Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

hi jack log help /have run all suggestions

Started by stables22 , Mar 04 2006 04:57 PM

  • This topic is locked This topic is locked
8 replies to this topic

#1 stables22

stables22

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 04 March 2006 - 04:57 PM

help with log please and thank you much
Logfile of HijackThis v1.99.1
Scan saved at 5:52:52 PM, on 3/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\WINDOWS\system32\NVATray.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Sierra\CardStudio\PLNRnote.exe
C:\Program Files\America Online 9.0\waol.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\COMMON~1\AOL\114143~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\114143~1\EE\AOLServiceHost.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\jeff\My Documents\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.attbusiness.net/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {B01E130D-1101-0BBA-7F3C-8CCEDBA5EB0B} - (no file)
O2 - BHO: (no name) - {F3270D14-707D-D3FB-DCC1-7F3A530BED22} - (no file)
O2 - BHO: (no name) - {F4F896DD-A5B9-AB3C-C27E-3688AE81A6DA} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1141431634\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\Sierra\CardStudio\PLNRnote.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127260326551
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://tv.disney.go....y/OTOYAX29b.cab
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (NMInstall Control) - http://a14.g.akamai....GAPANEL_USA.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....02/cpbrkpie.cab
O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} (Pulse V5 ActiveX Control) - http://www.pulse3d.c...yer5.2AxWin.cab
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://209.67.146.68.../ACNePlayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1355959-2FD7-4371-B909-6B58A754147F}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Fix-It Utilities 2000 Task Manager (mxserver) - Unknown owner - F:\fixit\mxserver.exe (file missing)
O23 - Service: NetOp Helper ver. 6.50 (2001039) (NetOp Host for NT Service) - Unknown owner - C:\Program Files\NetOp Remote Control\HOST\NHOSTSVC.EXE (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe

    Advertisements

Register to Remove

#2 stables22

stables22

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 05 March 2006 - 07:32 AM

can anyone tell me how to get rid of some things on this list at the very bottom of list the last 5 items are from unistalled programs i have tried registry cleaners etc .can not find them cpmputer running slow as well . i am trying to clean it up

Edited by stables22, 05 March 2006 - 07:47 AM.

#3 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 05 March 2006 - 08:34 AM

Hello stables22, welcome to the TC.

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.


Please do not delete anything unless instructed to.


Download the trial version of Spy Sweeper from Here

Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)

You will be prompted to check for updated definitions, please do so.
(This may take several minutes)

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.

Click on Sweep and allow it to fully scan your system.If you are prompted to restart the computer, do so immediately. This is a necessary step to kill the infection!

When the sweep has finished, click Remove. Click Select All and then Next

From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.

Exit Spy Sweeper.

Empty Recycle Bin

Reboot and "copy/paste" a new HJT log as well as the Resullts from Spy Sweeper file into this thread.
Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#4 stables22

stables22

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 05 March 2006 - 03:50 PM

thanks getting better
********
3:30 PM: | Start of Session, Sunday, March 05, 2006 |
3:30 PM: Spy Sweeper started
3:30 PM: Sweep initiated using definitions version 625
3:30 PM: Starting Memory Sweep
3:35 PM: Memory Sweep Complete, Elapsed Time: 00:04:23
3:35 PM: Starting Registry Sweep
3:35 PM: Found Adware: comedy-planet
3:35 PM: HKCR\joke\ (10 subtraces) (ID = 106299)
3:35 PM: HKLM\software\classes\joke\ (10 subtraces) (ID = 106300)
3:35 PM: Found Adware: netratings
3:35 PM: HKCR\clsid\{92ca8acc-4e99-4a2a-93f1-b2c5cadc8613}\ (18 subtraces) (ID = 135917)
3:35 PM: HKCR\clsid\{f8c374fa-c45b-4268-af84-f74088fd2d0a}\ (3 subtraces) (ID = 135918)
3:35 PM: HKCR\nminstall.nminstallctrl.1\ (3 subtraces) (ID = 135919)
3:35 PM: HKLM\software\classes\clsid\{92ca8acc-4e99-4a2a-93f1-b2c5cadc8613}\ (18 subtraces) (ID = 135921)
3:35 PM: HKLM\software\classes\clsid\{f8c374fa-c45b-4268-af84-f74088fd2d0a}\ (3 subtraces) (ID = 135922)
3:35 PM: HKLM\software\classes\nminstall.nminstallctrl.1\ (3 subtraces) (ID = 135923)
3:35 PM: HKLM\software\classes\typelib\{e5c91897-eab2-4f5f-9ce2-666be612aa1a}\ (9 subtraces) (ID = 135925)
3:35 PM: HKCR\typelib\{e5c91897-eab2-4f5f-9ce2-666be612aa1a}\ (9 subtraces) (ID = 135929)
3:35 PM: Found Adware: 180search assistant/zango
3:35 PM: HKCR\clsid\{d676f999-4608-4dc5-a135-4f51f4212739}\ (1 subtraces) (ID = 792270)
3:35 PM: HKLM\software\classes\clsid\{d676f999-4608-4dc5-a135-4f51f4212739}\ (1 subtraces) (ID = 792320)
3:35 PM: Found Adware: winad
3:35 PM: HKCR\mediagateway.installer.1\ (3 subtraces) (ID = 1026542)
3:35 PM: HKCR\mediagateway.licenseinstaller\ (5 subtraces) (ID = 1026546)
3:35 PM: HKCR\mediagateway.licenseinstaller.1\ (3 subtraces) (ID = 1026552)
3:35 PM: HKCR\clsid\{144b9c7e-235a-4316-9eb3-5e393714c77a}\ (14 subtraces) (ID = 1026556)
3:35 PM: HKLM\software\classes\mediagateway.licenseinstaller\ (5 subtraces) (ID = 1026584)
3:35 PM: HKLM\software\classes\mediagateway.licenseinstaller.1\ (3 subtraces) (ID = 1026590)
3:35 PM: HKLM\software\classes\clsid\{144b9c7e-235a-4316-9eb3-5e393714c77a}\ (14 subtraces) (ID = 1026594)
3:35 PM: HKLM\software\mediagateway\ (5 subtraces) (ID = 1026619)
3:35 PM: HKLM\software\classes\mediagateway.installer.1\ (3 subtraces) (ID = 1026624)
3:35 PM: HKLM\software\microsoft\windows\currentversion\uninstall\mediagateway\ (2 subtraces) (ID = 1026626)
3:35 PM: HKCR\interface\{610e0e95-8f2f-4b71-966e-f91701d4dc2c}\ (8 subtraces) (ID = 1027782)
3:35 PM: HKCR\interface\{67a89831-6bc7-4cc0-a2c3-560f9a581e64}\ (8 subtraces) (ID = 1027791)
3:35 PM: HKLM\software\classes\interface\{67a89831-6bc7-4cc0-a2c3-560f9a581e64}\ (8 subtraces) (ID = 1027841)
3:35 PM: Registry Sweep Complete, Elapsed Time:00:00:23
3:35 PM: Starting Cookie Sweep
3:35 PM: Found Spy Cookie: did-it cookie
3:35 PM: annie@did-it[2].txt (ID = 2523)
3:35 PM: Found Spy Cookie: belnk cookie
3:35 PM: annie@belnk[1].txt (ID = 2292)
3:35 PM: annie@dist.belnk[2].txt (ID = 2293)
3:35 PM: Found Spy Cookie: atwola cookie
3:35 PM: annie@ar.atwola[1].txt (ID = 2256)
3:35 PM: Found Spy Cookie: nextag cookie
3:35 PM: annie@nextag[2].txt (ID = 5014)
3:35 PM: annie@atwola[1].txt (ID = 2255)
3:35 PM: Found Spy Cookie: adknowledge cookie
3:35 PM: annie@adknowledge[2].txt (ID = 2072)
3:35 PM: Found Spy Cookie: gostats cookie
3:35 PM: annie@c2.gostats[2].txt (ID = 2748)
3:35 PM: Found Spy Cookie: ask cookie
3:35 PM: annie@ask[2].txt (ID = 2245)
3:35 PM: Found Spy Cookie: bannerspace cookie
3:35 PM: jeff@bannerspace[1].txt (ID = 2284)
3:35 PM: Found Spy Cookie: howstuffworks cookie
3:35 PM: jeff@howstuffworks[1].txt (ID = 2805)
3:35 PM: Found Spy Cookie: centrport net cookie
3:35 PM: jeff@centrport[1].txt (ID = 2374)
3:35 PM: Found Spy Cookie: a cookie
3:35 PM: jeff@a[1].txt (ID = 2027)
3:35 PM: jeff@belnk[1].txt (ID = 2292)
3:35 PM: jeff@dist.belnk[2].txt (ID = 2293)
3:35 PM: Found Spy Cookie: adprofile cookie
3:35 PM: jeff@cb.adprofile[1].txt (ID = 2085)
3:35 PM: Found Spy Cookie: burstnet cookie
3:35 PM: jeff@burstnet[1].txt (ID = 2336)
3:35 PM: Found Spy Cookie: aptimus cookie
3:35 PM: jeff@aptimus[1].txt (ID = 2233)
3:35 PM: Found Spy Cookie: pricegrabber cookie
3:35 PM: jeff@pricegrabber[2].txt (ID = 3185)
3:35 PM: Found Spy Cookie: metareward.com cookie
3:35 PM: jeff@metareward[1].txt (ID = 2990)
3:35 PM: jeff@ar.atwola[1].txt (ID = 2256)
3:35 PM: Found Spy Cookie: websponsors cookie
3:35 PM: jeff@a.websponsors[2].txt (ID = 3665)
3:35 PM: Found Spy Cookie: mediaplex cookie
3:35 PM: jeff@mediaplex[1].txt (ID = 6442)
3:35 PM: Found Spy Cookie: azjmp cookie
3:35 PM: jeff@azjmp[1].txt (ID = 2270)
3:35 PM: Found Spy Cookie: go.com cookie
3:35 PM: jeff@tv.disney.go[2].txt (ID = 2729)
3:35 PM: jeff@register.go[1].txt (ID = 2729)
3:35 PM: Found Spy Cookie: spywarestormer cookie
3:35 PM: jeff@spywarestormer[1].txt (ID = 3417)
3:35 PM: Found Spy Cookie: cd freaks cookie
3:35 PM: jeff@cdfreaks[1].txt (ID = 2370)
3:35 PM: jeff@nextag[2].txt (ID = 5014)
3:35 PM: Found Spy Cookie: about cookie
3:35 PM: jeff@experts.about[1].txt (ID = 2038)
3:35 PM: Found Spy Cookie: clickbank cookie
3:35 PM: jeff@clickbank[1].txt (ID = 2398)
3:35 PM: Found Spy Cookie: screensavers.com cookie
3:35 PM: jeff@i.screensavers[1].txt (ID = 3298)
3:35 PM: Found Spy Cookie: xiti cookie
3:35 PM: jeff@xiti[1].txt (ID = 3717)
3:35 PM: Found Spy Cookie: tacoda cookie
3:35 PM: jeff@tacoda[2].txt (ID = 6444)
3:35 PM: Found Spy Cookie: tribalfusion cookie
3:35 PM: jeff@tribalfusion[2].txt (ID = 3589)
3:35 PM: Found Spy Cookie: questionmarket cookie
3:35 PM: jeff@questionmarket[1].txt (ID = 3217)
3:35 PM: jeff@club.cdfreaks[1].txt (ID = 2371)
3:35 PM: jeff@ads.cdfreaks[2].txt (ID = 2371)
3:35 PM: Found Spy Cookie: seeq cookie
3:35 PM: jeff@www48.seeq[1].txt (ID = 3332)
3:35 PM: Found Spy Cookie: advertising cookie
3:35 PM: jeff@advertising[1].txt (ID = 2175)
3:35 PM: Found Spy Cookie: starware.com cookie
3:35 PM: jeff@starware[2].txt (ID = 3441)
3:35 PM: jeff@www.screensavers[2].txt (ID = 3298)
3:35 PM: jeff@rsi.abc.go[1].txt (ID = 2729)
3:35 PM: Found Spy Cookie: trb.com cookie
3:35 PM: jeff@trb[1].txt (ID = 3587)
3:35 PM: jeff@adprofile[1].txt (ID = 2084)
3:35 PM: Found Spy Cookie: addynamix cookie
3:35 PM: jeff@ads.addynamix[1].txt (ID = 2062)
3:35 PM: jeff@abc.go[2].txt (ID = 2729)
3:35 PM: jeff@about[2].txt (ID = 2037)
3:35 PM: jeff@r.espn.go[1].txt (ID = 2729)
3:35 PM: jeff@sports.espn.go[1].txt (ID = 2729)
3:35 PM: Found Spy Cookie: directtrack cookie
3:35 PM: jeff@gozing.directtrack[2].txt (ID = 2528)
3:35 PM: Found Spy Cookie: dealtime cookie
3:35 PM: jeff@stat.dealtime[2].txt (ID = 2506)
3:35 PM: jeff@saltaquarium.about[2].txt (ID = 2038)
3:35 PM: Found Spy Cookie: uproar cookie
3:35 PM: jeff@uproar[2].txt (ID = 3612)
3:35 PM: jeff@atwola[2].txt (ID = 2255)
3:35 PM: Found Spy Cookie: 360i cookie
3:35 PM: jeff@ct.360i[2].txt (ID = 1962)
3:35 PM: Found Spy Cookie: atlas dmt cookie
3:35 PM: jeff@atdmt[2].txt (ID = 2253)
3:35 PM: jeff@dealtime[1].txt (ID = 2505)
3:35 PM: Found Spy Cookie: ic-live cookie
3:35 PM: jeff@ic-live[1].txt (ID = 2821)
3:35 PM: Found Spy Cookie: 2o7.net cookie
3:35 PM: jeff@2o7[1].txt (ID = 1957)
3:35 PM: Found Spy Cookie: pub cookie
3:35 PM: jeff@pub[1].txt (ID = 3205)
3:35 PM: Found Spy Cookie: partypoker cookie
3:35 PM: jeff@partypoker[1].txt (ID = 3111)
3:35 PM: Found Spy Cookie: clickandtrack cookie
3:35 PM: jeff@hits.clickandtrack[2].txt (ID = 2397)
3:35 PM: jeff@anat.tacoda[1].txt (ID = 6445)
3:35 PM: jeff@go[1].txt (ID = 2728)
3:35 PM: Found Spy Cookie: bizrate cookie
3:35 PM: jeff@bizrate[2].txt (ID = 2308)
3:35 PM: jeff@radio.disney.go[2].txt (ID = 2729)
3:35 PM: jeff@adknowledge[2].txt (ID = 2072)
3:35 PM: Found Spy Cookie: overture cookie
3:35 PM: jeff@data2.perf.overture[1].txt (ID = 3106)
3:35 PM: jeff@network.aptimus[2].txt (ID = 2235)
3:35 PM: jeff@data4.perf.overture[1].txt (ID = 3106)
3:35 PM: Found Spy Cookie: banner cookie
3:35 PM: jeff@banner[1].txt (ID = 2276)
3:35 PM: jeff@msnportal.112.2o7[1].txt (ID = 1958)
3:35 PM: jeff@southernfood.about[1].txt (ID = 2038)
3:35 PM: Found Spy Cookie: infospace cookie
3:35 PM: jeff@infospace[2].txt (ID = 2865)
3:35 PM: jeff@ask[1].txt (ID = 2245)
3:35 PM: jeff@msxml.infospace[2].txt (ID = 2866)
3:35 PM: Cookie Sweep Complete, Elapsed Time: 00:00:03
3:35 PM: Starting File Sweep
3:35 PM: Warning: Failed to open file "c:\hiberfil.sys". Access is denied
3:35 PM: Warning: Failed to open file "c:\pagefile.sys". Access is denied
3:39 PM: nminstall.dll (ID = 70902)
3:39 PM: Warning: Failed to open file "c:\windows\system32\instafinder_inst245.exe". Access is denied
3:39 PM: Warning: Failed to open file "c:\windows\system32\mstble32.ocx". Access is denied
3:39 PM: Warning: Failed to open file "c:\windows\system32\config\system.log". The process cannot access the file because it is being used by another process
3:39 PM: Warning: Failed to open file "c:\windows\system32\config\software.log". The process cannot access the file because it is being used by another process
3:39 PM: Warning: Failed to open file "c:\windows\system32\config\default.log". The process cannot access the file because it is being used by another process
3:39 PM: Warning: Failed to open file "c:\windows\system32\config\sam.log". The process cannot access the file because it is being used by another process
3:39 PM: Warning: Failed to open file "c:\windows\system32\config\security.log". The process cannot access the file because it is being used by another process
3:39 PM: Warning: Failed to open file "c:\windows\system32\config\default". The process cannot access the file because it is being used by another process
3:39 PM: Warning: Failed to open file "c:\windows\system32\config\security". The process cannot access the file because it is being used by another process
3:39 PM: Warning: Failed to open file "c:\windows\system32\config\software". The process cannot access the file because it is being used by another process
3:39 PM: Warning: Failed to open file "c:\windows\system32\config\system". The process cannot access the file because it is being used by another process
3:39 PM: Warning: Failed to open file "c:\windows\system32\config\sam". The process cannot access the file because it is being used by another process
3:43 PM: Warning: Failed to open file "c:\windows\system32\catroot2\edb.log". The process cannot access the file because it is being used by another process
3:43 PM: Warning: Failed to open file "c:\windows\system32\catroot2\tmp.edb". The process cannot access the file because it is being used by another process
3:45 PM: nminstall.inf (ID = 70907)
3:52 PM: c:\program files\mediagateway (ID = -2147463340)
3:52 PM: Warning: Failed to open file "c:\program files\zango programs\zango toolbar\zangotbuninstaller.exe". Access is denied
3:53 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\aol\c_america online 9.0\organize\stables22j". The process cannot access the file because it is being used by another process
3:53 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\aol\c_america online 9.0\organize\cache\stables200". The process cannot access the file because it is being used by another process
3:53 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\aol\c_america online 9.0\idb\snmaster.idx". The process cannot access the file because it is being used by another process
3:53 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\aol\c_america online 9.0\idb\stables22j\toolbar.lst". The process cannot access the file because it is being used by another process
3:53 PM: Warning: Failed to open file "c:\documents and settings\all users\application data\aol\c_america online 9.0\idb\stables22j\mydb.idx". The process cannot access the file because it is being used by another process
3:53 PM: Warning: Failed to read file "c:\documents and settings\all users\application data\aol\topspeed\2.0\server.lock". The process cannot access the file because another process has locked a portion of the file
3:53 PM: Warning: Failed to read file "c:\documents and settings\all users\application data\aol\topspeed\2.0\aoltsmon.lock". The process cannot access the file because another process has locked a portion of the file
3:53 PM: Warning: Failed to open file "c:\documents and settings\jeff\ntuser.dat.log". The process cannot access the file because it is being used by another process
3:53 PM: Warning: Failed to open file "c:\documents and settings\jeff\ntuser.dat". The process cannot access the file because it is being used by another process
3:53 PM: Warning: Failed to open file "c:\documents and settings\jeff\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
3:53 PM: Warning: Failed to open file "c:\documents and settings\jeff\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\jeff\application data\aol\c_america online 9.0\idb\art.idx". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\jeff\application data\aol\c_america online 9.0\idb\apps.lst". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\jeff\application data\aol\c_america online 9.0\idb\sysnews.lst". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\jeff\application data\aol\c_america online 9.0\idb\spool.lst". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5e460b41-77d3-47a0-a960-b3849faf31d8.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb80c8c44-5d99-42aa-ba87-85cc91024f7e.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs50f56c2f-2b96-4bbe-b32d-8380966e0726.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscseb2c35e0-66ce-4ab7-8622-c88cf4020a03.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsea349968-f6c5-4fb4-83dd-78b1085e508b.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsbbf62878-f65c-4fac-ae91-c90f2ba8d1ea.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd48a0009-de7b-4132-82a1-aeb8363209e5.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf01c91a6-eae1-491b-b0b2-8ffe84074f78.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9ee93682-9074-4cf8-8cd4-acd3b5c85fd0.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb3048d65-3c6d-4ef4-a221-b1589100107d.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf22606a4-29ca-4d4f-b6f4-33650e7d96ed.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3c98f36d-c079-4226-8310-b91a8b3c2ab8.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb98dc9ac-3167-4747-9e06-1a6730f76d98.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs51449239-fe73-4250-9fe6-8fa773df3f8e.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs48ad410d-54a3-4512-9a33-05f3d1616af0.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf02cbd61-ae24-4734-b189-391a6a6cbdf8.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs0e570c7e-0d37-42c1-800f-789250e3c9b9.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs06068212-eb09-4fb4-80d2-1e5f0e41f0e2.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5ba31a61-baf8-411f-989e-50fb652f162b.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2a316229-8c20-4cf3-9596-15831474cdd8.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs47fad664-37ae-46f8-800f-94bbef2da08b.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs061d8829-492d-4280-bc29-324be4e50826.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa1496260-e78a-4cd6-9d92-3f0adaaded22.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3c79cd5a-8125-484b-8446-74f313524dea.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscscefb9991-0959-4c9c-9a5d-9970d5dbe508.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs0d97342a-d4c0-4213-88bf-f9656c043478.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs524b7c07-7404-4bcc-9c40-0f2e19b1ad5c.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb558634d-83c5-4626-96a2-b08dbd265865.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse1466b2f-9d9c-42dc-8484-3aa83ead8b1e.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs18fde364-5366-4851-8678-1b9346bdbf14.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse21230c2-ccd1-4587-9ec5-e7bc1ddfa8e1.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs19f5493c-a771-4009-b70f-d4859ef7c011.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6b4ca8d8-f514-48c1-9bfd-3de56b6eb751.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5637e78c-0c9a-41c0-91c8-06fd22eb171a.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs0276b439-c0fe-4490-a8a2-fe1a7309ff3f.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs27a32c3e-93ba-4446-ac14-a76310131297.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs0e143fcd-7eb6-48b2-916d-31ccae4ccda9.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9886daa7-449c-4bba-b8f7-96f78f9776a2.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd8e858ff-ad10-41a6-992e-033410cc3c20.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf3404562-30a2-4038-b2fd-c50ba4abd800.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs45ac8257-297b-4ba7-bbfa-9113aa49a295.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2c24a354-4a3d-4a6c-921b-7fe1261f5e1f.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd2fb7d51-167b-43c6-82f9-80b985f5096b.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2cf045c6-1449-441b-bc51-18b9ee0bd2d2.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc42cf078-979f-4d87-9b30-ae470282f5c7.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa946a0d9-101a-49dc-a066-ce696fc0f5e4.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4b3e84ef-9350-49d2-a79b-02c67056248a.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc1ba70bf-1cc8-4164-89c0-a0dbb23a056d.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5bc3f9ff-ed52-4a73-977a-c6ed32a15a6a.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsfd3a6257-a10b-49c9-a8ff-e4e971dfa956.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd0f3765c-b6d1-4acd-a540-063aa5b68cbd.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs70fcbf66-9b67-4ac2-8f5e-cd68101c15dd.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb0c2f870-88f3-4390-a10d-b85812a5666e.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3a8f2c5d-6cce-473d-aac4-db763ca3c5a5.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsaec454a3-3704-4eaa-9a6c-f6928ac9915b.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscseed29fda-d9f6-4304-9059-92943046428d.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2c36581f-6373-4298-a2bb-6232e2ccb9b3.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs0898ca4e-459d-4891-8455-8f8cc1753c79.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs24c6728b-57f0-4a7c-95bf-8fd4e24746b6.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5ab9f594-0e23-4858-a33f-bb607b35d39e.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5bb0fef9-8eb5-4a41-86e6-ba97f8724a05.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8b8ce629-7601-4e0f-be98-7d44c46f202e.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs990558ba-51ab-4996-9863-b63be52a05c6.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse56f646f-c59f-4cd1-8635-06cdab83612b.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa4788c70-e09b-4280-933f-4166974ced40.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs928c84fb-d786-4bb0-8e62-4845e69e89db.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6bb57713-07a7-48f3-b2b1-e32962ae1ba9.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs7d9a6fde-f45d-4eb3-ab30-832a94b45e11.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa1112ef3-be07-4c1c-83d6-afe7694de598.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs42323f63-410e-4d92-936c-c67eb7be2c59.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsdcfa5d87-b3e6-474f-9459-c9738b3010a1.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs57b9845f-4522-4974-8e80-71f464015346.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs7e0a9975-54a8-4283-ad41-970052373673.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8cfaa779-f3fc-46bf-b9de-fbadbb6a3564.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse2175478-2274-4430-8775-731c7b639086.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs67bf15bb-d2ae-4011-a535-b19083e1479b.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd6d686cf-9296-4301-aaf3-ae2cd3bbf3a6.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4c3141e7-445f-4d06-8a5c-2abba5f356e7.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs17c2cd27-7c61-4879-9605-7cf35d9f964a.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs737c8fc2-cba5-4dda-86b1-06df82963073.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8ae72c20-7df9-417b-9320-1f681cf6462e.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs027461fe-ecce-4e08-88f2-6bfccad38bfa.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs28afbac4-01bc-4a00-b435-ae000dc30470.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsbe9d8913-5924-4e1a-80f7-df8f05fb265c.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs51d67f8e-9201-4235-8de2-8db5d7d1e460.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse14ed8e6-2703-4344-85de-c7eae3b35fd5.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs46c14120-acb5-4259-a833-9730ef3456db.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd74bf6e6-c1d2-444c-9354-eb7ca4079228.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsff8faedc-457e-4dd2-8e5f-d95f281000ff.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9c91ebca-6473-4c4d-a4e7-c8650c49ce94.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9ff2a837-0bbe-499c-8740-542776ac7f8f.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs0c2d2c6b-7d78-4919-b80b-7d038a12b172.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb00acc07-6692-44fd-b94e-de8f8a0bac8b.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsbca902f3-c094-47bb-9b42-b0269e1a9fcc.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs7c133568-0ef8-47cc-97fc-8058dcba8e36.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs7a78c322-56e2-41d1-b088-5f7e2caba10b.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa41a719c-986c-495a-9359-fee357113b35.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs33e302de-ac4f-47d0-ac8c-55db0bf13298.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs7bf01ad4-c8a5-48a4-9f87-8164fc478237.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscscd64be23-a3ae-4dab-b9bc-92fd33f78903.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9967158f-5680-488e-b09c-5a8f29e488b6.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscscb1acc0e-9815-4696-ba09-2b7f0c4cbcf8.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs630a54e4-82ff-430b-8e29-0eec881fc834.tmp". The process cannot access the file because it is being used by another process
4:07 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc0f6f5c7-4c90-4f90-b676-1fbe2b0e3e65.tmp". The process cannot access the file because it is being used by another process
4:13 PM: Warning: Unhandled Archive Type
4:13 PM: Warning: Invalid Stream
4:13 PM: Warning: Invalid Stream
4:13 PM: Warning: Invalid Stream
4:13 PM: Warning: Invalid Stream
4:13 PM: Warning: Invalid Stream
4:13 PM: Warning: Invalid Stream
4:13 PM: Warning: Invalid Stream
4:13 PM: Warning: Invalid Stream
4:13 PM: Warning: Invalid Stream
4:13 PM: Warning: Invalid Stream
4:13 PM: Warning: Invalid Stream
4:13 PM: Warning: Invalid Stream
4:13 PM: Warning: Invalid Stream
4:13 PM: File Sweep Complete, Elapsed Time: 00:37:28
4:13 PM: Full Sweep has completed. Elapsed time 00:42:24
4:13 PM: Traces Found: 274
4:14 PM: Removal process initiated
4:14 PM: Quarantining All Traces: 180search assistant/zango
4:14 PM: Quarantining All Traces: winad
4:15 PM: Quarantining All Traces: comedy-planet
4:15 PM: Quarantining All Traces: netratings
4:15 PM: Quarantining All Traces: 2o7.net cookie
4:15 PM: Quarantining All Traces: 360i cookie
4:15 PM: Quarantining All Traces: a cookie
4:15 PM: Quarantining All Traces: about cookie
4:15 PM: Quarantining All Traces: addynamix cookie
4:15 PM: Quarantining All Traces: adknowledge cookie
4:15 PM: Quarantining All Traces: adprofile cookie
4:15 PM: Quarantining All Traces: advertising cookie
4:15 PM: Quarantining All Traces: aptimus cookie
4:15 PM: Quarantining All Traces: ask cookie
4:15 PM: Quarantining All Traces: atlas dmt cookie
4:15 PM: Quarantining All Traces: atwola cookie
4:15 PM: Quarantining All Traces: azjmp cookie
4:15 PM: Quarantining All Traces: banner cookie
4:15 PM: Quarantining All Traces: bannerspace cookie
4:15 PM: Quarantining All Traces: belnk cookie
4:15 PM: Quarantining All Traces: bizrate cookie
4:15 PM: Quarantining All Traces: burstnet cookie
4:15 PM: Quarantining All Traces: cd freaks cookie
4:15 PM: Quarantining All Traces: centrport net cookie
4:15 PM: Quarantining All Traces: clickandtrack cookie
4:15 PM: Quarantining All Traces: clickbank cookie
4:15 PM: Quarantining All Traces: dealtime cookie
4:15 PM: Quarantining All Traces: did-it cookie
4:15 PM: Quarantining All Traces: directtrack cookie
4:15 PM: Quarantining All Traces: go.com cookie
4:15 PM: Quarantining All Traces: gostats cookie
4:15 PM: Quarantining All Traces: howstuffworks cookie
4:15 PM: Quarantining All Traces: ic-live cookie
4:15 PM: Quarantining All Traces: infospace cookie
4:15 PM: Quarantining All Traces: mediaplex cookie
4:15 PM: Quarantining All Traces: metareward.com cookie
4:15 PM: Quarantining All Traces: nextag cookie
4:15 PM: Quarantining All Traces: overture cookie
4:15 PM: Quarantining All Traces: partypoker cookie
4:15 PM: Quarantining All Traces: pricegrabber cookie
4:15 PM: Quarantining All Traces: pub cookie
4:15 PM: Quarantining All Traces: questionmarket cookie
4:15 PM: Quarantining All Traces: screensavers.com cookie
4:15 PM: Quarantining All Traces: seeq cookie
4:15 PM: Quarantining All Traces: spywarestormer cookie
4:15 PM: Quarantining All Traces: starware.com cookie
4:15 PM: Quarantining All Traces: tacoda cookie
4:15 PM: Quarantining All Traces: trb.com cookie
4:15 PM: Quarantining All Traces: tribalfusion cookie
4:15 PM: Quarantining All Traces: uproar cookie
4:15 PM: Quarantining All Traces: websponsors cookie
4:15 PM: Quarantining All Traces: xiti cookie
4:15 PM: Removal process completed. Elapsed time 00:00:10
********
3:29 PM: | Start of Session, Sunday, March 05, 2006 |
3:29 PM: Spy Sweeper started
3:29 PM: Sweep initiated using definitions version 625
3:29 PM: Starting Memory Sweep
3:30 PM: Sweep Canceled
3:30 PM: Memory Sweep Complete, Elapsed Time: 00:01:03
3:30 PM: Traces Found: 0
3:30 PM: | End of Session, Sunday, March 05, 2006 |
********
3:22 PM: | Start of Session, Sunday, March 05, 2006 |
3:22 PM: Spy Sweeper started
3:29 PM: Your spyware definitions have been updated.
3:29 PM: | End of Session, Sunday, March 05, 2006

|Logfile of HijackThis v1.99.1
Scan saved at 4:25:30 PM, on 3/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Sierra\CardStudio\PLNRnote.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\COMMON~1\AOL\114143~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\114143~1\EE\AOLServiceHost.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\jeff\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.attbusiness.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {B01E130D-1101-0BBA-7F3C-8CCEDBA5EB0B} - (no file)
O2 - BHO: (no name) - {F3270D14-707D-D3FB-DCC1-7F3A530BED22} - (no file)
O2 - BHO: (no name) - {F4F896DD-A5B9-AB3C-C27E-3688AE81A6DA} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {EA0D26BD-9029-431A-86E0-83152D67828A} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1141431634\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\RunOnce: [mcvsshld.exe] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe -regserver
O4 - HKLM\..\RunOnce: [vsoupd.dll] rundll32.exe advpack.dll,RegisterOCX c:\PROGRA~1\mcafee.com\vso\vsoupd.dll
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\Sierra\CardStudio\PLNRnote.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127260326551
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://tv.disney.go....y/OTOYAX29b.cab
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} - http://a14.g.akamai....GAPANEL_USA.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....02/cpbrkpie.cab
O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} (Pulse V5 ActiveX Control) - http://www.pulse3d.c...yer5.2AxWin.cab
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://209.67.146.68.../ACNePlayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1355959-2FD7-4371-B909-6B58A754147F}: NameServer = 205.188.146.145
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:&#

#5 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 05 March 2006 - 03:57 PM

Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {B01E130D-1101-0BBA-7F3C-8CCEDBA5EB0B} - (no file)
O2 - BHO: (no name) - {F3270D14-707D-D3FB-DCC1-7F3A530BED22} - (no file)
O2 - BHO: (no name) - {F4F896DD-A5B9-AB3C-C27E-3688AE81A6DA} - (no file)
O3 - Toolbar: (no name) - {EA0D26BD-9029-431A-86E0-83152D67828A} - (no file)
O4 - Startup: PowerReg Scheduler.exe
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....02/cpbrkpie.cab
O16 - DPF: {A48D0309-8DA3-41AA-98E4-89194D471890} (Pulse V5 ActiveX Control) - http://www.pulse3d.c...yer5.2AxWin.cab
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://209.67.146.68.../ACNePlayer.cab

Close ALL windows and browsers except HijackThis and click "Fix checked"




Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
This program is for XP and Windows 2000 only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Reboot and "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#6 stables22

stables22

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 06 March 2006 - 01:53 PM

newest log 5 of the files that hi jack was to remove will not clear out i shutdown all open windows but they will not erase here is the log after running all the posted things computer froze up had to reboot seems ok now is a lot faster on net . i thank you for the help any other suggestion to remove those last couple items thanks Logfile of HijackThis v1.99.1
Scan saved at 2:43:29 PM, on 3/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\AOL\114143~1\EE\AOLHOS~1.EXE
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\PROGRA~1\COMMON~1\AOL\114143~1\EE\AOLServiceHost.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Documents and Settings\jeff\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.attbusiness.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {B01E130D-1101-0BBA-7F3C-8CCEDBA5EB0B} - (no file)
O2 - BHO: (no name) - {F3270D14-707D-D3FB-DCC1-7F3A530BED22} - (no file)
O2 - BHO: (no name) - {F4F896DD-A5B9-AB3C-C27E-3688AE81A6DA} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1141431634\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\Sierra\CardStudio\PLNRnote.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1127260326551
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://tv.disney.go....y/OTOYAX29b.cab
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} - http://a14.g.akamai....GAPANEL_USA.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Fix-It Utilities 2000 Task Manager (mxserver) - Unknown owner - F:\fixit\mxserver.exe (file missing)
O23 - Service: NetOp Helper ver. 6.50 (2001039) (NetOp Host for NT Service) - Unknown owner - C:\Program Files\NetOp Remote Control\HOST\NHOSTSVC.EXE (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Unknown owner - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Unknown owner - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe (file missing)

#7 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 06 March 2006 - 03:26 PM

use Add/Remove Programs and remove Spysweeper. It's only a 14 day trial version.

These aren't hurting anything now that they are dead.

Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {B01E130D-1101-0BBA-7F3C-8CCEDBA5EB0B} - (no file)
O2 - BHO: (no name) - {F3270D14-707D-D3FB-DCC1-7F3A530BED22} - (no file)
O2 - BHO: (no name) - {F4F896DD-A5B9-AB3C-C27E-3688AE81A6DA} - (no file)
O3 - Toolbar: (no name) - {EA0D26BD-9029-431A-86E0-83152D67828A} - (no file)

Close ALL windows and browsers except HijackThis and click "Fix checked"

Reboot and "copy/paste" a new HijackThis log file into this thread.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#8 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 19 March 2006 - 09:09 AM

How are you doing with the fix?

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#9 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 19 March 2006 - 09:21 PM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·