Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winfixer Ad Popup


  • Please log in to reply
22 replies to this topic

#1 deb65

deb65

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 27 November 2005 - 07:33 PM

Not sure where this came from or when. Just started getting the winzipper popup window yesterday or the day before. Here is the hijack log file.

Thanks! You folks are awesome!

Logfile of HijackThis v1.99.1
Scan saved at 5:28:20 PM, on 11/27/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\QUICKENW\QAGENT.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE
C:\WINDOWS\SYSTEM\MRTMNGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQGALRY.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://grandjunction.bresnanonline.net/community
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Bresnan OnLine
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\SYSTEM\SSQRS.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ATLDistrib Object - {659E147E-BD03-4605-988C-AA6D7EA497CA} - C:\WINDOWS\SYSTEM\QOMLL.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [SCUpdate] "C:\PROGRAM FILES\BRESNAN\MIGCFG\PROGRAMS\AutoUpdate.exe"
O4 - HKLM\..\Run: [QAGENT] C:\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunOnce: [*QOMLL] rundll32.exe C:\WINDOWS\SYSTEM\QOMLL.DLL,CreateProtectProc rerun
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...96/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partner...ll2/install.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab


Debbie

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:31 PM

Posted 30 November 2005 - 12:12 PM

Hi and Welcome to bleeping computer!! Posted Image

My name is David Posted Image

Please do both of the following before we start if possible!:

1) Please print off these intructions - they will be needed later when internet access is not available.
2) Save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.

There is a bit to do on the log - i can almost guaruntee ewido will remove something - it's also a good free tool to keep in your arsenal! :thumbsup:

Please download ewido security suite it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck.
    • Install background guard
    • Install scan via context menu
  • Launch ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful") Posted Image
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido security suite.

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link for "SpySweeper" to download the program. NOTE: DO NOT click the Free Spyware Scan link.
  • Install it.
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.
Then reboot your computer - IMPORTANT
Then post a new HJT log
David

#3 deb65

deb65
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 30 November 2005 - 07:21 PM

Hi David-

Ewido says it's for 2000 and XP. I'm still running 98 - will it work?

And I've tried running spy sweeper and it keeps freezing up on me and giving me a blue screen warning.

Where to go from here? :thumbsup:

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:31 PM

Posted 01 December 2005 - 01:11 PM

Please do both of the following before we start if possible!:

1) Please print off these intructions - they will be needed later when internet access is not available.
2) Save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.
At the moment you may feel like you battling with your computer to keep it running smoothly, but doing the following things should most certainly help getting it back to how it was
_____________________

Download KillBox here: http://www.downloads.subratam.org/KillBox.zip
Save it to your desktop.
DO NOT run it yet.
_____________________

With IE closed, run Hijack This again.
Put a checkmark on these entries and hit "fix checked":

O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\SYSTEM\SSQRS.DLL
O2 - BHO: ATLDistrib Object - {659E147E-BD03-4605-988C-AA6D7EA497CA} - C:\WINDOWS\SYSTEM\QOMLL.DLL
O4 - HKLM\..\RunOnce: [*QOMLL] rundll32.exe C:\WINDOWS\SYSTEM\QOMLL.DLL,CreateProtectProc rerun
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partner...ll2/install.cab

_____________________

Boot into Safe Mode

Double-click on Killbox.exe to run it.
Now put a tick by Standard File Kill.
In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file.
It will ask for confimation to delete the file.
Click Yes.
Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINDOWS\SYSTEM\QOMLL.DLL
C:\WINDOWS\SYSTEM\SSQRS.DLL

_____________________

Please Navigate to the C:\Windows\Temp folder.
Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder. (if you cannot delete some items it's fine!)
_____________________

Then go to Start > Run and type %temp% in the Run box.
The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.
_____________________

Finally go to Control Panel > Internet Options. m
Put a check by "Delete Offline Content" and click OK.
Click on the Programs tab then click the "Reset Web Settings" button.
Click Apply then OK.
_____________________

Empty the Recycle Bin.
_____________________

Reboot to normal mode and post a new HJT log
David

#5 deb65

deb65
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 01 December 2005 - 10:14 PM

Okay David-

Got 'er done. Here's the new log file.

Still getting the pop up window and the computer is still acting funky - I have a new one coming next week but need to make sure I can get files off this one without infecting the new one.

Thanks for all your help-

Logfile of HijackThis v1.99.1
Scan saved at 7:52:04 PM, on 12/1/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Logfile of HijackThis v1.99.1
Scan saved at 7:52:04 PM, on 12/1/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\QUICKENW\QAGENT.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE
C:\WINDOWS\SYSTEM\MRTMNGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\HPZIPM12.EXE
C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQGALRY.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE
C:\WINDOWS\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://grandjunction.bresnanonline.net/community
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Bresnan OnLine
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: ATLDistrib Object - {3FE36807-69ED-45D1-B9BE-85C0E3F75B6A} - C:\WINDOWS\SYSTEM\XXYAX.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [SCUpdate] "C:\PROGRAM FILES\BRESNAN\MIGCFG\PROGRAMS\AutoUpdate.exe"
O4 - HKLM\..\Run: [QAGENT] C:\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunOnce: [*XXYAX] rundll32.exe C:\WINDOWS\SYSTEM\XXYAX.DLL,CreateProtectProc rerun
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...96/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

#6 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:31 PM

Posted 02 December 2005 - 12:22 PM

God, i've forgotten the name of the infection you have. It's the one with the * in it. I'll get it soon! :thumbsup:

Could you do this meanwhile whilst i ask someone!

Click Here to do a Panda online scan
  • If it asks you install active x controls click Yes
  • if a box comes up telling you to install the program also click Yes
  • Make sure you tick Disinfect automatically under Scan Options
  • complete the scan and post the log that you can save afterwards in the same way you did the HJT log.
  • It is normal for it to take a reasonable time to complete
David

#7 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:31 PM

Posted 02 December 2005 - 12:27 PM

Run the removal tool here:

http://securityresponse.symantec.com/avcen...virtumonde.html

Reboot and post a new HJT log with the Panda scan log

David

#8 deb65

deb65
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 03 December 2005 - 02:05 PM

Hey David-

Not having much luck here. The Symantec scan said there was no virtualmonde found. The Panda antivirus will download but when it gets finished it ways my resolution needs to be set to VGA or higher. I can't find a VGA setting anywhere.

Next?

Debbie

#9 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:31 PM

Posted 03 December 2005 - 02:31 PM

Adware-Virtumundo Removal Tool v1.2 (Associated with WinFixer Popups)

Note: This tools does not remove the WinFixer application. WinFixer alone does not cause popups or disrupt the system. If WinFixer was installed on your system because Adware or a Trojan Downloader installed it without your permission, please remove it using the Add/Remove Programs Control Panel Applet.

If Virtumundo is not found, the tool will exit showing the log file.
If Virtumundo is found it will do the following:
Version 1.1
Create a Date/Time Stamped log file (VBG.TXT) on the All Users profile's Desktop.
Kill Internet Explorer and Explorer processes.
Rename the infected files with a .Vir extension (this is disable them from being run)
Remove the Browser Helper Object registry key
Adds a registry value to block file from running in Internet Explorer again.
Remove the Winlogon Notify registry key
Automatically restart the computer (via STOP error)
Note: This is a BLUE SCREEN "Fatal Error" Message. It is normal and expected. The tool ends an important Windows Process that was protecting the file and NT Security STOPS the system as soon as it detects this is happening.

Version 1.2
Removed the instruction to Stop McShield
Cleaned up some logging messages.
Added checking for BHO with no default name. These entries will be checked to see if they are referenced to be start up with WinLogon. If it is, it will be tagged as Virtumundo and removed.

VirusScan will now be able to remove the files normally when you run an on-demand scan.

Download Link -> http://secured2k.home.comcast.net/t...mundoBeGone.exe [76.2 KB]
MD5 SUM: a210c12a8264c024da5e0b05cb082a14

#10 deb65

deb65
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 03 December 2005 - 07:16 PM

Hi David

I ran the tool from this site (http://securityresponse.symantec.com/avcen...virtumonde.html) and it returned this log: Symantec Adware.VirtuMonde Removal Tool 1.0.3
Adware.VirtuMonde has not been found on your computer.

I tried to run Panda virus scan and it tells me at the end of the extractor that my resolution has to be set to VGA or higher. I can't find where to change that - the monitor appears to be at the highest setting.

The link you last gave me (http://secured2k.home.comcast.net/t...mundoBeGone.exe) gives me a URL not found message.

I've tried to run my McAfee virus scan twice and can't get it to finish. Obviously there are other issues with this computer besides just the trojan/virus/hijacker crap. :thumbsup:

Let me know...

#11 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:31 PM

Posted 04 December 2005 - 09:37 AM

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link for "SpySweeper" to download the program. NOTE: DO NOT click the Free Spyware Scan link.
  • Install it.
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.
Then reboot your computer - IMPORTANT
Then post a new HJT log

Edited by D-Trojanator, 04 December 2005 - 09:49 AM.


#12 deb65

deb65
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 04 December 2005 - 02:57 PM

Hijack this log file:

Logfile of HijackThis v1.99.1
Scan saved at 12:48:07 PM, on 12/4/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
c:\windows\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCSHLD9X.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\MCAFEE.COM\VSO\OASCLNT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCTSKSHD.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\QUICKENW\QAGENT.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE
C:\WINDOWS\SYSTEM\MRTMNGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\HPZIPM12.EXE
C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQGALRY.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://grandjunction.bresnanonline.net/community
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Bresnan OnLine
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: ATLDistrib Object - {3FE36807-69ED-45D1-B9BE-85C0E3F75B6A} - C:\WINDOWS\SYSTEM\XXYAX.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HPScanPatch] C:\WINDOWS\SYSTEM\HPScanFix.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [SCUpdate] "C:\PROGRAM FILES\BRESNAN\MIGCFG\PROGRAMS\AutoUpdate.exe"
O4 - HKLM\..\Run: [QAGENT] C:\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [MCTskShd] C:\PROGRA~1\MCAFEE.COM\AGENT\mctskshd.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [KB891711] c:\windows\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [McShld9x] C:\Program Files\McAfee.com\VSO\mcshld9x.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab

SpySweeper ran in "safe mode" (the programs diagnostic mode not my computer's safe mode) and the log file follows.

********
11:12 AM: | Start of Session, Sunday, December 04, 2005 |
11:12 AM: Spy Sweeper started
11:12 AM: Sweep initiated using definitions version 556
11:12 AM: Starting Memory Sweep
11:21 AM: Memory Sweep Complete, Elapsed Time: 00:09:31
11:21 AM: Starting Registry Sweep
11:25 AM: Registry Sweep Complete, Elapsed Time:00:03:11
11:25 AM: Starting Cookie Sweep
11:25 AM: Found Spy Cookie: pub cookie
11:25 AM: deborah thorne@pub[1].txt (ID = 3205)
11:25 AM: Found Spy Cookie: tribalfusion cookie
11:25 AM: deborah thorne@tribalfusion[1].txt (ID = 3589)
11:25 AM: Found Spy Cookie: belnk cookie
11:25 AM: deborah thorne@belnk[1].txt (ID = 2292)
11:25 AM: Found Spy Cookie: tvguide cookie
11:25 AM: deborah thorne@sdc.tvguide[1].txt (ID = 3600)
11:25 AM: deborah thorne@rsi.tvguide[1].txt (ID = 3600)
11:25 AM: deborah thorne@tvguide[2].txt (ID = 3599)
11:25 AM: Found Spy Cookie: go2net.com cookie
11:25 AM: deborah thorne@go2net[1].txt (ID = 2730)
11:25 AM: Found Spy Cookie: ask cookie
11:25 AM: deborah thorne@ask[1].txt (ID = 2245)
11:25 AM: deborah thorne@dist.belnk[2].txt (ID = 2293)
11:25 AM: Found Spy Cookie: burstbeacon cookie
11:25 AM: deborah thorne@www.burstbeacon[2].txt (ID = 2335)
11:25 AM: Found Spy Cookie: burstnet cookie
11:25 AM: deborah thorne@burstnet[1].txt (ID = 2336)
11:25 AM: Found Spy Cookie: adknowledge cookie
11:25 AM: deborah thorne@adknowledge[1].txt (ID = 2072)
11:25 AM: Found Spy Cookie: infospace cookie
11:25 AM: deborah thorne@msxml.infospace[1].txt (ID = 2866)
11:25 AM: deborah thorne@infospace[2].txt (ID = 2865)
11:25 AM: Found Spy Cookie: adlegend cookie
11:25 AM: deborah thorne@adlegend[1].txt (ID = 2074)
11:25 AM: Found Spy Cookie: about cookie
11:25 AM: deborah thorne@honeymoons.about[2].txt (ID = 2038)
11:25 AM: deborah thorne@about[2].txt (ID = 2037)
11:25 AM: Found Spy Cookie: pointroll cookie
11:25 AM: deborah thorne@ads.pointroll[2].txt (ID = 3148)
11:25 AM: Cookie Sweep Complete, Elapsed Time: 00:00:05
11:25 AM: Starting File Sweep
11:26 AM: Warning: Failed to open file "c:\windows\win386.swp". The process cannot access the file because
it is being used by another process
11:26 AM: Warning: Failed to open file "c:\windows\sentry.ini". Access is denied
11:26 AM: Found Adware: ezsearchbar
11:26 AM: addr_var.ini (ID = 60329)
11:26 AM: birth_var.ini (ID = 60332)
11:26 AM: city_var.ini (ID = 60333)
11:26 AM: name_var.ini (ID = 60352)
11:26 AM: name_gender.ini (ID = 60351)
11:26 AM: states.ini (ID = 60360)
11:26 AM: zip_var.ini (ID = 60362)
11:26 AM: phone_var.ini (ID = 60353)
11:36 AM: Found Adware: ignkeys
11:36 AM: update_rsp.dll (ID = 63481)
11:37 AM: update_bho.dll (ID = 63479)
11:37 AM: Found Adware: igetnet
11:37 AM: update_hosts.dll (ID = 63461)
11:40 AM: sentry.inf (ID = 60358)
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e21-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e22-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e23-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e24-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e25-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e26-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e27-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e28-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e29-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e2a-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e2b-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e2c-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e2d-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e2e-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e2f-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e30-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e31-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e32-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e33-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e34-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e35-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e36-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e37-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e38-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e39-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e3a-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e3b-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e3c-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e3d-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e3e-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e3f-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e40-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e41-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e42-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e43-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e44-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e45-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e46-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e47-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e48-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e49-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e4a-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e4b-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e4c-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e4d-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e4e-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e4f-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e50-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e51-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e52-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e53-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e54-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e55-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e56-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e57-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e58-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e59-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e5a-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e5b-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e5c-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e5d-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e5e-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e5f-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e60-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e61-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e62-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e63-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e64-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e65-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e66-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e67-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e68-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e69-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e6a-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e6b-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e6c-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e6d-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e6e-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e6f-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e70-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e71-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e72-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e73-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e74-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e75-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e76-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e77-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e78-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e79-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e7a-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e7b-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e7c-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e7d-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e7e-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e7f-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e80-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e81-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e82-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e83-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e84-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e85-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e86-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e87-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
it is being used by another process
11:42 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff44e88-64b6-11da-bd98-0000e88930b4.tmp". The process cannot access the file because
12:16 PM: Traces Found: 30


Thanks! Debbie

#13 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:31 PM

Posted 04 December 2005 - 03:13 PM

Still getting the pop-up?
David

#14 deb65

deb65
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 04 December 2005 - 03:56 PM

I haven't gotten the pop up today so far :thumbsup:

I do have a couple of other things going on. McAfee gives me a warning that a PUP has been found and identifies it as c:\Windows\Sentry.ini when I run spysweeper.

Also, when the machine reboots or boots for the 1st time, I get a message that says (in summarized form) that it can't find a device file that may be needed for Windows. Windows registry or SYSTEM.ini file refers to this device file but the device file no longer exists. Then it states that if I removed it on purpose that I need to remove the program it's associated with.

Any idea what that's about?

Thanks by the way! I appreciate your persistence on this! :flowers:

#15 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:31 PM

Posted 04 December 2005 - 03:58 PM

Download WinPFind!
  • Extract WinPFind.zip to your c:\ folder.
  • Reboot your computer into Safe Mode
  • Then open c:\WinPFind and double-click on WinPFind.exe.
  • When the program is open, click on the Start Scan button to start scanning your computer.
  • Be patient as this scan may take a while. When it is done, it will show a log and tell you the scan is completed.
  • Reboot your computer back to normal mode and and post the contents of c:\WinPFind\WinPFind.txt as a reply to this topic.
David




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users