Followed instructions, when i rebooted it workd fine except I got a message saying
windows could not find file C\Windows\System\EFEDA.DLL
Here is my new log for Hijack and my results from Sweep Options.
Thank you very much for your help. I really appreciate you helping me. I will read your post tomorrow
as I am going to bed (long day). Talk to you tomorrow.
Logfile of HijackThis v1.99.1
Scan saved at 10:18:42 PM, on 17/12/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\WRSSSDK.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\HJT\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.nba.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://rd.yahoo.com/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.nba.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_5_0.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Zero Popup - {2EF37A01-884F-11d5-AC99-B112050ECB4F} - C:\PROGRA~1\ZEROPO~1\ZERO-P~1.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_5_5_0.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [SpySweeper] "C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE" /startintray
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: AOL Instant Messenger ™ - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra button: Shaw Help - {C74D011F-7BCC-441A-B871-AC7817CB9B90} -
http://support.shaw.ca (file missing) (HKCU)
O9 - Extra button: GooGle - {D7AEB2C9-9F00-4CD5-A173-AF67AA4F4877} -
http://www.google.ca (file missing) (HKCU)
O9 - Extra button: WebMail - {8DFCB8CA-10AD-4955-888F-A23211529E32} -
https://webmail.shaw.ca (file missing) (HKCU)
O9 - Extra button: eBay - {31F89B98-4F65-4866-8F3E-53DFD669AA46} -
http://www.ebay.com (file missing) (HKCU)
O9 - Extra button: SOD - {72583D76-270D-41B1-BA4A-1619E8DF2E58} -
http://www.shawondemand.ca (file missing) (HKCU)
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) -
http://us.dl1.yimg.c...ials/ymmapi.dll
O16 - DPF: Yahoo! Cribbage -
http://download.game...nts/y/it0_x.cab
O16 - DPF: Yahoo! Pyramids -
http://download.game...ts/y/pyt1_x.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
http://fdl.msn.com/p...t/msnchat45.cab
O16 - DPF: Yahoo! Go -
http://download.game...nts/y/gt1_x.cab
O16 - DPF: Tornado 21 -
http://download.game...s/y/t21t0_x.cab
O16 - DPF: Yahoo! Freecell Solitaire -
http://yog55.games.s...og/y/fs10_x.cab
O16 - DPF: Yahoo! Klondike Solitaire -
http://yog55.games.s...og/y/ks12_x.cab
O16 - DPF: Yahoo! Dice -
http://download.game...ts/y/dct2_x.cab
O16 - DPF: Video Poker -
http://download.game...ts/y/vpt0_x.cab
O16 - DPF: Yahoo! Towers 2.0 -
http://download.game...ts/y/ywt0_x.cab
O16 - DPF: Yahoo! Exploder -
http://download.game...nts/y/vtk_x.cab
O16 - DPF: ChatSpace Full Java Client 4.0.0.300 -
http://63.102.226.24...va/cfs40300.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) -
http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) -
http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zon...StatsClient.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -
http://messenger.zon...ireShowdown.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -
http://messenger.zon...MineSweeper.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) -
http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://messenger.zon...ro.cab32846.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) -
http://messenger.zon...nt.cab31267.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) -
http://messenger.zon...oF.cab31267.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) -
http://messenger.zon...ss.cab31267.cab
RESULTS FOR SWEEP OPTIONS
9:03 PM: | Start of Session, December 17, 2005 |
9:03 PM: Spy Sweeper started
9:03 PM: Sweep initiated using definitions version 586
9:03 PM: Starting Memory Sweep
9:08 PM: Found Adware: virtumonde
9:08 PM: Detected running threat: C:\WINDOWS\SYSTEM\efeda.dll (ID = 77)
9:10 PM: Memory Sweep Complete, Elapsed Time: 00:06:28
9:10 PM: Starting Registry Sweep
9:10 PM: Found Adware: adlogix
9:10 PM: HKCR\interface\{2bdb4da9-94fe-4034-aac5-ceecdcb3a33b}\ (8 subtraces) (ID = 102893)
9:10 PM: HKCR\interface\{4d8e41a8-ec1f-4c53-a10d-9120232c71bb}\ (8 subtraces) (ID = 102894)
9:10 PM: HKLM\software\classes\interface\{2bdb4da9-94fe-4034-aac5-ceecdcb3a33b}\ (8 subtraces) (ID = 103008)
9:10 PM: HKLM\software\classes\interface\{4d8e41a8-ec1f-4c53-a10d-9120232c71bb}\ (8 subtraces) (ID = 103009)
9:10 PM: Found Adware: adultlinks
9:10 PM: HKCR\adultbar.adultbar.1\ (3 subtraces) (ID = 103255)
9:10 PM: HKCR\adultbar.adultbar\ (5 subtraces) (ID = 103256)
9:10 PM: HKCR\adultsearch.adultsearch.1\ (3 subtraces) (ID = 103257)
9:10 PM: HKCR\adultsearch.adultsearch\ (5 subtraces) (ID = 103258)
9:10 PM: HKLM\software\classes\adultbar.adultbar.1\ (3 subtraces) (ID = 103279)
9:10 PM: HKLM\software\classes\adultbar.adultbar\ (5 subtraces) (ID = 103280)
9:10 PM: HKLM\software\classes\adultsearch.adultsearch.1\ (3 subtraces) (ID = 103281)
9:10 PM: HKLM\software\classes\adultsearch.adultsearch\ (5 subtraces) (ID = 103282)
9:10 PM: Found Adware: altnet
9:10 PM: HKLM\altnet\ (1 subtraces) (ID = 103447)
9:10 PM: Found Adware: blazefind
9:10 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/bridge.dll\ (2 subtraces) (ID = 104526)
9:11 PM: Found Adware: coolwebsearch (cws)
9:11 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/rundlg32.dll\ (2 subtraces) (ID = 112385)
9:12 PM: Found Adware: squire webhelper
9:12 PM: HKCR\typelib\{4d0ac936-bde8-4ea2-b4fb-9f89e5b4c186}\ (9 subtraces) (ID = 142154)
9:12 PM: HKLM\software\classes\typelib\{4d0ac936-bde8-4ea2-b4fb-9f89e5b4c186}\ (9 subtraces) (ID = 142175)
9:13 PM: Found Adware: websearch toolbar
9:13 PM: HKLM\software\microsoft\windows\currentversion\installer\userdata\aui\ (1 subtraces) (ID = 146479)
9:13 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/qdow.dll\ (2 subtraces) (ID = 146481)
9:13 PM: HKCR\atldistrib.atldistrib\ (5 subtraces) (ID = 1030533)
9:13 PM: HKCR\atldistrib.atldistrib\clsid\ (1 subtraces) (ID = 1030535)
9:13 PM: HKCR\atldistrib.atldistrib\curver\ (1 subtraces) (ID = 1030537)
9:13 PM: HKCR\atldistrib.atldistrib.1\ (3 subtraces) (ID = 1030539)
9:13 PM: HKCR\atldistrib.atldistrib.1\clsid\ (1 subtraces) (ID = 1030541)
9:13 PM: HKLM\software\classes\atldistrib.atldistrib\ (5 subtraces) (ID = 1030666)
9:13 PM: HKLM\software\classes\atldistrib.atldistrib\clsid\ (1 subtraces) (ID = 1030668)
9:13 PM: HKLM\software\classes\atldistrib.atldistrib\curver\ (1 subtraces) (ID = 1030670)
9:13 PM: HKLM\software\classes\atldistrib.atldistrib.1\ (3 subtraces) (ID = 1030672)
9:13 PM: HKLM\software\classes\atldistrib.atldistrib.1\clsid\ (1 subtraces) (ID = 1030674)
9:13 PM: Found System Monitor: klogger
9:13 PM: HKU\.DEFAULT\software\kaksoftstudio\ (6 subtraces) (ID = 129686)
9:14 PM: Registry Sweep Complete, Elapsed Time:00:03:48
9:14 PM: Starting Cookie Sweep
9:14 PM: Found Spy Cookie: reliablestats cookie
9:14 PM: anyuser@stats1.reliablestats[1].txt (ID = 3254)
9:14 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
9:14 PM: Starting File Sweep
9:15 PM: Warning: Failed to open file "c:\windows\win386.swp". The process cannot access the file because it is being used by another process
9:15 PM: Found Adware: commonname
9:15 PM: cnbabeie.exe (ID = 53748)
9:15 PM: Found Adware: exact cashback/bargain buddy
9:15 PM: cdt_bbi8016.exe (ID = 50581)
9:20 PM: Warning: Failed to open file "c:\windows\system\c36bhs.dll". Access is denied
9:28 PM: Found Adware: directrevenue-abetterinternet
9:28 PM: biini.inf (ID = 83199)
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs889f45b5-a158-4775-ba28-9f9df8536f52.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsafb00b01-6dbb-4046-8cf1-2ebf7ec8b761.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs580824fe-16d1-44a2-a337-23386294bb8c.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf716bd36-bdc0-4c02-8381-34b79f84202e.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs817e8511-e423-4646-8346-23a205358070.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs10a77436-3679-4c06-8923-3d3af3a2f588.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs24e8d5e3-f9b3-4ab5-9590-749465e3940d.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs91296ff9-8e1c-4ec9-8362-57428cb33b27.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs99934650-29cc-4198-ab4e-3b495432884d.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscse48407fa-ffce-4635-8e10-1cf0e09cd847.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf971820e-c9c1-416e-8ba5-5e11eb18630d.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsfb288abb-ffc7-4f0a-a429-7486578dea7c.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs1950fddb-583d-40d8-9a7b-06b94448e2b2.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsee929a93-8fb0-4ba7-95d8-1f7aa7a3bdbd.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs65d5518d-dfb3-4e94-a4db-d689ac4dc6cb.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscscf014a8b-249a-410e-af0b-bd6ffd37dc1b.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs2c467ab0-4e1e-4fbe-9b6c-0a3b3aca43f7.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs700fda50-2072-4c33-aaa3-06e1c6d2fcbb.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs027146ad-8b8a-4a90-a0f1-8df7e64cbbf2.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsa5b97150-d827-4238-b2d8-6dd98ae1ea84.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs33d46ddf-8fdc-45f8-8df2-047f95481988.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb79f0ff8-45b9-45cb-bb4f-067da5be4945.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs92b08257-4108-4b3b-9991-e842dd09ba78.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs83c644ce-6f11-4ccf-a87d-fdebcb3dc5ec.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaf34720e-a2a0-4690-824e-6143c082eecb.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscse342c65f-8165-4916-b188-e06e2579ced8.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64f2f181-cd07-4a12-b9a9-b68702fcd709.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsa61b869a-2858-4fc0-9851-78965674f639.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf028c5ff-2d73-40e7-bff2-b8c8653f87d3.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbafdf913-2ace-4af3-9de2-6543f435393a.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs1d19f89f-3f60-494c-a021-c92ef4eb5e6d.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs5909eb80-b2ef-46da-abed-9b87cb0911cb.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsc27c4f16-8d9e-47d5-ad89-5f01888d2ab9.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs8519825e-97b8-4bf7-9a28-1eac51807c0d.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs91984f68-a0dd-412d-bad0-5f891d2f9a95.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs51c8f95b-fa07-479e-99a5-969eab454b47.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf85c6678-ba81-4e50-a1eb-b011815b93c9.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs2edff283-b1c6-4f78-9568-9483e1010184.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsfcc4e301-0c4c-4561-93a2-c0fa1b0266ea.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsdc3ba10b-edea-4301-99d3-f31d4b14e318.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs41c2954b-a7d4-48c9-a5b3-6c373dd5bdbf.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs0fbbb5d7-4ed9-422f-a38e-2023ce5965f7.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs7e2b9337-2ca4-487e-b90b-4ce1194c9a5a.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs57ac8dee-c48a-4ae1-b9b0-24499a107532.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsfcdb5f9d-75a3-47e0-b3ef-ebb558241090.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs3d40c73e-96d7-4505-8be0-ad7615dc1df1.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs1aaab845-a228-47a9-8a26-56b2afd73b71.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs5ce7991f-9375-4430-9d05-ec9d3efdc34a.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs81e6dbb0-3d60-48d0-a2a2-68f189b4b02b.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs965c739b-6c7d-44a2-a47c-0f711208ea8e.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs93219fc0-84b6-45aa-8a00-58ad0fac9e29.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs5bed0a50-7653-458d-86f2-22f15d7ba0f3.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs9513f601-7ea2-426d-a9aa-fc0f6f70082c.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsdf0c1b1c-f2f0-4c41-bc4e-921b667b549a.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs1de9a2b1-5041-42f4-b447-d1dcd0cb3df9.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4db841e5-2978-4bce-8c71-4a2eb298afc2.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs571181a7-df4b-461a-84e4-0e7b36e3a18d.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs6dde549f-9f02-49de-b12c-1991226a4daf.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs37a46888-5aca-4423-9b6e-5f1ece606dd0.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsd32c9ed5-f260-421c-8ebe-6a0886f51cce.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs2df1f061-9543-4c69-9f99-47b0a5a34027.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs1fbf0c7b-8505-4a2b-a08c-3fd6ad9ef0f5.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs2e70e795-357d-4d51-8196-050f2dedd96a.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs9f43517e-513c-4636-abde-d320ec324b9d.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs3e73a920-f9ce-4dea-b565-ccc024e4a225.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbedc1b19-6780-4c97-81c7-fbce3c5578c4.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs32318950-d82d-40bf-8dfa-d775bf2ac470.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs1ada69b9-b7f3-4621-bf2c-0b6eb2de98d3.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs5087f358-4798-400d-86ba-9645cd6649a9.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs02d835ac-8486-4176-9246-d29984e24d13.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsd2626505-c94f-4a26-b252-a56bd4acc8de.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsa9989b51-06d7-44ae-98fb-0f1d5b7a7f8f.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4f07783c-d07b-46bf-ad41-3f9b9919f6be.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsa51ba538-8133-4192-8e00-77f8c0f5fe2d.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsc8c90433-143d-46d6-ad9c-8bc0b3acc2a5.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsa7b8bc63-665e-433c-bde2-ba600a6c1733.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs7c1b6c56-e50d-4d09-a502-bdfda90f98df.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs49c4823d-1656-47ad-8d12-f6420a3a8aac.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsc8f2827f-ce86-41a6-9f5c-c80194b51ddc.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs3480a7f7-6c5a-47ce-ac88-e74095d7ac68.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb695070d-0fd2-4734-b277-53070f8b6cae.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4de1c50f-9a02-4f02-84a6-51ed6989d212.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs883beefb-85e0-4750-8eaf-c606cd81ca59.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs7a6e525a-1f47-4f56-b295-e245e28ac8fb.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs38e75329-edd0-42d3-8bb2-854313b59906.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs2fd2fb2c-1926-4cff-b3c0-240ce77677b0.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsa5ef4945-0327-4b4f-ad4c-0d4ee855d74c.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs1e4de7da-cbaa-4da5-81fe-2112d3ec0dfb.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs200ff6c9-3e2b-41c1-8b5c-10861d93b0b7.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb991781c-9ccf-473a-8f33-83e8c0f53166.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf1659a9d-1878-4c10-98ec-f51e607b551d.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs34a092cf-e0b7-4e05-b108-0f41a047e69e.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsd87cee79-982a-4261-9c9f-e0eeb87c74c7.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsad348995-1bc1-408e-a1da-dd67c9bd37b1.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs8c8a9e10-21f2-42ee-8952-34230a0e876c.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsc2d67955-9cf5-40da-9d19-6f280e05b6a6.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs0fcf7f6b-22b9-4020-a26c-9e86e79120be.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs0d2c9da5-b60a-44fa-a3a8-a5e6f9eab00a.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs3d3cf235-21b4-492d-ac1a-247b524d50b6.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs5f58e396-8abc-4623-b596-94024fe58cae.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs49b63855-d37e-4bf1-996a-16b0074a0fc5.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs070e1f65-e1b2-451d-b891-b3390d3ea56a.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs398cf4ad-41df-4589-a7ea-b34b33d29c9b.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs96ccf6e7-70cf-4455-b72a-82397b7e7fdc.tmp". The process cannot access the file because it is being used by another process
9:30 PM: Found Adware: java byteverify
9:30 PM: dummy.class-1187a14c-33f6b625.class (ID = 64821)
9:37 PM: Found Adware: hiwire
9:37 PM: hwutils.dll (ID = 62165)
9:38 PM: Found Adware: winantispyware 2005
9:38 PM: c:\program files\common files\winsoftware (1 subtraces) (ID = -2147476682)
9:38 PM: crxml.dll (ID = 119203)
9:51 PM: Warning: Invalid Stream
9:51 PM: Warning: Invalid Stream
9:51 PM: Warning: Invalid Stream
10:03 PM: 20041121130256840.zip (ID = 83154)
10:03 PM: File Sweep Complete, Elapsed Time: 00:49:26
10:03 PM: Full Sweep has completed. Elapsed time 00:59:45
10:03 PM: Traces Found: 159
10:07 PM: Removal process initiated
10:07 PM: Quarantining All Traces: adlogix
10:07 PM: Warning: Out of memory
10:07 PM: Warning: Out of memory
10:07 PM: Warning: Out of memory
10:07 PM: Warning: Out of memory
10:07 PM: Failed to quarantine adlogix
10:07 PM: Failed to quarantine interface\{2bdb4da9-94fe-4034-aac5-ceecdcb3a33b}\
10:07 PM: Failed to quarantine interface\{4d8e41a8-ec1f-4c53-a10d-9120232c71bb}\
10:07 PM: Failed to quarantine HKLM: software\classes\interface\{2bdb4da9-94fe-4034-aac5-ceecdcb3a33b}\
10:07 PM: Failed to quarantine HKLM: software\classes\interface\{4d8e41a8-ec1f-4c53-a10d-9120232c71bb}\
10:07 PM: Quarantining All Traces: directrevenue-abetterinternet
10:07 PM: Warning: Out of memory
10:07 PM: Warning: Out of memory
10:07 PM: Failed to quarantine directrevenue-abetterinternet
10:07 PM: Failed to quarantine biini.inf
10:07 PM: Failed to quarantine 20041121130256840.zip
10:07 PM: Quarantining All Traces: klogger
10:07 PM: Quarantining All Traces: virtumonde
10:07 PM: Warning: Out of memory
10:07 PM: Warning: Out of memory
10:07 PM: Warning: Out of memory
10:07 PM: Warning: Out of memory
10:07 PM: Warning: Out of memory
10:07 PM: Warning: Out of memory
10:07 PM: Warning: Out of memory
10:07 PM: Warning: Out of memory
10:07 PM: Warning: Out of memory
10:07 PM: Warning: Out of memory
10:07 PM: Warning: Out of memory
10:07 PM: Warning: Out of memory
10:07 PM: Warning: Out of memory
10:07 PM: Failed to quarantine virtumonde
10:07 PM: Failed to quarantine atldistrib.atldistrib\
10:07 PM: Failed to quarantine atldistrib.atldistrib\clsid\
10:07 PM: Failed to quarantine atldistrib.atldistrib\curver\
10:07 PM: Failed to quarantine atldistrib.atldistrib.1\
10:07 PM: Failed to quarantine atldistrib.atldistrib.1\clsid\
10:07 PM: Failed to quarantine HKLM: software\classes\atldistrib.atldistrib\
10:07 PM: Failed to quarantine HKLM: software\classes\atldistrib.atldistrib\clsid\
10:07 PM: Failed to quarantine HKLM: software\classes\atldistrib.atldistrib\curver\
10:07 PM: Failed to quarantine HKLM: software\classes\atldistrib.atldistrib.1\
10:07 PM: Failed to quarantine HKLM: software\classes\atldistrib.atldistrib.1\clsid\
10:07 PM: Failed to quarantine C:\WINDOWS\SYSTEM\efeda.dll
10:07 PM: Quarantining All Traces: websearch toolbar
10:07 PM: Warning: Out of memory
10:07 PM: Warning: Out of memory
10:07 PM: Failed to quarantine websearch toolbar
10:07 PM: Failed to quarantine HKLM: software\microsoft\windows\currentversion\installer\userdata\aui\
10:07 PM: Failed to quarantine HKLM: software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/qdow.dll\
10:07 PM: Quarantining All Traces: adultlinks
10:07 PM: Warning: Out of memory
10:07 PM: Warning: Out of memory
10:07 PM: Warning: Out of memory
10:07 PM: Warning: Out of memory
10:07 PM: Warning: Out of memory
10:07 PM: Warning: Out of memory
10:07 PM: Warning: Out of memory
10:07 PM: Warning: Out of memory
10:07 PM: Failed to quarantine adultlinks
10:07 PM: Failed to quarantine adultbar.adultbar.1\
10:07 PM: Failed to quarantine adultbar.adultbar\
10:07 PM: Failed to quarantine adultsearch.adultsearch.1\
10:07 PM: Failed to quarantine adultsearch.adultsearch\
10:07 PM: Failed to quarantine HKLM: software\classes\adultbar.adultbar.1\
10:07 PM: Failed to quarantine HKLM: software\classes\adultbar.adultbar\
10:07 PM: Failed to quarantine HKLM: software\classes\adultsearch.adultsearch.1\
10:07 PM: Failed to quarantine HKLM: software\classes\adultsearch.adultsearch\
10:07 PM: Quarantining All Traces: blazefind
10:07 PM: Warning: Out of memory
10:07 PM: Failed to quarantine blazefind
10:07 PM: Failed to quarantine HKLM: software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/bridge.dll\
10:07 PM: Quarantining All Traces: commonname
10:07 PM: Warning: Out of memory
10:07 PM: Failed to quarantine commonname
10:07 PM: Failed to quarantine cnbabeie.exe
10:07 PM: Quarantining All Traces: coolwebsearch (cws)
10:07 PM: Warning: Out of memory
10:07 PM: Failed to quarantine coolwebsearch (cws)
10:07 PM: Failed to quarantine HKLM: software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/rundlg32.dll\
10:07 PM: Quarantining All Traces: squire webhelper
10:07 PM: Warning: Out of memory
10:07 PM: Warning: Out of memory
10:07 PM: Failed to quarantine squire webhelper
10:07 PM: Failed to quarantine typelib\{4d0ac936-bde8-4ea2-b4fb-9f89e5b4c186}\
10:07 PM: Failed to quarantine HKLM: software\classes\typelib\{4d0ac936-bde8-4ea2-b4fb-9f89e5b4c186}\
10:07 PM: Quarantining All Traces: altnet
10:07 PM: Warning: Out of memory
10:07 PM: Failed to quarantine altnet
10:07 PM: Failed to quarantine HKLM: altnet\
10:07 PM: Quarantining All Traces: exact cashback/bargain buddy
10:07 PM: Warning: Out of memory
10:07 PM: Failed to quarantine exact cashback/bargain buddy
10:07 PM: Failed to quarantine cdt_bbi8016.exe
10:07 PM: Quarantining All Traces: hiwire
10:07 PM: Warning: Out of memory
10:07 PM: Failed to quarantine hiwire
10:07 PM: Failed to quarantine hwutils.dll
10:07 PM: Quarantining All Traces: java byteverify
10:07 PM: Warning: Out of memory
10:07 PM: Failed to quarantine java byteverify
10:07 PM: Failed to quarantine dummy.class-1187a14c-33f6b625.class
10:07 PM: Quarantining All Traces: winantispyware 2005
10:07 PM: Warning: Out of memory
10:07 PM: Error: Out of memory.
10:07 PM: Failed to quarantine winantispyware 2005
10:07 PM: Failed to quarantine crxml.dll
10:07 PM: Quarantining All Traces: reliablestats cookie
10:07 PM: Warning: Out of memory
10:07 PM: Failed to quarantine reliablestats cookie
10:07 PM: Failed to quarantine anyuser@stats1.reliablestats[1].txt
10:07 PM: Warning: Launched explorer.exe
10:07 PM: Warning: Quarantine process could not restart Explorer.
10:07 PM: Warning: Out of memory
10:08 PM: Preparing to restart your computer. Please wait...
10:08 PM: Removal process completed. Elapsed time 00:01:38
10:12 PM: Sent error log: C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Logs\bugreport.txt
********
9:01 PM: | Start of Session, December 17, 2005 |
9:01 PM: Spy Sweeper started
9:02 PM: Your spyware definitions have been updated.
9:03 PM: | End of Session, December 17, 2005 |
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 
This topic is locked
I want you to unplug your cable / phone line from the internet.
Next:
Restart your computer in Safe Mode.
Press the F8 key until the startup menu appears.
Choose the Safe Mode option then press Enter.
This can take a few minutes to load:
Once in Safe Mode:
Open Spysweeper, Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.
Click on Sweep and allow it to fully scan your system.If you are prompted to restart the computer, do so immediately. This is a necessary step to kill the infection!
When the sweep has finished, click Remove. Click Select All and then Next
From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.
Exit Spy Sweeper.
Empty Recycle Bin
Plug the internet cable / line back in.
Reboot and "copy/paste" a new HJT log as well as the Resullts from Spy Sweeper file into this thread.
Also please describe how your computer behaves at the moment.
