Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93099 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Hijackthis log inside


  • This topic is locked This topic is locked
7 replies to this topic

#1 AL Lange

AL Lange

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 22 March 2006 - 01:03 PM

ok - I have done about 20 different virus and adware scans and still no difference. I am getting green links on webpages that shouldn't be there and am getting popups. I am getting popups by - click2begin.com and popupsearches
Please help!!

logfile -

Logfile of HijackThis v1.99.1
Scan saved at 1:57:36 PM, on 3/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\PS Tray Factory\PSTrayFactory.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\OE Quick Tools\oeqt4.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\OE Quick Tools\oeqt4.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\America Online 8.0\aol.exe
C:\Program Files\America Online 8.0\waol.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\al\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.baseballplanet.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,llmkteg.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: web compressor - {23FB5ADD-DA37-4a40-9FC0-B0E2384CDE92} -

C:\WINDOWS\system32\nsy1AAB.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber

Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

files\google\googletoolbar1.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber

Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /firstlogon
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TrayFactory] C:\Program Files\PS Tray Factory\PSTrayFactory.EXE /silent
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunOnce: [TrayFactory] C:\Program Files\PS Tray Factory\PSTrayFactory.exe

/start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: OE Quick Tools 4.lnk = C:\Program Files\OE Quick Tools\oeqt4.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend

Micro\Tmas\Tmas.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL

Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program

files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program

files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program

files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program

files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI

RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Similar Pages - res://c:\program

files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program

files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program

Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} -

file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program

Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} -

file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} -

C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} -

C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program

Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} -

file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program

Files\AIM\aim.exe
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program

Files\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} -

C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra button: PDFtypewriter - {B5EE1724-E26C-4431-A8F3-96FC5FE55CA1} - C:\Program

Files\PDFtypewriter\PDFtypewriterie.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program

Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -

C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents

and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} -

C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program

Files\PartyPoker.net\partypokernet.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} -

C:\Program Files\PartyPoker.net\partypokernet.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program

Files\Bodog Poker\GameClient.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -

http://housecall60.t...all/xscan60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -

http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation

Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) -

http://www.pcpitstop...cpConnCheck.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} -

http://esupport.aol....oach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} -

http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://v5.windowsupd...web_site.cab?11

02923112792
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.micros...b_site.cab?1130

249759857
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -

http://a840.g.akamai...call/xscan53.ca

b
O16 - DPF: {83EF1847-D835-490B-8D9D-90B2987D66E8} (AOL Pictures Uploader Class) -

http://pictures.aolc...der.9.3.2.1.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) -

http://secure2.comne...login-devel.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) -

http://147.208.130.8...t/TLIEFlash.CAB
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) -

http://webcamnow.com...tiveXWebCam.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class)

- http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -

http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) -

http://cdn.digitalci...illama/ampx.cab
O16 - DPF: {BB87C3EA-AFC2-401F-84E8-0C166F2B0DA3} (OggPlayer Class) -

http://www.one2one.c...WMOggPlayer.cab
O16 - DPF: {BB95299D-B65B-47E0-8DDB-697A66298C3A} (UniVoiceX Control) -

http://webcamnow.com...voice/voice.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) -

http://download.game...outLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -

http://download.game...aploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) -

http://fdl.msn.com/z...s/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{44EC0B6F-492A-40CE-8C8D-D3C050C4466C}: NameServer

= 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: GoToMyPC - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc -

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido

anti-malware\ewidoctrl.exe
O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Citrix\GoToMyPC\g2svc.exe"

-service (file missing)
O23 - Service: Iomega App Services - Iomega Corporation -

C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common

Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. -

C:\WINDOWS\wanmpsvc.exe

    Advertisements

Register to Remove


#2 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 25 March 2006 - 06:25 AM

Hello AL Lange, welcome to the forum. Sorry about the delay in responding :( If you still need help, Scan again with HijackThis, and copy/paste" a new log file into this thread. Please turn Word Wrap off in Notepad before posting the HJT log.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#3 AL Lange

AL Lange

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 12 April 2006 - 09:06 PM

Hi,

Thanks for the response. Since my original post, I was able to get rid of everything except now I have a browser hijacker - hooowah.com. It will open multiple browsers and even redirect open ones.

Below is the log file. Thank in advance for any help!

Logfile of HijackThis v1.99.1
Scan saved at 10:51:21 PM, on 4/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PS Tray Factory\PSTrayFactory.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OE Quick Tools\oeqt4.exe
C:\Program Files\OE Quick Tools\oeqt4.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\America Online 8.0\aol.exe
C:\Program Files\America Online 8.0\waol.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Documents and Settings\al\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.baseballplanet.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,llmkteg.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: RieMon Class - {70F6A776-579A-4C95-BA88-134253907752} - C:\WINDOWS\system32\irsmzqoi.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /firstlogon
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TrayFactory] C:\Program Files\PS Tray Factory\PSTrayFactory.EXE /silent
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunOnce: [TrayFactory] C:\Program Files\PS Tray Factory\PSTrayFactory.exe /start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\system32\irssyncd.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: OE Quick Tools 4.lnk = C:\Program Files\OE Quick Tools\oeqt4.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra button: PDFtypewriter - {B5EE1724-E26C-4431-A8F3-96FC5FE55CA1} - C:\Program Files\PDFtypewriter\PDFtypewriterie.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop...cpConnCheck.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol....oach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1102923112792
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1130249759857
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {83EF1847-D835-490B-8D9D-90B2987D66E8} (AOL Pictures Uploader Class) - http://pictures.aolc...der.9.3.2.1.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - http://147.208.130.8...t/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://webcamnow.com...tiveXWebCam.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) - http://cdn.digitalci...illama/ampx.cab
O16 - DPF: {BB87C3EA-AFC2-401F-84E8-0C166F2B0DA3} (OggPlayer Class) - http://www.one2one.c...WMOggPlayer.cab
O16 - DPF: {BB95299D-B65B-47E0-8DDB-697A66298C3A} (UniVoiceX Control) - http://webcamnow.com...voice/voice.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.game...outLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{44EC0B6F-492A-40CE-8C8D-D3C050C4466C}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: GoToMyPC - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#4 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 12 April 2006 - 09:10 PM

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.


Please do not delete anything unless instructed to.


Download the trial version of Spy Sweeper from Here

Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)

You will be prompted to check for updated definitions, please do so.
(This may take several minutes)

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.

Click on Sweep and allow it to fully scan your system.If you are prompted to restart the computer, do so immediately. This is a necessary step to kill the infection!

When the sweep has finished, click Remove. Click Select All and then Next

From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.

Exit Spy Sweeper.

Empty Recycle Bin

Reboot and "copy/paste" a new HJT log as well as the Resullts from Spy Sweeper file into this thread.
Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#5 AL Lange

AL Lange

    New Member

  • New Member
  • Pip
  • 3 posts

Posted 13 April 2006 - 05:23 AM

Hi,

I did as stated and many items were found, but after rebooting, I still get the hooowah.com popup browsers. It is less frequent though, if that means anything.

Logfile of HijackThis v1.99.1
Scan saved at 3:19:33 AM, on 4/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PS Tray Factory\PSTrayFactory.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OE Quick Tools\oeqt4.exe
C:\Program Files\OE Quick Tools\oeqt4.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\al\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.baseballplanet.com/
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,llmkteg.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SchedulingAgent] mstinit.exe /firstlogon
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TrayFactory] C:\Program Files\PS Tray Factory\PSTrayFactory.EXE /silent
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunOnce: [TrayFactory] C:\Program Files\PS Tray Factory\PSTrayFactory.exe /start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: OE Quick Tools 4.lnk = C:\Program Files\OE Quick Tools\oeqt4.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra button: PDFtypewriter - {B5EE1724-E26C-4431-A8F3-96FC5FE55CA1} - C:\Program Files\PDFtypewriter\PDFtypewriterie.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop...cpConnCheck.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol....oach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1102923112792
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1130249759857
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {83EF1847-D835-490B-8D9D-90B2987D66E8} (AOL Pictures Uploader Class) - http://pictures.aolc...der.9.3.2.1.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - http://147.208.130.8...t/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://webcamnow.com...tiveXWebCam.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) - http://cdn.digitalci...illama/ampx.cab
O16 - DPF: {BB87C3EA-AFC2-401F-84E8-0C166F2B0DA3} (OggPlayer Class) - http://www.one2one.c...WMOggPlayer.cab
O16 - DPF: {BB95299D-B65B-47E0-8DDB-697A66298C3A} (UniVoiceX Control) - http://webcamnow.com...voice/voice.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.game...outLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: GoToMyPC - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

-----------------------
********
12:10 AM: | Start of Session, Thursday, April 13, 2006 |
12:10 AM: Spy Sweeper started
12:10 AM: Sweep initiated using definitions version 656
12:10 AM: Starting Memory Sweep
12:11 AM: Found Adware: safesearch
12:11 AM: Detected running threat: C:\WINDOWS\system32\irsmzqoi.dll (ID = 246679)
12:21 AM: Detected running threat: C:\WINDOWS\SYSTEM32\irismon.dll (ID = 246191)
12:22 AM: Memory Sweep Complete, Elapsed Time: 00:11:25
12:22 AM: Starting Registry Sweep
12:22 AM: Found Adware: ezula ilookup
12:22 AM: HKLM\software\microsoft\netstat\ (1 subtraces) (ID = 926797)
12:23 AM: HKCR\clsid\{70f6a776-579a-4c95-ba88-134253907752}\ (11 subtraces) (ID = 1160010)
12:23 AM: HKCR\typelib\{72ec96e8-30eb-4da8-9446-b4366bf00249}\ (9 subtraces) (ID = 1160022)
12:23 AM: HKCR\iman.riemon\ (5 subtraces) (ID = 1160080)
12:23 AM: HKCR\iman.riemon.1\ (3 subtraces) (ID = 1160086)
12:23 AM: HKLM\software\microsoft\windows\currentversion\app paths\irism\ (2 subtraces) (ID = 1160093)
12:23 AM: HKLM\software\microsoft\windows\currentversion\app paths\irssyncd\ (2 subtraces) (ID = 1160096)
12:23 AM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{70f6a776-579a-4c95-ba88-134253907752}\ (ID = 1160099)
12:23 AM: HKLM\software\irismon\ (20 subtraces) (ID = 1165615)
12:23 AM: HKLM\software\classes\iman.riemon\ (5 subtraces) (ID = 1165636)
12:23 AM: HKLM\software\classes\iman.riemon.1\ (3 subtraces) (ID = 1165642)
12:23 AM: HKLM\software\classes\clsid\{70f6a776-579a-4c95-ba88-134253907752}\ (11 subtraces) (ID = 1165648)
12:23 AM: HKLM\software\classes\typelib\{72ec96e8-30eb-4da8-9446-b4366bf00249}\ (9 subtraces) (ID = 1165660)
12:23 AM: Found Adware: clkoptimizer
12:23 AM: HKCR\clsid\{ce3a44d8-bc88-4d62-a890-42d96245f8d6}\ (6 subtraces) (ID = 1212644)
12:23 AM: HKLM\software\classes\clsid\{ce3a44d8-bc88-4d62-a890-42d96245f8d6}\ (6 subtraces) (ID = 1212651)
12:23 AM: HKCR\folder\shellex\columnhandlers\{ce3a44d8-bc88-4d62-a890-42d96245f8d6}\ (1 subtraces) (ID = 1212684)
12:23 AM: HKLM\software\classes\folder\shellex\columnhandlers\{ce3a44d8-bc88-4d62-a890-42d96245f8d6}\ (1 subtraces) (ID = 1212686)
12:23 AM: HKLM\software\microsoft\internet explorer\extensions\{4abf810a-f11d-4169-9d5f-7d274f2270a1}\ (2 subtraces) (ID = 1212690)
12:23 AM: HKU\S-1-5-21-1606980848-813497703-854245398-1002\software\microsoft\windows\currentversion\run\ || irssyncd (ID = 1165604)
12:23 AM: Registry Sweep Complete, Elapsed Time:00:01:00
12:23 AM: Starting Cookie Sweep
12:23 AM: Found Spy Cookie: accoona cookie
12:23 AM: al@accoona[2].txt (ID = 2041)
12:23 AM: Found Spy Cookie: 89.com cookie
12:23 AM: al@89[1].txt (ID = 2021)
12:23 AM: Found Spy Cookie: about cookie
12:23 AM: al@sbinfocanada.about[1].txt (ID = 2038)
12:23 AM: Found Spy Cookie: screensavers.com cookie
12:23 AM: al@www.screensavers[2].txt (ID = 3298)
12:23 AM: al@gohawaii.about[2].txt (ID = 2038)
12:23 AM: al@exercise.about[2].txt (ID = 2038)
12:23 AM: Found Spy Cookie: kount cookie
12:23 AM: al@kount[1].txt (ID = 2911)
12:23 AM: al@physics.about[1].txt (ID = 2038)
12:23 AM: Found Spy Cookie: xiti cookie
12:23 AM: al@xiti[2].txt (ID = 3717)
12:23 AM: Found Spy Cookie: 2o7.net cookie
12:23 AM: al@122.2o7[2].txt (ID = 1958)
12:23 AM: Found Spy Cookie: askmen cookie
12:23 AM: al@www.askmen[1].txt (ID = 2248)
12:23 AM: Found Spy Cookie: howstuffworks cookie
12:23 AM: al@howstuffworks[1].txt (ID = 2805)
12:23 AM: al@webclipart.about[1].txt (ID = 2038)
12:23 AM: Found Spy Cookie: affiliatefuel.com cookie
12:23 AM: al@www.affiliatefuel[2].txt (ID = 2202)
12:23 AM: Found Spy Cookie: search123 cookie
12:23 AM: al@search123[1].txt (ID = 3305)
12:23 AM: Found Spy Cookie: 3 cookie
12:23 AM: al@3[1].txt (ID = 1959)
12:23 AM: al@mutualfunds.about[2].txt (ID = 2038)
12:23 AM: Found Spy Cookie: nuker cookie
12:23 AM: al@nuker[1].txt (ID = 3085)
12:23 AM: Found Spy Cookie: ugo cookie
12:23 AM: al@ugo[1].txt (ID = 3608)
12:23 AM: al@askmen[1].txt (ID = 2247)
12:23 AM: Found Spy Cookie: 360i cookie
12:23 AM: al@ct.360i[2].txt (ID = 1962)
12:23 AM: al@partygaming.122.2o7[2].txt (ID = 1958)
12:23 AM: Found Spy Cookie: partypoker cookie
12:23 AM: al@partypoker[2].txt (ID = 3111)
12:23 AM: Found Spy Cookie: webpower cookie
12:23 AM: al@webpower[1].txt (ID = 3660)
12:23 AM: al@altmedicine.about[1].txt (ID = 2038)
12:23 AM: Found Spy Cookie: a cookie
12:23 AM: al@a[1].txt (ID = 2027)
12:23 AM: Found Spy Cookie: directtrack cookie
12:23 AM: al@rapidresponse.directtrack[1].txt (ID = 2528)
12:23 AM: Found Spy Cookie: homestore cookie
12:23 AM: al@homestore[1].txt (ID = 2793)
12:23 AM: al@mobileoffice.about[1].txt (ID = 2038)
12:23 AM: al@crime.about[1].txt (ID = 2038)
12:23 AM: Found Spy Cookie: ic-live cookie
12:23 AM: al@ic-live[1].txt (ID = 2821)
12:23 AM: al@genealogy.about[1].txt (ID = 2038)
12:23 AM: al@certification.about[1].txt (ID = 2038)
12:23 AM: Found Spy Cookie: reunion cookie
12:23 AM: al@reunion[1].txt (ID = 3255)
12:23 AM: Found Spy Cookie: infospace cookie
12:23 AM: al@infospace[1].txt (ID = 2865)
12:23 AM: Found Spy Cookie: go.com cookie
12:23 AM: al@games.espn.go[1].txt (ID = 2729)
12:23 AM: al@perl.about[1].txt (ID = 2038)
12:23 AM: Found Spy Cookie: cnt cookie
12:23 AM: al@cnt[2].txt (ID = 2422)
12:23 AM: al@xiti[1].txt (ID = 3717)
12:23 AM: Found Spy Cookie: rc cookie
12:23 AM: al@rc[1].txt (ID = 3231)
12:23 AM: Found Spy Cookie: webtrendslive cookie
12:23 AM: al@S005-01-9-28-233860-106434[2].txt (ID = 3679)
12:23 AM: al@queens.about[1].txt (ID = 2038)
12:23 AM: Found Spy Cookie: server.iad.liveperson cookie
12:23 AM: al@server.iad.liveperson[1].txt (ID = 3341)
12:23 AM: al@goflorida.about[1].txt (ID = 2038)
12:23 AM: Found Spy Cookie: nextag cookie
12:23 AM: al@nextag[2].txt (ID = 5014)
12:23 AM: Found Spy Cookie: ccbill cookie
12:23 AM: al@ccbill[1].txt (ID = 2369)
12:23 AM: al@rsi.espn.go[1].txt (ID = 2729)
12:23 AM: al@sports.espn.go[1].txt (ID = 2729)
12:23 AM: al@personalweb.about[1].txt (ID = 2038)
12:23 AM: al@visualbasic.about[1].txt (ID = 2038)
12:23 AM: Found Spy Cookie: ad-rotator cookie
12:23 AM: al@ad-rotator[2].txt (ID = 2051)
12:23 AM: Found Spy Cookie: metrodate cookie
12:23 AM: al@www.metrodate[1].txt (ID = 2995)
12:23 AM: al@casinogambling.about[1].txt (ID = 2038)
12:23 AM: al@goeurope.about[1].txt (ID = 2038)
12:23 AM: al@desktoppub.about[1].txt (ID = 2038)
12:23 AM: al@javascript.about[1].txt (ID = 2038)
12:23 AM: al@webdesign.about[2].txt (ID = 2038)
12:23 AM: Found Spy Cookie: experclick cookie
12:23 AM: al@experclick[2].txt (ID = 2639)
12:23 AM: al@french.about[1].txt (ID = 2038)
12:23 AM: Found Spy Cookie: belnk cookie
12:23 AM: al@ath.belnk[2].txt (ID = 2293)
12:23 AM: al@r1.affiliatefuel[2].txt (ID = 2202)
12:23 AM: al@esl.about[1].txt (ID = 2038)
12:23 AM: Found Spy Cookie: did-it cookie
12:23 AM: al@did-it[1].txt (ID = 2523)
12:23 AM: Found Spy Cookie: techtarget cookie
12:23 AM: al@whatis.techtarget[1].txt (ID = 3500)
12:23 AM: Found Spy Cookie: touchclarity cookie
12:23 AM: al@btow.touchclarity[1].txt (ID = 3566)
12:23 AM: Found Spy Cookie: eadexchange cookie
12:23 AM: al@www.eadexchange[2].txt (ID = 2556)
12:23 AM: Found Spy Cookie: metareward.com cookie
12:23 AM: al@metareward[1].txt (ID = 2990)
12:23 AM: Found Spy Cookie: 64.62.232 cookie
12:23 AM: al@64.62.232[2].txt (ID = 1987)
12:23 AM: al@msnportal.112.2o7[1].txt (ID = 1958)
12:23 AM: Found Spy Cookie: gostats cookie
12:23 AM: al@gostats[1].txt (ID = 2747)
12:23 AM: al@spreadsheets.about[1].txt (ID = 2038)
12:23 AM: al@64.62.232[4].txt (ID = 1987)
12:23 AM: al@64.62.232[1].txt (ID = 1987)
12:23 AM: al@64.62.232[3].txt (ID = 1987)
12:23 AM: al@espn.go[2].txt (ID = 2729)
12:23 AM: al@accoona[1].txt (ID = 2041)
12:23 AM: Found Spy Cookie: yadro cookie
12:23 AM: al@yadro[1].txt (ID = 3743)
12:23 AM: al@c3.gostats[1].txt (ID = 2748)
12:23 AM: Found Spy Cookie: ademails.com cookie
12:23 AM: al@www.ademails[1].txt (ID = 2066)
12:23 AM: al@searchcio.techtarget[2].txt (ID = 3500)
12:23 AM: al@microsofteup.112.2o7[1].txt (ID = 1958)
12:23 AM: al@S005-01-9-28-233860-106434[1].txt (ID = 3679)
12:23 AM: Found Spy Cookie: rambler cookie
12:23 AM: al@rambler[1].txt (ID = 3225)
12:23 AM: Found Spy Cookie: linksynergy cookie
12:23 AM: al@linksynergy[2].txt (ID = 2926)
12:23 AM: al@directtrack[1].txt (ID = 2527)
12:23 AM: al@statse.webtrendslive[1].txt (ID = 3667)
12:23 AM: Found Spy Cookie: aptimus cookie
12:23 AM: al@network.aptimus[1].txt (ID = 2235)
12:23 AM: al@urbanlegends.about[1].txt (ID = 2038)
12:23 AM: al@ad.reunion[1].txt (ID = 3256)
12:23 AM: Found Spy Cookie: mygeek cookie
12:23 AM: al@mygeek[1].txt (ID = 3041)
12:23 AM: al@www.homestore[2].txt (ID = 2794)
12:23 AM: al@partypoker[1].txt (ID = 3111)
12:23 AM: al@humor.about[1].txt (ID = 2038)
12:23 AM: al@graphicssoft.about[1].txt (ID = 2038)
12:23 AM: Found Spy Cookie: clicktracks cookie
12:23 AM: al@stats2.clicktracks[2].txt (ID = 2407)
12:23 AM: Found Spy Cookie: ask cookie
12:23 AM: al@secure.sponsoredlistings.ask[1].txt (ID = 2246)
12:23 AM: Found Spy Cookie: toplist cookie
12:23 AM: al@toplist[1].txt (ID = 3557)
12:23 AM: Found Spy Cookie: mytemplatestorage cookie
12:23 AM: al@www.mytemplatestorage[2].txt (ID = 3050)
12:23 AM: Found Spy Cookie: adminder cookie
12:23 AM: al@www.adminder[1].txt (ID = 2079)
12:23 AM: Found Spy Cookie: banners cookie
12:23 AM: al@banners[2].txt (ID = 2282)
12:23 AM: Cookie Sweep Complete, Elapsed Time: 00:00:07
12:23 AM: Starting File Sweep
12:23 AM: Warning: Failed to open file "c:\pagefile.sys". Access is denied
12:26 AM: Found Adware: shopathomeselect
12:26 AM: 66riqetr.dat (ID = 75821)
12:26 AM: 7tclachj.dat (ID = 75607)
12:26 AM: 7luora5a.dat (ID = 75949)
12:26 AM: irismon.dll (ID = 246191)
12:26 AM: irsmzqoi.dll (ID = 246679)
12:27 AM: irssyncd.exe (ID = 246193)
12:27 AM: HKU\S-1-5-21-1606980848-813497703-854245398-1002\Software\Microsoft\Windows\CurrentVersion\Run || irssyncd (ID = 0)
12:29 AM: Warning: Failed to open file "c:\windows\system32\config\security.log". The process cannot access the file because it is being used by another process
12:29 AM: Warning: Failed to open file "c:\windows\system32\config\software.log". The process cannot access the file because it is being used by another process
12:29 AM: Warning: Failed to open file "c:\windows\system32\config\system.log". The process cannot access the file because it is being used by another process
12:29 AM: Warning: Failed to open file "c:\windows\system32\config\default.log". The process cannot access the file because it is being used by another process
12:29 AM: Warning: Failed to open file "c:\windows\system32\config\sam.log". The process cannot access the file because it is being used by another process
12:29 AM: Warning: Failed to open file "c:\windows\system32\config\default". The process cannot access the file because it is being used by another process
12:29 AM: Warning: Failed to open file "c:\windows\system32\config\security". The process cannot access the file because it is being used by another process
12:29 AM: Warning: Failed to open file "c:\windows\system32\config\software". The process cannot access the file because it is being used by another process
12:29 AM: Warning: Failed to open file "c:\windows\system32\config\system". The process cannot access the file because it is being used by another process
12:29 AM: Warning: Failed to open file "c:\windows\system32\config\sam". The process cannot access the file because it is being used by another process
12:40 AM: Warning: Failed to open file "c:\windows\temp\perflib_perfdata_608.dat". The process cannot access the file because it is being used by another process
1:02 AM: Warning: Failed to open file "c:\program files\america online 8.0\idb\main.idx". The process cannot access the file because it is being used by another process
1:02 AM: Warning: Failed to open file "c:\program files\america online 8.0\idb\app10682.lst". The process cannot access the file because it is being used by another process
1:02 AM: Warning: Failed to open file "c:\program files\america online 8.0\idb\app10674.lst". The process cannot access the file because it is being used by another process
1:02 AM: Warning: Failed to open file "c:\program files\america online 8.0\idb\app10575.lst". The process cannot access the file because it is being used by another process
1:02 AM: Warning: Failed to open file "c:\program files\america online 8.0\idb\app10244.lst". The process cannot access the file because it is being used by another process
1:02 AM: Warning: Failed to open file "c:\program files\america online 8.0\idb\style.lst". The process cannot access the file because it is being used by another process
1:02 AM: Warning: Failed to open file "c:\program files\america online 8.0\idb\app10673.lst". The process cannot access the file because it is being used by another process
1:02 AM: Warning: Failed to open file "c:\program files\america online 8.0\idb\app9956.lst". The process cannot access the file because it is being used by another process
1:02 AM: Warning: Failed to open file "c:\program files\america online 8.0\idb\apps.lst". The process cannot access the file because it is being used by another process
1:02 AM: Warning: Failed to open file "c:\program files\america online 8.0\idb\app9076.lst". The process cannot access the file because it is being used by another process
1:02 AM: Warning: Failed to open file "c:\program files\america online 8.0\idb\toolbar.lst". The process cannot access the file because it is being used by another process
1:02 AM: Warning: Failed to open file "c:\program files\america online 8.0\idb\app10393.lst". The process cannot access the file because it is being used by another process
1:02 AM: Warning: Failed to open file "c:\program files\america online 8.0\idb\app10137.lst". The process cannot access the file because it is being used by another process
1:02 AM: Warning: Failed to open file "c:\program files\america online 8.0\idb\spool.lst". The process cannot access the file because it is being used by another process
1:02 AM: Warning: Failed to open file "c:\program files\america online 8.0\idb\sysnews.lst". The process cannot access the file because it is being used by another process
1:13 AM: Found Adware: 180search assistant/zango
1:13 AM: npclntax.dll (ID = 244411)
1:15 AM: Warning: Failed to read file "c:\documents and settings\all users\application data\aol\topspeed\2.0\aoltsmon.lock". The process cannot access the file because another process has locked a portion of the file
1:15 AM: Warning: Failed to read file "c:\documents and settings\all users\application data\aol\topspeed\2.0\server.lock". The process cannot access the file because another process has locked a portion of the file
1:17 AM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
1:17 AM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat". The process cannot access the file because it is being used by another process
1:17 AM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
1:17 AM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
1:17 AM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
1:17 AM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat". The process cannot access the file because it is being used by another process
1:17 AM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
1:17 AM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs08194ffe-7308-410f-9fd6-24ef60a1074f.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8707fd08-72cb-4b7a-8d50-13b3aaf25ac6.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsaa1d93be-3b84-4141-a5c0-17408b27638a.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8730dc3a-13f1-45f6-a0ce-fb5a306008cf.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse1916e26-2396-4ce2-ac74-d166575f76cf.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs188f7e9e-a1a2-4a09-9e17-9e1d4bde5cef.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs1f58da0f-777b-4a34-91c6-7e9b15487544.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf85e555b-ecca-4e4c-be1d-6183fffc2efd.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs40387701-47ce-46e0-9969-5adfd5174f64.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs29cfe307-ca40-4100-818a-4b6189929b75.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6d371419-68f8-43c9-926c-361e1710287a.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd945b22c-2bb8-4fba-9e79-b57458710c57.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs1a4744f2-fb3e-4245-8634-cc414a2b8f3b.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs429a72b4-bbdc-40a0-a681-2168c941677b.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6d1165ac-e845-4ac1-9c53-2e7e5384ba6d.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4ff39278-c031-4b2b-85ed-2bd04f2f5f1b.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs74277251-d8c7-4181-95f9-5e77e60c6046.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6189ea24-2009-4bd8-99d3-9f6def99eeee.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs352d6f4a-7097-497a-827e-12145d577b3e.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4e760f5b-de3f-4918-aedf-f9a656f60e1f.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9a77776c-aee0-4322-a5db-8b6c6b2957a9.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5c789eb2-22dc-4465-b1c4-49b1be47322a.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs0ac21627-8c51-4e60-90f4-c7ef40b1eabe.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9a2fcbb9-2160-47b2-a438-a1b65d9654ca.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsedf3e25a-fe97-4e55-b6e0-44bc803d1e4b.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8bbf2bd9-98ae-43f1-97a5-e4102f7f5464.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs511f9136-e0e6-462f-86ca-f631e72722bc.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9630186d-83fb-4236-9350-9d7f9ac1300e.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs456ee6ac-a5e7-4c13-b4f6-fe4bd35eed6e.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs51ec425d-42bb-472c-bc3f-1ce7a834fb56.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf857a4a1-ef8b-40e4-b2f3-4d419bc7bb2f.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs752ba098-1781-44cb-8384-a2e98d3a596f.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf608cb80-2bf4-415b-b11e-213aedd1fa84.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs63013049-13b8-491b-9c91-d992b19bb3d3.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs726e789c-a782-4e09-8ea4-c04d0653d129.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc3dcda04-1531-480a-bca1-d92ad891cd1e.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2a81f3eb-8274-451a-a446-717a01fe4d4a.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsfbc3d929-96e7-4afb-9a12-3a49afaac7f8.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4069e38e-a390-487b-91b4-b7fa43c8fd1d.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs287a820f-a6ad-4a44-89a1-15b160bfbe27.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs79ac6e1e-ea15-4322-a39e-9ec1f2775f5d.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs19845a51-c54c-4501-b431-d1db48800eba.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsefab1589-3999-4dc7-9ef4-16bca46e9782.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs19694029-410a-48ae-906d-f776856cb4dd.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb9861edb-9db3-4a0c-a60a-eb6bb5868af1.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs1da6a4a0-3eb7-4356-9325-dc25ecf4bbf6.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3a795f16-7889-4761-822c-3bc8ae36d364.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5783f5a8-cd62-405b-9ce0-b77f9f6a7a04.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs85c70ec2-23fa-456a-b859-4a564898df0c.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4c3ff6d2-c001-43e7-93f8-7cbe92fd322d.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3b45cbc8-083d-45de-8238-885737f3a1e3.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs663bae71-5971-4609-957c-aeb797d38639.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd34c844f-c35d-4509-a3c4-9d27426ff621.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf6364ddd-d935-48b3-9a66-338d9c5328b0.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6907fd86-01e4-426c-b8e6-43ea6d3fb1ba.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs14916598-9007-46ba-999a-5de9482b8404.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsfb3ef656-de65-45c7-a1cd-3194d88e2e91.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs722da225-8dcf-4227-8b23-0b786b5e093c.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs91ba3c30-0068-4f14-b58a-73134436114e.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs58e56670-d756-4eec-b715-df082d9ac464.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs79165421-93b4-4d6b-9cc2-584ebac79620.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsdb0d0a35-2472-405c-baff-bb5174b7e78f.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs60556ddd-abff-4c23-8add-1e030c3ebf30.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse576ae32-300f-454f-a9c1-c8c3859cf163.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5d7a9333-98a3-4af2-8443-001069fb7bb4.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse8e3f103-dec1-4ab7-8699-19f007b0d6da.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs581b32a7-bb4c-4067-b217-34eaec3b3446.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3cf8c536-eaf4-462b-b618-4b2221bb8164.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs797c7bb6-bdd1-41dd-8a52-87200eb4c13f.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs921ca4a3-0d4d-44af-ad6f-561514be77f5.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs69cd5fd9-f170-45f2-9c16-11f726c1faca.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs299ea637-3b4d-4422-b77b-36e82ae6b227.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs29a973f6-3b4d-45bd-b1e2-ce8052d34f0a.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs281f346f-9ab9-4239-a9a4-6e27760ae48b.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2a8d7bc3-c12d-4e15-a8b8-4c90dfac65f1.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs20c5976e-fc69-4a10-a2e3-9b51bc43c007.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs95d22797-3377-4549-96b3-6ff3ae59d4a0.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs7138f048-e3c3-46a3-9a7d-bd6349b4067f.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs42723f6a-9c16-4498-91ed-af9b287cad5d.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf3f2eb98-de29-41a5-b39c-58cb731f93ea.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb11e0cca-a4ba-4db1-b220-d26ef19833bc.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs0d596f9f-a432-489e-be05-5b6eae98a848.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs157dfadf-81d0-4dad-9103-60bed0091abc.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse35c2b67-9cae-4dd8-adb9-a5799827ddf7.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs70c9db37-a7ba-4303-9d44-81a0fb995fee.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs71e1746d-29dd-43d7-95ce-52f1df6c9fb8.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse3630a6c-9cca-43e5-8486-146a2167cb0f.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsfcdd097c-e910-41a1-b06e-d4d104fdb59b.tmp". The process cannot access the file because it is being used by another process
1:18 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9fd69824-08f9-4432-bd78-d0de52b6b685.tmp". The process cannot access the file because it is being used by another process

#6 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 13 April 2006 - 03:00 PM

Download FindQoologic.zip save it to your C:\.
http://downloads.sub...on/FindQool.zip

Extract (unzip) the files inside into their own folder called FindQool.
Read here how to unzip/extract properly:
http://metallica.gee...xplanation.html

This folder should be present on your C:\
In case it's not present there, move the FindQool folder to C:\ otherwise it won't work.
Then open the FindQool folder.
Locate and double-click the Qlocate.bat file to run it.

This will scan your system.
Wait until a text opens.
Post this in your next reply

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#7 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 17 April 2006 - 03:13 PM

How are you doing with the fix?

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#8 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 22 April 2006 - 05:50 PM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users