WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Wife's computer jammed Ad Aware hangs up

Started by superfeed , Jan 16 2006 03:03 AM

This topic is locked

10 replies to this topic

#1 superfeed

New Member

Authentic Member
9 posts

Posted 16 January 2006 - 03:03 AM

Something here I can't get rid of. System is usually pretty clean. AdAware hangs up computer in deletion process. Thank you for the help

Here is the hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 3:54:30 AM, on 1/16/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\PCTVOICE.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE
C:\WINDOWS\WINSYSBAN.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\NMZQAXTA.EXE
C:\WINDOWS\SYSTEM\68666A646E676E.EXE
C:\WINDOWS\ZGVMYXVSDAAA\COMMAND.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\IGPS.EXE
C:\WINDOWS\SYSTEM\KSUNLO.EXE
C:\PROGRAM FILES\EQTRAFFIC\EQTRAFFIC.EXE
C:\PROGRAM FILES\COMMON FILES\WIFM\WIFMM.EXE
C:\PROGRAM FILES\ARCR\UTDT.EXE
C:\WINDOWS\SYSTEM\PGWS.EXE
C:\WINDOWS\SYSTEM\DBNSQ.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\EKEYS\EKEYS.EXE
C:\PROGRAM FILES\COMPUSERVE 7.0\CSTRAY.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\KSUNLO.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\COMMON FILES\WIFM\WIFMA.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\UNZIPPED\HIJACKTHIS[1]\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://games.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.e4me.com/start.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - _{7296D0B6-6F57-60D2-76C1-638349D9CFCC} - (no file)
R3 - URLSearchHook: (no name) - {7296D0B6-6F57-60D2-76C1-638349D9CFCC} - C:\WINDOWS\SYSTEM\JWQ.DLL
F1 - win.ini: run=hpfsched
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YCOMP5_5_7_0.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {C5AF2622-8C75-4dfb-9693-23AB7686A456} - C:\WINDOWS\DH.dll
O2 - BHO: BigMeanGorilla.MadAsHell - {FBD2EBD0-E6DF-456E-B300-A4D10A90C683} - C:\WINDOWS\SYSTEM\{FBD2EBD0-E6DF-456E-B300-A4D10A90C683}.DLL
O2 - BHO: (no name) - {7296D0B6-6F57-60D2-76C1-638349D9CFCC} - C:\WINDOWS\SYSTEM\JWQ.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YCOMP5_5_7_0.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe
O4 - HKLM\..\Run: [BookmarkCentral] C:\PROGRA~1\BMCENT~1\BMLauncher.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [winsysupd] C:\WINDOWS\WINSYSUPD.exe
O4 - HKLM\..\Run: [winsysban] C:\WINDOWS\WINSYSBAN.exe
O4 - HKLM\..\Run: [0sis0ijw.dll] RUNDLL32.EXE 0sis0ijw.dll,b 373963
O4 - HKLM\..\Run: [NMZQAXTA] C:\WINDOWS\NMZQAXTA.exe
O4 - HKLM\..\Run: [ABA9ADA7B1AAB1AE] 68666A646E676E.exe
O4 - HKLM\..\Run: [Command] C:\WINDOWS\ZGVmYXVsdAAA\command.exe
O4 - HKLM\..\Run: [lspins] "C:\WINDOWS\SYSTEM\igps.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [EQTraffic] "C:\Program Files\EQTraffic\EQTraffic.exe"
O4 - HKCU\..\Run: [WIFM] C:\PROGRAM FILES\COMMON FILES\WIFM\WIFMM.EXE
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [Dcas] "C:\Program Files\arcr\utdt.exe" -vt yazr
O4 - HKCU\..\Run: [Xcbonhgc] C:\WINDOWS\SYSTEM\dbnsq.exe
O4 - HKCU\..\Run: [KSUNLO] C:\WINDOWS\SYSTEM\KSUNLO.exe
O4 - HKCU\..\RunOnce: [KSUNLO] C:\WINDOWS\SYSTEM\KSUNLO.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Start Green eKeySetup....lnk = C:\Program Files\eKeys\eKeys.exe
O4 - Startup: CompuServe 7.0 Tray Icon.lnk = C:\Program Files\CompuServe 7.0\cstray.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: America Online 6.0 Tray Icon.lnk = C:\America Online 6.0\aoltray.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\PROGRAM FILES\PARTYPOKER\IEEXTENSION.DLL
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\PROGRAM FILES\PARTYPOKER\IEEXTENSION.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.e4me.com/start.html
O16 - DPF: Yahoo! MahJong Solitaire - http://download.game...s/y/mjst4_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.game...e/gpcontrol.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://download.game...nx.1.0.0.55.cab
O18 - Filter: text/html - (no CLSID) - (no file)

Advertisements

Register to Remove

#2 tj416

Malware Killer

Authentic Member
350 posts

Interests:Killing Malware

Posted 23 January 2006 - 05:51 AM

Hi superfeed,

Run a TrendMicro™ HouseCall ActiveX Scan

Please go HERE to run the Trend Micro™ HouseCall Scan.
Click Scan now. It's free!
Read and put a Check next to Yes I accept the terms of use.
Click the Launching HouseCall>> button.
Under "Browser plug-in" Installing and using Housecall kernel, click the Starting HouseCall>> button.
You may receive a prompt to install the ActiveX, click install.
If you are taken back to the main page, click Launching HouseCall>> button again.
Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button.
Please be patient while it installs, updates, and scans your system.
Once the scan is complete, it will take you to the summary page.
Under Cleanup options, choose clean all detected infections automatically.
Click the Clean now>> button.
If anything was found you may be prompted to run the scan again, you can just close the browser window.

Then, please download WebRoot SpySweeper from HERE (It's a 2 week trial):
- Click Download Now to download the program.
- Install it. Once the program is installed, it will open.
- It will prompt you to update to the latest definitions, click Yes.
- Once the definitions are installed, click Options on the left side.
- Click the Sweep Options tab.
- Under What to Sweep please put a check next to the following:
- Sweep Memory
- Sweep Registry
- Sweep Cookies
- Sweep All User Accounts
- Enable Direct Disk Sweeping
- Sweep Contents of Compressed Files
- Sweep for Rootkits
- Please UNCHECK Do not Sweep System Restore Folder.
Click Sweep Now on the left side.
Click the Start button.
When it's done scanning, click the Next button.
Make sure everything has a check next to it, then click the Next button.
It will remove all of the items found.
Click Session Log in the upper right corner, copy everything in that window.
Click the Summary tab and click Finish.
Paste the contents of the session log you copied into your next reply.

Then, post the SpySweeper session log and a fresh HijackThis log.

Edited by tj416, 23 January 2006 - 06:01 AM.

Terrin

Member of the Alliance of Security Analysis Professionals and the Unified Network of Instructors and Trusted Eliminators.

"For I can do everything through Christ, who gives me strength." - Philippians 4:13 (NLT)[/font]

#3 superfeed

New Member

Authentic Member
9 posts

Posted 05 February 2006 - 03:28 PM

Hi TJ, Thanks for your help. It is taking me a long time to deal with this, I am very busy with school, work, and family. Below is posted the webroot session log and a new hijack this log. The computer still is very slow, but the pop-ups seem to be gone. Thanks again, John ******** 10:45 PM: | Start of Session, Tuesday, January 31, 2006 | 10:45 PM: Spy Sweeper started 10:45 PM: Sweep initiated using definitions version 609 10:45 PM: Starting Memory Sweep 10:47 PM: Found Trojan Horse: trojan-downloader-dh 10:47 PM: Detected running threat: C:\WINDOWS\DH.dll (ID = 208494) 10:47 PM: Found Adware: superlogy search hijacker 10:47 PM: Detected running threat: C:\WINDOWS\SYSTEM\{FBD2EBD0-E6DF-456E-B300-A4D10A90C683}.DLL (ID = 205427) 10:47 PM: Found Adware: quicklink search toolbar 10:47 PM: Detected running threat: C:\PROGRAM FILES\QL\QLINK32.DLL (ID = 212814) 10:47 PM: Found Adware: purityscan 10:47 PM: Detected running threat: C:\WINDOWS\SYSTEM\KJXRHJEW.DLL (ID = 230) 10:50 PM: Found Adware: findthewebsiteyouneed hijacker 10:50 PM: Detected running threat: C:\WINDOWS\winsysban2.exe (ID = 238283) 10:51 PM: Found Adware: wfgtech 10:51 PM: Detected running threat: C:\WINDOWS\SYSTEM\0sis0ijw.dll (ID = 218030) 10:51 PM: Detected running threat: C:\WINDOWS\SYSTEM\68666A646E676E.exe (ID = 205426) 10:51 PM: Found Adware: command 10:51 PM: Detected running threat: C:\WINDOWS\ZGVmYXVsdAAA\command.exe (ID = 166753) 10:51 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || Command (ID = 0) 10:51 PM: Detected running threat: C:\WINDOWS\SYSTEM\igps.exe (ID = 214398) 10:51 PM: Found Adware: fullcontext 10:51 PM: Detected running threat: C:\Program Files\EQTraffic\EQTraffic.exe (ID = 233184) 10:51 PM: Found Adware: targetsaver 10:51 PM: Detected running threat: C:\Program Files\Common Files\wifm\wifmm.exe (ID = 195131) 10:51 PM: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run || WIFM (ID = 0) 10:51 PM: Detected running threat: C:\WINDOWS\SYSTEM\pgws.exe (ID = 200314) 10:51 PM: Detected running threat: C:\Program Files\FCHelp\FCHelp.exe (ID = 215780) 10:52 PM: Detected running threat: C:\Program Files\Common Files\wifm\wifma.exe (ID = 195128) 10:52 PM: Detected running threat: C:\Program Files\Common Files\wifm\wifmd\wifmc.dll (ID = 195129) 10:53 PM: Detected running threat: C:\Program Files\arcr\utdt.exe (ID = 230) 10:54 PM: Detected running threat: C:\WINDOWS\winsysban4.exe (ID = 239528) 10:54 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || winsysban (ID = 0) 10:58 PM: Memory Sweep Complete, Elapsed Time: 00:12:09 10:58 PM: Starting Registry Sweep 10:59 PM: Found Adware: findthewebsiteyouneed hijack 10:59 PM: HKLM\software\microsoft\internet explorer\main\ || search page (ID = 125241) 10:59 PM: HKLM\software\microsoft\internet explorer\search\ || searchassistant (ID = 125242) 10:59 PM: Found Adware: linkmaker 10:59 PM: HKLM\software\classes\typelib\{423550e9-2f83-4678-9929-c1774088b180}\ (9 subtraces) (ID = 129743) 10:59 PM: HKCR\typelib\{423550e9-2f83-4678-9929-c1774088b180}\ (9 subtraces) (ID = 129750) 11:00 PM: Found Adware: searchtoolbar 11:00 PM: HKLM\software\searchtoolbar\ (3 subtraces) (ID = 141346) 11:00 PM: HKCR\clsid\{8b6da27e-7f64-4694-8f8f-dc87ab8c6b22}\ (8 subtraces) (ID = 359437) 11:00 PM: HKLM\software\classes\clsid\{8b6da27e-7f64-4694-8f8f-dc87ab8c6b22}\ (8 subtraces) (ID = 359440) 11:00 PM: HKCR\quicklinks.linktracker.1\ (3 subtraces) (ID = 359448) 11:00 PM: HKCR\quicklinks.linktracker\ (3 subtraces) (ID = 359449) 11:00 PM: HKCR\quicklinks.quicklinksfilter.1\ (3 subtraces) (ID = 359450) 11:00 PM: HKCR\quicklinks.quicklinksfilter\ (3 subtraces) (ID = 359451) 11:00 PM: HKLM\software\classes\quicklinks.linktracker.1\ (3 subtraces) (ID = 359452) 11:00 PM: HKLM\software\classes\quicklinks.linktracker\ (3 subtraces) (ID = 359453) 11:00 PM: HKLM\software\classes\quicklinks.quicklinksfilter.1\ (3 subtraces) (ID = 359454) 11:00 PM: HKLM\software\classes\quicklinks.quicklinksfilter\ (3 subtraces) (ID = 359455) 11:00 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{8b6da27e-7f64-4694-8f8f-dc87ab8c6b22}\ (ID = 359456) 11:00 PM: HKLM\software\ql\ (3 subtraces) (ID = 359458) 11:00 PM: HKU\.default\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555438) 11:00 PM: Found Trojan Horse: trojan-downloader-ruin 11:00 PM: HKLM\software\microsoft\windows\currentversion\urls\ (7 subtraces) (ID = 605127) 11:00 PM: HKCR\clsid\{3551784b-e99a-474f-b782-3ec814442918}\ (10 subtraces) (ID = 727328) 11:00 PM: HKLM\software\classes\clsid\{3551784b-e99a-474f-b782-3ec814442918}\ (10 subtraces) (ID = 727357) 11:01 PM: Found Adware: visfx 11:01 PM: HKLM\ovmon\ (ID = 826847) 11:01 PM: HKLM\software\microsoft\windows\currentversion\uninstall\quicklinks\ (2 subtraces) (ID = 909558) 11:01 PM: Found Adware: cas 11:01 PM: HKCR\clsid\{6793d547-38dd-4325-b35a-f1817edfa567}\ (11 subtraces) (ID = 980799) 11:01 PM: HKCR\typelib\{67c89c18-b4f3-46a9-8800-e9e7a55afbd9}\ (9 subtraces) (ID = 980812) 11:01 PM: HKCR\typelib\{67c89c18-b4f3-46a9-8800-e9e7a55afbd9}\1.0\ (8 subtraces) (ID = 980813) 11:01 PM: HKLM\software\classes\clsid\{6793d547-38dd-4325-b35a-f1817edfa567}\ (11 subtraces) (ID = 980837) 11:01 PM: HKLM\software\classes\typelib\{67c89c18-b4f3-46a9-8800-e9e7a55afbd9}\ (9 subtraces) (ID = 980850) 11:01 PM: HKLM\software\classes\typelib\{67c89c18-b4f3-46a9-8800-e9e7a55afbd9}\1.0\ (8 subtraces) (ID = 980851) 11:01 PM: HKLM\software\microsoft\windows\currentversion\run\ || lspins (ID = 1027202) 11:01 PM: HKCR\bigmeangorilla.madashell\ (3 subtraces) (ID = 1047041) 11:01 PM: HKCR\clsid\{fbd2ebd0-e6df-456e-b300-a4d10a90c683}\ (13 subtraces) (ID = 1047045) 11:01 PM: HKCR\typelib\{020cc3dd-cbe1-463a-b882-a03728451994}\ (9 subtraces) (ID = 1047059) 11:01 PM: HKLM\software\classes\bigmeangorilla.madashell\ (3 subtraces) (ID = 1047082) 11:01 PM: HKLM\software\classes\clsid\{fbd2ebd0-e6df-456e-b300-a4d10a90c683}\ (13 subtraces) (ID = 1047086) 11:01 PM: HKLM\software\classes\typelib\{020cc3dd-cbe1-463a-b882-a03728451994}\ (9 subtraces) (ID = 1047100) 11:01 PM: Found Adware: zquest 11:01 PM: HKCR\clsid\{c5af2622-8c75-4dfb-9693-23ab7686a456}\ (4 subtraces) (ID = 1057025) 11:01 PM: HKLM\software\classes\clsid\{c5af2622-8c75-4dfb-9693-23ab7686a456}\ (4 subtraces) (ID = 1057030) 11:01 PM: HKLM\software\microsoft\windows\currentversion\uninstall\dh\ (2 subtraces) (ID = 1057035) 11:01 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}\ (ID = 1057038) 11:01 PM: HKCR\clsid\{994d478a-2bd0-4db4-ae77-288b1e346e99}\ (4 subtraces) (ID = 1075325) 11:01 PM: HKCR\typelib\{1b8b502e-465b-4022-be77-fb6d9f808a18}\ (9 subtraces) (ID = 1075392) 11:01 PM: HKLM\software\classes\clsid\{994d478a-2bd0-4db4-ae77-288b1e346e99}\ (4 subtraces) (ID = 1075473) 11:01 PM: HKLM\software\classes\typelib\{1b8b502e-465b-4022-be77-fb6d9f808a18}\ (9 subtraces) (ID = 1075534) 11:01 PM: HKLM\software\microsoft\windows\currentversion\run\ || winsysupd (ID = 1121711) 11:01 PM: HKLM\software\microsoft\windows\currentversion\run\ || winsysban (ID = 1121712) 11:01 PM: HKU\.DEFAULT\software\microsoft\internet explorer\main\ || default_search_url (ID = 125236) 11:01 PM: HKU\.DEFAULT\software\microsoft\internet explorer\main\ || search bar (ID = 125237) 11:01 PM: HKU\.DEFAULT\software\microsoft\internet explorer\main\ || search page (ID = 125238) 11:01 PM: HKU\.DEFAULT\software\microsoft\internet explorer\main\ || start page (ID = 125239) 11:02 PM: HKU\.DEFAULT\software\microsoft\windows\currentversion\run\ || dcas (ID = 138109) 11:02 PM: HKU\.DEFAULT\software\microsoft\internet explorer\toolbar\webbrowser\ || {08bec6aa-49fc-4379-3587-4b21e286c19e} (ID = 139177) 11:02 PM: HKU\.DEFAULT\software\microsoft\internet explorer\toolbar\webbrowser\ || {08bec6aa-49fc-4379-3587-4b21e286c19e} (ID = 139177) 11:02 PM: HKU\.DEFAULT\software\searchtoolbar\ (4 subtraces) (ID = 141343) 11:02 PM: HKU\.DEFAULT\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437) 11:02 PM: HKU\.DEFAULT\software\microsoft\internet explorer\main\ || search bar (ID = 790268) 11:02 PM: HKU\.DEFAULT\software\microsoft\internet explorer\main\ || default_search_url (ID = 790269) 11:02 PM: HKU\.DEFAULT\software\cmman\ (5 subtraces) (ID = 980823) 11:02 PM: HKU\.DEFAULT\software\microsoft\internet explorer\toolbar\shellbrowser\ || {08bec6aa-49fc-4379-3587-4b21e286c19e} (ID = 1020297) 11:02 PM: HKU\.DEFAULT\software\fchelp\ (3 subtraces) (ID = 1075408) 11:02 PM: HKU\.DEFAULT\software\microsoft\windows\currentversion\run\ || fchelp (ID = 1075456) 11:02 PM: HKU\.DEFAULT\software\eqtraffic\ (9 subtraces) (ID = 1114074) 11:02 PM: HKU\.DEFAULT\software\microsoft\windows\currentversion\run\ || eqtraffic (ID = 1114108) 11:02 PM: Found Adware: surfsidekick 11:02 PM: HKU\.DEFAULT\software\microsoft\windows\currentversion\run\ || cu1 (ID = 1140965) 11:02 PM: HKU\.DEFAULT\software\microsoft\windows\currentversion\run\ || cu2 (ID = 1140966) 11:02 PM: Registry Sweep Complete, Elapsed Time:00:04:12 11:02 PM: Starting Cookie Sweep 11:02 PM: Found Spy Cookie: overture cookie 11:02 PM: default@perf.overture[2].txt (ID = 3106) 11:02 PM: Found Spy Cookie: questionmarket cookie 11:02 PM: default@questionmarket[1].txt (ID = 3217) 11:02 PM: default@perf.overture[1].txt (ID = 3106) 11:02 PM: Found Spy Cookie: upspiral cookie 11:02 PM: default@www.upspiral[1].txt (ID = 3615) 11:02 PM: Found Spy Cookie: ask cookie 11:02 PM: default@ask[1].txt (ID = 2245) 11:02 PM: Found Spy Cookie: addynamix cookie 11:02 PM: default@ads.addynamix[2].txt (ID = 2062) 11:02 PM: Found Spy Cookie: yieldmanager cookie 11:02 PM: default@ad.yieldmanager[1].txt (ID = 3751) 11:02 PM: Found Spy Cookie: pointroll cookie 11:02 PM: default@ads.pointroll[1].txt (ID = 3148) 11:02 PM: Found Spy Cookie: 888 cookie 11:02 PM: default@888[1].txt (ID = 2019) 11:02 PM: default@ads.pointroll[3].txt (ID = 3148) 11:02 PM: Found Spy Cookie: goclick cookie 11:02 PM: default@c.goclick[2].txt (ID = 2733) 11:02 PM: Found Spy Cookie: enhance cookie 11:02 PM: default@c.enhance[2].txt (ID = 2614) 11:02 PM: Found Spy Cookie: oinadserve cookie 11:02 PM: default@oinadserve[1].txt (ID = 3091) 11:02 PM: Found Spy Cookie: realmedia cookie 11:02 PM: default@realmedia[2].txt (ID = 3235) 11:02 PM: default@888[2].txt (ID = 2019) 11:02 PM: default@ask[2].txt (ID = 2245) 11:02 PM: Found Spy Cookie: 2o7.net cookie 11:02 PM: default@partygaming.122.2o7[1].txt (ID = 1958) 11:02 PM: Found Spy Cookie: atwola cookie 11:02 PM: default@atwola[1].txt (ID = 2255) 11:02 PM: Found Spy Cookie: hbmediapro cookie 11:02 PM: default@adopt.hbmediapro[2].txt (ID = 2768) 11:02 PM: Found Spy Cookie: reliablestats cookie 11:02 PM: default@stats1.reliablestats[1].txt (ID = 3254) 11:02 PM: Found Spy Cookie: findwhat cookie 11:02 PM: default@findwhat[1].txt (ID = 2674) 11:02 PM: Found Spy Cookie: cc214142 cookie 11:02 PM: default@ads.cc214142[1].txt (ID = 2367) 11:02 PM: Found Spy Cookie: partypoker cookie 11:02 PM: default@partypoker[1].txt (ID = 3111) 11:02 PM: Found Spy Cookie: clickandtrack cookie 11:02 PM: default@hits.clickandtrack[2].txt (ID = 2397) 11:02 PM: Found Spy Cookie: belnk cookie 11:02 PM: default@belnk[1].txt (ID = 2292) 11:02 PM: Found Spy Cookie: ru4 cookie 11:02 PM: default@edge.ru4[1].txt (ID = 3269) 11:02 PM: default@hbmediapro[1].txt (ID = 2767) 11:02 PM: Found Spy Cookie: revenue.net cookie 11:02 PM: default@revenue[2].txt (ID = 3257) 11:02 PM: Found Spy Cookie: cassava cookie 11:02 PM: default@cassava[1].txt (ID = 2362) 11:02 PM: Found Spy Cookie: casalemedia cookie 11:02 PM: default@casalemedia[1].txt (ID = 2354) 11:02 PM: Found Spy Cookie: falkag cookie 11:02 PM: default@as1.falkag[2].txt (ID = 2650) 11:02 PM: Found Spy Cookie: zedo cookie 11:02 PM: default@zedo[2].txt (ID = 3762) 11:02 PM: Found Spy Cookie: adserver cookie 11:02 PM: default@z1.adserver[1].txt (ID = 2142) 11:02 PM: default@c5.zedo[1].txt (ID = 3763) 11:02 PM: Found Spy Cookie: trafficmp cookie 11:02 PM: default@trafficmp[2].txt (ID = 3581) 11:02 PM: Found Spy Cookie: adrevolver cookie 11:02 PM: default@adrevolver[3].txt (ID = 2088) 11:02 PM: Found Spy Cookie: abcsearch cookie 11:02 PM: default@abcsearch[2].txt (ID = 2033) 11:02 PM: Found Spy Cookie: starware.com cookie 11:02 PM: default@h.starware[1].txt (ID = 3442) 11:02 PM: Found Spy Cookie: apmebf cookie 11:02 PM: default@apmebf[2].txt (ID = 2229) 11:02 PM: default@data4.perf.overture[3].txt (ID = 3106) 11:02 PM: Found Spy Cookie: tradedoubler cookie 11:02 PM: default@tradedoubler[1].txt (ID = 3575) 11:02 PM: default@ad.yieldmanager[3].txt (ID = 3751) 11:02 PM: Found Spy Cookie: azjmp cookie 11:02 PM: default@azjmp[1].txt (ID = 2270) 11:02 PM: Found Spy Cookie: maxserving cookie 11:02 PM: default@maxserving[1].txt (ID = 2966) 11:02 PM: default@overture[2].txt (ID = 3105) 11:02 PM: Found Spy Cookie: adecn cookie 11:02 PM: default@adecn[1].txt (ID = 2063) 11:02 PM: Found Spy Cookie: rn11 cookie 11:02 PM: default@rn11[2].txt (ID = 3261) 11:02 PM: Found Spy Cookie: tribalfusion cookie 11:02 PM: default@tribalfusion[1].txt (ID = 3589) 11:02 PM: default@as-eu.falkag[1].txt (ID = 2650) 11:02 PM: default@adrevolver[1].txt (ID = 2088) 11:02 PM: default@dist.belnk[2].txt (ID = 2293) 11:02 PM: Found Spy Cookie: adknowledge cookie 11:02 PM: default@adknowledge[2].txt (ID = 2072) 11:02 PM: Found Spy Cookie: adlegend cookie 11:02 PM: default@adlegend[1].txt (ID = 2074) 11:02 PM: default@ads.addynamix[3].txt (ID = 2062) 11:02 PM: default@2o7[1].txt (ID = 1957) 11:02 PM: Found Spy Cookie: exitexchange cookie 11:02 PM: default@exitexchange[1].txt (ID = 2633) 11:02 PM: Found Spy Cookie: server.iad.liveperson cookie 11:02 PM: default@server.iad.liveperson[1].txt (ID = 3341) 11:02 PM: default@yieldmanager[2].txt (ID = 3749) 11:02 PM: Found Spy Cookie: search123 cookie 11:02 PM: default@search123[1].txt (ID = 3305) 11:02 PM: Found Spy Cookie: specificclick.com cookie 11:02 PM: default@adopt.specificclick[2].txt (ID = 3400) 11:02 PM: Found Spy Cookie: virtual vegas cookie 11:02 PM: default@www.virtualvegas[1].txt (ID = 3643) 11:02 PM: Found Spy Cookie: yadro cookie 11:02 PM: default@yadro[1].txt (ID = 3743) 11:02 PM: Found Spy Cookie: screensavers.com cookie 11:02 PM: default@www.screensavers[1].txt (ID = 3298) 11:02 PM: Cookie Sweep Complete, Elapsed Time: 00:00:14 11:02 PM: Starting File Sweep 11:02 PM: Warning: Failed to open file "c:\windows\win386.swp". The process cannot access the file because it is being used by another process 11:02 PM: 413_13_op.exe (ID = 232747) 11:02 PM: Found Adware: clkoptimizer 11:02 PM: installerus.exe (ID = 208542) 11:02 PM: ss1001.exe (ID = 216718) 11:04 PM: winsysban2.exe (ID = 238283) 11:04 PM: Found Adware: dollarrevenue 11:04 PM: myupdates.exe (ID = 238586) 11:04 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || myupdates (ID = 0) 11:04 PM: dh.dll (ID = 208494) 11:04 PM: winsysban.exe (ID = 233481) 11:04 PM: offun.exe (ID = 215807) 11:04 PM: pf78.exe (ID = 232847) 11:04 PM: winsysupd2.exe (ID = 238284) 11:04 PM: winsysupd4.exe (ID = 239527) 11:04 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || winsysupd (ID = 0) 11:04 PM: winsysban4.exe (ID = 239528) 11:04 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || winsysban (ID = 0) 11:08 PM: loadctr32.exe (ID = 125495) 11:09 PM: 0sis0ijw.dll (ID = 218030) 11:09 PM: 0sistufs.dll (ID = 236430) 11:09 PM: tsuninst.exe (ID = 193501) 11:09 PM: igps.exe (ID = 214398) 11:09 PM: {fbd2ebd0-e6df-456e-b300-a4d10a90c683}.dll (ID = 205427) 11:09 PM: 68666a646e676e.exe (ID = 205426) 11:09 PM: bk.exe (ID = 216230) 11:09 PM: pgws.exe (ID = 200314) 11:09 PM: Found Adware: webhancer 11:09 PM: whcc-click.exe (ID = 239203) 11:10 PM: Found Adware: cws_internet-guide.biz toolbar 11:10 PM: sdmtb.dll (ID = 56021) 11:10 PM: dh9013.exe (ID = 208497) 11:10 PM: Found Adware: apropos 11:10 PM: atmtd.dll (ID = 166754) 11:10 PM: atmtd.dll._ (ID = 166754) 11:14 PM: Found Trojan Horse: trojan-dropper-mecorp 11:14 PM: nat2.exe (ID = 238169) 11:14 PM: a2d211.tmp (ID = 214364) 11:14 PM: tsinstall_4_0_4_0_b4.exe (ID = 193496) 11:14 PM: cmdinst.exe (ID = 166756) 11:14 PM: fchelp.exe (ID = 215768) 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs23d32818-2211-45d0-b3ed-87a26b886601.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb00117df-fbe6-4d4d-8132-874479788a6a.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs08b3a2dc-247f-4e4e-b98b-cc0bd95d7c76.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsd2959ac6-8e64-4eec-8e63-4e9d593ab2c8.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4af9792f-98da-40c1-9b1c-c03da44c390f.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsd949c95a-b7ec-408f-941a-26b055de6043.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs05eb94d1-23b9-4015-b0d0-00fdc8220558.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs137f0a0b-bb75-430b-9ca2-3d5bcc91aa73.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs78bb5d67-f993-49be-9057-04ffe08b0f41.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsd620a1db-eb24-4565-9fd7-79fff0930943.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs8e5c7bc7-6d54-472a-9c25-a2fb4021b705.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs3abd9460-14d2-4dfa-bda4-6664a6a13260.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsc2aff750-1bd1-4957-a5d9-01fddb6bc88a.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscscc251bb7-77c9-4cec-a115-9ce43fbef47c.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb67d444f-f5d1-42a7-b949-cad7f519658c.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs1101ef75-bf3a-4444-9db5-56dc9ea5dc7f.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb5312e6c-a17b-4fa6-a538-905cf8be3f79.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs9e7eb65b-a968-4c6e-b600-e5aa3efc1cf2.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6376dd3-2cb1-4957-bb5b-feedee628804.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs0630596a-2db5-496d-a55d-2d7246932a1e.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsd3fb8329-092e-4f98-a756-7a7ad9bcf286.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs981024ac-72d8-4d10-ad06-beac9649270b.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4025d5ef-ee17-4e21-83b8-784cd8936d64.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs0f40e4e0-f9f6-4e85-902c-aede1f0d2f89.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs81f4922d-192b-49be-80f2-d1e7cfb486c0.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs37dee993-7e08-4f41-9332-9abf5e47ac28.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs51d4a789-1d21-4079-8c38-f4d597e6167e.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsd7cab020-bd16-4ac8-abec-888406813103.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs79de6b99-3d3f-4627-b818-268ce68c89ec.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb8001da9-ab8b-4068-88de-3bd6cf91c4b4.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs82e9019b-062f-418c-a556-ab4246ac96c5.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs941b94bf-e132-437d-a55f-e10f9b702a1f.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf5c0dd41-8b5e-48d9-a999-f50be0dbbbc6.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsfb805513-b97c-45b7-965b-1a8a22b980f2.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscse1d58588-0c5e-4f91-bb6b-dddac2e9ee22.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs9f64539d-88b5-48c9-a92d-f20f618f537b.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs3730a5b8-07d2-4bf2-a9b2-a9aecba2f663.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsdf59a802-e31f-4941-a776-df1b3d637603.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs5a6f7661-b153-4317-8b7d-0c34e83940d1.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs38b72f18-7d39-4776-9755-c96fb0a93f3c.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf79360a0-4891-4368-bc87-d3e878a8e649.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs71bde550-a80f-4002-924c-7683f9ef41bc.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs388c7d34-c9c6-4d86-9289-493259db5a93.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs1c633adb-6608-42d9-8f17-e62785914d90.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs982ba300-0cd0-4d5b-b8e3-27ecd62acecf.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsa7864ade-0a20-4747-a6c9-01b06789de10.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs07180971-8305-4725-9c3e-89fa93431d63.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsea643eeb-273a-46bf-9cf7-28f29853e22e.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf878357e-4c88-43e5-9cde-51ecf8bf5bcd.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs547db2c8-610a-4e28-b9a6-05dd9eb031a6.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsde5907cf-482c-4c60-aaae-4040b1f77417.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs16db260e-dca4-4611-89cb-0bc9dd42d8ac.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs46a0056b-b3d9-4d02-948b-72e7a1383f25.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs91e7cf30-debc-44ba-a502-4035fb0c82e8.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs2af0841b-a879-4ab4-ac1e-36f385a94ef3.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscse0cd14d3-d0b3-4da9-b152-705115423100.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs20a47e35-8db1-47a4-acd5-c10ebbee17cf.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs9f6fa3d4-f9a9-4ad3-95e2-53335912084d.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs1094243f-82bc-4f21-818a-fc9b4a69ad0a.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsdb19ee9b-ec08-4748-bfc9-bf2a7c78f589.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsdc9d30d0-e25a-482b-ae9a-a1655a9ef4df.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsd6e8279b-eafa-4338-aec8-1c8ca7dedc98.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscse6c3e182-c46d-45d5-94b2-8e2d80229474.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsc8af1dd3-0be7-47c7-b2ab-be0c3827a1e3.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsa8ed8488-fb0c-4485-9fd2-dae564d7b8d1.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscse2c66209-7996-44a7-804e-10dab75fd422.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscse3fb8ec0-c1f3-4c27-b0fd-985f78005c22.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs84dd7eae-cc1f-4a54-99dd-30d50b613637.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs16876cf7-521f-4808-a371-4ad68773ace1.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf1d69b94-f7a3-446b-b9b4-ff13c0df825d.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs00027244-16b3-46db-a72a-88709d66eb98.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs6d8bc1fb-dd8d-4b86-8ab7-06faed1789d1.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscse3e6442b-bae0-4c32-ba9d-11d1f588015a.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs43a14ec0-fd84-4362-a6dc-454f7e70fa25.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs419bd64b-09dd-44ed-839d-5a67c1c191f3.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsc60696e4-3290-4254-99c4-d387449936fa.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs751c6313-12d7-4805-8a72-98eeff3132d2.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs0b5b52cb-57a5-45ac-a381-b7d7a7ca2881.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsdd7e950c-5d7e-42bc-86e0-f9ca4f15f4bb.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs9bb77d06-01d3-413f-97e2-de681e6541cc.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf0726e50-af9d-4c86-ad22-338f0e6defc4.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf34bd3d7-0b05-4506-a9b3-ad579e7909bc.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs05d863e2-c032-4e48-acb1-6e55f9a2e645.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs0d8b4975-d66a-4e4f-a991-84dc0869ac99.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs3cd77219-e6e9-46c4-b8d6-c8376ebbd764.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf81f3909-603e-4913-9960-891b682cf144.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf51c9832-f0e8-4e4e-8547-93c21ec73b6b.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs28154d66-59e8-40b6-8a29-226e070c10eb.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsc51db8c3-02d5-4961-90c8-bdfdded7746e.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs0dafed67-915e-4763-acc3-103708a8fe9a.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs7ae9b84c-746b-4062-92b8-ba68574982e8.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs133eedb5-d866-4ac3-83ca-148a4b0bbd55.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs734bf5f7-460c-40e8-9608-b36eba197563.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscse7752db0-cc4e-4b23-b1de-39ef7ee52663.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs8a9f2f14-25aa-4547-8fab-bc97f090d9a6.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs859e34c4-3cfb-4826-80c6-6a018f2684dd.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs7cda6c00-6cf3-4013-a7d8-765706393f59.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4da701db-282a-47df-b605-5a378dfc3298.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs77836d4f-60f4-4c10-b8ed-d069183f7974.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb7659c41-78ad-4098-8c6b-7cdb65a8f5c1.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs3020a40a-b6f9-4657-beeb-4bc6655ef3ae.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs886f91e5-36d5-4705-b5e8-14274b9c5666.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs954b77c7-ae1b-4318-975c-9ab20be67da3.tmp". The process cannot access the file because it is being used by another process 11:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs5ae2a7bc-728f-4485-84c8-b60e7307badc.tmp". The process cannot access the file because it is being used by another process 11:16 PM: ltndmain[1].dll (ID = 236430) 11:16 PM: myupdates[1].exe (ID = 238586) 11:16 PM: winsysupd4[1].exe (ID = 239527) 11:16 PM: winsysban[1].exe (ID = 238283) 11:16 PM: fchelp[1].exe (ID = 215768) 11:16 PM: tsupdate2[1].ini (ID = 193498) 11:16 PM: winsysupd[1].exe (ID = 238284) 11:16 PM: winsysban4[1].exe (ID = 239528) 11:17 PM: command.exe (ID = 166753) 11:17 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || Command (ID = 0) 11:18 PM: Warning: Failed to open file "c:\program files\common files\wifm\wifmm.lck". The process cannot access the file because it is being used by another process 11:18 PM: Warning: Failed to open file "c:\program files\common files\wifm\wifma.lck". The process cannot access the file because it is being used by another process 11:18 PM: c:\program files\common files\vcclient (10 subtraces) (ID = -2147461290) 11:18 PM: wifmm.exe (ID = 195131) 11:18 PM: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run || WIFM (ID = 0) 11:18 PM: wifma.exe (ID = 195128) 11:18 PM: class-barrel (ID = 78229) 11:18 PM: wifmc.dll (ID = 195129) 11:18 PM: vocabulary (ID = 78283) 11:18 PM: vcclient.exe (ID = 212828) 11:18 PM: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run || CU1 (ID = 0) 11:18 PM: vcmain.exe (ID = 212830) 11:18 PM: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run || CU2 (ID = 0) 11:18 PM: vcupdate.exe (ID = 212831) 11:18 PM: ss1001.exe (ID = 215896) 11:25 PM: c:\program files\cmman (1 subtraces) (ID = -2147465172) 11:25 PM: c:\program files\ql (3 subtraces) (ID = -2147463315) 11:25 PM: cmappupdate.exe (ID = 233183) 11:25 PM: qldf.bin (ID = 208796) 11:25 PM: qlink32.dll (ID = 212814) 11:25 PM: uninstall.exe (ID = 212815) 11:25 PM: c:\program files\eqtraffic (5 subtraces) (ID = -2147459623) 11:25 PM: c:\program files\fchelp (4 subtraces) (ID = -2147461103) 11:29 PM: eqtraffic.exe (ID = 233184) 11:29 PM: uninstall.exe (ID = 233185) 11:29 PM: fchelp.dll (ID = 215779) 11:29 PM: fchelp.exe (ID = 215780) 11:29 PM: a0279132.cpy (ID = 208348) 11:29 PM: Found Adware: internetoptimizer 11:29 PM: nem220.0 (ID = 64043) 11:29 PM: sskbho.0 (ID = 189) 11:29 PM: sskcore.0 (ID = 216713) 11:29 PM: ssk.0 (ID = 216712) 11:29 PM: optimize.0 (ID = 214386) 11:29 PM: a0291478.cpy (ID = 208917) 11:29 PM: a0291479.cpy (ID = 208352) 11:29 PM: a0291480.cpy (ID = 208918) 11:29 PM: a0294606.cpy (ID = 232757) 11:29 PM: a0295083.cpy (ID = 73422) 11:29 PM: Found Trojan Horse: trojan-secdrop 11:29 PM: a0295084.cpy (ID = 81237) 11:29 PM: a0295085.cpy (ID = 125496) 11:29 PM: Found Trojan Horse: trojan-downloader-moneymind 11:29 PM: a0295086.cpy (ID = 103986) 11:29 PM: a0295091.cpy (ID = 185675) 11:29 PM: a0295094.cpy (ID = 208539) 11:29 PM: a0295095.cpy (ID = 233482) 11:29 PM: a0295098.cpy (ID = 195130) 11:29 PM: a0295101.cpy (ID = 195132) 11:29 PM: a0295102.cpy (ID = 193995) 11:29 PM: Found Trojan Horse: trojan-dnschanger 11:29 PM: a0295107.cpy (ID = 129709) 11:29 PM: a0295108.cpy (ID = 214386) 11:29 PM: a0295110.cpy (ID = 246) 11:29 PM: a0295111.cpy (ID = 203674) 11:29 PM: a0295112.cpy (ID = 200300) 11:29 PM: a0295113.cpy (ID = 185985) 11:29 PM: asappsrv.0 (ID = 144945) 11:29 PM: a0296003.cpy (ID = 236430) 11:29 PM: a0296052.cpy (ID = 236430) 11:38 PM: Warning: Invalid Stream 11:39 PM: 20060116011732.zip (ID = 208917) 11:39 PM: File Sweep Complete, Elapsed Time: 00:37:15 11:39 PM: Full Sweep has completed. Elapsed time 00:53:56 11:39 PM: Traces Found: 526 3:23 AM: Removal process initiated 3:24 AM: Quarantining All Traces: clkoptimizer 3:24 AM: Warning: Out of memory 3:24 AM: Failed to quarantine clkoptimizer 3:24 AM: Failed to quarantine installerus.exe 3:24 AM: Quarantining All Traces: purityscan 3:24 AM: Warning: Out of memory 3:24 AM: Warning: Out of memory 3:24 AM: Warning: Out of memory 3:24 AM: Warning: Out of memory 3:24 AM: Failed to quarantine purityscan 3:24 AM: Failed to quarantine C:\WINDOWS\SYSTEM\KJXRHJEW.DLL 3:24 AM: Failed to quarantine C:\Program Files\arcr\utdt.exe 3:24 AM: Quarantining All Traces: trojan-dnschanger 3:24 AM: Warning: Out of memory 3:24 AM: Failed to quarantine trojan-dnschanger 3:24 AM: Failed to quarantine a0295107.cpy 3:24 AM: Quarantining All Traces: trojan-downloader-moneymind 3:24 AM: Warning: Out of memory 3:24 AM: Failed to quarantine trojan-downloader-moneymind 3:24 AM: Failed to quarantine a0295086.cpy 3:24 AM: Quarantining All Traces: trojan-downloader-ruin 3:24 AM: Warning: Out of memory 3:24 AM: Warning: Out of memory 3:24 AM: Warning: Out of memory 3:24 AM: Warning: Out of memory 3:24 AM: Failed to quarantine trojan-downloader-ruin 3:24 AM: Failed to quarantine loadctr32.exe 3:24 AM: Failed to quarantine a0295085.cpy 3:24 AM: Failed to quarantine a0295110.cpy 3:24 AM: Failed to quarantine HKLM: software\microsoft\windows\currentversion\urls\ 3:24 AM: Quarantining All Traces: visfx 3:24 AM: Warning: Out of memory 3:24 AM: Warning: Out of memory 3:24 AM: Warning: Out of memory 3:24 AM: Failed to quarantine visfx 3:24 AM: Failed to quarantine 413_13_op.exe 3:24 AM: Failed to quarantine offun.exe 3:24 AM: Failed to quarantine HKLM: ovmon\ 3:24 AM: Quarantining All Traces: apropos 3:24 AM: Warning: Out of memory 3:24 AM: Warning: Out of memory 3:24 AM: Failed to quarantine apropos 3:24 AM: Failed to quarantine atmtd.dll 3:24 AM: Failed to quarantine atmtd.dll._ 3:24 AM: Quarantining All Traces: cas 3:24 AM: Error: Out of memory. 3:24 AM: Warning: Out of memory 3:24 AM: Error: Out of memory. 3:24 AM: Warning: Out of memory 3:24 AM: Warning: Out of memory 3:24 AM: Warning: Out of memory 3:25 AM: Warning: Out of memory 3:25 AM: Warning: Out of memory 3:25 AM: Warning: Out of memory 3:25 AM: Warning: Out of memory 3:25 AM: Failed to quarantine cas 3:25 AM: Failed to quarantine pf78.exe 3:25 AM: Failed to quarantine cmappupdate.exe 3:25 AM: Failed to quarantine clsid\{6793d547-38dd-4325-b35a-f1817edfa567}\ 3:25 AM: Failed to quarantine typelib\{67c89c18-b4f3-46a9-8800-e9e7a55afbd9}\ 3:25 AM: Failed to quarantine typelib\{67c89c18-b4f3-46a9-8800-e9e7a55afbd9}\1.0\ 3:25 AM: Failed to quarantine HKLM: software\classes\clsid\{6793d547-38dd-4325-b35a-f1817edfa567}\ 3:25 AM: Failed to quarantine HKLM: software\classes\typelib\{67c89c18-b4f3-46a9-8800-e9e7a55afbd9}\ 3:25 AM: Failed to quarantine HKLM: software\classes\typelib\{67c89c18-b4f3-46a9-8800-e9e7a55afbd9}\1.0\ 3:25 AM: Quarantining All Traces: dollarrevenue 3:25 AM: Warning: Out of memory 3:25 AM: Warning: Out of memory 3:25 AM: Warning: Out of memory 3:25 AM: Failed to quarantine dollarrevenue 3:25 AM: Failed to quarantine myupdates.exe 3:25 AM: Failed to quarantine myupdates[1].exe 3:25 AM: Failed to quarantine a0295094.cpy 3:25 AM: Quarantining All Traces: internetoptimizer 3:25 AM: Warning: Out of memory 3:25 AM: Warning: Out of memory 3:25 AM: Warning: Out of memory 3:25 AM: Failed to quarantine internetoptimizer 3:25 AM: Failed to quarantine nem220.0 3:25 AM: Failed to quarantine optimize.0 3:25 AM: Failed to quarantine a0295108.cpy 3:25 AM: Quarantining All Traces: quicklink search toolbar 3:25 AM: Warning: Out of memory 3:25 AM: Warning: Out of memory 3:25 AM: Warning: Out of memory 3:25 AM: Warning: Out of memory 3:25 AM: Warning: Out of memory 3:25 AM: Warning: Out of memory 3:25 AM: Warning: Out of memory 3:25 AM: Warning: Out of memory 3:25 AM: Warning: Out of memory 3:25 AM: Warning: Out of memory 3:25 AM: Warning: Out of memory 3:25 AM: Warning: Out of memory 3:25 AM: Error: Out of memory. 3:25 AM: Warning: Out of memory 3:25 AM: Warning: Out of memory 3:25 AM: Warning: Out of memory 3:25 AM: Warning: lzma: LZMA_Init failed 3:25 AM: Warning: lzma: LZMA_Init failed 3:25 AM: Warning: lzma: LZMA_Init failed 3:25 AM: Warning: lzma: LZMA_Init failed 3:25 AM: Warning: lzma: LZMA_Init failed 3:25 AM: Warning: lzma: LZMA_Init failed 3:25 AM: Warning: lzma: LZMA_Init failed 3:25 AM: Warning: lzma: LZMA_Init failed 3:25 AM: Warning: lzma: LZMA_Init failed 3:25 AM: Warning: lzma: LZMA_Init failed 3:25 AM: Warning: lzma: LZMA_Init failed 3:25 AM: Warning: lzma: LZMA_Init failed 3:25 AM: Warning: lzma: LZMA_Init failed 3:25 AM: Failed to quarantine quicklink search toolbar 3:25 AM: Failed to quarantine a2d211.tmp 3:25 AM: Failed to quarantine qldf.bin 3:25 AM: Failed to quarantine uninstall.exe 3:25 AM: Failed to quarantine a0295083.cpy 3:25 AM: Failed to quarantine clsid\{8b6da27e-7f64-4694-8f8f-dc87ab8c6b22}\ 3:25 AM: Failed to quarantine HKLM: software\classes\clsid\{8b6da27e-7f64-4694-8f8f-dc87ab8c6b22}\ 3:25 AM: Failed to quarantine quicklinks.linktracker.1\ 3:25 AM: Failed to quarantine quicklinks.linktracker\ 3:25 AM: Failed to quarantine quicklinks.quicklinksfilter.1\ 3:25 AM: Failed to quarantine quicklinks.quicklinksfilter\ 3:25 AM: Failed to quarantine HKLM: software\classes\quicklinks.linktracker.1\ 3:25 AM: Failed to quarantine HKLM: software\classes\quicklinks.linktracker\ 3:25 AM: Failed to quarantine HKLM: software\classes\quicklinks.quicklinksfilter.1\ 3:25 AM: Failed to quarantine HKLM: software\classes\quicklinks.quicklinksfilter\ 3:25 AM: Failed to quarantine HKLM: software\microsoft\windows\currentversion\explorer\browser helper objects\{8b6da27e-7f64-4694-8f8f-dc87ab8c6b22}\ 3:25 AM: Failed to quarantine HKLM: software\ql\ 3:25 AM: Failed to quarantine clsid\{3551784b-e99a-474f-b782-3ec814442918}\ 3:25 AM: Failed to quarantine HKLM: software\classes\clsid\{3551784b-e99a-474f-b782-3ec814442918}\ 3:25 AM: Failed to quarantine HKLM: software\microsoft\windows\currentversion\uninstall\quicklinks\ 3:25 AM: Failed to quarantine C:\PROGRAM FILES\QL\QLINK32.DLL 3:25 AM: Failed to quarantine C:\WINDOWS\SYSTEM\igps.exe 3:25 AM: Failed to quarantine C:\WINDOWS\SYSTEM\pgws.exe 3:25 AM: Quarantining All Traces: surfsidekick 3:25 AM: Warning: lzma: LZMA_Init failed 3:25 AM: Warning: lzma: LZMA_Init failed 3:25 AM: Warning: lzma: LZMA_Init failed 3:25 AM: Warning: lzma: LZMA_Init failed 3:25 AM: Warning: lzma: LZMA_Init failed 3:25 AM: Warning: lzma: LZMA_Init failed 3:25 AM: Warning: lzma: LZMA_Init failed 3:25 AM: Error: lzma: LZMA_Init failed. 3:25 AM: Warning: lzma: LZMA_Init failed 3:25 AM: Warning: lzma: LZMA_Init failed 3:25 AM: Failed to quarantine surfsidekick 3:25 AM: Failed to quarantine ss1001.exe 3:25 AM: Failed to quarantine bk.exe 3:25 AM: Failed to quarantine vcclient.exe 3:25 AM: Failed to quarantine vcmain.exe 3:25 AM: Failed to quarantine vcupdate.exe 3:25 AM: Failed to quarantine ss1001.exe 3:25 AM: Failed to quarantine sskbho.0 3:25 AM: Failed to quarantine sskcore.0 3:25 AM: Failed to quarantine ssk.0 3:25 AM: Quarantining All Traces: trojan-downloader-dh 3:25 AM: Warning: lzma: LZMA_Init failed 3:25 AM: Warning: lzma: LZMA_Init failed 3:25 AM: Warning: lzma: LZMA_Init failed 3:25 AM: Warning: lzma: LZMA_Init failed 3:25 AM: Warning: lzma: LZMA_Init failed 3:25 AM: Failed to quarantine trojan-downloader-dh 3:25 AM: Failed to quarantine dh9013.exe 3:25 AM: Failed to quarantine HKLM: software\microsoft\windows\currentversion\uninstall\dh\ 3:25 AM: Failed to quarantine C:\WINDOWS\DH.dll 3:25 AM: Quarantining All Traces: trojan-dropper-mecorp 3:25 AM: Warning: lzma: LZMA_Init failed 3:25 AM: Failed to quarantine trojan-dropper-mecorp 3:25 AM: Failed to quarantine nat2.exe 3:25 AM: Quarantining All Traces: trojan-secdrop 3:25 AM: Warning: lzma: LZMA_Init failed 3:25 AM: Failed to quarantine trojan-secdrop 3:25 AM: Failed to quarantine a0295084.cpy 3:25 AM: Quarantining All Traces: zquest 3:25 AM: Warning: lzma: LZMA_Init failed 3:25 AM: Warning: lzma: LZMA_Init failed 3:25 AM: Warning: lzma: LZMA_Init failed 3:25 AM: Failed to quarantine zquest 3:25 AM: Failed to quarantine clsid\{c5af2622-8c75-4dfb-9693-23ab7686a456}\ 3:25 AM: Failed to quarantine HKLM: software\classes\clsid\{c5af2622-8c75-4dfb-9693-23ab7686a456}\ 3:25 AM: Failed to quarantine HKLM: software\microsoft\windows\currentversion\explorer\browser helper objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}\ 3:25 AM: Quarantining All Traces: command 3:25 AM: Warning: lzma: LZMA_Init failed 3:25 AM: Warning: lzma: LZMA_Init failed 3:25 AM: Warning: lzma: LZMA_Init failed 3:25 AM: Warning: lzma: LZMA_Init failed 3:25 AM: Warning: lzma: LZMA_Init failed 3:25 AM: Failed to quarantine command 3:25 AM: Failed to quarantine cmdinst.exe 3:25 AM: Failed to quarantine a0295091.cpy 3:25 AM: Failed to quarantine a0295113.cpy 3:25 AM: Failed to quarantine asappsrv.0 3:25 AM: Failed to quarantine C:\WINDOWS\ZGVmYXVsdAAA\command.exe 3:25 AM: Quarantining All Traces: cws_internet-guide.biz toolbar 3:25 AM: Warning: lzma: LZMA_Init failed 3:25 AM: Failed to quarantine cws_internet-guide.biz toolbar 3:25 AM: Failed to quarantine sdmtb.dll 3:25 AM: Quarantining All Traces: findthewebsiteyouneed hijacker 3:26 AM: Warning: lzma: LZMA_Init failed 3:26 AM: Warning: lzma: LZMA_Init failed 3:26 AM: Warning: lzma: LZMA_Init failed 3:26 AM: Warning: lzma: LZMA_Init failed 3:26 AM: Warning: lzma: LZMA_Init failed 3:26 AM: Warning: lzma: LZMA_Init failed 3:26 AM: Warning: lzma: LZMA_Init failed 3:26 AM: Warning: lzma: LZMA_Init failed 3:26 AM: Warning: lzma: LZMA_Init failed 3:26 AM: Warning: lzma: LZMA_Init failed 3:26 AM: Failed to quarantine findthewebsiteyouneed hijacker 3:26 AM: Failed to quarantine winsysban.exe 3:26 AM: Failed to quarantine winsysupd2.exe 3:26 AM: Failed to quarantine winsysupd4.exe 3:26 AM: Failed to quarantine winsysupd4[1].exe 3:26 AM: Failed to quarantine winsysban[1].exe 3:26 AM: Failed to quarantine winsysupd[1].exe 3:26 AM: Failed to quarantine winsysban4[1].exe 3:26 AM: Failed to quarantine a0295095.cpy 3:26 AM: Failed to quarantine C:\WINDOWS\winsysban2.exe 3:26 AM: Failed to quarantine C:\WINDOWS\winsysban4.exe 3:26 AM: Quarantining All Traces: findthewebsiteyouneed hijack 3:26 AM: Quarantining All Traces: fullcontext 3:26 AM: Warning: lzma: LZMA_Init failed 3:26 AM: Warning: lzma: LZMA_Init failed 3:26 AM: Warning: lzma: LZMA_Init failed 3:26 AM: Warning: lzma: LZMA_Init failed 3:26 AM: Warning: lzma: LZMA_Init failed 3:26 AM: Error: lzma: LZMA_Init failed. 3:26 AM: Warning: lzma: LZMA_Init failed 3:26 AM: Warning: lzma: LZMA_Init failed 3:26 AM: Warning: lzma: LZMA_Init failed 3:26 AM: Warning: lzma: LZMA_Init failed 3:26 AM: Warning: lzma: LZMA_Init failed 3:26 AM: Warning: lzma: LZMA_Init failed 3:26 AM: Failed to quarantine fullcontext 3:26 AM: Failed to quarantine fchelp.exe 3:26 AM: Failed to quarantine fchelp[1].exe 3:26 AM: Failed to quarantine uninstall.exe 3:26 AM: Failed to quarantine fchelp.dll

Back to top

#4 tj416

tj416

Malware Killer

Authentic Member

350 posts

Interests:Killing Malware

Posted 06 February 2006 - 07:05 AM

Hi superfeed,

You will need to run SpySweeper again because it failed to remove a lot because your computer ran out of memory. So this time run the scan in Safe mode.

Reboot in Safe mode. To reboot in Safe mode:
Restart your computer and immediately begin tapping the F8 key on your keyboard. If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.

Makesure all windows are closed and run a SpySweeper scan again and save the log.

Then, reboot (in the normal mode) and post a fresh HijackThis log and the SpySweeper session log in this thread. You might want to split it into two posts, in one post, post one half of the SpySweeper session log and in the second post, post the other half of the log and the HijackThis log.

Edited by tj416, 06 February 2006 - 07:06 AM.

Terrin

Member of the Alliance of Security Analysis Professionals and the Unified Network of Instructors and Trusted Eliminators.

"For I can do everything through Christ, who gives me strength." - Philippians 4:13 (NLT)[/font]

Back to top

#5 superfeed

superfeed

New Member

Authentic Member

9 posts

Posted 26 March 2006 - 01:09 AM

Hi, I ran spyware removal in the safe mode, and had to run it a few times in order to get the machine functioning somewhat again. I am posting the lastest session log, and the hijack this log. Any further tips are appreciated. I will post the hijack this log in the nest reply. Thanks much, John ******** 12:55 AM: | Start of Session, Saturday, March 25, 2006 | 12:55 AM: Spy Sweeper started 12:55 AM: Sweep initiated using definitions version 641 12:55 AM: Starting Memory Sweep 12:59 AM: Found Adware: visfx 12:59 AM: Detected running threat: C:\WINDOWS\NMZQAXTA.exe (ID = 135) 12:59 AM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || NMZQAXTA (ID = 0) 1:01 AM: Memory Sweep Complete, Elapsed Time: 00:06:14 1:01 AM: Starting Registry Sweep 1:02 AM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004366DF in module 'WRSSSDK.EXE'. Read of address 73656C89 1:04 AM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004366DF in module 'WRSSSDK.EXE'. Read of address 53454C69 1:04 AM: Registry Sweep Complete, Elapsed Time:00:02:38 1:04 AM: Starting Cookie Sweep 1:04 AM: Found Spy Cookie: 2o7.net cookie 1:04 AM: default@msnportal.112.2o7[2].txt (ID = 1958) 1:04 AM: Found Spy Cookie: paypopup cookie 1:04 AM: default@paypopup[1].txt (ID = 3119) 1:04 AM: Found Spy Cookie: overture cookie 1:04 AM: default@data4.perf.overture[2].txt (ID = 3106) 1:04 AM: Found Spy Cookie: yieldmanager cookie 1:04 AM: default@ad.yieldmanager[1].txt (ID = 3751) 1:04 AM: Cookie Sweep Complete, Elapsed Time: 00:00:04 1:04 AM: Starting File Sweep 1:04 AM: Warning: Failed to open file "c:\windows\win386.swp". The process cannot access the file because it is being used by another process 1:05 AM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004366DF in module 'WRSSSDK.EXE'. Read of address FFFFFFFF 1:06 AM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004366DF in module 'WRSSSDK.EXE'. Read of address FFFFFFFF 1:07 AM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004366DF in module 'WRSSSDK.EXE'. Read of address FFFFFFFF 1:08 AM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004366DF in module 'WRSSSDK.EXE'. Read of address FFFFFFFF 1:09 AM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004366DF in module 'WRSSSDK.EXE'. Read of address FFFFFFFF 1:10 AM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004366DF in module 'WRSSSDK.EXE'. Read of address FFFFFFFF 1:11 AM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004366DF in module 'WRSSSDK.EXE'. Read of address FFFFFFFF 1:12 AM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004366DF in module 'WRSSSDK.EXE'. Read of address FFFFFFFF 1:13 AM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004366DF in module 'WRSSSDK.EXE'. Read of address FFFFFFFF 1:14 AM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004366DF in module 'WRSSSDK.EXE'. Read of address FFFFFFFF 1:15 AM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004366DF in module 'WRSSSDK.EXE'. Read of address FFFFFFFF 1:16 AM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004366DF in module 'WRSSSDK.EXE'. Read of address FFFFFFFF 1:17 AM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004366DF in module 'WRSSSDK.EXE'. Read of address FFFFFFFF 1:18 AM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004366DF in module 'WRSSSDK.EXE'. Read of address FFFFFFFF 1:19 AM: Found Adware: purityscan 1:19 AM: !update.exe (ID = 259388) 1:19 AM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004366DF in module 'WRSSSDK.EXE'. Read of address FFFFFFFF 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs81b47274-9f47-4858-a594-88e18dfa258e.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs495bbec5-e535-4bea-800b-c2dec668796a.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsc10cea52-09b7-4c83-b8dd-05307beb0fc5.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs13067c7b-3aea-4f9f-961d-6f299a0689c2.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs0ac77e36-97bd-41d5-9625-6ef45036c56b.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs01c677cf-561b-4c8f-b311-2eb7c50879f1.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs47ef5cc7-fc57-419e-92b1-255500221f77.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs50fc95b6-c8e7-44a5-a4e4-1d42ce5dee86.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscse8937dfb-3186-4bae-add2-d465d8055cd2.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscse5a51dc1-d42f-4012-b867-90cbd0ccbeeb.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs82f485d4-2ecd-4281-8f5a-df6311f15179.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs9eb81798-7023-43a2-ac1c-21806f94d1c5.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs1263dae4-d246-4cc9-addb-17ae15275ef6.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsfabfe274-ec77-4288-b668-c5bb9e7c4653.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs819dbe36-9d39-4b93-916b-0e677f05a1b7.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscse40a1b77-ddb0-4544-bbab-42b75b1b94f9.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs20e6068a-6e4c-409f-9d77-948db90624e5.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs15f918b7-1ea4-455f-9273-d65eb9c01dbc.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb17c271-b3d7-4b69-8266-7e1395896cee.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs27436db7-b2e8-4be0-b51b-d48bfec14d12.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs63df0190-bb4f-4ce3-b3a3-28303d644fb1.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs9ea56d06-b6cf-4176-b165-ee6ff328f4ef.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs65834858-4a8a-4d9c-bc3b-4da8a2a480d5.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb3ed9517-a130-4418-b131-41ee833d2fb7.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs6f489c86-4764-4827-a1cd-d5c14ebc302b.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsd7b9b8fb-a396-4990-9057-5dbfa6772b00.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs3518ad90-4cf7-44b2-ae88-41af92741e08.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsc0c66573-7d61-4189-b01e-601ac7ef0ad0.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs2f7c2a0c-cd49-4aff-b9ce-4c3e2c8a8d12.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs47d2ef96-3236-4cde-9069-e81ec51d6fbd.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbf6f5686-d3fe-40bb-8497-eaa13d03e5e8.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs540017e8-abbb-4d0b-b0e9-4341eb11cc73.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs738a8674-a968-403c-875c-a8a16172ce07.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs8e183a21-8ffb-4bda-8cb6-8efc60797684.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsfecef4dd-0001-44cc-bfda-8b37ea6f9a86.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs0a833834-2e37-43f4-a564-28b089f73536.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf071ca08-48e3-47b0-ba79-a655181ec871.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs47a51142-26af-414c-9658-0f3514de221c.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs2da4e294-4513-48f1-9454-18f7cae45182.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4d385f2e-b7de-4d08-9d9a-378dea3e7311.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsc3d6b628-00f9-4537-baa2-897588bba503.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf0b34076-e12a-41fd-ba4f-2af901b72dd7.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs55cf8576-7501-4396-9a1b-d49f6371a331.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscse069b939-90c8-4054-9ea9-26eaabaeeab3.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs0f129ba9-bd4f-4ed6-b8c9-a99d66c1b5b4.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsdd4fc8f6-aec3-49ec-8118-730f3a36015a.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs8409aef0-6f37-49e8-b391-4fefc1e19b3e.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs5918a62f-2dc2-404b-b362-b0cff4b66e22.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs6d261aeb-199b-4fea-bef0-63ca1ecebb87.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs51f6c9e1-ec7f-46b8-8b4a-3d105d314dac.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsba832d11-1efa-409a-92d3-3eee5609f57b.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsc2c422bc-31ba-4997-9cc2-b684c301f20b.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs2363e10c-61bf-4770-af09-aca3add84658.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb34a9133-3a8f-46c4-a683-c5a133a47a06.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs0233594a-f8a8-466f-b2ca-bdffcbdd937b.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb7b31a1e-694d-4113-961e-661f3dca7e0f.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsa62adb7e-f319-4fc7-9ba5-470dbe44eb37.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs646a36b6-01c2-4f93-baf3-d277d95c00d2.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaf8b6254-dcdd-4f19-9c77-0bce7a65927c.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs5608b0c9-ca53-4090-b9a8-99bd3f7a28c6.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs853380f3-d1a7-47ce-9b5d-0681058b4efe.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs2d8eb035-083e-4aba-957f-6e33a141aeb8.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf6c3c2b9-5e1d-4c27-bab5-dcf4b9b95755.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs9db89f34-870a-431f-9328-69967356eb28.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs0dda2833-ed70-4840-a97b-18a1df33f0e9.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsec974bd4-2331-4260-8996-25ef3f2f7dcd.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs138b2198-1533-4994-a8e6-0c9ef6119871.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs9b8b3062-b962-43c4-b67e-57433f173ce8.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb97f9da7-05ea-4f35-a4b7-9fa4c8e546bb.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs767f0b42-eeab-4724-9dfb-42d4d72037ed.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs063b635c-4b83-463d-b182-60ede0bcbe0c.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsc04bf98e-4f05-4a14-894f-09b3caac2103.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscseb39d9cd-ccce-43b6-b814-924482a0129f.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsc370e119-52f5-4278-88f3-d62a60e91b6c.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsd48d39b1-b789-45fb-9338-6f55c3cd74c9.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsc4df5e7e-aa76-437c-b5ef-4617953d02ef.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs3967897c-f87d-4f21-83bc-14c391152011.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb958f045-a787-4ede-9326-9ae65c72819b.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs1cf15519-6d0c-46a3-ad0a-02d7b67b07dc.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs374cb569-c0a2-4fec-8b06-0da1ea8e3156.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs92addc55-6834-415f-8065-6643541a602f.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsc3ce563e-2794-4d2f-9b09-6e8267e51cf4.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsa75b6667-1f4e-4d9a-be71-0d254fab6b0b.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs876e3d94-a0ab-4811-aecd-e984c45cdfd0.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsdca15af4-4d6f-4215-aa51-522354bf545b.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs5ec644e6-95ab-4063-9925-9190385ecef1.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs94ab1468-8b28-4640-9a16-dbb0088a72b5.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs366d74a1-bed3-4b1b-b654-5d12a08c39fa.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb41b39e3-d561-45dd-9434-67f195b3c7b4.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs1f467f26-7ba3-4f78-8c06-07eb08d5db79.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs48e4bf67-7ebf-40c3-b1aa-c01e9d62a369.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs12a598c0-0a8b-4dba-8640-3e853ec8e2ec.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscscf73efc9-81a9-46cb-8780-8b24fc90e10a.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs2f6b59ee-0026-4120-aa92-e676c2edca92.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs216539b1-1500-4320-8958-5aafc9b7916b.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsc34bf7f1-f0f5-4dc4-8d29-528d0fa55108.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsccf6348a-1130-4035-8bbd-4b7ceaa77772.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs9f34b125-791b-4421-a86a-ed78a39694d5.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsa137bbc3-59a4-4737-916e-e37ee7ece4a1.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs30cda686-87fe-40d7-8af4-b0f8f2d97727.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs67afae7c-95e3-4b7e-937c-b076f13c554b.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs274a0800-4891-40f7-adc2-0d741c3a2def.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsfda7be48-a331-4c5c-9e8d-683b46feccb9.tmp". The process cannot access the file because it is being used by another process 1:19 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs08a02b6f-51f4-4f02-aa03-76942e1a85b0.tmp". The process cannot access the file because it is being used by another process 1:20 AM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004366DF in module 'WRSSSDK.EXE'. Read of address FFFFFFFF 1:21 AM: !update-3595[1].0000 (ID = 259388) 1:21 AM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004366DF in module 'WRSSSDK.EXE'. Read of address FFFFFFFF 1:22 AM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004366DF in module 'WRSSSDK.EXE'. Read of address FFFFFFFF 1:23 AM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004366DF in module 'WRSSSDK.EXE'. Read of address FFFFFFFF 1:24 AM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004366DF in module 'WRSSSDK.EXE'. Read of address FFFFFFFF 1:25 AM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004366DF in module 'WRSSSDK.EXE'. Read of address FFFFFFFF 1:26 AM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004366DF in module 'WRSSSDK.EXE'. Read of address FFFFFFFF 1:27 AM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004366DF in module 'WRSSSDK.EXE'. Read of address FFFFFFFF 1:28 AM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004366DF in module 'WRSSSDK.EXE'. Read of address FFFFFFFF 1:29 AM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004366DF in module 'WRSSSDK.EXE'. Read of address FFFFFFFF 1:30 AM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004366DF in module 'WRSSSDK.EXE'. Read of address FFFFFFFF 1:31 AM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004366DF in module 'WRSSSDK.EXE'. Read of address FFFFFFFF 1:32 AM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004366DF in module 'WRSSSDK.EXE'. Read of address FFFFFFFF 1:33 AM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004366DF in module 'WRSSSDK.EXE'. Read of address FFFFFFFF 1:34 AM: Found Adware: surfsidekick 1:34 AM: a0310784.cpy (ID = 212353) 1:34 AM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004366DF in module 'WRSSSDK.EXE'. Read of address FFFFFFFF 1:35 AM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004366DF in module 'WRSSSDK.EXE'. Read of address FFFFFFFF 1:36 AM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004366DF in module 'WRSSSDK.EXE'. Read of address FFFFFFFF 1:37 AM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004366DF in module 'WRSSSDK.EXE'. Read of address FFFFFFFF 1:38 AM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004366DF in module 'WRSSSDK.EXE'. Read of address FFFFFFFF 1:39 AM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004366DF in module 'WRSSSDK.EXE'. Read of address FFFFFFFF 1:40 AM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004366DF in module 'WRSSSDK.EXE'. Read of address FFFFFFFF 1:41 AM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004366DF in module 'WRSSSDK.EXE'. Read of address FFFFFFFF 1:42 AM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004366DF in module 'WRSSSDK.EXE'. Read of address FFFFFFFF 1:43 AM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004366DF in module 'WRSSSDK.EXE'. Read of address FFFFFFFF 1:44 AM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004366DF in module 'WRSSSDK.EXE'. Read of address FFFFFFFF 1:45 AM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004366DF in module 'WRSSSDK.EXE'. Read of address FFFFFFFF 1:46 AM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004366DF in module 'WRSSSDK.EXE'. Read of address FFFFFFFF 1:47 AM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004366DF in module 'WRSSSDK.EXE'. Read of address FFFFFFFF 1:48 AM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004366DF in module 'WRSSSDK.EXE'. Read of address FFFFFFFF 1:48 AM: Warning: Invalid Stream 1:49 AM: File Sweep Complete, Elapsed Time: 00:44:33 1:49 AM: Full Sweep has completed. Elapsed time 00:53:35 1:49 AM: Traces Found: 9 1:49 AM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004366DF in module 'WRSSSDK.EXE'. Read of address FFFFFFFF 1:50 AM: Removal process initiated 1:50 AM: Quarantining All Traces: purityscan 1:50 AM: Warning: Out of memory 1:50 AM: Warning: Out of memory 1:50 AM: Failed to quarantine purityscan 1:50 AM: Failed to quarantine !update.exe 1:50 AM: Failed to quarantine !update-3595[1].0000 1:50 AM: Quarantining All Traces: visfx 1:50 AM: Warning: Out of memory 1:50 AM: Failed to quarantine visfx 1:50 AM: Failed to quarantine C:\WINDOWS\NMZQAXTA.exe 1:50 AM: Quarantining All Traces: surfsidekick 1:50 AM: Warning: Out of memory 1:50 AM: Failed to quarantine surfsidekick 1:50 AM: Warning: Could not set Common Ad Sites in hosts file. Access violation at address 004366DF in module 'WRSSSDK.EXE'. Read of address FFFFFFFF 1:50 AM: Failed to quarantine a0310784.cpy 1:50 AM: Quarantining All Traces: 2o7.net cookie 1:50 AM: Warning: Out of memory 1:50 AM: Failed to quarantine 2o7.net cookie 1:50 AM: Failed to quarantine default@msnportal.112.2o7[2].txt 1:50 AM: Quarantining All Traces: overture cookie 1:50 AM: Warning: Out of memory 1:50 AM: Failed to quarantine overture cookie 1:50 AM: Failed to quarantine default@data4.perf.overture[2].txt 1:50 AM: Quarantining All Traces: paypopup cookie 1:50 AM: Warning: Out of memory 1:50 AM: Failed to quarantine paypopup cookie 1:50 AM: Failed to quarantine default@paypopup[1].txt 1:50 AM: Quarantining All Traces: yieldmanager cookie 1:50 AM: Warning: Out of memory 1:50 AM: Failed to quarantine yieldmanager cookie 1:50 AM: Failed to quarantine default@ad.yieldmanager[1].txt 1:50 AM: Preparing to restart your computer. Please wait... 1:50 AM: Removal process completed. Elapsed time 00:00:30 ******** 11:38 PM: | Start of Session, Friday, March 24, 2006 | 11:38 PM: Spy Sweeper started 11:38 PM: Sweep initiated using definitions version 641 11:38 PM: Starting Memory Sweep 11:39 PM: Sweep Canceled 11:39 PM: Memory Sweep Complete, Elapsed Time: 00:00:46 11:39 PM: Traces Found: 0 ******** 9:17 PM: | Start of Session, Friday, March 24, 2006 | 9:17 PM: Spy Sweeper started 9:17 PM: Sweep initiated using definitions version 641 9:17 PM: Starting Memory Sweep 9:19 PM: Memory Sweep Complete, Elapsed Time: 00:02:16 9:19 PM: Starting Registry Sweep 9:21 PM: Found Adware: cas 9:21 PM: HKU\.DEFAULT\software\eqtraffic\ (9 subtraces) (ID = 1114074) 9:21 PM: Registry Sweep Complete, Elapsed Time:00:01:44 9:21 PM: Starting Cookie Sweep 9:21 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00 9:21 PM: Starting File Sweep 9:21 PM: Warning: Failed to open file "c:\windows\win386.swp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbed1918a-b4ff-4232-8985-96fa06534b57.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs72385649-c303-4c05-8798-344bc21f4b41.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs348ff3dd-db4b-402b-9097-400fac2d4e71.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs2eb0bb78-66ab-4a3e-8575-f1207dd78148.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs3c2a91d8-f221-4808-9c95-a3c08a2a764d.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs487c1f14-2712-48e5-9e72-bcdfd9e0564c.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs8be25095-c104-4774-8538-5eb53e3fc089.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs6fd016db-37a3-44de-9141-051d2af65e75.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsa27eaf02-251e-49a2-94b8-e780db3dd9f8.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs747cbd8f-4759-4dfa-b495-593b77d46f5f.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsd96ac401-92d4-4959-93dd-c96d8bfa2aec.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb2d07035-5dbc-4aa1-b05d-7decb222e1b2.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs5dd496ff-2555-433c-95ad-af3a292fc97e.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsebd643f4-46d4-4460-86dc-125cc141fe09.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsa4093c2b-b959-48e1-b84c-9d67fa173ac7.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e272aa6-c05b-4d64-b0e1-9bb7419cab16.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs73d786c7-564b-4a3c-8025-a29d18a73644.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs9b77d0ac-01f2-44f6-9946-bd21dce49668.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscse8e17a3f-de7c-45b8-a85e-1a01240cdba9.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs017c3915-88e2-492c-8b91-c683b8938513.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaf36c6b8-d6e2-4154-b467-95c66de5f939.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs0100555d-2a00-4f8a-9e56-dca1d78d5e29.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsd5a2202f-28b7-4d24-b7ad-ec6a67c21485.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs8aa37725-9ceb-4247-a851-660348cab2a7.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs0b487c28-861c-4060-83d3-0ca805e3b424.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs3a77b558-9ad0-48c8-9e4d-2a55d06ba70e.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscseb75f786-8037-471c-b0c7-2f3b25df8f65.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs5ba38209-f93a-4889-b0e1-7393f8888ad8.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs5cfa8ede-d9d0-4481-8f05-42b8d532455b.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs9070a35e-8bf1-476d-aa3b-cd10099647cc.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsc6bb1e40-87fd-426b-8e2b-b6c89df920e2.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs1fa84cec-45c0-4e59-97af-8f4224069996.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsc61a90c8-3925-4e7f-984f-af7553317b5d.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs08a92de6-45c1-4a49-b9ea-e72be765740b.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf3b6da7f-c775-4f9e-8bfd-370e7b3b40ce.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs8dec151b-3a31-4d08-bd04-9178998bce3e.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs3a731f66-e3b1-4db1-ab52-c1463d130bc7.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscse0bfc447-d507-43f4-9a28-858cf9a31cd7.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscse7adf495-6f29-4cd9-b810-4a8dbd75ea2d.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscse54226dd-109a-483b-8bbc-bdd1abd571bd.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs61c201a7-f335-4ea2-bcf9-9965716ee238.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs5de22889-399f-4cc7-89c5-3da69f241086.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsd7d602b1-a824-4f75-ad62-b248cfa56f8c.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsae0e54d7-58d9-4018-a25c-0c832277cc78.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs998e1377-50c5-416c-88e4-186a0ea6a42d.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs49a19203-27b6-4976-8812-cf9c62891eb6.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs1f515a64-3a26-4b81-a190-d9016de6ac41.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs5dffb0f6-1571-4cca-93dc-6acb4dc396cd.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs295ad1a8-5d30-4d74-b021-1b677eba9fc9.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs546df686-38c1-4300-b0bd-4fb52692b3fb.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs8f2b010f-1b00-4d9b-9134-e727b3e1bf99.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs76149206-59ab-4cbc-bc53-70731a4836f0.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsc12de172-0494-4d3d-8242-718377f2bfcc.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs1ddc51f5-7786-4521-8280-88f60edd26c2.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs5857fd70-2159-43e0-ac4f-c75c5d121998.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbd4a96ff-253a-4903-ad36-643be5dcb397.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs977f4d54-77ec-4166-b016-f7910bec2234.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsfd903842-7bf4-41f2-98af-13b376bd0f68.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs8b0f8579-2a64-4a4f-a6ae-687c58109169.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsdb2ee333-5ec3-419b-a91f-6f9ae5782bd3.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs850c6e3b-d857-4f38-9b89-841f35f639a2.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsa41b911b-6cc8-4c34-a992-b53bedacaea7.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsa09d5369-c278-4f5e-9d72-f7d50ccc2aa4.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs1186694c-fff8-49c0-aae5-decd6f09ac9c.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs8614a06d-5606-4db8-a3b2-7901131e9e4a.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs9b28e20b-3776-471b-aa27-1ef12f600203.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb3388d7e-6f13-444c-8723-71c025df2555.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs596591c8-ca83-4427-a6ba-3713dd44ea80.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsabbfef8a-b390-4e2e-bfa2-77dc4d4c938c.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs2fbba53a-a4fa-40ad-b9eb-415dfd856c06.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscse80ba141-63e6-4698-829b-67798c8e8697.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs2ccf30e8-ae41-41be-8d8a-ec4f93350f13.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscse35c5ab6-afa1-4a45-9290-34ea8d6469c9.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsc0f98ca6-9f4e-4fd0-9790-fe17bee578f7.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs809ccd2e-d137-4d75-b500-fd23614be81c.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs93b1c2f5-83a9-4a2c-87be-0b2ac02d4a68.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs1283b261-8593-44cb-bdcc-2a3c95b3a115.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs9230ebdf-8767-4b98-83b4-fbfd1d3a0765.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs8b6b06f6-40d9-4bd1-b660-72bece3ac8a1.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs7a803fc1-0c5b-4b18-982d-188b8c272da9.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs34ac0649-486c-49e1-a39b-8db7c01382ac.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscseb40a1e9-90e7-4394-8e43-c83a48a2553f.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs22df624f-982b-47b7-863e-8d59ccff2444.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsad735dae-571b-4613-bea2-afca4f4586d6.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsd5a533e1-4197-4e39-b0bd-33c399117e53.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs19ed3576-6bac-45ee-9d06-9c3e89aca629.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscseeee3869-3bd6-48c7-8c6f-81734240ed03.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscse704861c-ba79-4af3-b021-aae7ca10df95.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsdfd0a04d-e331-4a35-bf0d-5aa1d7b3c8d6.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs79cd2a55-9e88-4221-9baa-a96493578649.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscseb2f283d-8828-4820-a4ba-31b148e0631d.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs70956cc8-0a7b-46fb-9b3c-9eeca879a4e3.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsc0cc0162-82fc-4e65-968e-bd1e2a3728e8.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs9ed766d7-3dfa-4b07-9223-8e58c9c4c94a.tmp". The process cannot access the file because it is being used by another process 9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweep

Back to top

#6 superfeed

superfeed

New Member

Authentic Member

9 posts

Posted 26 March 2006 - 01:12 AM

Here is the latest Hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 1:58:46 AM, on 3/25/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\PCTVOICE.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\EKEYS\EKEYS.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\WRSSSDK.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.e4me.com/start.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {46084358-F2B3-FF34-C1AA-F58AD9A5FA9C} - C:\WINDOWS\SYSTEM\TRGRWOD.DLL (file missing)
F1 - win.ini: run=hpfsched
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YCOMP5_5_7_0.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {59EF54BA-B004-B889-2C54-BACE6DB8EC9B} - C:\WINDOWS\SYSTEM\KJXRHJEW.DLL (file missing)
O2 - BHO: (no name) - {4C3F655C-D5E5-F915-C07C-D898CD10A5BA} - C:\WINDOWS\SYSTEM\FSRDG.DLL (file missing)
O2 - BHO: (no name) - {496F6351-8EE6-F946-C07C-D898CD10A4B1} - C:\WINDOWS\SYSTEM\HZQ.DLL (file missing)
O2 - BHO: (no name) - {46084358-F2B3-FF34-C1AA-F58AD9A5FA9C} - C:\WINDOWS\SYSTEM\TRGRWOD.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YCOMP5_5_7_0.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe
O4 - HKLM\..\Run: [BookmarkCentral] C:\PROGRA~1\BMCENT~1\BMLauncher.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [0sis0ijw.dll] RUNDLL32.EXE 0sis0ijw.dll,b 373963
O4 - HKLM\..\Run: [ABA9ADA7B1AAB1AE] 68666A646E676E.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE" /startintray
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Start Green eKeySetup....lnk = C:\Program Files\eKeys\eKeys.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: America Online 6.0 Tray Icon.lnk = C:\America Online 6.0\aoltray.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\PROGRAM FILES\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\PROGRAM FILES\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.e4me.com/start.html
O16 - DPF: Yahoo! MahJong Solitaire - http://download.game...s/y/mjst4_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.game...e/gpcontrol.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://download.game...nx.1.0.0.55.cab
O18 - Filter: text/html - (no CLSID) - (no file)

Back to top

#7 LDTate

LDTate

Grand Poobah

Root Admin

57,211 posts

Posted 09 April 2006 - 05:10 PM

Hi superfeed, sorry about the delay. I'll see if I can help. Post a new HijackThis log please.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

Back to top

#8 superfeed

superfeed

New Member

Authentic Member

9 posts

Posted 10 April 2006 - 10:50 PM

Hi LDT, pasted below is the current HJT log. Thank you for your help. John

Logfile of HijackThis v1.99.1
Scan saved at 12:44:54 AM, on 4/11/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA TITANIUM 2006 ANTIVIRUS + ANTISPYWARE\PAVFNSVR.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA TITANIUM 2006 ANTIVIRUS + ANTISPYWARE\PSIMSVC.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA TITANIUM 2006 ANTIVIRUS + ANTISPYWARE\FIREWALL\PNMSRV.EXE
C:\PROGRAM FILES\PANDA SOFTWARE\PANDA TITANIUM 2006 ANTIVIRUS + ANTISPYWARE\TPSRV9X.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\PCTVOICE.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.e4me.com/start.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {46084358-F2B3-FF34-C1AA-F58AD9A5FA9C} - C:\WINDOWS\SYSTEM\TRGRWOD.DLL (file missing)
F1 - win.ini: run=hpfsched
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YCOMP5_5_7_0.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {59EF54BA-B004-B889-2C54-BACE6DB8EC9B} - C:\WINDOWS\SYSTEM\KJXRHJEW.DLL (file missing)
O2 - BHO: (no name) - {4C3F655C-D5E5-F915-C07C-D898CD10A5BA} - C:\WINDOWS\SYSTEM\FSRDG.DLL (file missing)
O2 - BHO: (no name) - {496F6351-8EE6-F946-C07C-D898CD10A4B1} - C:\WINDOWS\SYSTEM\HZQ.DLL (file missing)
O2 - BHO: (no name) - {46084358-F2B3-FF34-C1AA-F58AD9A5FA9C} - C:\WINDOWS\SYSTEM\TRGRWOD.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YCOMP5_5_7_0.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PCTVOICE] pctvoice.exe
O4 - HKLM\..\Run: [BookmarkCentral] C:\PROGRA~1\BMCENT~1\BMLauncher.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe
O4 - HKLM\..\RunServices: [PavProc] "C:\Program Files\Common Files\Panda Software\PavShld\PavPrS9x.exe"
O4 - HKLM\..\RunServices: [PAVFNSVR] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe"
O4 - HKLM\..\RunServices: [PSIMSVC] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PSIMSVC.exe"
O4 - HKLM\..\RunServices: [PNMSRV] "c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE"
O4 - HKLM\..\RunServices: [TPSrv9x] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv9x.exe"
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\PROGRAM FILES\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\PROGRAM FILES\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.e4me.com/start.html
O16 - DPF: Yahoo! MahJong Solitaire - http://download.game...s/y/mjst4_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.game...e/gpcontrol.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://download.game...nx.1.0.0.55.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Filter: text/html - (no CLSID) - (no file)

Back to top

#9 LDTate

LDTate

Grand Poobah

Root Admin

57,211 posts

Posted 11 April 2006 - 02:50 PM

I suggest you do this:

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.

Please do not delete anything unless instructed to.

1.Click Start > Settings > Control Panel.
2.Next, open Add/Remove Programs and remove if listed:
Viewpoint Manager

Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.e4me.com/start.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R3 - URLSearchHook: (no name) - {46084358-F2B3-FF34-C1AA-F58AD9A5FA9C} - C:\WINDOWS\SYSTEM\TRGRWOD.DLL (file missing)

O2 - BHO: (no name) - {59EF54BA-B004-B889-2C54-BACE6DB8EC9B} - C:\WINDOWS\SYSTEM\KJXRHJEW.DLL (file missing)

O2 - BHO: (no name) - {4C3F655C-D5E5-F915-C07C-D898CD10A5BA} - C:\WINDOWS\SYSTEM\FSRDG.DLL (file missing)

O2 - BHO: (no name) - {496F6351-8EE6-F946-C07C-D898CD10A4B1} - C:\WINDOWS\SYSTEM\HZQ.DLL (file missing)

O2 - BHO: (no name) - {46084358-F2B3-FF34-C1AA-F58AD9A5FA9C} - C:\WINDOWS\SYSTEM\TRGRWOD.DLL (file missing)

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\PROGRAM FILES\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\PROGRAM FILES\PartyGaming\PartyPoker\RunApp.exe

O18 - Filter: text/html - (no CLSID) - (no file)

Close ALL windows and browsers except HijackThis and click "Fix checked"

1. Open My Computer
2. Right click on your hard drive that you wish to clean (C drive, for example)
3. In the context menu that opens, select properties
4. Under the general tab you should select Disk Cleanup
5. Windows will scan your drive which will take a few seconds/minutes
6. A box will display the various files you can remove.
Check all boxes except compress old files (If listed)
7. Click OK and windows will comply.

Restart your computer.

Reboot and "copy/paste" a new log file into this thread.
Also please describe how your computer behaves at the moment.

Edited by LDTate, 17 April 2006 - 04:16 PM.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

Back to top

#10 LDTate

LDTate

Grand Poobah

Root Admin

57,211 posts

Posted 17 April 2006 - 03:09 PM

How are you doing with the fix?

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

Back to top

#11 LDTate

LDTate

Grand Poobah

Root Admin

57,211 posts

Posted 22 April 2006 - 05:49 PM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

Back to top

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Reply to quoted posts Clear

What the Tech

→ Spyware / Malware / Virus Removal

→ Virus, Spyware & Malware Removal

Privacy Policy

Terms of Use ·

Body Background

skin color theme