2].txt (ID = 2728)
2:30 AM: Found Spy Cookie: partypoker cookie
2:30 AM: allen design@partypoker[2].txt (ID = 3111)
2:30 AM: Found Spy Cookie: ru4 cookie
2:30 AM: anyuser@edge.ru4[1].txt (ID = 3269)
2:30 AM: allen design@belnk[1].txt (ID = 2292)
2:30 AM: allen design@dist.belnk[2].txt (ID = 2293)
2:30 AM: Found Spy Cookie: banner cookie
2:30 AM: allen design@banner[2].txt (ID = 2276)
2:30 AM: Found Spy Cookie: questionmarket cookie
2:30 AM: anyuser@questionmarket[1].txt (ID = 3217)
2:30 AM: Found Spy Cookie: directtrack cookie
2:30 AM: allen design@directtrack[1].txt (ID = 2527)
2:30 AM: allen design@rapidresponse.directtrack[2].txt (ID = 2528)
2:30 AM: Found Spy Cookie: gamespy cookie
2:30 AM: allen design@gamespy[1].txt (ID = 2719)
2:30 AM: Found Spy Cookie: burstnet cookie
2:30 AM: anyuser@burstnet[2].txt (ID = 2336)
2:30 AM: Found Spy Cookie: servlet cookie
2:30 AM: anyuser@servlet[2].txt (ID = 3345)
2:30 AM: Found Spy Cookie: adknowledge cookie
2:30 AM: anyuser@adknowledge[1].txt (ID = 2072)
2:30 AM: Found Spy Cookie: nextag cookie
2:30 AM: allen design@nextag[1].txt (ID = 5014)
2:30 AM: anyuser@go[2].txt (ID = 2728)
2:30 AM: Found Spy Cookie: pointroll cookie
2:30 AM: anyuser@ads.pointroll[2].txt (ID = 3148)
2:30 AM: anyuser@nextag[3].txt (ID = 5014)
2:30 AM: anyuser@servlet[3].txt (ID = 3345)
2:30 AM: Found Spy Cookie: 2o7.net cookie
2:30 AM: anyuser@2o7[2].txt (ID = 1957)
2:30 AM: anyuser@ask[1].txt (ID = 2245)
2:30 AM: allen design@servlet[2].txt (ID = 3345)
2:30 AM: anyuser@dist.belnk[1].txt (ID = 2293)
2:30 AM: anyuser@belnk[2].txt (ID = 2292)
2:30 AM: Found Spy Cookie: reunion cookie
2:30 AM: anyuser@reunion[2].txt (ID = 3255)
2:30 AM: allen design@adknowledge[2].txt (ID = 2072)
2:30 AM: Found Spy Cookie: webtrendslive cookie
2:30 AM: allen design@dcs8ir0f010000oyioyaka1kl_8j7n[1].txt (ID = 3673)
2:30 AM: Found Spy Cookie: yieldmanager cookie
2:30 AM: allen design@ad.yieldmanager[1].txt (ID = 3751)
2:30 AM: anyuser@nextag[2].txt (ID = 5014)
2:30 AM: anyuser@ad.yieldmanager[2].txt (ID = 3751)
2:30 AM: Found Spy Cookie: specificclick.com cookie
2:30 AM: anyuser@adopt.specificclick[1].txt (ID = 3400)
2:30 AM: anyuser@dcs8ir0f010000oyioyaka1kl_8j7n[2].txt (ID = 3673)
2:30 AM: Cookie Sweep Complete, Elapsed Time: 00:00:05
2:30 AM: Starting File Sweep
2:30 AM: Warning: Failed to open file "c:\windows\win386.swp". The process cannot access the file because
it is being used by another process
2:36 AM: Found Adware: 180search assistant/zango
2:36 AM: c:\windows\system\fleok (ID = -2147480556)
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9bfe1-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9bfe2-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9bfe3-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9bfe4-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9bfe5-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9bfe6-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9bfe7-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9bfe8-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9bfe9-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9bfea-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9bfeb-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9bfec-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9bfed-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9bfee-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9bfef-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9bff0-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9bff1-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9bff2-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9bff3-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9bff4-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9bff5-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9bff6-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9bff7-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9bff8-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9bff9-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9bffa-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9bffb-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9bffc-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9bffd-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9bffe-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9bfff-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c000-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c001-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c002-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c003-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c004-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c005-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c006-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c007-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c008-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c009-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c00a-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c00b-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c00c-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c00d-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c00e-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c00f-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c010-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c011-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c012-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c013-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c014-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c015-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c016-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c017-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c018-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c019-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c01a-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c01b-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c01c-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c01d-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c01e-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c01f-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c020-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c021-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c022-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c023-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c024-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c025-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c026-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c027-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c028-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c029-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c02a-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c02b-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c02c-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c02d-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c02e-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c02f-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c030-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c031-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c032-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c033-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c034-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c035-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c036-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c037-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c038-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c039-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c03a-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c03b-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c03c-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c03d-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c03e-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c03f-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c040-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c041-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c042-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c043-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c044-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c045-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c046-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c047-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
2:41 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69c9c048-5bc7-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
3:06 AM: c:\windows\bundles (64 subtraces) (ID = -2147481535)
3:20 AM: c:\program files\spywarewall (ID = -2147475376)
3:29 AM: c:\program files\popupwall (ID = -2147479837)
3:29 AM: c:\program files\fcengine (1 subtraces) (ID = -2147471607)
3:29 AM: c:\program files\cmsystem (1 subtraces) (ID = -2147471610)
3:32 AM: File Sweep Complete, Elapsed Time: 01:02:20
3:32 AM: Full Sweep has completed. Elapsed time 01:10:30
3:32 AM: Traces Found: 409
3:33 AM: Removal process initiated
3:33 AM: Quarantining All Traces: 180search assistant/zango
3:33 AM: Quarantining All Traces: 2nd-thought
3:33 AM: Quarantining All Traces: cws-aboutblank
3:33 AM: Quarantining All Traces: visfx
3:33 AM: Quarantining All Traces: alwaysupdatednews
3:33 AM: Quarantining All Traces: apropos
3:33 AM: Quarantining All Traces: cas
3:33 AM: Quarantining All Traces: trojan-downloader-spywarewall
3:33 AM: Quarantining All Traces: browseraid
3:33 AM: Quarantining All Traces: dealhelper
3:33 AM: Quarantining All Traces: delfin
3:33 AM: Warning: Failed to export "HKEY_LOCAL_MACHINE\software\dvx\": An I/O operation initiated by the Registry failed unrecoverably.
The Registry could not read in, or write out, or flush, one of the files
that contain the system's image of the Registry
3:33 AM: Failed to quarantine delfin
3:33 AM: Failed to quarantine HKLM: software\dvx\
3:33 AM: Quarantining All Traces: ezula ilookup
3:33 AM: Warning: Failed to export "HKEY_LOCAL_MACHINE\software\microsoft\webext\": An I/O operation initiated by the Registry failed unrecoverably.
The Registry could not read in, or write out, or flush, one of the files
that contain the system's image of the Registry
3:33 AM: Failed to quarantine ezula ilookup
3:33 AM: Failed to quarantine HKLM: software\microsoft\webext\
3:33 AM: Quarantining All Traces: safesurf
3:33 AM: Quarantining All Traces: searchpounders hijacker
3:33 AM: Quarantining All Traces: searchtoolbar
3:33 AM: Quarantining All Traces: 2o7.net cookie
3:33 AM: Quarantining All Traces: adknowledge cookie
3:33 AM: Quarantining All Traces: ask cookie
3:33 AM: Quarantining All Traces: atwola cookie
3:33 AM: Quarantining All Traces: banner cookie
3:33 AM: Quarantining All Traces: belnk cookie
3:33 AM: Quarantining All Traces: burstnet cookie
3:33 AM: Quarantining All Traces: cc214142 cookie
3:33 AM: Quarantining All Traces: directtrack cookie
3:33 AM: Quarantining All Traces: gamespy cookie
3:33 AM: Quarantining All Traces: go.com cookie
3:33 AM: Quarantining All Traces: nextag cookie
3:33 AM: Quarantining All Traces: partypoker cookie
3:33 AM: Quarantining All Traces: pointroll cookie
3:33 AM: Quarantining All Traces: questionmarket cookie
3:33 AM: Quarantining All Traces: reunion cookie
3:33 AM: Quarantining All Traces: ru4 cookie
3:33 AM: Quarantining All Traces: servlet cookie
3:33 AM: Quarantining All Traces: specificclick.com cookie
3:33 AM: Quarantining All Traces: webtrendslive cookie
3:33 AM: Quarantining All Traces: yieldmanager cookie
3:34 AM: Removal process completed. Elapsed time 00:00:28
8:00 PM: Processing Startup Alerts
8:00 PM: Allowed Startup entry: Run StartupMonitor
9:13 AM: IE Tracking Cookies Shield: Removed atwola cookie
9:13 AM: IE Tracking Cookies Shield: Removed apmebf cookie
********
7:35 AM: | Start of Session, Tuesday, November 22, 2005 |
7:35 AM: Spy Sweeper started
7:35 AM: Sweep initiated using definitions version 575
7:35 AM: Starting Memory Sweep
7:42 AM: Memory Sweep Complete, Elapsed Time: 00:06:56
7:42 AM: Starting Registry Sweep
7:42 AM: Found Trojan Horse: alwaysupdatednews
7:42 AM: HKU\.default\software\aun\ (4 subtraces) (ID = 103537)
7:42 AM: Found Adware: apropos
7:42 AM: HKCR\clsid\{b5ab638f-d76c-415b-a8f2-f3ceac502212}\ (7 subtraces) (ID = 103726)
7:42 AM: HKLM\software\classes\clsid\{b5ab638f-d76c-415b-a8f2-f3ceac502212}\ (7 subtraces) (ID = 103764)
7:42 AM: HKLM\software\classes\interface\{bc333116-6ea1-40a1-9d07-ecb192db8cea}\ (5 subtraces) (ID = 103774)
7:43 AM: Found Adware: cws-aboutblank
7:43 AM: HKCR\protocols\filter\text/html\ (2 subtraces) (ID = 114343)
7:43 AM: HKLM\software\classes\protocols\filter\text/html\ (2 subtraces) (ID = 115907)
7:43 AM: Found Adware: dealhelper
7:43 AM: HKLM\software\microsoft\windows\currentversion\uninstall\windh\ (3 subtraces) (ID = 124816)
7:43 AM: Found Adware: delfin
7:43 AM: HKLM\software\dvx\ (ID = 124854)
7:43 AM: HKLM\software\skin\ (1 subtraces) (ID = 124892)
7:43 AM: Found Adware: searchpounders hijacker
7:43 AM: HKLM\software\microsoft\windows\currentversion\uninstall\system monitor for windows 98/nt/xp/2000/2003_is1\ (14 subtraces) (ID = 141288)
7:43 AM: Found Adware: searchtoolbar
7:43 AM: HKU\.default\software\{12ee7a5e-0674-42f9-a76b-000000004d00}\ (3 subtraces) (ID = 141323)
7:43 AM: Found Trojan Horse: trojan-downloader-spywarewall
7:43 AM: HKLM\software\spywarewall\ (2 subtraces) (ID = 144793)
7:44 AM: HKLM\software\microsoft\windows\currentversion\uninstall\spywarewall\ (1 subtraces) (ID = 359536)
7:44 AM: Found Adware: visfx
7:44 AM: HKLM\software\microsoft\windows\currentversion\uninstall\ovmon\ (2 subtraces) (ID = 712951)
7:44 AM: Found Adware: safesurf
7:44 AM: HKCR\funtools.picshow\ (5 subtraces) (ID = 730902)
7:44 AM: HKCR\funtools.picshow.1\ (3 subtraces) (ID = 730908)
7:44 AM: HKCR\clsid\{4487598c-2ec7-43a2-870e-6d8d720fdd9f}\ (11 subtraces) (ID = 730912)
7:44 AM: HKCR\typelib\{7638761f-0ce1-4e68-9692-d623527a6b7b}\ (9 subtraces) (ID = 730924)
7:44 AM: HKLM\software\classes\funtools.picshow\ (5 subtraces) (ID = 730957)
7:44 AM: HKLM\software\classes\funtools.picshow.1\ (3 subtraces) (ID = 730963)
7:44 AM: HKLM\software\classes\clsid\{4487598c-2ec7-43a2-870e-6d8d720fdd9f}\ (11 subtraces) (ID = 730967)
7:44 AM: HKLM\software\classes\typelib\{7638761f-0ce1-4e68-9692-d623527a6b7b}\ (9 subtraces) (ID = 730979)
7:44 AM: HKLM\software\picshow\ (42 subtraces) (ID = 730989)
7:44 AM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{4487598c-2ec7-43a2-870e-6d8d720fdd9f}\ (ID = 730994)
7:44 AM: Found Adware: cas
7:44 AM: HKCR\typelib\{1b8b502e-465b-4022-be4f-fb6d9f808a18}\ (9 subtraces) (ID = 820387)
7:44 AM: HKLM\software\classes\typelib\{1b8b502e-465b-4022-be4f-fb6d9f808a18}\ (9 subtraces) (ID = 820540)
7:44 AM: HKLM\ovmon\ (ID = 826847)
7:44 AM: Found Adware: ezula ilookup
7:44 AM: HKLM\software\microsoft\webext\ (1 subtraces) (ID = 828947)
7:44 AM: Found Trojan Horse: 2nd-thought
7:44 AM: HKU\.DEFAULT\software\bundles\ (87 subtraces) (ID = 101988)
7:44 AM: HKU\.DEFAULT\software\aun\ (4 subtraces) (ID = 103544)
7:44 AM: Found Adware: browseraid
7:44 AM: HKU\.DEFAULT\software\a70f6a1d-0195-42a2-934c-d8ac0f7c08eb\ (1 subtraces) (ID = 105078)
7:44 AM: HKU\.DEFAULT\software\{12ee7a5e-0674-42f9-a76b-000000004d00}\ (3 subtraces) (ID = 141347)
7:44 AM: HKU\.DEFAULT\software\vb and vba program settings\spywarewall\ (3 subtraces) (ID = 144795)
7:44 AM: HKU\.DEFAULT\software\cmapp\ (ID = 381792)
7:44 AM: HKU\.DEFAULT\software\microsoft\windows\currentversion\run\ || fcengine (ID = 820437)
7:44 AM: Registry Sweep Complete, Elapsed Time:00:01:26
7:44 AM: Starting Cookie Sweep
7:44 AM: Found Spy Cookie: atwola cookie
7:44 AM: allen design@atwola[2].txt (ID = 2255)
7:44 AM: Found Spy Cookie: cc214142 cookie
7:44 AM: allen design@ads.cc214142[2].txt (ID = 2367)
7:44 AM: Found Spy Cookie: belnk cookie
7:44 AM: anyuser@ath.belnk[1].txt (ID = 2293)
7:44 AM: Found Spy Cookie: ask cookie
7:44 AM: allen design@ask[2].txt (ID = 2245)
7:44 AM: Found Spy Cookie: go.com cookie
7:44 AM: allen design@go[2].txt (ID = 2728)
7:44 AM: Found Spy Cookie: partypoker cookie
7:44 AM: allen design@partypoker[2].txt (ID = 3111)
7:44 AM: Found Spy Cookie: ru4 cookie
7:44 AM: anyuser@edge.ru4[1].txt (ID = 3269)
7:44 AM: allen design@belnk[1].txt (ID = 2292)
7:44 AM: allen design@dist.belnk[2].txt (ID = 2293)
7:44 AM: Found Spy Cookie: banner cookie
7:44 AM: allen design@banner[2].txt (ID = 2276)
7:44 AM: Found Spy Cookie: questionmarket cookie
7:44 AM: anyuser@questionmarket[1].txt (ID = 3217)
7:44 AM: Found Spy Cookie: directtrack cookie
7:44 AM: allen design@directtrack[1].txt (ID = 2527)
7:44 AM: allen design@rapidresponse.directtrack[2].txt (ID = 2528)
7:44 AM: Found Spy Cookie: gamespy cookie
7:44 AM: allen design@gamespy[1].txt (ID = 2719)
7:44 AM: Found Spy Cookie: burstnet cookie
7:44 AM: anyuser@burstnet[2].txt (ID = 2336)
7:44 AM: Found Spy Cookie: servlet cookie
7:44 AM: anyuser@servlet[2].txt (ID = 3345)
7:44 AM: Found Spy Cookie: adknowledge cookie
7:44 AM: anyuser@adknowledge[1].txt (ID = 2072)
7:44 AM: Found Spy Cookie: nextag cookie
7:44 AM: allen design@nextag[1].txt (ID = 5014)
7:44 AM: anyuser@go[2].txt (ID = 2728)
7:44 AM: Found Spy Cookie: pointroll cookie
7:44 AM: anyuser@ads.pointroll[2].txt (ID = 3148)
7:44 AM: anyuser@nextag[3].txt (ID = 5014)
7:44 AM: anyuser@servlet[3].txt (ID = 3345)
7:44 AM: Found Spy Cookie: 2o7.net cookie
7:44 AM: anyuser@2o7[2].txt (ID = 1957)
7:44 AM: anyuser@ask[1].txt (ID = 2245)
7:44 AM: allen design@servlet[2].txt (ID = 3345)
7:44 AM: anyuser@dist.belnk[1].txt (ID = 2293)
7:44 AM: anyuser@belnk[2].txt (ID = 2292)
7:44 AM: Found Spy Cookie: reunion cookie
7:44 AM: anyuser@reunion[2].txt (ID = 3255)
7:44 AM: allen design@adknowledge[2].txt (ID = 2072)
7:44 AM: Found Spy Cookie: webtrendslive cookie
7:44 AM: allen design@dcs8ir0f010000oyioyaka1kl_8j7n[1].txt (ID = 3673)
7:44 AM: Found Spy Cookie: yieldmanager cookie
7:44 AM: allen design@ad.yieldmanager[1].txt (ID = 3751)
7:44 AM: anyuser@nextag[2].txt (ID = 5014)
7:44 AM: anyuser@ad.yieldmanager[2].txt (ID = 3751)
7:44 AM: Found Spy Cookie: specificclick.com cookie
7:44 AM: anyuser@adopt.specificclick[1].txt (ID = 3400)
7:44 AM: anyuser@dcs8ir0f010000oyioyaka1kl_8j7n[2].txt (ID = 3673)
7:44 AM: Cookie Sweep Complete, Elapsed Time: 00:00:06
7:44 AM: Starting File Sweep
7:44 AM: Warning: Failed to open file "c:\windows\win386.swp". The process cannot access the file because
it is being used by another process
7:49 AM: winupdt.bin (ID = 48364)
7:49 AM: Found Adware: adlogix
7:49 AM: idtkeb.xml (ID = 49280)
7:49 AM: egmsba.xml (ID = 49218)
7:49 AM: egmsbb.xml (ID = 49280)
7:49 AM: fozdtxk.xml (ID = 57646)
7:49 AM: fozdtxk1.xml (ID = 57647)
7:49 AM: fozdtxk2.xml (ID = 57648)
7:49 AM: stlb2.xml (ID = 51946)
7:49 AM: norisuni.exe (ID = 138284)
7:49 AM: Found Adware: 180search assistant/zango
7:49 AM: c:\windows\system\fleok (ID = -2147480556)
7:53 AM: adlinstallwin32.exe (ID = 49165)
7:53 AM: Found Adware: purityscan
7:53 AM: beryllium.exe (ID = 72939)
7:53 AM: wincmapp.exe (ID = 145805)
7:53 AM: stb.exe (ID = 138172)
7:53 AM: upd0002.exe (ID = 156532)
7:54 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs07f06501-5b2a-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
7:54 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs07f06502-5b2a-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
7:54 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs07f06503-5b2a-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
7:54 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs07f06504-5b2a-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
7:54 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs07f06505-5b2a-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
7:54 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs07f06506-5b2a-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
7:54 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs07f06507-5b2a-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
7:54 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs07f06508-5b2a-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
7:54 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs07f06509-5b2a-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
7:54 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs07f0650a-5b2a-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
7:54 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs07f0650b-5b2a-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
7:54 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs07f0650c-5b2a-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
7:54 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs07f0650d-5b2a-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
7:54 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs07f0650e-5b2a-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
7:54 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs07f0650f-5b2a-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
7:54 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs07f06510-5b2a-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
7:54 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs07f06511-5b2a-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
7:54 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs07f06512-5b2a-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
7:54 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs07f06513-5b2a-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
7:54 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs07f06514-5b2a-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
7:54 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs07f06515-5b2a-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
7:54 AM: Warning: Failed to open file "c:�

#10 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 28 November 2005 - 06:05 PM

jenny,

Did you disable SpySweeper before you tried to remove those lines. What about Spybot Search and Destroy, do you have it set to lock the homepage ?

Spybot
Mode> Advanced Mode> Tools> IE Tweeks > Take the checkmark out of Lock IE Start Page if it is enabled.

Did you download the 14 day trial of Spy Sweeper? If not can you update it and run another scan. If so, update, run a scan and post the new log for SS .

What we can try doing is to remove the two folders with HJT and download and install a fresh copy,

Please download the self-extracting version of HijackThis from here:
HijackThis_sfx download

Save HijackThis_sfx to your desktop. This website gives you instructions, Unzip the new copy to C:\Program Files\ Hijackthis. Then go to both C:\HIJACKTHIS\ and C:\Windows\Temp and just delete the entire folder in both locations, this way you will have only one program in Program Files.

Then run it again normally and see if you can remove those 2 lines.

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#11 JBYea

Authentic Member

Authentic Member
20 posts

Posted 29 November 2005 - 12:19 AM

Hi, yes I had disabled Spysweeper before I ran HJT in safe mode. I enabled it when I was done. So, I deleted my version of HJT as you said, then reinstalled it (but this time the instructions were to put it into a directory in Program Files which I thought was what I wasn;t supposed to do from your first post. Before I ran HJT, I disabled spysweeper again and checked on spybot but that option wasn't checked. Anyway, ran HJT in regular mode, deleted those two pesky files and all looked well, the files were out of the HJT log. Then I turned back on the stuff in spysweeper. I came back to the computer after letting spyweeper run. I swear those files were gone, but now they are back as you can see from the HJT log below this Spysweeper log that you asked for.

It's discouraging!
I am really appreciative of your help.
Jenny

8:26 PM: | Start of Session, Monday, November 28, 2005 |
8:26 PM: Spy Sweeper started
8:26 PM: Sweep initiated using definitions version 575
8:26 PM: Starting Memory Sweep
8:32 PM: Memory Sweep Complete, Elapsed Time: 00:06:32
8:32 PM: Starting Registry Sweep
8:33 PM: Found Adware: ezula ilookup
8:33 PM: HKLM\software\microsoft\webext\ (1 subtraces) (ID = 828947)
8:33 PM: Registry Sweep Complete, Elapsed Time:00:01:19
8:33 PM: Starting Cookie Sweep
8:33 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
8:33 PM: Starting File Sweep
8:33 PM: Warning: Failed to open file "c:\windows\win386.swp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da01-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da02-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da03-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da04-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da05-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da06-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da07-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da08-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da09-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da0a-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da0b-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da0c-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da0d-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da0e-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da0f-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da10-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da11-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da12-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da13-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da14-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da15-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da16-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da17-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da18-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da19-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da1a-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da1b-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da1c-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da1d-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da1e-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da1f-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da20-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da21-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da22-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da23-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da24-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da25-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da26-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da27-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da28-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da29-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da2a-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da2b-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da2c-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da2d-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da2e-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da2f-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da30-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da31-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da32-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da33-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da34-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da35-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da36-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da37-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da38-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da39-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da3a-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da3b-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da3c-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da3d-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da3e-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da3f-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da40-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da41-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da42-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da43-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da44-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da45-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da46-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da47-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da48-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da49-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da4a-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da4b-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da4c-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da4d-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da4e-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da4f-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da50-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da51-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da52-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da53-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da54-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da55-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da56-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da57-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da58-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da59-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da5a-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da5b-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da5c-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da5d-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da5e-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da5f-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da60-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da61-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da62-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da63-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da64-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da65-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da66-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da67-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
8:44 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb18da68-604c-11da-99e7-00e0294d6894.tmp". The process cannot access the file because
it is being used by another process
9:32 PM: File Sweep Complete, Elapsed Time: 00:58:08
9:32 PM: Full Sweep has completed. Elapsed time 01:06:01
9:32 PM: Traces Found: 2
10:03 PM: Removal process initiated
10:03 PM: Quarantining All Traces: ezula ilookup
10:03 PM: Removal process completed. Elapsed time 00:00:02

HJT Log

Logfile of HijackThis v1.99.1
Scan saved at 10:15:48 PM, on 11/28/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\HPBPRO.EXE
C:\WINDOWS\SYSTEM\HPBOID.EXE
C:\PROGRAM FILES\WEBSVR\SYSTEM\INETSW95.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCSHLD9X.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\OASCLNT.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCTSKSHD.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFTRAY.EXE
C:\PROGRAM FILES\SONY\SONICSTAGE\SSAAD.EXE
C:\WINDOWS\STARTUPMONITOR.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFAGENT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\WRSSSDK.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast High-Speed Internet
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.comcast.net/home.html"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\brkvft1w.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRAM%20FILES%5CNETSCAPE%5CNETSCAPE%206%5Csearchplugins%5CSBWeb_01.src"); (C:\WINDOWS\Application Data\Mozilla\Profiles\default\brkvft1w.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O4 - HKLM\..\Run: [Microsoft WebServer] C:\Program Files\WebSvr\System\svctrl /init
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [MCTskShd] C:\PROGRA~1\MCAFEE.COM\AGENT\mctskshd.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\SONY\SONICS~1\SSAAD.EXE
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE" /startintray
O4 - HKLM\..\RunServices: [RNBOStart] C:\WINDOWS\SYSTEM\RNBOSENT\SENTSTRT.EXE
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [HP Port Resolver] C:\WINDOWS\SYSTEM\hpbpro.exe
O4 - HKLM\..\RunServices: [HP Status Server] C:\WINDOWS\SYSTEM\hpboid.exe
O4 - HKLM\..\RunServices: [Microsoft WebServer] C:\Program Files\WebSvr\System\inetsw95 -w3svc
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [McShld9x] C:\Program Files\McAfee.com\VSO\mcshld9x.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\COMMON\YHEXBMESUS.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\COMMON\YHEXBMESUS.DLL
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra button: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...99/mcinsctl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

#12 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 29 November 2005 - 06:23 AM

Hi Jenny,

Those two lines are not malware, there nothing to worry about, there just clutter, but something is preventing them from being removed. So lets not worry about them anymore, the most important thing is that your log is clean, it shows no signs of any Malware or Viruses.

Just for your information, I started in computing about the time when Windows 3.1 was out and I made the big transition to Windows 95, then when I upgraded to Windows 98 I thought I had died and went to heaven. But Windows 98 still leaves a lot to be desired, I keep a second pc with Win 98 on it mainly for helping people with win 98 problems, but I find that most of the newer programs give me some problems when trying to run them.

I don't know what you use this pc for, but if it is a good one that you aim to keep for awhile, it would well be worth the cost of upgrading to Win Xp, its a lot more secure after you install all the windows updates.

C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE <-- This is fine
It really can be installed anywhere as long as its in its own folder, I thought maybe the other installations may have gotten corrupted, thats why I wanted you to remove them and install a fresh copy.

Here are some tips and free programs to install and run that will help keeping you more secure on the internet.

* Open INTERNET EXPLORER
* Click on the TOOLS MENU
* Then INTERNET OPTIONS
* At the GENERAL TAB (which should be the first tab you are currently on),
* click on the DELETE FILES BUTTON and put a checkmark in DELETE ALL OFFLINE CONTENT.
* Then press the OK BUTTON . This may take quite a while, so do not be alarmed with how long it takes.
* When it is done, your Temporary Internet Files will now be deleted.

* Make sure that your ANTI-VIRUS SOFTWARE is up to date and run a full scan at least once aweek.

* Here are Free Anti-Virus Programs if you need one

AVG Free Edition
AntVir Personal Edition

* Spybot Search and Destroy 1.4
Check for Updates/ Immunize and run a Full System Scan on a regular basis.

* Ad-Aware SE Personal 1.06
Check for Updates and run a Full System Scan on a regular basis.

* Spyware Blaster It will prevent most spyware from ever being installed.

* Spyware Guard It offers realtime protection from spyware installation attempts.

* Win Patrol This program will warn you when any changes are being made to your system and
give you the option to deny the change.

* IE- Spyad IE-Spyad places over 4000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (cookies etc) from the sites listed, although you will still be able to connect to the sites.

* Firefox Browser
It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both. When it asks you if you want it to be your default browser, say NO and take the checkmark out of the box to ask you again. After you use this for awhile, you will want to make it your default.

* Thunderbird Mail There companion mail program was highly favored in PCWorld Magazine,
this has a good spam filter and is more secure than Outlook Express.

* Zone Alarm Here is a free Firewall from Zone Labs, I wouldn't
access the internet without it.

Thanks for using Tom Coyote, I will keep this thread open for a few days in case you have any other questions.

Ken

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#13 JBYea

Authentic Member

Authentic Member
20 posts

Posted 30 November 2005 - 08:45 AM

Thanks very much for your help. We do have xp on two other machines, just haven't made the switch on this one, perhaps it is time. Will heed your advice on the various tips to stay uninfected. Guess that means the McAffee isn't too good since that is what we were running and still got so infected, though some of it could have happened before we got it. Usiing Zone Alarm suite on the newest machine, so far so good. Thanks again Jenny

#14 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 30 November 2005 - 09:04 AM

Jenny,

McAffee and Norton and all the other good Anti Virus program do a good job of keeping viruses off your system, but most will not block Malware programs.

Stay safe and thanks for using Tom Coyote

Ken

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#15 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 06 December 2005 - 09:20 PM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

Body Background

skin color theme