WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

toolbar & google hijacked

Started by Nancylynn , Mar 12 2006 08:43 AM

This topic is locked

21 replies to this topic

#1 Nancylynn

New Member

Authentic Member
11 posts

Posted 12 March 2006 - 08:43 AM

My toolbar is locked and my google results have been hijacked. I have run, spybot, adaware and ewido. The Ewido results are below. Please help. thank you! --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 12:11:49 AM, 3/12/2006 + Report-Checksum: 78BF261B + Scan result: C:\WINDOWS\SYSTEM32\dmwns.exe -> Trojan.Pakes : Cleaned with backup C:\WINDOWS\Downloaded Program Files\SET6360.TMP -> Adware.Coupons : Cleaned with backup C:\WINDOWS\Downloaded Program Files\SET1184.TMP -> Adware.Coupons : Cleaned with backup C:\WINDOWS\Downloaded Program Files\SETA363.TMP -> Adware.Coupons : Cleaned with backup C:\WINDOWS\Downloaded Program Files\SETA1D1.TMP -> Adware.Coupons : Cleaned with backup C:\WINDOWS\Downloaded Program Files\CONFLICT.1\ConnectorLauncher.dll -> Adware.DownloadWare : Cleaned with backup C:\WINDOWS\Downloaded Program Files\SET61A2.TMP -> Adware.Coupons : Cleaned with backup C:\WINDOWS\Downloaded Program Files\SETC350.TMP -> Adware.Coupons : Cleaned with backup C:\WINDOWS\Downloaded Program Files\SET5074.TMP -> Adware.Coupons : Cleaned with backup C:\WINDOWS\Downloaded Program Files\SET71B1.TMP -> Adware.Coupons : Cleaned with backup C:\WINDOWS\Downloaded Program Files\SET7372.TMP -> Adware.Coupons : Cleaned with backup C:\WINDOWS\Downloaded Program Files\SET1264.TMP -> Adware.Coupons : Cleaned with backup C:\WINDOWS\Downloaded Program Files\SET223.TMP -> Adware.Coupons : Cleaned with backup C:\WINDOWS\Downloaded Program Files\SETF2.TMP -> Adware.Coupons : Cleaned with backup C:\WINDOWS\Downloaded Program Files\SET12F4.TMP -> Adware.Coupons : Cleaned with backup C:\WINDOWS\Downloaded Program Files\SET33B1.TMP -> Adware.Coupons : Cleaned with backup C:\WINDOWS\Downloaded Program Files\SET52D0.TMP -> Adware.Coupons : Cleaned with backup C:\WINDOWS\Downloaded Program Files\SET6265.TMP -> Adware.Coupons : Cleaned with backup C:\WINDOWS\Downloaded Program Files\SET32A2.TMP -> Adware.Coupons : Cleaned with backup C:\WINDOWS\Downloaded Program Files\SETD0E0.TMP -> Adware.Coupons : Cleaned with backup C:\WINDOWS\cpbrkpie.ocx -> Adware.Coupons : Cleaned with backup C:\WINDOWS\TEMP\Cookies\default@ads.link4ads[2].txt -> TrackingCookie.Link4ads : Cleaned with backup C:\FOUND.028\FILE0013.CHK -> Hijacker.IFrame.b : Cleaned with backup C:\Documents and Settings\default\Local Settings\Temp\Cookies\default@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup C:\Documents and Settings\default\Local Settings\Temp\Cookies\default@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup C:\Documents and Settings\default\Local Settings\Temp\Cookies\default@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\default\Cookies\default@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup C:\Documents and Settings\default\Cookies\default@ads.link4ads[1].txt -> TrackingCookie.Link4ads : Cleaned with backup C:\Documents and Settings\default\Cookies\default@preferences[1].txt -> TrackingCookie.Preferences : Cleaned with backup C:\Documents and Settings\default\Cookies\default@gm.preferences[1].txt -> TrackingCookie.Preferences : Cleaned with backup C:\Documents and Settings\default\Cookies\default@ads.link4ads[2].txt -> TrackingCookie.Link4ads : Cleaned with backup C:\Documents and Settings\default\Cookies\default@www.myaffiliateprogram[3].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup C:\Documents and Settings\default\Cookies\default@estat[1].txt -> TrackingCookie.Estat : Cleaned with backup C:\Documents and Settings\default\Cookies\default@cz4.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup C:\Documents and Settings\default\Cookies\default@ads.adservingcentral[2].txt -> TrackingCookie.Adservingcentral : Cleaned with backup C:\Documents and Settings\default\Cookies\default@cz6.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup C:\Documents and Settings\default\Cookies\default@ads.link4ads[4].txt -> TrackingCookie.Link4ads : Cleaned with backup C:\Documents and Settings\default\Cookies\default@oxcash[2].txt -> TrackingCookie.Oxcash : Cleaned with backup C:\Documents and Settings\default\Cookies\default@ads.adservingcentral[3].txt -> TrackingCookie.Adservingcentral : Cleaned with backup C:\Documents and Settings\default\Cookies\default@mediaserv.247media[1].txt -> TrackingCookie.247media : Cleaned with backup C:\Documents and Settings\default\Cookies\default@cz4.clickzs[3].txt -> TrackingCookie.Clickzs : Cleaned with backup C:\Documents and Settings\default\Cookies\default@www.myaffiliateprogram[4].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup C:\Documents and Settings\default\Cookies\default@cz7.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup C:\Documents and Settings\default\Cookies\default@www.popuptraffic[1].txt -> TrackingCookie.Popuptraffic : Cleaned with backup C:\Documents and Settings\default\Cookies\default@cz8.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup C:\Documents and Settings\default\Cookies\default@com[1].txt -> TrackingCookie.Com : Cleaned with backup C:\Documents and Settings\default\Cookies\default@cz7.clickzs[3].txt -> TrackingCookie.Clickzs : Cleaned with backup C:\Documents and Settings\default\Cookies\default@oxcash[3].txt -> TrackingCookie.Oxcash : Cleaned with backup C:\Documents and Settings\default\Cookies\default@cz8.clickzs[3].txt -> TrackingCookie.Clickzs : Cleaned with backup C:\Documents and Settings\default\Cookies\default@com[2].txt -> TrackingCookie.Com : Cleaned with backup C:\Documents and Settings\default\Cookies\default@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup C:\Documents and Settings\default\Cookies\default@www.myaffiliateprogram[5].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup C:\Documents and Settings\default\Cookies\default@hypertracker[1].txt -> TrackingCookie.Hypertracker : Cleaned with backup C:\Documents and Settings\default\Cookies\anyuser@com[2].txt -> TrackingCookie.Com : Cleaned with backup C:\Documents and Settings\default\Cookies\anyuser@free.wegcash[1].txt -> TrackingCookie.Wegcash : Cleaned with backup C:\Documents and Settings\default\Cookies\anyuser@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup C:\Documents and Settings\default\Cookies\default@com[3].txt -> TrackingCookie.Com : Cleaned with backup C:\Documents and Settings\default\Cookies\default@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup C:\Documents and Settings\default\Cookies\default@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup C:\Documents and Settings\default\Cookies\default@oxcash[4].txt -> TrackingCookie.Oxcash : Cleaned with backup C:\Documents and Settings\default\Cookies\default@download.com[1].txt -> TrackingCookie.Com : Cleaned with backup C:\Documents and Settings\default\Cookies\default@login.tracking101[1].txt -> TrackingCookie.Tracking101 : Cleaned with backup C:\Documents and Settings\default\Cookies\default@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup C:\Documents and Settings\default\Cookies\default@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup C:\Documents and Settings\default\Cookies\default@specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup C:\Documents and Settings\default\Cookies\default@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup C:\Documents and Settings\default\Cookies\default@com[4].txt -> TrackingCookie.Com : Cleaned with backup C:\Documents and Settings\default\Cookies\default@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup C:\Documents and Settings\default\Cookies\default@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup C:\Documents and Settings\default\Cookies\default@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup C:\Documents and Settings\default\Cookies\default@pro-market[2].txt -> TrackingCookie.Pro-market : Cleaned with backup C:\Documents and Settings\default\Cookies\default@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup C:\Documents and Settings\default\Cookies\default@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup C:\Documents and Settings\default\Cookies\default@com[6].txt -> TrackingCookie.Com : Cleaned with backup C:\Documents and Settings\default\Cookies\default@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup C:\Documents and Settings\default\Cookies\default@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\default\Cookies\default@serving-sys[3].txt -> TrackingCookie.Serving-sys : Cleaned with backup C:\Documents and Settings\default\Cookies\default@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup C:\Documents and Settings\default\Cookies\default@sel.as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\default\Cookies\default@ads.pointroll[3].txt -> TrackingCookie.Pointroll : Cleaned with backup C:\Documents and Settings\default\Cookies\default@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup C:\Documents and Settings\default\Cookies\default@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\default\Cookies\default@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\default\Cookies\default@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup C:\Documents and Settings\default\Cookies\default@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\default\Cookies\default@com[8].txt -> TrackingCookie.Com : Cleaned with backup C:\Documents and Settings\default\Cookies\default@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup C:\Documents and Settings\default\Cookies\default@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\default\Cookies\default@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup C:\Documents and Settings\default\Cookies\default@clickbank[2].txt -> TrackingCookie.Clickbank : Cleaned with backup C:\Documents and Settings\default\Cookies\default@ads.pointroll[4].txt -> TrackingCookie.Pointroll : Cleaned with backup C:\Documents and Settings\default\Cookies\default@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\default\Cookies\default@com[7].txt -> TrackingCookie.Com : Cleaned with backup C:\Documents and Settings\default\Cookies\default@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup C:\Documents and Settings\default\Cookies\default@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\default\Cookies\default@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup C:\Documents and Settings\default\Cookies\default@perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\default\Cookies\default@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup C:\Documents and Settings\default\Cookies\default@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup C:\Documents and Settings\default\Cookies\default@statcounter[3].txt -> TrackingCookie.Statcounter : Cleaned with backup C:\Documents and Settings\default\Cookies\default@burstnet[3].txt -> TrackingCookie.Burstnet : Cleaned with backup C:\Documents and Settings\default\Cookies\default@as-us.falkag[4].txt -> TrackingCookie.Falkag : Cleaned with backup C:\Documents and Settings\default\Cookies\default@redcats.122.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\default\Cookies\default@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned with backup C:\Documents and Settings\default\Cookies\default@questionmarket[4].txt -> TrackingCookie.Questionmarket : Cleaned with backup C:\Documents and Settings\default\Cookies\default@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup C:\Documents and Settings\default\Cookies\default@questionmarket[3].txt -> TrackingCookie.Questionmarket : Cleaned with backup C:\Documents and Settings\default\Cookies\default@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup C:\Documents and Settings\default\Cookies\default@casalemedia[4].txt -> TrackingCookie.Casalemedia : Cleaned with backup C:\Documents and Settings\default\Cookies\default@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup C:\Documents and Settings\default\Cookies\default@e-2dj6wfloanc5ofp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\default\Cookies\default@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned with backup C:\Documents and Settings\default\Cookies\default@ads.pointroll[5].txt -> TrackingCookie.Pointroll : Cleaned with backup C:\Documents and Settings\default\Cookies\default@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup C:\Documents and Settings\default\Cookies\default@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup C:\Documents and Settings\default\Cookies\default@image.masterstats[2].txt -> TrackingCookie.Masterstats : Cleaned with backup C:\Documents and Settings\default\Cookies\default@revenue[3].txt -> TrackingCookie.Revenue : Cleaned with backup C:\Documents and Settings\default\Cookies\default@edge.ru4[4].txt -> TrackingCookie.Ru4 : Cleaned with backup C:\Documents and Settings\default\Cookies\default@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\default\Cookies\default@casalemedia[5].txt -> TrackingCookie.Casalemedia : Cleaned with backup C:\System Volume Information\_restore{FF6F4106-25F0-4E16-B6E2-613DEF8C75AA}\RP1\A0001004.exe -> Trojan.Pakes : Cleaned with backup C:\System Volume Information\_restore{FF6F4106-25F0-4E16-B6E2-613DEF8C75AA}\RP1\A0001090.exe -> Trojan.Pakes : Cleaned with backup C:\System Volume Information\_restore{FF6F4106-25F0-4E16-B6E2-613DEF8C75AA}\RP1\A0002092.exe -> Trojan.Pakes : Cleaned with backup C:\System Volume Information\_restore{FF6F4106-25F0-4E16-B6E2-613DEF8C75AA}\RP2\A0003091.exe -> Trojan.Pakes : Cleaned with backup C:\System Volume Information\_restore{FF6F4106-25F0-4E16-B6E2-613DEF8C75AA}\RP3\A0004091.exe -> Trojan.Pakes : Cleaned with backup C:\System Volume Information\_restore{FF6F4106-25F0-4E16-B6E2-613DEF8C75AA}\RP4\A0005090.exe -> Trojan.Pakes : Cleaned with backup C:\System Volume Information\_restore{FF6F4106-25F0-4E16-B6E2-613DEF8C75AA}\RP6\A0005121.exe -> Trojan.Pakes : Cleaned with backup C:\FOUND.030\FILE0125.CHK -> Downloader.Inor.a : Cleaned with backup ::Report End

Advertisements

Register to Remove

#2 Nancylynn

New Member

Authentic Member
11 posts

Posted 12 March 2006 - 09:45 AM

here are the hijackthis results as well. Thanks for your help!

Logfile of HijackThis v1.99.1
Scan saved at 10:37:17 AM, on 3/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Canon\BJPV\TVMon.exe
C:\Program Files\TextBridge Pro Millennium\Bin\InstantAccess.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SYSTEM32\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\ScanPanel\ScnPanel.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.search-1.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchdot.net
R3 - URLSearchHook: (no name) - {A77BF4B4-48E4-081A-E480-ECE27B95C5AA} - media64.dll (file missing)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\SYSTEM\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\ROBOFORM.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\ROBOFORM.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [InstantAccess] C:\Program Files\TextBridge Pro Millennium\Bin\InstantAccess.exe /h
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [uio] zxc.exe
O4 - HKLM\..\Run: [NukeSpan] control64.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [desktop] C:\WINDOWS\system32\idemlog.exe
O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
O4 - HKCU\..\Run: [FLKPT] systemdll.exe
O4 - HKCU\..\Run: [dialer423] 321102.exe
O4 - HKCU\..\Run: [ActionScr] ParisM.exe
O4 - Global Startup: ScanPanel.lnk = C:\ScanPanel\ScnPanel.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: MyPoints - file://C:\Program Files\MyPointsPointAlert\System\Temp\mypoints_script0.htm
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV Live - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing)
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Point Alert - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - file://C:\Program Files\MyPointsPointAlert\System\Temp\mypoints_script0.htm (HKCU)
O12 - Plugin for .avi: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npavi32.dll
O13 - WWW. Prefix: http://ehttp.cc/?
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://help.bellsout...oad/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.a...75/mcinsctl.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....02/cpbrkpie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineco...loadcontrol.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.a...,17/mcgdmgr.cab
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://h30135.www3.h...er/SysQuery.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{47691D2A-0769-402E-9244-98E92EA094E2}: NameServer = 85.255.114.11,85.255.112.71
O17 - HKLM\System\CS2\Services\Tcpip\..\{47691D2A-0769-402E-9244-98E92EA094E2}: NameServer = 85.255.114.11,85.255.112.71
O17 - HKLM\System\CS3\Services\Tcpip\..\{47691D2A-0769-402E-9244-98E92EA094E2}: NameServer = 85.255.114.11,85.255.112.71
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

#3 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 13 March 2006 - 06:54 PM

Hello Nancylynn, welcome to the TC Forums

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.sub.../Fixwareout.exe
http://swandog46.gee.../Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Now lets check some settings on your system.
(2000/XP) Only
In the windows control panel. If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections. Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties. Click the Networking tab. Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically
Press OK twice to get out of the properties screen and reboot if it asks.
That option might not be avaiable on some systems
Next Go start run type cmd and hit OK
type
ipconfig /flushdns
then hit enter, type exit hit enter
(that space between g and / is needed)

Next:

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.

Please do not delete anything unless instructed to.

Download the trial version of Spy Sweeper from Here

Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)

You will be prompted to check for updated definitions, please do so.
(This may take several minutes)

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.

Click on Sweep and allow it to fully scan your system.If you are prompted to restart the computer, do so immediately. This is a necessary step to kill the infection!

When the sweep has finished, click Remove. Click Select All and then Next

From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.

Exit Spy Sweeper.

Empty Recycle Bin

Reboot and "copy/paste" a new HJT log as well as the Resullts from Spy Sweeper file into this thread.
Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#4 Nancylynn

New Member

Authentic Member
11 posts

Posted 13 March 2006 - 10:44 PM

I followed all of your instructions. Below is the HJT log and the spysweeper log.

My computer is running very slowly. It took a very long time for it to reboot, and a long time for IE to open. When it did going from site to site was slow.

Also, on one of your steps you adv me to "clear" "hide protected operating system files" when I did that, I got a popup box from Microsoft asking if I really wanted to. It seemed a big deal that I did. Do I leave that "cleared". thank you so much for your help!

Nancy
_____________________________________________________________
Logfile of HijackThis v1.99.1
Scan saved at 11:33:50 PM, on 3/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Canon\BJPV\TVMon.exe
C:\Program Files\TextBridge Pro Millennium\Bin\InstantAccess.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\SYSTEM32\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\ScanPanel\ScnPanel.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\default\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.search-1.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchdot.net
R3 - URLSearchHook: (no name) - {A77BF4B4-48E4-081A-E480-ECE27B95C5AA} - media64.dll (file missing)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\SYSTEM\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\ROBOFORM.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\ROBOFORM.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [InstantAccess] C:\Program Files\TextBridge Pro Millennium\Bin\InstantAccess.exe /h
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [uio] zxc.exe
O4 - HKLM\..\Run: [NukeSpan] control64.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [FLKPT] systemdll.exe
O4 - HKCU\..\Run: [dialer423] 321102.exe
O4 - HKCU\..\Run: [ActionScr] ParisM.exe
O4 - Global Startup: ScanPanel.lnk = C:\ScanPanel\ScnPanel.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV Live - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing)
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Point Alert - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - file://C:\Program Files\MyPointsPointAlert\System\Temp\mypoints_script0.htm (HKCU)
O12 - Plugin for .avi: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npavi32.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://help.bellsout...oad/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.a...75/mcinsctl.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....02/cpbrkpie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineco...loadcontrol.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.a...,17/mcgdmgr.cab
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://h30135.www3.h...er/SysQuery.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

_________________________________________________________________________________________

10:05 PM: | Start of Session, Monday, March 13, 2006 |
10:05 PM: Spy Sweeper started
10:05 PM: Sweep initiated using definitions version 632
10:05 PM: Starting Memory Sweep
10:18 PM: Memory Sweep Complete, Elapsed Time: 00:12:25
10:18 PM: Starting Registry Sweep
10:18 PM: Found Adware: coolsavings
10:18 PM: HKCR\clsid\{11bdb904-c0bc-41ce-910b-0d12fd619fd0}\ (2 subtraces) (ID = 106999)
10:18 PM: HKCR\interface\{549f957d-2f89-11d6-8cfe-00c04f52b225}\ (8 subtraces) (ID = 107001)
10:18 PM: HKCR\interface\{549f957f-2f89-11d6-8cfe-00c04f52b225}\ (8 subtraces) (ID = 107002)
10:18 PM: HKLM\software\classes\clsid\{11bdb904-c0bc-41ce-910b-0d12fd619fd0}\ (2 subtraces) (ID = 107005)
10:18 PM: HKLM\software\classes\interface\{549f957d-2f89-11d6-8cfe-00c04f52b225}\ (8 subtraces) (ID = 107007)
10:18 PM: HKLM\software\classes\interface\{549f957f-2f89-11d6-8cfe-00c04f52b225}\ (8 subtraces) (ID = 107008)
10:18 PM: Found Adware: ehttp hijacker
10:18 PM: HKLM\software\microsoft\windows\currentversion\url\prefixes\ || www. (ID = 117166)
10:18 PM: HKLM\software\microsoft\windows\currentversion\url\prefixes\ || www. (ID = 117169)
10:18 PM: Found Adware: gain - common components
10:18 PM: HKCR\interface\{54e7e080-1da6-412e-96b5-c290fcef5329}\ (8 subtraces) (ID = 126745)
10:18 PM: Found Trojan Horse: jeem
10:18 PM: HKLM\software\microsoft\windows\currentversion\welcome\ || cv093 (ID = 129327)
10:18 PM: HKLM\software\microsoft\windows\currentversion\welcome\ || idc3 (ID = 129328)
10:18 PM: Found Adware: mypoints
10:18 PM: HKU\S-1-5-21-1202660629-842925246-1957994488-1004\software\microsoft\internet explorer\menuext\mypoints\ (2 subtraces) (ID = 135491)
10:18 PM: HKU\S-1-5-20\software\microsoft\internet explorer\menuext\mypoints\ (2 subtraces) (ID = 135491)
10:19 PM: HKU\S-1-5-19\software\microsoft\internet explorer\menuext\mypoints\ (2 subtraces) (ID = 135491)
10:19 PM: HKU\S-1-5-18\software\microsoft\internet explorer\menuext\mypoints\ (2 subtraces) (ID = 135491)
10:19 PM: Registry Sweep Complete, Elapsed Time:00:00:56
10:19 PM: Starting Cookie Sweep
10:19 PM: Found Spy Cookie: ebates cookie
10:19 PM: default@www.ebates[1].txt (ID = 2558)
10:19 PM: Found Spy Cookie: tvguide cookie
10:19 PM: default@www.tvguide[2].txt (ID = 3600)
10:19 PM: default@tvguide[2].txt (ID = 3599)
10:19 PM: Found Spy Cookie: homestore cookie
10:19 PM: default@domania.homestore[1].txt (ID = 2794)
10:19 PM: Found Spy Cookie: coolsavings cookie
10:19 PM: default@coolsavings[2].txt (ID = 2465)
10:19 PM: Found Spy Cookie: ask cookie
10:19 PM: default@www.ask[1].txt (ID = 2246)
10:19 PM: Found Spy Cookie: dealtime cookie
10:19 PM: default@dealtime[1].txt (ID = 2505)
10:19 PM: Found Spy Cookie: avenuea cookie
10:19 PM: default@avenuea[1].txt (ID = 2259)
10:19 PM: Found Spy Cookie: one-time-offer cookie
10:19 PM: default@one-time-offer[1].txt (ID = 3095)
10:19 PM: Found Spy Cookie: jp18 cookie
10:19 PM: default@www.jp18[1].txt (ID = 2892)
10:19 PM: Found Spy Cookie: adultrevenueservice cookie
10:19 PM: default@adultrevenueservice[2].txt (ID = 2167)
10:19 PM: Found Spy Cookie: livestat cookie
10:19 PM: default@livestat[1].txt (ID = 2930)
10:19 PM: Found Spy Cookie: xiti cookie
10:19 PM: default@xiti[1].txt (ID = 3717)
10:19 PM: Found Spy Cookie: infospace cookie
10:19 PM: default@infospace[2].txt (ID = 2865)
10:19 PM: Found Spy Cookie: adscmedia cookie
10:19 PM: default@ads.cimedia[1].txt (ID = 2100)
10:19 PM: default@www.ask[3].txt (ID = 2246)
10:19 PM: Found Spy Cookie: about cookie
10:19 PM: default@about[2].txt (ID = 2037)
10:19 PM: Found Spy Cookie: apmebf cookie
10:19 PM: default@apmebf[2].txt (ID = 2229)
10:19 PM: default@www.ebates[2].txt (ID = 2558)
10:19 PM: Found Spy Cookie: cgi-win cookie
10:19 PM: default@cgi-win[2].txt (ID = 2376)
10:19 PM: Found Spy Cookie: websponsors cookie
10:19 PM: default@websponsors[2].txt (ID = 3664)
10:19 PM: Found Spy Cookie: hitboss.com cookie
10:19 PM: default@www.hitboss[1].txt (ID = 2782)
10:19 PM: Found Spy Cookie: exitfuel cookie
10:19 PM: default@exitfuel[1].txt (ID = 2635)
10:19 PM: default@websponsors[1].txt (ID = 3664)
10:19 PM: default@one-time-offer[2].txt (ID = 3095)
10:19 PM: Found Spy Cookie: 2o7.net cookie
10:19 PM: default@msnportal.112.2o7[1].txt (ID = 1958)
10:19 PM: default@ypng.infospace[1].txt (ID = 2866)
10:19 PM: default@adultrevenueservice[1].txt (ID = 2167)
10:19 PM: Found Spy Cookie: ic-live cookie
10:19 PM: default@ic-live[1].txt (ID = 2821)
10:19 PM: Found Spy Cookie: ads.techtv.com cookie
10:19 PM: default@ads.techtv[2].txt (ID = 2129)
10:19 PM: default@tvguide[1].txt (ID = 3599)
10:19 PM: Found Spy Cookie: go.com cookie
10:19 PM: default@disney.store.go[1].txt (ID = 2729)
10:19 PM: Found Spy Cookie: webpower cookie
10:19 PM: default@webpower[3].txt (ID = 3660)
10:19 PM: Found Spy Cookie: netflip.com cookie
10:19 PM: default@netflip[1].txt (ID = 3063)
10:19 PM: Found Spy Cookie: netratingsselect cookie
10:19 PM: default@nnselect[2].txt (ID = 3065)
10:19 PM: default@webpower[1].txt (ID = 3660)
10:19 PM: default@www.ebates[4].txt (ID = 2558)
10:19 PM: default@ebates[1].txt (ID = 2557)
10:19 PM: default@personalfinance.aol.homestore[1].txt (ID = 2794)
10:19 PM: default@about[3].txt (ID = 2037)
10:19 PM: Found Spy Cookie: ru4 cookie
10:19 PM: default@edge.ru4[1].txt (ID = 3269)
10:19 PM: Found Spy Cookie: stamps.com cookie
10:19 PM: default@stamps[1].txt (ID = 3437)
10:19 PM: default@exitfuel[2].txt (ID = 2635)
10:19 PM: default@www.ebates[3].txt (ID = 2558)
10:19 PM: Found Spy Cookie: casalemedia cookie
10:19 PM: default@casalemedia[1].txt (ID = 2354)
10:19 PM: Found Spy Cookie: ccbill cookie
10:19 PM: default@ccbill[3].txt (ID = 2369)
10:19 PM: default@www.dealtime[2].txt (ID = 2506)
10:19 PM: Found Spy Cookie: cashpartner cookie
10:19 PM: default@tracking.cashpartner[1].txt (ID = 2357)
10:19 PM: default@babyparenting.about[1].txt (ID = 2038)
10:19 PM: Found Spy Cookie: toplist cookie
10:19 PM: default@www.toplist[1].txt (ID = 3558)
10:19 PM: default@services.ask[1].txt (ID = 2246)
10:19 PM: Found Spy Cookie: clickxchange adware cookie
10:19 PM: default@www.clickxchange[1].txt (ID = 2409)
10:19 PM: Found Spy Cookie: clixgalore cookie
10:19 PM: default@www.clixgalore[1].txt (ID = 2417)
10:19 PM: default@ypng.infospace[2].txt (ID = 2866)
10:19 PM: Found Spy Cookie: realmedia cookie
10:19 PM: default@icover.realmedia[2].txt (ID = 3236)
10:19 PM: Found Spy Cookie: atwola cookie
10:19 PM: default@atwola[1].txt (ID = 2255)
10:19 PM: default@infospace[1].txt (ID = 2865)
10:19 PM: default@adultrevenueservice[3].txt (ID = 2167)
10:19 PM: default@houseandhome.aol.homestore[1].txt (ID = 2794)
10:19 PM: default@homestore[1].txt (ID = 2793)
10:19 PM: default@go[2].txt (ID = 2728)
10:19 PM: Found Spy Cookie: interneteraser cookie
10:19 PM: default@www.interneteraser[1].txt (ID = 2872)
10:19 PM: default@www.hitboss[2].txt (ID = 2782)
10:19 PM: Found Spy Cookie: 66.70.21 cookie
10:19 PM: default@66.70.21[2].txt (ID = 1999)
10:19 PM: default@cgi-win[4].txt (ID = 2376)
10:19 PM: Found Spy Cookie: metareward.com cookie
10:19 PM: default@metareward[1].txt (ID = 2990)
10:19 PM: default@www.ask[2].txt (ID = 2246)
10:19 PM: Found Spy Cookie: bluestreak cookie
10:19 PM: default@bluestreak[1].txt (ID = 2314)
10:19 PM: default@one-time-offer[3].txt (ID = 3095)
10:19 PM: default@sprinks-clicks.about[1].txt (ID = 2038)
10:19 PM: Found Spy Cookie: gotoast cookie
10:19 PM: default@gotoast[2].txt (ID = 2751)
10:19 PM: Found Spy Cookie: stats.klsoft.com cookie
10:19 PM: default@stats.klsoft[1].txt (ID = 3451)
10:19 PM: default@webpower[2].txt (ID = 3660)
10:19 PM: Found Spy Cookie: l2m.net cookie
10:19 PM: default@l2m[1].txt (ID = 2913)
10:19 PM: Found Spy Cookie: banners cookie
10:19 PM: default@banners[1].txt (ID = 2282)
10:19 PM: Found Spy Cookie: ads.oneplace cookie
10:19 PM: default@ads.oneplace[1].txt (ID = 2122)
10:19 PM: default@ic-live[4].txt (ID = 2821)
10:19 PM: Found Spy Cookie: nextag cookie
10:19 PM: default@www.nextag[1].txt (ID = 5015)
10:19 PM: default@43614673a.l2m[1].txt (ID = 2914)
10:19 PM: default@ebates[2].txt (ID = 2557)
10:19 PM: default@disney.go[1].txt (ID = 2729)
10:19 PM: default@adultrevenueservice[4].txt (ID = 2167)
10:19 PM: default@ccbill[2].txt (ID = 2369)
10:19 PM: default@livestat[2].txt (ID = 2930)
10:19 PM: Found Spy Cookie: barelylegal cookie
10:19 PM: default@c.fsx[1].txt (ID = 2286)
10:19 PM: default@www.ebates[5].txt (ID = 2558)
10:19 PM: default@disney.store.go[2].txt (ID = 2729)
10:19 PM: Found Spy Cookie: bizrate cookie
10:19 PM: default@eval.bizrate[1].txt (ID = 2309)
10:19 PM: Found Spy Cookie: customer cookie
10:19 PM: default@customer[1].txt (ID = 2481)
10:19 PM: default@bizrate[2].txt (ID = 2308)
10:19 PM: default@go[1].txt (ID = 2728)
10:19 PM: default@disneyworld.disney.go[1].txt (ID = 2729)
10:19 PM: default@disneyb.store.go[2].txt (ID = 2729)
10:19 PM: default@nextag[1].txt (ID = 5014)
10:19 PM: Found Spy Cookie: specificclick.com cookie
10:19 PM: default@adopt.specificclick[1].txt (ID = 3400)
10:19 PM: default@one-time-offer[4].txt (ID = 3095)
10:19 PM: default@metareward[3].txt (ID = 2990)
10:19 PM: default@stats.klsoft[2].txt (ID = 3451)
10:19 PM: default@livestat[3].txt (ID = 2930)
10:19 PM: default@customer[2].txt (ID = 2481)
10:19 PM: default@bizrate[3].txt (ID = 2308)
10:19 PM: Found Spy Cookie: affiliatefuel.com cookie
10:19 PM: default@www.affiliatefuel[1].txt (ID = 2202)
10:19 PM: default@go[4].txt (ID = 2728)
10:19 PM: Found Spy Cookie: questionmarket cookie
10:19 PM: default@questionmarket[1].txt (ID = 3217)
10:19 PM: default@ccbill[4].txt (ID = 2369)
10:19 PM: default@disney.videos.go[1].txt (ID = 2729)
10:19 PM: Found Spy Cookie: free-cdsoftware cookie
10:19 PM: default@free-cdsoftware[1].txt (ID = 2694)
10:19 PM: Found Spy Cookie: directtrack cookie
10:19 PM: default@keycode.directtrack[2].txt (ID = 2528)
10:19 PM: default@infospace[3].txt (ID = 2865)
10:19 PM: default@disney.store.go[3].txt (ID = 2729)
10:19 PM: default@adultrevenueservice[6].txt (ID = 2167)
10:19 PM: default@atwola[2].txt (ID = 2255)
10:19 PM: default@one-time-offer[5].txt (ID = 3095)
10:19 PM: anyuser@ccbill[2].txt (ID = 2369)
10:19 PM: Found Spy Cookie: outster cookie
10:19 PM: default@outster[1].txt (ID = 3103)
10:19 PM: Found Spy Cookie: www.mature-post cookie
10:19 PM: default@www.mature-post[1].txt (ID = 3703)
10:19 PM: default@www.ebates[6].txt (ID = 2558)
10:19 PM: Found Spy Cookie: servlet cookie
10:19 PM: anyuser@servlet[1].txt (ID = 3345)
10:19 PM: Found Spy Cookie: counter cookie
10:19 PM: anyuser@counter[1].txt (ID = 2477)
10:19 PM: anyuser@atwola[1].txt (ID = 2255)
10:19 PM: anyuser@toplist[1].txt (ID = 3557)
10:19 PM: anyuser@www.mature-post[2].txt (ID = 3703)
10:19 PM: Found Spy Cookie: rb4.ampland cookie
10:19 PM: anyuser@rb4.ampland[2].txt (ID = 3229)
10:19 PM: anyuser@stamps[1].txt (ID = 3437)
10:19 PM: Found Spy Cookie: mediumpimpin cookie
10:19 PM: anyuser@mediumpimpin[2].txt (ID = 2978)
10:19 PM: Found Spy Cookie: coolwebsearch cookie
10:19 PM: anyuser@coolwebsearch[1].txt (ID = 2469)
10:19 PM: Found Spy Cookie: smashingthumbs cookie
10:19 PM: anyuser@www.smashingthumbs[2].txt (ID = 3386)
10:19 PM: anyuser@websponsors[1].txt (ID = 3664)
10:19 PM: Found Spy Cookie: frenchcum cookie
10:19 PM: anyuser@www.frenchcum[1].txt (ID = 2707)
10:19 PM: anyuser@livestat[1].txt (ID = 2930)
10:19 PM: Found Spy Cookie: adrevservice cookie
10:19 PM: anyuser@adrevservice[1].txt (ID = 2091)
10:19 PM: Found Spy Cookie: upspiral cookie
10:19 PM: default@upspiral[1].txt (ID = 3614)
10:19 PM: anyuser@gotoast[1].txt (ID = 2751)
10:19 PM: anyuser@infospace[1].txt (ID = 2865)
10:19 PM: anyuser@metareward[2].txt (ID = 2990)
10:19 PM: Found Spy Cookie: pch cookie
10:19 PM: default@sb.pch[1].txt (ID = 3124)
10:19 PM: anyuser@disney.store.go[2].txt (ID = 2729)
10:19 PM: default@metareward[4].txt (ID = 2990)
10:19 PM: anyuser@go[2].txt (ID = 2728)
10:19 PM: anyuser@www.ebates[2].txt (ID = 2558)
10:19 PM: anyuser@chinesefood.about[2].txt (ID = 2038)
10:19 PM: anyuser@about[2].txt (ID = 2037)
10:19 PM: default@stamps[2].txt (ID = 3437)
10:19 PM: Found Spy Cookie: findwhat cookie
10:19 PM: default@findwhat[1].txt (ID = 2674)
10:19 PM: default@infospace[4].txt (ID = 2865)
10:19 PM: Found Spy Cookie: seeq cookie
10:19 PM: default@seeq[1].txt (ID = 3331)
10:19 PM: default@ebates[4].txt (ID = 2557)
10:19 PM: default@about[4].txt (ID = 2037)
10:19 PM: default@ask[1].txt (ID = 2245)
10:19 PM: default@go[3].txt (ID = 2728)
10:19 PM: default@familyfun.go[2].txt (ID = 2729)
10:19 PM: Found Spy Cookie: 360i cookie
10:19 PM: default@ct.360i[2].txt (ID = 1962)
10:19 PM: default@sewing.about[1].txt (ID = 2038)
10:19 PM: default@www.affiliatefuel[2].txt (ID = 2202)
10:19 PM: default@rsi.tvguide[1].txt (ID = 3600)
10:19 PM: default@bizrate[1].txt (ID = 2308)
10:19 PM: default@sdc.tvguide[1].txt (ID = 3600)
10:19 PM: default@tvguide[4].txt (ID = 3599)
10:19 PM: Found Spy Cookie: did-it cookie
10:19 PM: default@did-it[1].txt (ID = 2523)
10:19 PM: default@www.ebates[8].txt (ID = 2558)
10:19 PM: default@websponsors[3].txt (ID = 3664)
10:19 PM: default@metareward[2].txt (ID = 2990)
10:19 PM: default@atwola[3].txt (ID = 2255)
10:19 PM: default@www.metareward[1].txt (ID = 2991)
10:19 PM: default@bizrate[4].txt (ID = 2308)
10:19 PM: default@adq.nextag[1].txt (ID = 5015)
10:19 PM: default@ask[2].txt (ID = 2245)
10:19 PM: Found Spy Cookie: belnk cookie
10:19 PM: default@dist.belnk[2].txt (ID = 2293)
10:19 PM: Found Spy Cookie: joetec.net cookie
10:19 PM: default@ads.joetec[1].txt (ID = 2890)
10:19 PM: default@ic-live[2].txt (ID = 2821)
10:19 PM: Found Spy Cookie: partypoker cookie
10:19 PM: default@partypoker[1].txt (ID = 3111)
10:19 PM: default@nextag[3].txt (ID = 5014)
10:19 PM: Found Spy Cookie: xxxcounter cookie
10:19 PM: default@xxxcounter[1].txt (ID = 3733)
10:19 PM: default@one-time-offer[6].txt (ID = 3095)
10:19 PM: default@webpower[4].txt (ID = 3660)
10:19 PM: default@ccbill[5].txt (ID = 2369)
10:19 PM: Found Spy Cookie: adultfriendfinder cookie
10:19 PM: default@adultfriendfinder[2].txt (ID = 2165)
10:19 PM: Found Spy Cookie: 190dotcom cookie
10:19 PM: default@69.50.190[2].txt (ID = 1936)
10:19 PM: Found Spy Cookie: tripod cookie
10:19 PM: default@tripod[1].txt (ID = 3591)
10:19 PM: Found Spy Cookie: adrevolver cookie
10:19 PM: default@adrevolver[1].txt (ID = 2088)
10:19 PM: Found Spy Cookie: tickle cookie
10:19 PM: default@tickle[2].txt (ID = 3529)
10:19 PM: default@cookie.tickle[1].txt (ID = 3530)
10:19 PM: Found Spy Cookie: banner cookie
10:19 PM: default@banner[1].txt (ID = 2276)
10:19 PM: default@realmedia[2].txt (ID = 3235)
10:19 PM: Found Spy Cookie: reunion cookie
10:19 PM: default@reunion[2].txt (ID = 3255)
10:19 PM: Found Spy Cookie: rn11 cookie
10:19 PM: default@e.rn11[2].txt (ID = 3262)
10:19 PM: default@did-it[2].txt (ID = 2523)
10:19 PM: default@disney.go[2].txt (ID = 2729)
10:19 PM: default@go[6].txt (ID = 2728)
10:19 PM: default@www.affiliatefuel[3].txt (ID = 2202)
10:19 PM: Found Spy Cookie: dcskqeg2voifwznnd6alhtnei_8f3u cookie
10:19 PM: default@dcskqeg2voifwznnd6alhtnei_8f3u[1].txt (ID = 2501)
10:19 PM: default@apmebf[3].txt (ID = 2229)
10:19 PM: default@apmebf[1].txt (ID = 2229)
10:19 PM: default@go[7].txt (ID = 2728)
10:19 PM: Found Spy Cookie: redzip cookie
10:19 PM: default@www.redzip[2].txt (ID = 3250)
10:19 PM: default@dist.belnk[3].txt (ID = 2293)
10:19 PM: Found Spy Cookie: 123count cookie
10:19 PM: default@123count[1].txt (ID = 1927)
10:19 PM: Found Spy Cookie: adminder cookie
10:19 PM: default@www.adminder[2].txt (ID = 2079)
10:19 PM: Found Spy Cookie: accoona cookie
10:19 PM: default@accoona[2].txt (ID = 2041)
10:19 PM: default@tickle[1].txt (ID = 3529)
10:19 PM: default@reunion[3].txt (ID = 3255)
10:19 PM: default@bvhequiz.go[1].txt (ID = 2729)
10:19 PM: default@disney.go[3].txt (ID = 2729)
10:19 PM: default@directtrack[1].txt (ID = 2527)
10:19 PM: default@adultfriendfinder[3].txt (ID = 2165)
10:19 PM: default@ccbill[1].txt (ID = 2369)
10:19 PM: default@ivointeractive.directtrack[1].txt (ID = 2528)
10:19 PM: default@www.affiliatefuel[5].txt (ID = 2202)
10:19 PM: default@www.disney.go[1].txt (ID = 2729)
10:19 PM: default@www.frenchcum[2].txt (ID = 2707)
10:19 PM: Found Spy Cookie: herfirstlesbiansex cookie
10:19 PM: default@herfirstlesbiansex[1].txt (ID = 2771)
10:19 PM: Found Spy Cookie: gangbangsquad cookie
10:19 PM: default@gangbangsquad[2].txt (ID = 2720)
10:19 PM: default@dealtime[2].txt (ID = 2505)
10:19 PM: default@stat.dealtime[1].txt (ID = 2506)
10:19 PM: default@ath.belnk[1].txt (ID = 2293)
10:19 PM: default@email.about[1].txt (ID = 2038)
10:19 PM: default@www.ebates[9].txt (ID = 2558)
10:19 PM: default@ccbill[6].txt (ID = 2369)
10:19 PM: Found Spy Cookie: kinghost cookie
10:19 PM: default@kinghost[1].txt (ID = 2903)
10:19 PM: Found Spy Cookie: cnt cookie
10:19 PM: default@cnt[2].txt (ID = 2422)
10:19 PM: default@nextag[4].txt (ID = 5014)
10:19 PM: default@bizrate[5].txt (ID = 2308)
10:19 PM: Found Spy Cookie: domainsponsor cookie
10:19 PM: default@landing.domainsponsor[1].txt (ID = 2535)
10:19 PM: default@toplist[2].txt (ID = 3557)
10:19 PM: Found Spy Cookie: pornochicks cookie
10:19 PM: default@pornochicks[1].txt (ID = 3171)
10:19 PM: Found Spy Cookie: camgirlslive cookie
10:19 PM: default@www.camgirlslive[2].txt (ID = 2345)
10:19 PM: Found Spy Cookie: xren_cj cookie
10:19 PM: default@xren_cj[1].txt (ID = 3723)
10:19 PM: Found Spy Cookie: adknowledge cookie
10:19 PM: default@adknowledge[1].txt (ID = 2072)
10:19 PM: Found Spy Cookie: sexsearch cookie
10:19 PM: default@tour.splash.sexsearch[1].txt (ID = 3358)
10:19 PM: default@familyfun.go[1].txt (ID = 2729)
10:19 PM: default@www.mature-post[2].txt (ID = 3703)
10:19 PM: default@go[5].txt (ID = 2728)
10:19 PM: default@southernfood.about[2].txt (ID = 2038)
10:19 PM: default@about[5].txt (ID = 2037)
10:19 PM: default@ic-live[3].txt (ID = 2821)
10:19 PM: default@cnt[4].txt (ID = 2422)
10:19 PM: default@disney.go[4].txt (ID = 2729)
10:19 PM: default@www.upspiral[2].txt (ID = 3615)
10:19 PM: Found Spy Cookie: promaxtraffic cookie
10:19 PM: default@tds.promaxtraffic[1].txt (ID = 3200)
10:19 PM: Found Spy Cookie: 5 cookie
10:19 PM: default@5[1].txt (ID = 1979)
10:19 PM: default@disneyvideos.disney.go[1].txt (ID = 2729)
10:19 PM: default@xiti[2].txt (ID = 3717)
10:19 PM: Found Spy Cookie: trafficbest cookie
10:19 PM: default@trafficbest[1].txt (ID = 3856)
10:19 PM: default@adultfriendfinder[1].txt (ID = 2165)
10:19 PM: default@dist.belnk[1].txt (ID = 2293)
10:19 PM: default@belnk[2].txt (ID = 2292)
10:19 PM: default@ask[3].txt (ID = 2245)
10:19 PM: default@tds.promaxtraffic[2].txt (ID = 3200)
10:19 PM: default@realmedia[3].txt (ID = 3235)
10:19 PM: Found Spy Cookie: pricegrabber cookie
10:19 PM: default@pricegrabber[1].txt (ID = 3185)
10:19 PM: default@gosouthamerica.about[2].txt (ID = 2038)
10:19 PM: default@r1.affiliatefuel[1].txt (ID = 2202)
10:19 PM: default@712educators.about[2].txt (ID = 2038)
10:19 PM: default@apmebf[5].txt (ID = 2229)
10:19 PM: default@landing.domainsponsor[3].txt (ID = 2535)
10:19 PM: default@photo.stamps[1].txt (ID = 3438)
10:19 PM: default@stamps[4].txt (ID = 3437)
10:19 PM: default@adultfriendfinder[4].txt (ID = 2165)
10:19 PM: default@ccbill[7].txt (ID = 2369)
10:19 PM: default@go[8].txt (ID = 2728)
10:19 PM: default@atwola[4].txt (ID = 2255)
10:19 PM: default@apmebf[4].txt (ID = 2229)
10:19 PM: default@realmedia[4].txt (ID = 3235)
10:19 PM: default@tds.promaxtraffic[3].txt (ID = 3200)
10:19 PM: default@cnt[3].txt (ID = 2422)
10:19 PM: Cookie Sweep Complete, Elapsed Time: 00:00:15
10:19 PM: Starting File Sweep
10:19 PM: Warning: Failed to open file "c:\hiberfil.sys". Access is denied
10:19 PM: Warning: Failed to open file "c:\pagefile.sys". Access is denied
10:25 PM: Found Trojan Horse: trojan-downloader-ruin
10:25 PM: csbfd.exe (ID = 246)
10:27 PM: Warning: Failed to open file "c:\windows\system32\config\system.log". The process cannot access the file because it is being used by another process
10:27 PM: Warning: Failed to open file "c:\windows\system32\config\software.log". The process cannot access the file because it is being used by another process
10:27 PM: Warning: Failed to open file "c:\windows\system32\config\default.log". The process cannot access the file because it is being used by another process
10:27 PM: Warning: Failed to open file "c:\windows\system32\config\security". The process cannot access the file because it is being used by another process
10:27 PM: Warning: Failed to open file "c:\windows\system32\config\sam". The process cannot access the file because it is being used by another process
10:27 PM: Warning: Failed to open file "c:\windows\system32\config\sam.log". The process cannot access the file because it is being used by another process
10:27 PM: Warning: Failed to open file "c:\windows\system32\config\security.log". The process cannot access the file because it is being used by another process
10:27 PM: Warning: Failed to open file "c:\windows\system32\config\system". The process cannot access the file because it is being used by another process
10:27 PM: Warning: Failed to open file "c:\windows\system32\config\software". The process cannot access the file because it is being used by another process
10:27 PM: Warning: Failed to open file "c:\windows\system32\config\default". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\softwaredistribution\eventcache\{682d6d31-ad6a-440c-8c0a-aae05599e16d}.bin". The process cannot access the file because it is being used by another process
10:36 PM: piggy.cgd (ID = 53867)
10:39 PM: Warning: Failed to open file "c:\program files\common files\symantec shared\ccpd-lc\symlcrst.dll". The process cannot access the file because it is being used by another process
10:41 PM: Found Adware: onflow
10:41 PM: onflowplayer0.dll (ID = 71515)
10:45 PM: Found Adware: limeshop
10:45 PM: bg.class (ID = 65469)
10:45 PM: eb.class (ID = 65518)
10:45 PM: c.class (ID = 65482)
10:45 PM: Found Adware: ebates money maker
10:45 PM: ce.class (ID = 59509)
10:45 PM: q.class (ID = 59693)
10:45 PM: bi.class (ID = 65470)
10:45 PM: e.class (ID = 65516)
10:45 PM: bl.class (ID = 65472)
10:45 PM: g.class (ID = 65521)
10:45 PM: bo.class (ID = 59476)
10:45 PM: ec.class (ID = 65519)
10:45 PM: i.class (ID = 59665)
10:45 PM: r.class (ID = 59695)
10:45 PM: bt.class (ID = 65475)
10:45 PM: k.class (ID = 65522)
10:45 PM: b.class (ID = 59447)
10:45 PM: d.class (ID = 59554)
10:45 PM: f.class (ID = 59661)
10:45 PM: l.class (ID = 59674)
10:45 PM: s.class (ID = 59698)
10:45 PM: a.class (ID = 59443)
10:45 PM: m.class (ID = 59679)
10:45 PM: n.class (ID = 59688)
10:45 PM: j.class (ID = 59670)
10:45 PM: p.class (ID = 59689)
10:45 PM: v.class (ID = 59718)
10:45 PM: w.class (ID = 59719)
10:45 PM: x.class (ID = 65545)
10:45 PM: y.class (ID = 59732)
10:45 PM: bu.class (ID = 65476)
10:45 PM: ba.class (ID = 65466)
10:45 PM: bb.class (ID = 59450)
10:45 PM: bz.class (ID = 65481)
10:45 PM: bd.class (ID = 65468)
10:45 PM: be.class (ID = 59456)
10:45 PM: bf.class (ID = 59458)
10:45 PM: bh.class (ID = 59462)
10:45 PM: cb.class (ID = 65484)
10:45 PM: bj.class (ID = 65471)
10:45 PM: bk.class (ID = 59467)
10:45 PM: cf.class (ID = 65486)
10:45 PM: bm.class (ID = 65473)
10:45 PM: bn.class (ID = 59474)
10:45 PM: bp.class (ID = 59477)
10:45 PM: bq.class (ID = 59480)
10:45 PM: br.class (ID = 59481)
10:45 PM: bc.class (ID = 65467)
10:45 PM: bs.class (ID = 65474)
10:45 PM: ch.class (ID = 65488)
10:45 PM: bv.class (ID = 65477)
10:45 PM: bw.class (ID = 65478)
10:45 PM: bx.class (ID = 65479)
10:45 PM: t.class (ID = 59708)
10:45 PM: by.class (ID = 65480)
10:45 PM: ea.class (ID = 65517)
10:45 PM: ca.class (ID = 65483)
10:45 PM: cj.class (ID = 65490)
10:45 PM: cc.class (ID = 65485)
10:45 PM: cd.class (ID = 59508)
10:45 PM: cl.class (ID = 65492)
10:45 PM: cg.class (ID = 65487)
10:45 PM: cn.class (ID = 65494)
10:45 PM: ci.class (ID = 65489)
10:45 PM: cu.class (ID = 65497)
10:45 PM: ck.class (ID = 65491)
10:45 PM: cv.class (ID = 65498)
10:45 PM: cm.class (ID = 65493)
10:45 PM: cx.class (ID = 65500)
10:45 PM: co.class (ID = 65495)
10:45 PM: cs.class (ID = 59538)
10:45 PM: cp.class (ID = 65496)
10:45 PM: cq.class (ID = 59535)
10:45 PM: cr.class (ID = 59536)
10:45 PM: ct.class (ID = 59541)
10:45 PM: da.class (ID = 65502)
10:45 PM: cw.class (ID = 65499)
10:45 PM: dg.class (ID = 65505)
10:45 PM: cy.class (ID = 65501)
10:45 PM: cz.class (ID = 59552)
10:45 PM: db.class (ID = 59560)
10:45 PM: dc.class (ID = 59561)
10:45 PM: dd.class (ID = 65504)
10:45 PM: de.class (ID = 59565)
10:45 PM: u.class (ID = 59715)
10:45 PM: dv.class (ID = 65515)
10:45 PM: df.class (ID = 59566)
10:45 PM: dj.class (ID = 65507)
10:45 PM: dh.class (ID = 65506)
10:45 PM: di.class (ID = 59572)
10:45 PM: dw.class (ID = 59602)
10:45 PM: dl.class (ID = 65509)
10:45 PM: dk.class (ID = 65508)
10:45 PM: dq.class (ID = 65510)
10:45 PM: dx.class (ID = 59604)
10:45 PM: dm.class (ID = 59583)
10:45 PM: dn.class (ID = 59585)
10:45 PM: dp.class (ID = 59587)
10:45 PM: dy.class (ID = 59606)
10:45 PM: dr.class (ID = 65511)
10:45 PM: ds.class (ID = 65512)
10:45 PM: dt.class (ID = 65513)
10:45 PM: dz.class (ID = 59607)
10:45 PM: du.class (ID = 59596)
10:45 PM: ed.class (ID = 65520)
10:45 PM: h.class (ID = 59664)
10:45 PM: system.dls (ID = 59702)
10:45 PM: browsers.dls (ID = 59483)
10:45 PM: topmoxie_conflicts2.htm (ID = 59712)
10:45 PM: topmoxie_proxy.htm (ID = 59713)
10:57 PM: Warning: Failed to open file "c:\documents and settings\default\ntuser.dat". The process cannot access the file because it is being used by another process
10:57 PM: Warning: Failed to open file "c:\documents and settings\default\ntuser.dat.log". The process cannot access the file because it is being used by another process
10:57 PM: c:\documents and settings\default\local settings\temp\coolcache (2 subtraces) (ID = -2147481212)
10:57 PM: piggy.cgd (ID = 53867)
10:57 PM: squiggly.cgd (ID = 53868)
11:00 PM: Warning: Failed to open file "c:\documents and settings\default\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\default\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6fc6476c-f864-457f-b56a-d5118ab71f48.tmp". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse09b6d5c-5ce2-4b7b-94e7-d78cfb11a2ad.tmp". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs1ee185d3-4473-4fc3-9068-5d4709f8fdec.tmp". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs912da081-8150-48df-873f-3823f13e076b.tmp". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs23949777-68fa-4fe5-b79c-eada3056ce50.tmp". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs92c81a53-f466-4107-a96c-c2dfceedf38c.tmp". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsce3db028-7af5-44e0-af04-a1e05c4760e2.tmp". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8a6ad328-4140-4045-8a6d-fdf74f2ce238.tmp". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb13395f8-b3b6-45f4-abc9-805b573289d3.tmp". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs06e35bb4-163d-4ae5-bf2d-999fbf309ade.tmp". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs128869fa-304f-4019-bb56-a2eba63dff8a.tmp". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs922a488c-2305-4515-aa66-77d9dd7e9abc.tmp". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs1e8fd95d-c602-4259-b64c-a5c903f24800.tmp". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5ccbf50d-7e7d-4836-9a65-126f4c3ff10e.tmp". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf4df16fe-73e0-487e-b3f9-1f2f779e5303.tmp". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4a843673-0fe8-4598-8f9a-c91bee88ab07.tmp". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs623d0ae0-0c16-4d45-961f-08be38d48f67.tmp". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs0b755448-e377-4f0f-a468-83fd9a1a6402.tmp". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9a885dea-6006-4243-8ea6-6bb81a70fe51.tmp". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb5393f14-8c30-41d9-99d4-f4c16c0afa05.tmp". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd997e19b-8c0f-4f23-97e2-213d560cd1e6.tmp". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs055e5348-8a15-45bb-8e9a-30424352c457.tmp". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsaa57fb69-c686-484f-9a65-760dbeae1318.tmp". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf2b461a2-de50-4f23-986e-72afb78ad389.tmp". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8054e63e-6094-4923-bf96-8fd89e2393de.tmp". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd83d0b28-d532-4510-b308-1d9d0e1b6cee.tmp". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsaf31b399-4c8d-42cf-a429-52fa47907f3b.tmp". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc8e34d57-1a2a-4ed5-8ebd-964a051d7cf0.tmp". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb3aaa5ae-451b-4461-a602-fef9b3033147.tmp". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsda9fd1c2-8671-4204-a991-66b8620bbf19.tmp". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9d0bf0cc-8c70-418a-a429-811763102984.tmp". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa0e96d66-690f-4dd4-87d2-8ee7a07d83a1.tmp". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsaaf71059-9420-415e-a407-736d2176fb71.tmp". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2a0f9054-1f74-40ff-93e5-8b4ef21321e8.tmp". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8a9db42b-873e-47e2-80cd-bb8de8b9d5d7.tmp". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsaade7790-fea4-43c7-a843-1af4af9e8c26.tmp". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs01117251-eb80-4345-9d0d-504c09f0fb57.tmp". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs557cfc81-73af-4594-8622-491421a43f1c.tmp". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsbae7cb94-ffdd-485f-886c-0659895d94cb.tmp". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs41442454-e7fc-466b-95f4-08763bf37e18.tmp". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs422ec9d6-70bb-411f-86da-3d88d5d3f637.tmp". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf576dc62-990b-4921-ba7b-fb91193975e7.tmp". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5c602a39-47d3-41e7-a065-b364310e7736.tmp". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs47ddc134-7ab3-4fa9-a07e-3826e574da79.tmp". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8dfa0ecc-cf56-4936-bc0b-af2e34b07f14.tmp". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs7a109eb2-def5-4b17-86a8-ce4450158995.tmp". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse1054c95-35af-4492-b0fe-abc82801e7e5.tmp". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs355d2960-2a01-485a-9a50-d861bf9fb93f.tmp". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa037c51d-5b05-4570-8966-ac01fd73c609.tmp". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs688a401e-dbbc-43bf-94c2-7248989a5e4a.tmp". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4219de99-e9dc-495c-a482-90ef1c88a8ef.tmp". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsea21c75e-c675-4bbf-8723-f7e38bbe4aaa.tmp". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd22979a8-4941-483d-afce-31678a65f3ff.tmp". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9914799f-13fc-44d5-a1ad-daa2030bcc1f.tmp". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs11f091bf-5802-4dd0-bba4-fb073eb794d1.tmp". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4859f13c-8f71-431a-a460-a48566f013a4.tmp". The process cannot access the file because it is being used by another process
11:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp&#

#5 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 14 March 2006 - 03:41 PM

Important: Do this before any fix.

Please put your HijackThis in it's own folder, (I create a new folder in C:\ named HJT).
You can do a Right Click on any open area on the desktop, New> Folder, then rename the folder HJT.

Go to where your HijackThis is and Right Click on HijackThis.exe, select Cut, then open the new folder you just created (HJT) Right Click in the folder and select paste.

The reason we do this is Hijackthis creates backup files just in case you'd need to restore one and we'll be cleaning out the temp files.

After the above:

Please do not delete anything unless instructed to.

Note: These are only 14 day trial versions and will make a differance in speed.
1.Click Start > Settings > Control Panel.
2.Next, open Add/Remove Programs and remove if listed:
Spy Sweeper
Ewido

Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer,CustomizeSearch = http://www.search-1.net/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchdot.net

R3 - URLSearchHook: (no name) - {A77BF4B4-48E4-081A-E480-ECE27B95C5AA} - media64.dll (file missing)

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\SYSTEM\Userinit.exe

O4 - HKLM\..\Run: [uio] zxc.exe
O4 - HKLM\..\Run: [NukeSpan] control64.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [FLKPT] systemdll.exe
O4 - HKCU\..\Run: [dialer423] 321102.exe
O4 - HKCU\..\Run: [ActionScr] ParisM.exe

O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....02/cpbrkpie.cab

Close ALL windows and browsers except HijackThis and click "Fix checked"

Delete these Files if listed:
zxc.exe
control64.exe
systemdll.exe
321102.exe
ParisM.exe

Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
This program is for XP and Windows 2000 only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Reboot and "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#6 Nancylynn

New Member

Authentic Member
11 posts

Posted 14 March 2006 - 05:16 PM

A couple of questions. 1. When I uninstalled Ewido, it asked if I wanted to include the quarentine and files... I did. was I not supposed to? 2. Also when I uninstalled spy sweeper, it said I should reboot. Should I do that before continuing. thanks/nancy

#7 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 14 March 2006 - 05:19 PM

Yes and Yes :thumbup:

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#8 Nancylynn

New Member

Authentic Member
11 posts

Posted 14 March 2006 - 06:50 PM

Ok, all done. computer start up was very slow, no other changes.

here is my hjt log:

Logfile of HijackThis v1.99.1
Scan saved at 7:13:29 PM, on 3/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Canon\BJPV\TVMon.exe
C:\Program Files\TextBridge Pro Millennium\Bin\InstantAccess.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SYSTEM32\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\ScanPanel\ScnPanel.exe
C:\Documents and Settings\default\Desktop\HJT\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\ROBOFORM.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\ROBOFORM.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [InstantAccess] C:\Program Files\TextBridge Pro Millennium\Bin\InstantAccess.exe /h
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: ScanPanel.lnk = C:\ScanPanel\ScnPanel.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL - {06FE5D02-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host - {06FE5D03-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV Live - {06FE5D04-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing)
O9 - Extra button: Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing)
O9 - Extra 'Tools' menuitem: AV &Translate - {06FE5D05-8F11-11d2-804F-00105A133818} - http://search.presar...&c=3c00&LC=0409 (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Point Alert - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - file://C:\Program Files\MyPointsPointAlert\System\Temp\mypoints_script0.htm (HKCU)
O12 - Plugin for .avi: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npavi32.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://help.bellsout...oad/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.a...75/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineco...loadcontrol.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.a...,17/mcgdmgr.cab
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://h30135.www3.h...er/SysQuery.cab
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

#9 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 14 March 2006 - 06:57 PM

My toolbar is locked

Can you explain this better so I can understand? Are you talking about Internet Explorer toolbar?

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#10 Nancylynn

New Member

Authentic Member
11 posts

Posted 14 March 2006 - 07:32 PM

Yes, In IE my toolbar at the top. I had links on it,and all of a sudden they disappeared. Where the link tab is, it is greyed out, and I can not click on it or drag anything up to it. It is still like that.

Advertisements

Register to Remove

#11 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 14 March 2006 - 07:39 PM

Can you click on View> Toolbars> and put a check on Links?

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#12 Nancylynn

New Member

Authentic Member
11 posts

Posted 14 March 2006 - 07:45 PM

There is a check next to links. when I de-select it, the greyed "link" disappears completely.

#13 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 14 March 2006 - 07:48 PM

Where you can see Links, are there any of these >>
If so, click on the >>
Do you see the links now?

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#14 Nancylynn

New Member

Authentic Member
11 posts

Posted 14 March 2006 - 08:12 PM

yes the >> are there. and when I click on them, my links are all listed. It is just that I can not move them to the tool bar. there are four little : to the left of the word link. It is greyed out as well and I can not change the length of that bar. I had several of my links on the tool bar as I used them often.

#15 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 14 March 2006 - 08:17 PM

Click View> Toolbars..Uncheck Lock The Toolbars

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

Body Background

skin color theme