Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Offer Suggestions


  • Please log in to reply
28 replies to this topic

#1 devanert

devanert

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:09 PM

Posted 05 December 2005 - 12:57 PM

Logfile of HijackThis v1.99.1
Scan saved at 10:39:15 PM, on 12/3/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\TOPSPEED\2.0\AOLTSMON.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\TOPSPEED\2.0\AOLTPSPD.EXE
C:\WINDOWS\SYSTEM\NTSM.EXE
C:\WINDOWS\SYSTEM\WINSL32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\NTPE32.EXE
C:\WINDOWS\NETTE.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCUPDATE.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RXMON9X.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\MOTIVEASSISTANT\BIN\MAD.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFTRAY.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\WINDOWS\NETHO32.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\WAOL.EXE
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\PROGRAM FILES\KODAK\KODAK SOFTWARE UPDATER\7288971\PROGRAM\KODAK SOFTWARE UPDATER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\NETTE.EXE
C:\WINDOWS\SYSTEM\NTSM.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFAGENT.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\SHELLMON.EXE
C:\MY DOCUMENTS\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://205.134.182.164/1/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1044
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {7E7E564B-AB87-9CE8-1B6D-B588C2C0D77D} - C:\WINDOWS\SYSTEM\JAVAOB.DLL
O2 - BHO: Class - {63F539F8-16DA-180E-C015-D9E74037F7F8} - C:\WINDOWS\D3UJ.DLL
O2 - BHO: Class - {BE19E8BB-F0BF-178F-378D-58D7C4786A75} - C:\WINDOWS\SYSTEM\JAVAEP32.DLL
O2 - BHO: Class - {F9B855F1-C37E-F3A9-43FE-89E50B8A6AA5} - C:\WINDOWS\NETQU32.DLL
O2 - BHO: Class - {0D7352EB-9580-8DF3-0652-9E4F96290410} - C:\WINDOWS\SYSTEM\NETIE.DLL
O2 - BHO: Class - {E7CE8BF6-99C9-789F-291B-FDF539AB5062} - C:\WINDOWS\WINVQ32.DLL
O2 - BHO: Class - {E8A8EAEF-49DA-8B9D-C95D-EFD0FE242915} - C:\WINDOWS\SYSOG32.DLL
O2 - BHO: Class - {67C68C5F-44C8-5FF5-CE7D-54E907D6D21C} - C:\WINDOWS\IPDJ32.DLL
O2 - BHO: Class - {E35DCA52-2CC6-C2D7-7D97-2147BA9343E8} - C:\WINDOWS\MFCBI32.DLL
O2 - BHO: Class - {C7424E0E-B482-9AA1-E2D5-31C7F1BFA828} - C:\WINDOWS\SYSTEM\NETZV32.DLL
O2 - BHO: Class - {EF960B35-05C6-089B-8BB5-E19DDB3FF55E} - C:\WINDOWS\SYSTEM\NETYN.DLL
O2 - BHO: Class - {C4002AA0-E402-546F-B18D-E929FCC430C3} - C:\WINDOWS\SYSTEM\ADDCV32.DLL
O2 - BHO: Class - {A99F288F-818C-33EF-4102-BD7B7597C6CA} - C:\WINDOWS\SYSTEM\JAVAWR.DLL
O2 - BHO: Class - {316BA5B3-B79D-8735-D27E-9DCBD696F7BA} - C:\WINDOWS\NTVV.DLL
O2 - BHO: Class - {64E12648-15FF-FBB2-81BB-3A6EE3432D79} - C:\WINDOWS\SYSTEM\ATLWR32.DLL
O2 - BHO: Class - {D83E8454-F737-08C7-6BBB-9567C0B82257} - C:\WINDOWS\ADDOB.DLL
O2 - BHO: Class - {12124D3D-77E8-3DE2-0B1D-33D312010FA5} - C:\WINDOWS\SYSTEM\JAVANX.DLL
O2 - BHO: Class - {289AF6D4-6FA6-CEAF-D9B3-6766F8EB32EB} - C:\WINDOWS\SYSTEM\NTXW.DLL
O2 - BHO: Class - {6B011461-792E-3686-A5E7-F01C6CDF50AA} - C:\WINDOWS\MSSU32.DLL
O2 - BHO: Class - {236770E7-E878-8704-8A5E-45616824DA7F} - C:\WINDOWS\SYSTEM\MSHC.DLL
O2 - BHO: Class - {50B9D537-5DB0-52B1-FF6F-ED6C70DA477E} - C:\WINDOWS\JAVAAB.DLL
O2 - BHO: Class - {3F78C941-E449-EC74-0DED-EF0707F1BD9C} - C:\WINDOWS\CRPR32.DLL
O2 - BHO: Class - {FEDB5C70-C8D3-5CE0-5433-3BFBF961AF4B} - C:\WINDOWS\ADDGC.DLL
O2 - BHO: Class - {C741BF98-EA31-4B67-1454-78CAB7B849F1} - C:\WINDOWS\ATLMP.DLL
O2 - BHO: Class - {934F52F5-7431-6F8D-CF03-508A60646BCC} - C:\WINDOWS\IEFQ.DLL
O2 - BHO: Class - {41010D82-27CE-1228-A8BB-341928A71CFD} - C:\WINDOWS\SYSTEM\APPYD32.DLL
O2 - BHO: Class - {7713DD6B-A984-F8B8-9A9D-A8BCF01E58A9} - C:\WINDOWS\SYSTEM\ADDWV.DLL
O2 - BHO: Class - {5DB4FA6D-8DF7-FEDD-6004-A7710DCAC5DE} - C:\WINDOWS\NETKR32.DLL
O2 - BHO: Class - {AD10418C-BD75-DC87-6301-A207FC431238} - C:\WINDOWS\SYSTEM\SDKKK.DLL
O2 - BHO: Class - {FD58D0EF-6B05-A1B1-205C-7FF5D9CFD4D2} - C:\WINDOWS\ADDJR.DLL
O2 - BHO: Class - {461EF4B4-D11B-5B7D-49A7-C7710D453C73} - C:\WINDOWS\D3ZL.DLL
O2 - BHO: Class - {6F75ABBF-6008-EDA7-8453-2ADF8601ADFA} - C:\WINDOWS\MSNN32.DLL
O2 - BHO: Class - {79594BEC-6756-9AEC-9631-43E29D822932} - C:\WINDOWS\SYSTEM\MSBU.DLL
O2 - BHO: Class - {1F9D9E07-1BFB-38C6-9A8A-B3173AE58D88} - C:\WINDOWS\NTRG.DLL
O2 - BHO: Class - {9D9DFEE4-D4FF-4DF2-9A8B-75B98238D291} - C:\WINDOWS\NTXD32.DLL
O2 - BHO: Class - {6551769C-283F-C130-EF18-154295944C63} - C:\WINDOWS\SYSTEM\ATLLT.DLL
O2 - BHO: Class - {B9C93552-27C4-F100-2F9A-7E94B1E64C0F} - C:\WINDOWS\SYSTEM\CRAW32.DLL
O2 - BHO: Class - {91C44800-0214-FBD3-43F5-73434349FC66} - C:\WINDOWS\D3CF32.DLL
O2 - BHO: Class - {A5E20C38-8603-769D-57FD-1F7334EABBE1} - C:\WINDOWS\SYSTEM\IPOM.DLL
O2 - BHO: Class - {97D10E10-8197-55F4-F520-EC1143F3F330} - C:\WINDOWS\SYSTEM\APPIY32.DLL
O2 - BHO: Class - {0283E400-BF96-1C65-2C3F-9441F31430C2} - C:\WINDOWS\IEOT32.DLL
O2 - BHO: Class - {BC94F47E-FA75-F7AE-6982-DA5E61BD1650} - C:\WINDOWS\MSAE.DLL
O2 - BHO: Class - {82EDCDC8-3679-E5AB-AE96-5016FD6F4A9B} - C:\WINDOWS\MSQW.DLL
O2 - BHO: Class - {61989847-C88E-6AA5-CDEC-F30792B55203} - C:\WINDOWS\SYSTEM\IEKW32.DLL
O2 - BHO: Class - {088535BC-DED7-DA54-0D5F-6BC96009E456} - C:\WINDOWS\CRRP.DLL
O2 - BHO: Class - {FEAF00B8-398A-9E71-81CD-EE13C80FA3DF} - C:\WINDOWS\SYSTEM\NETOL.DLL
O2 - BHO: Class - {2194DAA6-B789-5B57-3511-EF041C8D02F0} - C:\WINDOWS\CRTD.DLL
O2 - BHO: Class - {36CC50DE-E932-3435-B11B-709E3AFE8849} - C:\WINDOWS\SDKGR.DLL
O2 - BHO: Class - {5D2B941B-D55B-519B-85FE-DBFDF91762AF} - C:\WINDOWS\APIZX32.DLL
O2 - BHO: Class - {DBC707AD-CFF5-1A0D-EC45-75AB99E68265} - C:\WINDOWS\MSNC.DLL
O2 - BHO: Class - {992E13AE-D008-24B3-4C60-B18BF10373C7} - C:\WINDOWS\SYSTEM\ATLLQ.DLL
O2 - BHO: Class - {843F3B7B-39C3-66C6-F22C-66BE36B4EFD1} - C:\WINDOWS\SYSTEM\MFCOP32.DLL
O2 - BHO: Class - {C2E7372D-7966-AE9D-84A5-B6BC009118C4} - C:\WINDOWS\SYSTEM\CRTK.DLL
O2 - BHO: Class - {BB37280E-3BA4-0CF4-3710-D1E7E658044E} - C:\WINDOWS\APIHV.DLL
O2 - BHO: Class - {4D57FA16-5DA4-6BB0-8DE2-DD4789C18240} - C:\WINDOWS\SYSTEM\MFCYX.DLL
O2 - BHO: Class - {89E43E4E-2848-B42A-0ADB-B572F0397C37} - C:\WINDOWS\SYSTEM\MSSY.DLL
O2 - BHO: Class - {FC80064B-2F8B-2037-9399-180091F90881} - C:\WINDOWS\SYSTEM\MFCKP.DLL
O2 - BHO: Class - {BE166C01-C895-7DB1-E1E6-B6BD6196E91F} - C:\WINDOWS\NETXM32.DLL
O2 - BHO: Class - {E22C1991-1181-9BEB-C171-E0B7E631A3AF} - C:\WINDOWS\SYSMU.DLL
O2 - BHO: Class - {CBCC2124-1931-5492-EAAF-C5C2E7437596} - C:\WINDOWS\SYSTEM\ADDUI.DLL
O2 - BHO: Class - {3DD54EF0-C455-3155-B9FA-1B8E9563E5AA} - C:\WINDOWS\SYSTEM\ATLJQ.DLL
O2 - BHO: Class - {388C35E4-4B37-F24C-BB6E-80FD25B9D6EA} - C:\WINDOWS\SYSTEM\IEDV.DLL
O2 - BHO: Class - {DB1F0CAD-DFCA-D4CB-CE35-6727626309D9} - C:\WINDOWS\SYSTEM\WINVL32.DLL
O2 - BHO: Class - {3E57FD45-AF17-BDB1-B3E6-647628792796} - C:\WINDOWS\WINUX32.DLL
O2 - BHO: Class - {1C38F764-5211-C094-13C0-3AE414DC1B2A} - C:\WINDOWS\MSCW.DLL
O2 - BHO: Class - {B0BAA0D3-B86E-A237-D6EA-D5428A8C6CBC} - C:\WINDOWS\ADDUH32.DLL
O2 - BHO: Class - {D83EB827-761A-C8F4-42CF-3259313B99DB} - C:\WINDOWS\SYSTEM\APIIN32.DLL
O2 - BHO: Class - {01C38962-50E8-FF21-1263-007E149E5D9C} - C:\WINDOWS\SYSTEM\ATLTZ.DLL
O2 - BHO: Class - {EE0622B9-E1DD-2901-FB4F-F5C1BFA6825D} - C:\WINDOWS\SYSTEM\WINSQ32.DLL
O2 - BHO: Class - {299C0D6E-6A21-DC7E-43CF-A80D52149E2D} - C:\WINDOWS\ADDPB.DLL
O2 - BHO: Class - {082FA205-CF3A-E156-F50C-35DEC1A41A0F} - C:\WINDOWS\IPCR.DLL
O2 - BHO: Class - {38F22DD8-5970-FD55-1177-27E5BB249D69} - C:\WINDOWS\SYSTEM\NETYW.DLL
O2 - BHO: Class - {9E45C8C1-AA50-A400-B9DA-69B4E3B82261} - C:\WINDOWS\SYSTEM\IPGE32.DLL
O2 - BHO: Class - {729087AF-F985-6D35-58ED-1A52E73988DF} - C:\WINDOWS\IPWV.DLL
O2 - BHO: Class - {6BEDB588-8705-AA0B-BFA3-5AF1BD56824B} - C:\WINDOWS\SYSTEM\JAVALB32.DLL
O2 - BHO: Class - {306F43F2-AC75-DC0C-F9B5-7FEDDF51F24D} - C:\WINDOWS\SYSTEM\CRMP32.DLL
O2 - BHO: Class - {3643E8BC-9D97-5ADE-54D4-D62AAF848290} - C:\WINDOWS\SYSTEM\D3XC.DLL
O2 - BHO: Class - {436CC2D6-13C5-6564-C2F0-1E89CB49E703} - C:\WINDOWS\NTRH.DLL
O2 - BHO: Class - {35A01210-A8E7-5949-8F4B-D83F54410DD6} - C:\WINDOWS\SYSTEM\MFCFV32.DLL
O2 - BHO: Class - {093585F1-45A2-F3FD-5DC8-CE8C707B844B} - C:\WINDOWS\IPPA.DLL
O2 - BHO: Class - {DB309419-3C5C-375B-8765-4F2EE5877F1F} - C:\WINDOWS\APPJF32.DLL
O2 - BHO: Class - {551461B1-5C38-24A7-3B81-7F0347BA8044} - C:\WINDOWS\D3AO32.DLL
O2 - BHO: Class - {4FA3DEC1-D04D-E7B3-2CFE-A94E2B308831} - C:\WINDOWS\NTAI.DLL
O2 - BHO: Class - {C0E5E8CB-AF48-7FE8-39B9-CD037FE0CF7D} - C:\WINDOWS\ADDJB.DLL
O2 - BHO: Class - {F032F043-EDA1-57B1-CD1D-20AEBAA824CB} - C:\WINDOWS\IEWC.DLL
O2 - BHO: Class - {4992E461-38DD-211A-FDE8-64A8C67647AD} - C:\WINDOWS\D3RP32.DLL
O2 - BHO: Class - {A23A37B0-4D47-787A-2542-90BAA46F7745} - C:\WINDOWS\APPIQ32.DLL
O2 - BHO: Class - {8A3A1428-A50F-394F-7CFB-789596227CC4} - C:\WINDOWS\SDKNL32.DLL
O2 - BHO: Class - {0CE877B3-8B10-254F-3517-B88272EF3FF6} - C:\WINDOWS\SYSTEM\APPRM32.DLL
O2 - BHO: Class - {0B9BEF6F-48A7-B4E4-9373-E344FC57DCEA} - C:\WINDOWS\WINEK.DLL
O2 - BHO: Class - {60C941AF-A970-9E0B-BEFD-9B627853F77E} - C:\WINDOWS\SYSTEM\ADDAH.DLL
O2 - BHO: Class - {EC242DA4-E210-A44F-433D-92D6C9292A65} - C:\WINDOWS\JAVAKH.DLL
O2 - BHO: Class - {5716EE74-FBF6-6197-AE1A-1ECC21EE958F} - C:\WINDOWS\SYSTEM\SYSBI32.DLL
O2 - BHO: Class - {16BC716B-4CA1-1BCC-3013-0BB54033C395} - C:\WINDOWS\WINLU.DLL
O2 - BHO: Class - {FCD0707C-4D9F-46BA-9843-846B08A81ECE} - C:\WINDOWS\APIKN32.DLL
O2 - BHO: Class - {980E64CD-AF79-300D-D6F9-CA197FEC4945} - C:\WINDOWS\SYSTEM\SDKYT32.DLL
O2 - BHO: Class - {5B9FD345-F3DE-D005-2ECE-CAB9FE8750CF} - C:\WINDOWS\NETEW32.DLL
O2 - BHO: Class - {E44B2869-3C3C-2E0D-FE6F-F5D9CE7E35FE} - C:\WINDOWS\APIPA.DLL
O2 - BHO: Class - {50CEBE40-0931-C174-0942-791226F19C0F} - C:\WINDOWS\NTRY32.DLL
O2 - BHO: Class - {E459619A-C171-75BF-3590-3D36A397D81B} - C:\WINDOWS\IPBP32.DLL
O2 - BHO: Class - {C15F2371-A742-8BA9-7A00-54C987BB597F} - C:\WINDOWS\APILQ.DLL
O2 - BHO: Class - {070658EF-FBB1-51FF-B02D-6C8EC243119E} - C:\WINDOWS\APIQZ.DLL
O2 - BHO: Class - {09D46D1A-7C15-52D7-CA95-F0B35470CD73} - C:\WINDOWS\CRDK.DLL
O2 - BHO: Class - {7DBD4D7B-18BA-1454-894C-6230CF52FCC5} - C:\WINDOWS\SYSTEM\SDKWK.DLL
O2 - BHO: Class - {01B8230F-FFA5-630F-4267-7F2880D80B57} - C:\WINDOWS\CRUN.DLL
O2 - BHO: Class - {7EFE0B4F-CF0A-0367-88AF-EDB349FEAC20} - C:\WINDOWS\SYSTEM\NTSJ.DLL
O2 - BHO: Class - {3C709686-1D4D-C97B-5E58-FE7B58DE9102} - C:\WINDOWS\SYSTEM\CRCZ.DLL
O2 - BHO: Class - {44CDEE57-A711-7BB5-5A48-6D6A0C169088} - C:\WINDOWS\MFCAV32.DLL
O2 - BHO: Class - {2316F731-AD64-FBB4-5E87-59967C4541BF} - C:\WINDOWS\SYSTEM\JAVARQ32.DLL
O2 - BHO: Class - {D4453AEB-33E8-3237-5BB4-BD2626EAF5E2} - C:\WINDOWS\CRTV.DLL
O2 - BHO: Class - {07146AF0-7FF5-EAB9-8DF4-A761A47B6EC0} - C:\WINDOWS\MFCEI.DLL
O2 - BHO: Class - {9B31480F-0711-B287-66EA-53C4344E07E5} - C:\WINDOWS\SYSTEM\APPBY.DLL
O2 - BHO: Class - {207AE86C-EC5E-CC1A-C0F3-F84E29A81F51} - C:\WINDOWS\SYSTEM\IEWY.DLL
O2 - BHO: Class - {FC8CAC2E-E32B-0FD0-16A5-10FEAEDA2D44} - C:\WINDOWS\IPQM32.DLL
O2 - BHO: Class - {BD6D3515-13C8-89DB-38D3-4630B615B324} - C:\WINDOWS\ADDQI32.DLL
O2 - BHO: Class - {6F8DB982-F820-7376-2AB9-CA0E147B64BE} - C:\WINDOWS\NTAG.DLL
O2 - BHO: Class - {C0F1AE33-153C-4E19-A0B9-7155E429A4F5} - C:\WINDOWS\SYSTEM\WINSE32.DLL
O2 - BHO: Class - {E8C707B8-4BFE-5F10-9A0F-ABCDA9B4A798} - C:\WINDOWS\SYSTEM\NETTQ32.DLL
O2 - BHO: Class - {65515E86-744B-E7DC-1764-BE40FD487890} - C:\WINDOWS\CRDZ.DLL
O2 - BHO: Class - {61CA3AF6-2E10-18DB-BB89-818F7430DD7E} - C:\WINDOWS\SYSTEM\ADDTX32.DLL
O2 - BHO: Class - {AB05AE41-F1D5-D736-88F2-C487321270C0} - C:\WINDOWS\JAVARN32.DLL
O2 - BHO: Class - {95910D88-5B54-A5C5-10A9-C5AD58D4CB50} - C:\WINDOWS\APIAM32.DLL
O2 - BHO: Class - {4D25DD00-BA7F-935D-7E47-576A8D08A148} - C:\WINDOWS\IEIT32.DLL
O2 - BHO: Class - {F0643C15-D984-4C1A-869B-AC139041AF0F} - C:\WINDOWS\SYSTEM\CREX.DLL
O2 - BHO: Class - {BD562714-4CBF-6793-6BD0-85FA3F496C5B} - C:\WINDOWS\SYSTEM\MFCKE.DLL
O2 - BHO: Class - {4CF3F22B-5DA9-5DE0-5DEB-EE4100912572} - C:\WINDOWS\NETIQ32.DLL
O2 - BHO: Class - {432A50E4-15E1-B224-9F27-8699E3BE07E3} - C:\WINDOWS\SYSTEM\WINKP32.DLL
O2 - BHO: Class - {AF9077DF-1DBF-0114-80DB-267B601E8BF8} - C:\WINDOWS\SDKOK.DLL
O2 - BHO: Class - {9FD846EF-6A74-8A53-3F0E-2C94011D4C95} - C:\WINDOWS\SYSTEM\IPJB.DLL
O2 - BHO: Class - {32FEF4E4-4FCC-2539-EFD7-A3A0AEB5064E} - C:\WINDOWS\SYSTEM\JAVALJ.DLL
O2 - BHO: Class - {544D90BA-678A-013C-EF47-122CF6D30853} - C:\WINDOWS\SYSTEM\SYSVM.DLL
O2 - BHO: Class - {58C677D7-F270-6F54-0351-4D9054FAA20A} - C:\WINDOWS\SYSTEM\SYSZL.DLL
O2 - BHO: Class - {18C2B1ED-7635-92A8-5DB5-E71520573650} - C:\WINDOWS\D3JQ32.DLL
O2 - BHO: Class - {5F94CC3B-C656-9113-2D49-5844BD227846} - C:\WINDOWS\SYSTEM\ATLTL32.DLL
O2 - BHO: Class - {911C9539-EF96-7E39-FC5A-E64A99056168} - C:\WINDOWS\SYSTEM\APIQK.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Class - {E4D353C5-F038-4827-9CDA-ABDCF49E5AB5} - C:\WINDOWS\APPQA32.DLL
O2 - BHO: Class - {05A31BEE-9E35-88EA-21E0-006563AE97F4} - C:\WINDOWS\NTXF.DLL
O2 - BHO: Class - {A8F818F5-31A4-2D4C-AE8C-5FD1A39AC827} - C:\WINDOWS\SYSTEM\NTDO.DLL
O2 - BHO: Class - {59499B40-7091-52FC-70B3-880BF84D9EE3} - C:\WINDOWS\SYSTEM\NETVI32.DLL
O2 - BHO: Class - {C38BD7A9-5C15-E13B-D0D4-B82D49E338A3} - C:\WINDOWS\SYSTEM\NTQP32.DLL
O2 - BHO: Class - {FDEEBCF1-BD77-3F48-90AD-29EE05803428} - C:\WINDOWS\IPFF32.DLL
O2 - BHO: Class - {714B5AF2-602C-E2B6-5435-F9B5BE040934} - C:\WINDOWS\SYSTEM\ATLNG.DLL
O2 - BHO: Class - {3E7DB320-7E09-59EF-EBB8-1F9DD474D568} - C:\WINDOWS\D3HG.DLL
O2 - BHO: Class - {6C653AB5-E650-E0AB-7B19-3D05955C2EDA} - C:\WINDOWS\SYSTEM\D3QS32.DLL
O2 - BHO: Class - {E16B1DD3-344A-79E1-514A-8BF5E68E8461} - C:\WINDOWS\SYSTEM\NETMI32.DLL
O2 - BHO: Class - {3EAE7E41-1C8C-F033-435F-737FE0B9121D} - C:\WINDOWS\WINMW.DLL
O2 - BHO: Class - {D602B1C4-CBB2-797E-9F01-4F6B0FA20838} - C:\WINDOWS\SYSTEM\SDKZY.DLL
O2 - BHO: Class - {0E0566F7-EA1D-1C67-9F75-7DAC95434628} - C:\WINDOWS\APPDB32.DLL
O2 - BHO: Class - {846E0BB2-4B7E-3DCA-BD80-7211A3EE88C4} - C:\WINDOWS\JAVAIM32.DLL
O2 - BHO: Class - {55B824BF-D05C-3C69-F473-2D569D9D604F} - C:\WINDOWS\SYSTEM\JAVAIT32.DLL
O2 - BHO: Class - {DBF01E90-2654-1D4D-B857-B1C3A0B33591} - C:\WINDOWS\D3VX32.DLL
O2 - BHO: Class - {E283D982-2D72-B9EE-C897-9B499BF82FAA} - C:\WINDOWS\SYSTEM\MSVM32.DLL
O2 - BHO: Class - {06626DEE-A737-480F-0923-8A1A6B3424C9} - C:\WINDOWS\SYSTEM\MFCXK32.DLL
O2 - BHO: Class - {7148010B-B7E6-0815-E592-F49DCDA5FF42} - C:\WINDOWS\SYSTEM\SDKXW32.DLL
O2 - BHO: Class - {89AEB6D2-A932-85DB-A6A3-0ADB07058BA3} - C:\WINDOWS\MFCFA32.DLL
O2 - BHO: Class - {C124FC74-49CF-A8D2-DBF7-1F6B5C37337E} - C:\WINDOWS\ADDGU32.DLL
O2 - BHO: Class - {46F0B586-63AE-3428-88FC-AD230B3E4D26} - C:\WINDOWS\NTRE32.DLL
O2 - BHO: Class - {5F18F145-9A74-3477-D55F-52A7FEDA6984} - C:\WINDOWS\APIBH.DLL
O2 - BHO: Class - {E8958CBA-D734-B7F0-2039-60657373729F} - C:\WINDOWS\APIZG.DLL
O2 - BHO: Class - {60EE3993-541E-55E9-33E9-BB7AB0AC2EF3} - C:\WINDOWS\SYSTEM\APPNG.DLL
O2 - BHO: Class - {E7FEE8CD-D4D3-8260-44A7-67DD4A71E995} - C:\WINDOWS\SYSTEM\ATLPF.DLL
O2 - BHO: Class - {EF3DBF8F-82AE-7C37-9E41-FF6768F169E3} - C:\WINDOWS\MFCTO32.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe
O4 - HKLM\..\Run: [RxMon] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe
O4 - HKLM\..\Run: [madexe] C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [SYSAW32.EXE] C:\WINDOWS\SYSAW32.EXE
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [NETHO32.EXE] C:\WINDOWS\NETHO32.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [AOL TopSpeedMonitor] C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [SDKRQ.EXE] C:\WINDOWS\SYSTEM\SDKRQ.EXE /s
O4 - HKLM\..\RunServices: [NETSS32.EXE] C:\WINDOWS\NETSS32.EXE /s
O4 - HKLM\..\RunServices: [SDKRW.EXE] C:\WINDOWS\SDKRW.EXE /s
O4 - HKLM\..\RunServices: [IPOK.EXE] C:\WINDOWS\SYSTEM\IPOK.EXE /s
O4 - HKLM\..\RunServices: [IPHM.EXE] C:\WINDOWS\SYSTEM\IPHM.EXE /s
O4 - HKLM\..\RunServices: [JAVAUE32.EXE] C:\WINDOWS\JAVAUE32.EXE /s
O4 - HKLM\..\RunServices: [APPWB32.EXE] C:\WINDOWS\APPWB32.EXE /s
O4 - HKLM\..\RunServices: [APPSI32.EXE] C:\WINDOWS\APPSI32.EXE /s
O4 - HKLM\..\RunServices: [ADDLG32.EXE] C:\WINDOWS\ADDLG32.EXE /s
O4 - HKLM\..\RunServices: [IPBG32.EXE] C:\WINDOWS\IPBG32.EXE /s
O4 - HKLM\..\RunServices: [MSVA32.EXE] C:\WINDOWS\SYSTEM\MSVA32.EXE /s
O4 - HKLM\..\RunServices: [D3BX32.EXE] C:\WINDOWS\D3BX32.EXE /s
O4 - HKLM\..\RunServices: [WINZE.EXE] C:\WINDOWS\WINZE.EXE /s
O4 - HKLM\..\RunServices: [WINDR.EXE] C:\WINDOWS\WINDR.EXE /s
O4 - HKLM\..\RunServices: [JAVAWN.EXE] C:\WINDOWS\SYSTEM\JAVAWN.EXE /s
O4 - HKLM\..\RunServices: [APPTA.EXE] C:\WINDOWS\APPTA.EXE /s
O4 - HKLM\..\RunServices: [NETSM32.EXE] C:\WINDOWS\NETSM32.EXE /s
O4 - HKLM\..\RunServices: [SDKHI32.EXE] C:\WINDOWS\SYSTEM\SDKHI32.EXE /s
O4 - HKLM\..\RunServices: [MSRF32.EXE] C:\WINDOWS\SYSTEM\MSRF32.EXE /s
O4 - HKLM\..\RunServices: [ADDVH32.EXE] C:\WINDOWS\SYSTEM\ADDVH32.EXE /s
O4 - HKLM\..\RunServices: [NTSM.EXE] C:\WINDOWS\SYSTEM\NTSM.EXE /s
O4 - HKLM\..\RunServices: [JAVARJ32.EXE] C:\WINDOWS\JAVARJ32.EXE /s
O4 - HKLM\..\RunServices: [JAVARQ32.EXE] C:\WINDOWS\JAVARQ32.EXE /s
O4 - HKLM\..\RunServices: [JAVAJX32.EXE] C:\WINDOWS\SYSTEM\JAVAJX32.EXE /s
O4 - HKLM\..\RunServices: [CROK.EXE] C:\WINDOWS\CROK.EXE /s
O4 - HKLM\..\RunServices: [D3SM.EXE] C:\WINDOWS\SYSTEM\D3SM.EXE /s
O4 - HKLM\..\RunServices: [D3QV.EXE] C:\WINDOWS\D3QV.EXE /s
O4 - HKLM\..\RunServices: [IPSU.EXE] C:\WINDOWS\IPSU.EXE /s
O4 - HKLM\..\RunServices: [APPOT.EXE] C:\WINDOWS\APPOT.EXE /s
O4 - HKLM\..\RunServices: [IEPN.EXE] C:\WINDOWS\IEPN.EXE /s
O4 - HKLM\..\RunServices: [NETIP.EXE] C:\WINDOWS\SYSTEM\NETIP.EXE /s
O4 - HKLM\..\RunServices: [IECA.EXE] C:\WINDOWS\IECA.EXE /s
O4 - HKLM\..\RunServices: [CROS.EXE] C:\WINDOWS\CROS.EXE /s
O4 - HKLM\..\RunServices: [WINSL32.EXE] C:\WINDOWS\SYSTEM\WINSL32.EXE /s
O4 - HKLM\..\RunServices: [NTPE32.EXE] C:\WINDOWS\NTPE32.EXE /s
O4 - HKLM\..\RunServices: [NETTE.EXE] C:\WINDOWS\NETTE.EXE /s
O4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRAM FILES\AMERICA ONLINE 9.0\AOL.EXE" -b
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: Rebate Nation - file://C:\PROGRAM FILES\REBATE_NATION\Sy5300\Tp5300\scri5300a.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} - http://business.dellnet.com/ (file missing) (HKCU)
O15 - Trusted Zone: *.crazywinnings.com
O15 - Trusted Zone: *.iframedollars.biz
O15 - Trusted Zone: *.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.iframedollars.biz (HKLM)
O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.pw.aol.com/molbin/shared/m...77/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.pw.aol.com/molbin/shared/m...,18/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net

BC AdBot (Login to Remove)

 


#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 10 December 2005 - 01:29 PM

Hi devanert and Welcome to the Bleeping Computer!

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link on the right - next to "SpySweeper for Home Computers" to download the program.
  • Double-click the file to install it as follows:
    • Click "Next", read the agreement, Click "Next"
    • Choose "Custom" click "Next".
    • Leave the default installation directory as it is, then click "Next".
    • UNcheck "Run SpySweeper at Windows Startup" and "Add Sweep for Spyware to Windows Explorer Context Menu". Click "Next".
    • On the following screen you can leave the e-mail address field blank, if you wish. Click "Next".
    • Finally, click "Install"
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Options on the left side.
  • Click the Sweep Options tab.
  • Under What to Sweep please put a check next to the following:
    • Sweep Memory
    • Sweep Registry
    • Sweep Cookies
    • Sweep All User Accounts
    • Enable Direct Disk Sweeping
    • Sweep Contents of Compressed Files
    • Sweep for Rootkits
    • Please UNCHECK Do not Sweep System Restore Folder.
  • Click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.


#3 devanert

devanert
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male

Posted 13 December 2005 - 12:11 AM

Here's the file. Thanks for getting back to me. I had AOL open during the sweep. I had to close it during the deletion process. SpySweeper found something in my memory.


********
8:06 PM: | Start of Session, Monday, December 12, 2005 |
8:06 PM: Spy Sweeper started
8:06 PM: Sweep initiated using definitions version 582
8:06 PM: Starting Memory Sweep
8:07 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\JAVAOB.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\NETQU32.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\WINVQ32.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\SYSOG32.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\MFCBI32.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\NETZV32.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\ADDCV32.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\JAVAWR.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\ATLWR32.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\ADDOB.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\JAVANX.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\JAVAAB.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\CRPR32.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\ADDGC.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\ATLMP.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\IEFQ.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\APPYD32.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\NETKR32.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\SDKKK.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\ADDJR.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\MSBU.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\NTRG.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\NTXD32.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\ATLLT.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\IPOM.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\APPIY32.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\IEOT32.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\MSAE.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\MSQW.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\IEKW32.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\CRRP.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\NETOL.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\CRTD.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\MSNC.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\ATLLQ.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\MFCOP32.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\APIHV.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\MFCYX.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\MSSY.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\MFCKP.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\NETXM32.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\ADDUI.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\IEDV.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\WINVL32.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\WINUX32.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\MSCW.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\ADDUH32.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\ATLTZ.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\ADDPB.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\NETYW.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\IPGE32.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\IPWV.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\JAVALB32.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\NTRH.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\MFCFV32.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\APPJF32.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\D3AO32.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\NTAI.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\ADDJB.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\IEWC.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\D3RP32.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\SDKNL32.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\APPRM32.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\WINEK.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\ADDAH.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\WINLU.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\APIKN32.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\SDKYT32.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\NETEW32.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\APIPA.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\IPBP32.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\APILQ.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\APIQZ.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\CRDK.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\CRUN.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\CRCZ.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\JAVARQ32.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\MFCEI.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\IPQM32.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\ADDQI32.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\NTAG.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\CRDZ.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\ADDTX32.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\APIAM32.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\CREX.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\MFCKE.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\IPJB.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\D3JQ32.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\ATLTL32.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\APIQK.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\APPQA32.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\NTXF.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\D3QS32.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\APPDB32.DLL
8:07 PM: Warning: Failed to load image: C:\WINDOWS\JAVAIM32.DLL
8:08 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\SDKXW32.DLL
8:08 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\APPNG.DLL
8:08 PM: Warning: Failed to load image: C:\WINDOWS\MFCTO32.DLL
8:08 PM: Warning: Failed to load image: C:\WINDOWS\D3JK.DLL
8:09 PM: Found Adware: cws_ns3
8:09 PM: Detected running threat: C:\WINDOWS\SYSTEM\ntsm.exe (ID = 8)
8:09 PM: Detected running threat: C:\WINDOWS\SYSTEM\winsl32.exe (ID = 8)
8:09 PM: Detected running threat: C:\WINDOWS\ntpe32.exe (ID = 8)
8:09 PM: Detected running threat: C:\WINDOWS\nette.exe (ID = 8)
8:11 PM: Detected running threat: C:\WINDOWS\netho32.exe (ID = 8)
8:11 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || NETHO32.EXE (ID = 0)
8:17 PM: Memory Sweep Complete, Elapsed Time: 00:10:17
8:17 PM: Starting Registry Sweep
8:17 PM: Found Adware: brilliant digital
8:17 PM: HKCR\.s3d\ (1 subtraces) (ID = 104924)
8:17 PM: HKLM\software\classes\.s3d\ (1 subtraces) (ID = 104956)
8:17 PM: Found Adware: cws-aboutblank
8:17 PM: HKCR\clsid\{483c767c-e381-7083-fd10-379897aedefb}\ (2 subtraces) (ID = 113500)
8:17 PM: HKCR\clsid\{e5d9d755-2d91-6cbe-9628-de15e878caf8}\ (2 subtraces) (ID = 114160)
8:17 PM: HKCR\interface\{b3b79dd5-4cd5-4f97-8829-5e1f08d46c66}\ (8 subtraces) (ID = 114339)
8:17 PM: HKLM\software\classes\clsid\{483c767c-e381-7083-fd10-379897aedefb}\ (2 subtraces) (ID = 115075)
8:17 PM: HKLM\software\classes\clsid\{e5d9d755-2d91-6cbe-9628-de15e878caf8}\ (2 subtraces) (ID = 115726)
8:17 PM: HKLM\software\classes\interface\{b3b79dd5-4cd5-4f97-8829-5e1f08d46c66}\ (8 subtraces) (ID = 115903)
8:17 PM: HKLM\software\classes\typelib\{c89e0f84-3c34-43d1-a72c-af1a160a7c07}\ (2 subtraces) (ID = 115916)
8:17 PM: HKLM\software\classes\typelib\{cf87e7d9-d16a-485c-9104-943a0c088ef3}\ (9 subtraces) (ID = 115919)
8:17 PM: HKLM\software\classes\typelib\{cf87e7d9-d16a-485c-9104-943a0c088ef3}\1.0\0\win32\ (1 subtraces) (ID = 115920)
8:17 PM: HKCR\typelib\{c89e0f84-3c34-43d1-a72c-af1a160a7c07}\ (2 subtraces) (ID = 116776)
8:17 PM: HKCR\typelib\{cf87e7d9-d16a-485c-9104-943a0c088ef3}\ (9 subtraces) (ID = 116779)
8:17 PM: HKCR\clsid\{0b936818-a83d-004a-625a-757b4d758cc6}\ (2 subtraces) (ID = 117609)
8:17 PM: HKCR\clsid\{033935e4-a208-ab9e-dd2a-6a9b7e426d04}\ (2 subtraces) (ID = 117651)
8:17 PM: HKCR\clsid\{2a97db56-e2b4-967c-af9f-07fdf74289c2}\ (2 subtraces) (ID = 117739)
8:17 PM: HKCR\clsid\{24e10ff7-10aa-6198-95ae-258d49d9abca}\ (7 subtraces) (ID = 118110)
8:17 PM: HKCR\clsid\{50b9d537-5db0-52b1-ff6f-ed6c70da477e}\ (26 subtraces) (ID = 118189)
8:17 PM: HKCR\clsid\{67c68c5f-44c8-5ff5-ce7d-54e907d6d21c}\ (26 subtraces) (ID = 118238)
8:17 PM: HKCR\clsid\{90dee38b-0db3-a3ca-6f69-126542ad0fa1}\ (6 subtraces) (ID = 118300)
8:17 PM: HKCR\clsid\{4992e461-38dd-211a-fde8-64a8c67647ad}\ (24 subtraces) (ID = 118505)
8:17 PM: HKCR\clsid\{a5b3b4a7-6bd2-e7ce-e654-7a1d658d1bb3}\ (2 subtraces) (ID = 118745)
8:17 PM: HKCR\clsid\{a6bf9b01-2b57-89d9-ad1f-af854374c992}\ (2 subtraces) (ID = 118748)
8:17 PM: HKCR\clsid\{a9bb7c1a-e63b-e0a9-63eb-7124fa52d1b0}\ (2 subtraces) (ID = 118755)
8:17 PM: HKCR\clsid\{b1169abc-e367-2937-9f96-3b9cb54e0f31}\ (2 subtraces) (ID = 118884)
8:17 PM: HKCR\clsid\{c42cf26e-2b02-05de-7d7b-a16c5c2095bb}\ (2 subtraces) (ID = 118987)
8:17 PM: HKCR\clsid\{d7b5394e-d013-3545-35d0-45376236a8dc}\ (2 subtraces) (ID = 119095)
8:17 PM: HKCR\clsid\{d223f02d-058e-2cfe-d02d-81826009252b}\ (2 subtraces) (ID = 119115)
8:17 PM: HKCR\clsid\{eceaf197-b6ef-9e38-0846-ff3bb03983ad}\ (2 subtraces) (ID = 119305)
8:17 PM: HKCR\clsid\{ef3dbf8f-82ae-7c37-9e41-ff6768f169e3}\ (8 subtraces) (ID = 119327)
8:17 PM: HKCR\clsid\{f032f043-eda1-57b1-cd1d-20aebaa824cb}\ (24 subtraces) (ID = 119342)
8:17 PM: HKCR\clsid\{fc8cac2e-e32b-0fd0-16a5-10feaeda2d44}\ (8 subtraces) (ID = 119435)
8:17 PM: HKCR\clsid\{fedb5c70-c8d3-5ce0-5433-3bfbf961af4b}\ (26 subtraces) (ID = 119458)
8:17 PM: HKLM\software\classes\clsid\{0b936818-a83d-004a-625a-757b4d758cc6}\ (2 subtraces) (ID = 119488)
8:17 PM: HKLM\software\classes\clsid\{033935e4-a208-ab9e-dd2a-6a9b7e426d04}\ (2 subtraces) (ID = 119530)
8:17 PM: HKLM\software\classes\clsid\{2a97db56-e2b4-967c-af9f-07fdf74289c2}\ (2 subtraces) (ID = 119615)
8:17 PM: HKLM\software\classes\clsid\{50b9d537-5db0-52b1-ff6f-ed6c70da477e}\ (26 subtraces) (ID = 120046)
8:17 PM: HKLM\software\classes\clsid\{67c68c5f-44c8-5ff5-ce7d-54e907d6d21c}\ (26 subtraces) (ID = 120095)
8:17 PM: HKLM\software\classes\clsid\{90dee38b-0db3-a3ca-6f69-126542ad0fa1}\ (6 subtraces) (ID = 120156)
8:17 PM: HKLM\software\classes\clsid\{338e88e9-d821-1c15-a00d-907ab980e988}\ (2 subtraces) (ID = 120215)
8:17 PM: HKLM\software\classes\clsid\{4992e461-38dd-211a-fde8-64a8c67647ad}\ (24 subtraces) (ID = 120352)
8:17 PM: HKLM\software\classes\clsid\{a5b3b4a7-6bd2-e7ce-e654-7a1d658d1bb3}\ (2 subtraces) (ID = 120584)
8:17 PM: HKLM\software\classes\clsid\{a6bf9b01-2b57-89d9-ad1f-af854374c992}\ (2 subtraces) (ID = 120587)
8:17 PM: HKLM\software\classes\clsid\{a9bb7c1a-e63b-e0a9-63eb-7124fa52d1b0}\ (2 subtraces) (ID = 120594)
8:17 PM: HKLM\software\classes\clsid\{b1169abc-e367-2937-9f96-3b9cb54e0f31}\ (2 subtraces) (ID = 120722)
8:17 PM: HKLM\software\classes\clsid\{c42cf26e-2b02-05de-7d7b-a16c5c2095bb}\ (2 subtraces) (ID = 120824)
8:18 PM: HKLM\software\classes\clsid\{d7b5394e-d013-3545-35d0-45376236a8dc}\ (2 subtraces) (ID = 120931)
8:18 PM: HKLM\software\classes\clsid\{d223f02d-058e-2cfe-d02d-81826009252b}\ (2 subtraces) (ID = 120951)
8:18 PM: HKLM\software\classes\clsid\{eceaf197-b6ef-9e38-0846-ff3bb03983ad}\ (2 subtraces) (ID = 121136)
8:18 PM: HKLM\software\classes\clsid\{ef3dbf8f-82ae-7c37-9e41-ff6768f169e3}\ (8 subtraces) (ID = 121157)
8:18 PM: HKLM\software\classes\clsid\{f032f043-eda1-57b1-cd1d-20aebaa824cb}\ (24 subtraces) (ID = 121172)
8:18 PM: HKLM\software\classes\clsid\{fc8cac2e-e32b-0fd0-16a5-10feaeda2d44}\ (8 subtraces) (ID = 121260)
8:18 PM: HKLM\software\classes\clsid\{fedb5c70-c8d3-5ce0-5433-3bfbf961af4b}\ (26 subtraces) (ID = 121283)
8:18 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{50b9d537-5db0-52b1-ff6f-ed6c70da477e}\ (1 subtraces) (ID = 122607)
8:18 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{67c68c5f-44c8-5ff5-ce7d-54e907d6d21c}\ (1 subtraces) (ID = 122635)
8:18 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{4992e461-38dd-211a-fde8-64a8c67647ad}\ (1 subtraces) (ID = 122777)
8:18 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{ef3dbf8f-82ae-7c37-9e41-ff6768f169e3}\ (1 subtraces) (ID = 123212)
8:18 PM: Found Adware: isearch toolbar
8:18 PM: HKLM\software\ietoolbarpluginpersist\ (1 subtraces) (ID = 129025)
8:19 PM: HKU\.DEFAULT\software\microsoft\internet explorer\main\ || search bar_bak (ID = 115924)
8:19 PM: HKU\.DEFAULT\software\microsoft\internet explorer\main\ || search page_bak (ID = 115925)
8:19 PM: HKU\.DEFAULT\software\microsoft\internet explorer\main\ || search page_bak (ID = 774883)
8:19 PM: Registry Sweep Complete, Elapsed Time:00:02:20
8:19 PM: Starting Cookie Sweep
8:19 PM: Found Spy Cookie: centrport net cookie
8:19 PM: default@centrport[1].txt (ID = 2374)
8:19 PM: Found Spy Cookie: atwola cookie
8:19 PM: default@atwola[1].txt (ID = 2255)
8:19 PM: Found Spy Cookie: burstnet cookie
8:19 PM: default@burstnet[1].txt (ID = 2336)
8:19 PM: Found Spy Cookie: casalemedia cookie
8:19 PM: default@casalemedia[1].txt (ID = 2354)
8:19 PM: Found Spy Cookie: pointroll cookie
8:19 PM: default@ads.pointroll[1].txt (ID = 3148)
8:19 PM: Found Spy Cookie: questionmarket cookie
8:19 PM: default@questionmarket[1].txt (ID = 3217)
8:19 PM: Found Spy Cookie: coolsavings cookie
8:19 PM: default@coolsavings[2].txt (ID = 2465)
8:19 PM: Found Spy Cookie: paycounter cookie
8:19 PM: default@paycounter[1].txt (ID = 3115)
8:19 PM: Found Spy Cookie: ru4 cookie
8:19 PM: default@edge.ru4[2].txt (ID = 3269)
8:19 PM: Found Spy Cookie: zedo cookie
8:19 PM: default@zedo[2].txt (ID = 3762)
8:19 PM: Found Spy Cookie: 2o7.net cookie
8:19 PM: default@2o7[2].txt (ID = 1957)
8:19 PM: Found Spy Cookie: overture cookie
8:19 PM: default@overture[2].txt (ID = 3105)
8:19 PM: Cookie Sweep Complete, Elapsed Time: 00:00:02
8:19 PM: Starting File Sweep
8:19 PM: Warning: Failed to open file "c:\windows\win386.swp". The process cannot access the file because it is being used by another process
8:24 PM: Found Adware: cws_tiny0
8:24 PM: ddbtne.dat (ID = 205)
8:24 PM: cwcpiv.dat (ID = 205)
8:24 PM: prgcyf.dat (ID = 205)
8:24 PM: hpxibq.dat (ID = 205)
8:32 PM: ssysprs.dll (ID = 55211)
8:32 PM: Found Adware: blazefind
8:32 PM: nodes.exe (ID = 51484)
8:32 PM: Found Adware: tibs dialer
8:32 PM: fdrest.exe (ID = 79291)
8:32 PM: httpfilter.dll (ID = 55072)
8:32 PM: httpfilter2.dll (ID = 55072)
8:32 PM: setfgi.dll (ID = 55211)
8:32 PM: Found Adware: ist slotchbar
8:32 PM: toolbar.exe (ID = 76144)
8:32 PM: netho32.exe (ID = 200)
8:32 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || NETHO32.EXE (ID = 0)
8:32 PM: Found Trojan Horse: trojan-downloader-domcom
8:32 PM: loader32.exe (ID = 80476)
8:32 PM: Found Adware: ez-finder toolbar
8:32 PM: webdlg32.inf (ID = 60327)
8:32 PM: Found Adware: coolwebsearch (cws)
8:32 PM: winsx.inf (ID = 54632)
8:32 PM: gecvbw.dat (ID = 200)
8:32 PM: ezsuzk.dat (ID = 205)
8:32 PM: apibh.dll (ID = 205)
8:32 PM: netkt32.dll (ID = 205)
8:32 PM: ntre32.dll (ID = 205)
8:32 PM: sdkgr.dll (ID = 205)
8:32 PM: netpd32.dll (ID = 205)
8:32 PM: apizx32.dll (ID = 205)
8:54 PM: sdkok.dll (ID = 205)
8:54 PM: atlkp32.dll (ID = 205)
8:54 PM: sdkqg.dll (ID = 205)
8:54 PM: netiq32.dll (ID = 205)
8:54 PM: atlqy.dll (ID = 205)
8:54 PM: mfcfa32.dll (ID = 205)
8:54 PM: winmw.dll (ID = 205)
8:54 PM: ipff32.dll (ID = 205)
8:54 PM: addjn32.dll (ID = 205)
8:54 PM: pxezzi.dat (ID = 205)
8:54 PM: sdkto32.dll (ID = 205)
8:55 PM: ntqa32.dll (ID = 205)
8:55 PM: ipzg32.dll (ID = 205)
8:55 PM: mfcav32.dll (ID = 205)
8:55 PM: d3vx32.dll (ID = 205)
8:55 PM: apisa32.dll (ID = 205)
8:55 PM: wivcsh.dat (ID = 205)
8:55 PM: uvzgsr.dat (ID = 205)
8:55 PM: javakh.dll (ID = 205)
8:55 PM: ippa.dll (ID = 205)
8:55 PM: javarn32.dll (ID = 205)
9:17 PM: chodc.dll (ID = 190732)
9:17 PM: apizg.dll (ID = 205)
9:17 PM: ntvv.dll (ID = 205)
9:17 PM: crtv.dll (ID = 205)
9:17 PM: vplrao.dat (ID = 205)
9:17 PM: d3cf32.dll (ID = 205)
9:17 PM: ieit32.dll (ID = 205)
9:17 PM: ntvx32.dll (ID = 205)
9:17 PM: ipcr.dll (ID = 205)
9:17 PM: apphc.dll (ID = 205)
9:17 PM: ntry32.dll (ID = 205)
9:17 PM: addgu32.dll (ID = 205)
9:17 PM: iezo32.dll (ID = 205)
9:17 PM: wbcmsn.dat (ID = 205)
9:17 PM: tpsgoq.dat (ID = 205)
9:17 PM: clcmjl.dat (ID = 205)
9:17 PM: rmqymr.dat (ID = 205)
9:17 PM: pitech.dat (ID = 200)
9:17 PM: xdwnoh.dat (ID = 205)
9:17 PM: n_kovmsd.txt (ID = 200)
9:17 PM: wmybsb.dat (ID = 205)
9:17 PM: hgvloo.dat (ID = 200)
9:17 PM: aawdjo.dat (ID = 200)
9:17 PM: atlli32.dll (ID = 205)
9:17 PM: pqjale.dat (ID = 205)
9:19 PM: apizj.dll (ID = 205)
9:19 PM: xsvcra.dat (ID = 205)
9:19 PM: ohvejf.dat (ID = 205)
9:19 PM: nyuucd.dat (ID = 205)
9:19 PM: oxuklg.dat (ID = 205)
9:19 PM: xhcvgz.dat (ID = 205)
9:19 PM: aggny.dll (ID = 190732)
9:19 PM: hilowr.dat (ID = 200)
9:19 PM: ipdj32.dll (ID = 205)
9:19 PM: dgnwu.dll (ID = 190732)
9:19 PM: eiyzk.dll (ID = 190732)
9:19 PM: pilzz.dll (ID = 190732)
9:19 PM: oymiur.dat (ID = 205)
9:19 PM: sdkij.exe (ID = 200)
9:19 PM: fkfih.dll (ID = 190732)
9:19 PM: ntpe32.exe (ID = 204)
9:19 PM: n_mxdknf.dat (ID = 200)
9:19 PM: fbqih.dll (ID = 190732)
9:19 PM: tlqcz.dll (ID = 190732)
9:19 PM: ligoja.dat (ID = 200)
9:19 PM: hisbo.dll (ID = 190732)
9:19 PM: oilaq.dll (ID = 190732)
9:19 PM: zlpub.dll (ID = 190732)
9:19 PM: ezzmvc.dat (ID = 190732)
9:19 PM: appiq32.dll (ID = 205)
9:20 PM: nette.exe (ID = 204)
9:20 PM: qttmml.dat (ID = 205)
9:20 PM: wogvot.dat (ID = 205)
9:20 PM: dkidal.dat (ID = 205)
9:20 PM: zefmj.dll (ID = 190732)
9:20 PM: javaxi.exe (ID = 200)
9:20 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || JAVAXI.EXE (ID = 0)
9:20 PM: apibb32.exe (ID = 204)
9:20 PM: vutihm.dat (ID = 205)
9:20 PM: n_muhria.txt (ID = 205)
9:20 PM: nwojik.dat (ID = 205)
9:20 PM: hsleij.dat (ID = 205)
9:20 PM: hsxzro.dat (ID = 205)
9:25 PM: eiaa.dll (ID = 93654)
9:25 PM: Found Adware: sexfiles dialers
9:25 PM: load.exe (ID = 54250)
9:30 PM: nthm32.dll (ID = 205)
9:30 PM: winse32.dll (ID = 205)
9:30 PM: atlng.dll (ID = 205)
9:30 PM: ylppa.dll (ID = 190732)
9:30 PM: appyt32.dll (ID = 205)
9:30 PM: winsq32.dll (ID = 205)
9:31 PM: javalj.dll (ID = 205)
9:31 PM: iehp32.dll (ID = 205)
9:31 PM: netyn.dll (ID = 205)
9:31 PM: ipuq.dll (ID = 205)
9:31 PM: ntsm.exe (ID = 204)
9:56 PM: sdkwk.dll (ID = 205)
9:56 PM: javajd32.dll (ID = 205)
9:56 PM: ntsj.dll (ID = 205)
9:56 PM: cefzq.dll (ID = 190732)
9:56 PM: craw32.dll (ID = 205)
9:56 PM: winkp32.dll (ID = 205)
9:56 PM: netwl.dll (ID = 205)
9:56 PM: javaep32.dll (ID = 205)
9:56 PM: crtk.dll (ID = 205)
9:56 PM: atljq.dll (ID = 205)
9:56 PM: ntqp32.dll (ID = 205)
9:56 PM: mshc.dll (ID = 205)
9:56 PM: sysbi32.dll (ID = 205)
9:56 PM: crmp32.dll (ID = 205)
9:56 PM: sbiuj.dll (ID = 190732)
9:56 PM: appby.dll (ID = 205)
9:56 PM: javait32.dll (ID = 205)
9:56 PM: ntdo.dll (ID = 205)
9:56 PM: apiin32.dll (ID = 205)
9:56 PM: netvi32.dll (ID = 205)
9:56 PM: addwv.dll (ID = 205)
9:56 PM: sdkzy.dll (ID = 205)
9:56 PM: apign32.dll (ID = 205)
10:03 PM: mfcxk32.dll (ID = 205)
10:03 PM: atlpf.dll (ID = 205)
10:03 PM: ntxw.dll (ID = 205)
10:03 PM: javaji.dll (ID = 205)
10:03 PM: netie.dll (ID = 205)
10:03 PM: netmi32.dll (ID = 205)
10:03 PM: nettq32.dll (ID = 205)
10:03 PM: iewy.dll (ID = 205)
10:04 PM: winsl32.exe (ID = 204)
10:04 PM: cyggm.dll (ID = 190732)
10:04 PM: rljmv.dll (ID = 190732)
10:04 PM: heggi.dll (ID = 190732)
10:04 PM: hmyph.dll (ID = 190732)
10:04 PM: ionoy.dll (ID = 190732)
10:04 PM: yvviv.dll (ID = 190732)
10:04 PM: netrx.exe (ID = 204)
10:06 PM: Warning: Failed to open file "c:\windows\application data\aol\c_america online 9.0\idb\art.idx". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\aol\c_america online 9.0\idb\apps.lst". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\aol\c_america online 9.0\idb\sysnews.lst". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\aol\c_america online 9.0\idb\spool.lst". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs345068e8-905a-495f-a77d-87cd18526599.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscscd4ce7b4-323b-4399-b4ab-6a7da5248c9b.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs645e6baa-8f4d-4947-abf6-258c0bcb1bc7.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs5a2a567f-a81a-440b-a2b8-6ba7c315627a.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs32988a18-60d4-43f8-b204-644abcf5ff86.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs36a0f97f-32ea-4436-8cbb-b77ab6cc6fb3.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs2adc834f-a1ca-4db5-843e-87c874b536e3.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb1e7275d-b090-4b1d-871c-dab9aed58338.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs3b96074a-d57f-42c9-9e11-e441ff0f1234.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsd186be36-1d8e-4794-9c06-688b7cf07763.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsd1a1302e-6f13-4409-bf9c-33aa4567565b.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs7d0456ad-0698-47a6-90c4-c7a34e2d929e.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs31a991ea-ea11-4228-ba49-b44b14d7db21.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsc49a798a-1286-47f8-a2ea-bb8ced4f107a.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4b6c366c-b095-443d-85c4-44f6c5d9f441.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs623c9f1a-f9c9-4e35-94b3-b5bd836d2925.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs19583ff9-4ce9-42b8-8b20-8a3b7517beea.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsafe2350f-bad0-4b43-95c4-25f4299e414c.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs3b3bf2ad-451e-499c-8720-a6a3f959d58a.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsfe6d07e1-011c-4bb1-8f84-1c44a06dbc27.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs836222e1-e2e9-4825-b59c-eda06ac8c868.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsd8443abb-51a9-4578-8ddb-7fac689c63bd.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4755b8f2-f4cf-4c1c-9d1b-c6e9b760590b.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs5af77aba-8332-4fa4-9589-51f269cb4836.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs3cf3cc7b-eef4-4552-bff7-ee37e1a5b0ba.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs6ceff3c2-b113-42ad-994e-af15d709c04f.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsc10954c9-cf34-435a-bc87-deec78f426b8.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs5eeea370-34e6-4760-aa5e-c2a3c03ddc63.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs7e88ce61-9ce5-41dc-9ba1-d38150c56f00.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs49d2e8d1-66b5-4557-8dd5-985aa4990b6a.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs555a10e6-04e2-4c12-9324-1d61ae8dce46.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs091f8833-6bd8-4608-abd8-c7a2c49fea5c.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsdeca576e-0837-4fbf-9158-02f8dcb6e78c.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscse8fa036d-a3fb-4547-ba07-0b6ac87f48f1.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsfad7f9e5-2536-424d-9485-57828ca68619.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsff219e29-4d58-4212-a2a8-89231cb759d6.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsa66e5d86-48fc-4df8-ac31-692c6f660c73.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs2b057ad5-8fb5-4a41-a873-9554b717aa15.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4a7d0ed3-7275-4d5d-a278-a0fa7ac1ad2d.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsc391b475-0600-4218-acd7-c8cfa93244cd.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs15b8dd25-2ea9-4bcf-b911-6796b615cbb3.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs2199d835-46d5-4e28-a015-e11c188ce8a8.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsce7f7341-3b8c-49b8-9c76-a67532d320a5.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs9b390e51-a446-4b10-88f0-721be60cd703.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4104835d-27f8-4821-9237-598f71259bd0.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsd435cec5-16ed-4fa6-b57b-396e131e0905.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsddda8d5d-e55b-4c49-84d1-8c187a0904f0.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs6d716d83-452a-48b2-9698-cfef8ce43b21.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs9086ad08-2005-47c9-8a79-5f826b74f0af.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsa8aff730-66f4-401e-9533-e8196882043f.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsa84a34e5-8351-4d2c-b287-c063a9d1be9d.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf7930b50-27c7-4165-be2e-1817fb77bc90.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs318a4760-aba7-4fdb-ae44-5e03550ef5c9.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs7c48ce46-3c4e-4318-8853-1f9cfa0d5ab1.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs35a092d8-9d99-484b-b9d0-b9efc46051d6.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs9312b8c6-981e-4e75-aa1e-2aaca3a22512.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs99061116-7468-423c-85b9-f0ca6f019cc8.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs66e87a14-8fa5-4a19-9913-dcd803e819c6.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs11554ef9-1a31-4516-b48f-1db20247ed86.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs059bcebe-6bb1-4268-b5c4-4af818296512.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs8c5eec9c-01c5-4f43-8683-f16df3ddd40d.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs60818e38-5354-4f99-8655-4ae79c3c5098.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs2b4fd645-4649-4ae4-b28d-002e335b77e0.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsad6fc6c4-aef8-4ca9-817c-599f6577df65.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs31a03137-52c0-4849-9d40-1ffe035e5488.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbde25923-c050-41a5-b702-488007d87198.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs2d29fc92-c38c-4ab3-adc8-dda1e2e3da9f.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb9e36558-1c53-4ccb-a72d-728064ac1fad.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs0ffb599e-3355-4f73-a1ff-daeac5e63ec1.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb041943b-8c42-47f2-8de6-8dc3fc5f0e10.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb03b6e20-069b-4551-bede-10627dd7bc16.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsd81491c4-ab1f-48db-a08d-cec9e4384489.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs780d8eb6-2366-4fde-af51-e8f842424b98.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs3bad4329-e8f8-429d-acd7-4a7b72102a04.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsc3013edd-6605-44e6-92ac-426518ca5572.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscse180e290-c3f0-4f0e-b9c3-bd71d7c16866.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs1ee3f316-44c0-416e-b596-7b9cff08fa3d.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscse62bafe9-7b6d-46bd-97dd-15793907e523.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsfc21a39e-203d-4e57-917d-ee411d769847.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs15daed29-eb13-4964-844f-f322b2d293b6.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsac4e714e-a433-45aa-a7e5-b864c5efb71e.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs870d6550-62ee-4c70-bb9b-faed36603165.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs7daa4315-a390-45ce-bb6d-21784ef04294.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs59f95f56-5cb4-4ef5-a488-a08ecef56dc9.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs7d85e05c-35d3-4df1-92e4-98c1d009dae7.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs3f22885e-ba30-4c90-8e4b-61c19c35e0d4.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs73f044ea-3097-4abe-b0e9-b28a890bc045.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsd2a14dad-9d81-45b7-8bdf-e44a1e5f0327.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs6ff35c73-6c47-4aa0-a760-4c77b4595b99.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs8749e117-d630-4c68-b41b-fb6303cc6742.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs9814d48b-2645-4b83-8898-8c8ff2f66a6a.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs27273b67-afd8-4eb9-a764-ff86c4af4b9f.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs7ac64b1e-8843-4bb6-96ab-257681360d39.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsa2e6ff83-06c7-4022-811b-dfa4c3f3173c.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs9466f77c-7f30-4d26-b001-bc5a202b9a47.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsa31d2f72-40c7-4f77-9cd3-f612ee8f6cf6.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs55cff340-31ce-47f9-94ce-0f20a55ded83.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs79e47bdc-56cc-4157-aafd-24f9633de7cd.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs5e7f73be-0502-4ebd-bf18-8a16e7d89ff4.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs99df4aea-a1f1-43f1-ac1b-ee62b9885090.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb661c6c-07c5-4c09-980e-c17ba24b524b.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs23023287-f0b0-4f8b-a85c-09261e44a3d1.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs624a5eb0-685b-4d66-bdab-0c8ba88b91e2.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs802bb4e7-d237-424e-8074-51d6931715cd.tmp". The process cannot access the file because it is being used by another process
10:06 PM: Found Adware: security iguard
10:06 PM: chmhelp.chm (ID = 75238)
10:07 PM: Warning: Failed to open file "c:\windows\all users\application data\aol\c_america online 9.0\organize\van68". The process cannot access the file because it is being used by another process
10:07 PM: Warning: Failed to open file "c:\windows\all users\application data\aol\c_america online 9.0\organize\cache\van00". The process cannot access the file because it is being used by another process
10:07 PM: Warning: Failed to open file "c:\windows\all users\application data\aol\c_america online 9.0\idb\snmaster.idx". The process cannot access the file because it is being used by another process
10:07 PM: Warning: Failed to open file "c:\windows\all users\application data\aol\c_america online 9.0\idb\app10575.lst". The process cannot access the file because it is being used by another process
10:07 PM: Warning: Failed to open file "c:\windows\all users\application data\aol\c_america online 9.0\idb\van68\mydb.idx". The process cannot access the file because it is being used by another process
10:07 PM: Warning: Failed to open file "c:\windows\all users\application data\aol\c_america online 9.0\idb\van68\toolbar.lst". The process cannot access the file because it is being used by another process
10:24 PM: a0010255.cpy (ID = 205)
10:24 PM: a0012275.cpy (ID = 205)
10:24 PM: a0015402.cpy (ID = 205)
10:24 PM: a0015476.cpy (ID = 205)
10:24 PM: a0016101.cpy (ID = 205)
10:24 PM: a0016106.cpy (ID = 205)
10:24 PM: a0016872.cpy (ID = 205)
10:24 PM: a0017867.cpy (ID = 205)
10:24 PM: a0018375.cpy (ID = 205)
10:24 PM: a0019370.cpy (ID = 205)
10:24 PM: a0020294.cpy (ID = 205)
10:24 PM: a0022221.cpy (ID = 205)
10:24 PM: a0022314.cpy (ID = 205)
10:24 PM: a0022778.cpy (ID = 205)
10:24 PM: a0022779.cpy (ID = 205)
10:24 PM: a0022784.cpy (ID = 205)
10:24 PM: a0025434.cpy (ID = 205)
10:24 PM: a0029183.cpy (ID = 205)
10:24 PM: a0030139.cpy (ID = 205)
10:37 PM: Warning: Failed to open file "c:\program files\kodak\kodak software updater\7288971\users\default\data\d0000000.fcs". The process cannot access the file because it is being used by another process
10:37 PM: Warning: Failed to open file "c:\program files\kodak\kodak software updater\7288971\users\default\data\chandir.dat". The process cannot access the file because it is being used by another process
10:37 PM: Warning: Failed to open file "c:\program files\kodak\kodak software updater\7288971\users\default\data\chandir.idx". The process cannot access the file because it is being used by another process
10:37 PM: Warning: Failed to open file "c:\program files\kodak\kodak software updater\7288971\users\default\data\storydb.dat". The process cannot access the file because it is being used by another process
10:37 PM: Warning: Failed to open file "c:\program files\kodak\kodak software updater\7288971\users\default\data\storydb.idx". The process cannot access the file because it is being used by another process
10:37 PM: Warning: Failed to open file "c:\program files\kodak\kodak software updater\7288971\users\default\data\chn.dat". The process cannot access the file because it is being used by another process
10:37 PM: Warning: Failed to open file "c:\program files\kodak\kodak software updater\7288971\users\default\data\chn.idx". The process cannot access the file because it is being used by another process
10:37 PM: Warning: Failed to open file "c:\program files\kodak\kodak software updater\7288971\users\default\data\prs_die.dat". The process cannot access the file because it is being used by another process
10:37 PM: Warning: Failed to open file "c:\program files\kodak\kodak software updater\7288971\users\default\data\prs_die.idx". The process cannot access the file because it is being used by another process
10:37 PM: Warning: Failed to open file "c:\program files\kodak\kodak software updater\7288971\users\default\data\prs_dnd.dat". The process cannot access the file because it is being used by another process
10:37 PM: Warning: Failed to open file "c:\program files\kodak\kodak software updater\7288971\users\default\data\prs_dnd.idx". The process cannot access the file because it is being used by another process
10:37 PM: Warning: Failed to open file "c:\program files\kodak\kodak software updater\7288971\users\default\data\prs_ext.dat". The process cannot access the file because it is being used by another process
10:37 PM: Warning: Failed to open file "c:\program files\kodak\kodak software updater\7288971\users\default\data\prs_ext.idx". The process cannot access the file because it is being used by another process
10:37 PM: Warning: Failed to open file "c:\program files\kodak\kodak software updater\7288971\users\default\data\prs_rcv.dat". The process cannot access the file because it is being used by another process
10:37 PM: Warning: Failed to open file "c:\program files\kodak\kodak software updater\7288971\users\default\data\prs_rcv.idx". The process cannot access the file because it is being used by another process
10:37 PM: Warning: Failed to open file "c:\program files\kodak\kodak software updater\7288971\users\default\data\prs.dat". The process cannot access the file because it is being used by another process
10:37 PM: Warning: Failed to open file "c:\program files\kodak\kodak software updater\7288971\users\default\data\prs.idx". The process cannot access the file because it is being used by another process
10:37 PM: Warning: Failed to open file "c:\program files\kodak\kodak software updater\7288971\users\default\data\l0000002.fcs". The process cannot access the file because it is being used by another process
10:38 PM: backup-20051209-213950-653.dll (ID = 205)
10:38 PM: backup-20051209-213950-255.dll (ID = 205)
10:38 PM: backup-20051209-213950-302.dll (ID = 205)
10:38 PM: tmp.exe (ID = 64374)
10:38 PM: Found Adware: purityscan
10:38 PM: 6.dat (ID = 73352)
10:38 PM: 5.dat (ID = 73338)
10:38 PM: 2.dat (ID = 79340)
10:39 PM: ms32.tmp (ID = 93654)
10:40 PM: Warning: Unhandled Archive Type
10:40 PM: Warning: Invalid file - not a PKZip file
10:42 PM: File Sweep Complete, Elapsed Time: 02:23:07
10:42 PM: Full Sweep has completed. Elapsed time 02:35:51
10:42 PM: Traces Found: 670
10:52 PM: Removal process initiated
10:53 PM: Quarantining All Traces: cws_ns3
10:53 PM: Warning: Out of memory
10:53 PM: Warning: Out of memory
10:53 PM: Warning: Out of memory
10:53 PM: Warning: Out of memory
10:54 PM: Warning: Out of memory
10:54 PM: Warning: Out of memory
10:54 PM: Warning: Out of memory
10:54 PM: Warning: Out of memory
10:54 PM: Warning: Out of memory
10:54 PM: Warning: Out of memory
10:54 PM: Warning: Out of memory
10:54 PM: Warning: Out of memory
10:54 PM: Warning: Out of memory
10:54 PM: Warning: Out of memory
10:54 PM: Warning: Out of memory
10:54 PM: Warning: Out of memory
10:54 PM: Warning: Out of memory
10:54 PM: Warning: Out of memory
10:54 PM: Warning: Out of memory
10:54 PM: Warning: Out of memory
10:54 PM: Warning: Out of memory
10:54 PM: Warning: Out of memory
10:54 PM: Warning: Out of memory
10:54 PM: Warning: Out of memory
10:54 PM: Warning: lzma: LZMA_Init failed
10:54 PM: Warning: lzma: LZMA_Init failed
10:54 PM: Warning: lzma: LZMA_Init failed
10:54 PM: Warning: lzma: LZMA_Init failed
10:54 PM: Warning: lzma: LZMA_Init failed
10:54 PM: Warning: lzma: LZMA_Init failed
10:54 PM: Warning: lzma: LZMA_Init failed
10:54 PM: Warning: lzma: LZMA_Init failed
10:54 PM: Warning: lzma: LZMA_Init failed
10:54 PM: Warning: lzma: LZMA_Init failed
10:54 PM: Warning: lzma: LZMA_Init failed
10:54 PM: Warning: lzma: LZMA_Init failed
10:54 PM: Warning: lzma: LZMA_Init failed
10:54 PM: Warning: lzma: LZMA_Init failed
10:54 PM: Warning: lzma: LZMA_Init failed
10:54 PM: Warning: lzma: LZMA_Init failed
10:54 PM: Warning: lzma: LZMA_Init failed
10:54 PM: Warning: lzma: LZMA_Init failed
10:54 PM: Warning: lzma: LZMA_Init failed
10:54 PM: Warning: lzma: LZMA_Init failed
10:54 PM: Warning: lzma: LZMA_Init failed
10:54 PM: Warning: lzma: LZMA_Init failed
10:54 PM: Warning: lzma: LZMA_Init failed
10:54 PM: Warning: lzma: LZMA_Init failed
10:54 PM: Warning: lzma: LZMA_Init failed
10:54 PM: Warning: lzma: LZMA_Init failed
10:54 PM: Warning: lzma: LZMA_Init failed
10:54 PM: Warning: lzma: LZMA_Init failed
10:54 PM: Warning: lzma: LZMA_Init failed
10:54 PM: Failed to quarantine cws_ns3
10:54 PM: Failed to quarantine clsid\{0b936818-a83d-004a-625a-757b4d758cc6}\
10:54 PM: Failed to quarantine clsid\{033935e4-a208-ab9e-dd2a-6a9b7e426d04}\
10:54 PM: Failed to quarantine clsid\{2a97db56-e2b4-967c-af9f-07fdf74289c2}\
10:54 PM: Failed to quarantine clsid\{24e10ff7-10aa-6198-95ae-258d49d9abca}\
10:54 PM: Failed to quarantine clsid\{50b9d537-5db0-52b1-ff6f-ed6c70da477e}\
10:54 PM: Failed to quarantine clsid\{67c68c5f-44c8-5ff5-ce7d-54e907d6d21c}\
10:54 PM: Failed to quarantine clsid\{90dee38b-0db3-a3ca-6f69-126542ad0fa1}\
10:54 PM: Failed to quarantine clsid\{4992e461-38dd-211a-fde8-64a8c67647ad}\
10:54 PM: Failed to quarantine clsid\{a5b3b4a7-6bd2-e7ce-e654-7a1d658d1bb3}\
10:54 PM: Failed to quarantine clsid\{a6bf9

#4 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 13 December 2005 - 07:16 PM

OK,lets run SpySweeper once more just as before with the same settings.

Save the session log just as before.

After the scan is completed-> Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK!

Under the "General" Tab

Make Sure "Normal Startup-load all device drivers and services" has a green tick by it

Click Apply->Close->Follow the Prompts to Restart

Restart Normal and have the PC Scanned here:
Panda Active Scan

You will need to be using Internet Explorer for the Scan to work

Save the Report it generates

Post back with a fresh HijackThis log and the reports from SpySweeper and Panda

Edited by Cretemonster, 13 December 2005 - 07:17 PM.


#5 devanert

devanert
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:09 PM

Posted 18 December 2005 - 04:22 PM

Sorry this has taken so long. Here you go:

HJT log
Logfile of HijackThis v1.99.1
Scan saved at 8:06:50 PM, on 12/15/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\TOPSPEED\2.0\AOLTSMON.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\TOPSPEED\2.0\AOLTPSPD.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RXMON9X.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\MOTIVEASSISTANT\BIN\MAD.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFTRAY.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\WAOL.EXE
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\PROGRAM FILES\KODAK\KODAK SOFTWARE UPDATER\7288971\PROGRAM\KODAK SOFTWARE UPDATER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFAGENT.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\SHELLMON.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\MY DOCUMENTS\HJT\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://205.134.182.164/1/
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {7E7E564B-AB87-9CE8-1B6D-B588C2C0D77D} - C:\WINDOWS\SYSTEM\JAVAOB.DLL
O2 - BHO: Class - {BE19E8BB-F0BF-178F-378D-58D7C4786A75} - C:\WINDOWS\SYSTEM\JAVAEP32.DLL (file missing)
O2 - BHO: Class - {F9B855F1-C37E-F3A9-43FE-89E50B8A6AA5} - C:\WINDOWS\NETQU32.DLL
O2 - BHO: Class - {0D7352EB-9580-8DF3-0652-9E4F96290410} - C:\WINDOWS\SYSTEM\NETIE.DLL (file missing)
O2 - BHO: Class - {E7CE8BF6-99C9-789F-291B-FDF539AB5062} - C:\WINDOWS\WINVQ32.DLL
O2 - BHO: Class - {E8A8EAEF-49DA-8B9D-C95D-EFD0FE242915} - C:\WINDOWS\SYSOG32.DLL
O2 - BHO: Class - {E35DCA52-2CC6-C2D7-7D97-2147BA9343E8} - C:\WINDOWS\MFCBI32.DLL
O2 - BHO: Class - {C7424E0E-B482-9AA1-E2D5-31C7F1BFA828} - C:\WINDOWS\SYSTEM\NETZV32.DLL
O2 - BHO: Class - {EF960B35-05C6-089B-8BB5-E19DDB3FF55E} - C:\WINDOWS\SYSTEM\NETYN.DLL (file missing)
O2 - BHO: Class - {C4002AA0-E402-546F-B18D-E929FCC430C3} - C:\WINDOWS\SYSTEM\ADDCV32.DLL
O2 - BHO: Class - {A99F288F-818C-33EF-4102-BD7B7597C6CA} - C:\WINDOWS\SYSTEM\JAVAWR.DLL
O2 - BHO: Class - {316BA5B3-B79D-8735-D27E-9DCBD696F7BA} - C:\WINDOWS\NTVV.DLL (file missing)
O2 - BHO: Class - {64E12648-15FF-FBB2-81BB-3A6EE3432D79} - C:\WINDOWS\SYSTEM\ATLWR32.DLL
O2 - BHO: Class - {D83E8454-F737-08C7-6BBB-9567C0B82257} - C:\WINDOWS\ADDOB.DLL
O2 - BHO: Class - {12124D3D-77E8-3DE2-0B1D-33D312010FA5} - C:\WINDOWS\SYSTEM\JAVANX.DLL
O2 - BHO: Class - {289AF6D4-6FA6-CEAF-D9B3-6766F8EB32EB} - C:\WINDOWS\SYSTEM\NTXW.DLL (file missing)
O2 - BHO: Class - {236770E7-E878-8704-8A5E-45616824DA7F} - C:\WINDOWS\SYSTEM\MSHC.DLL (file missing)
O2 - BHO: Class - {3F78C941-E449-EC74-0DED-EF0707F1BD9C} - C:\WINDOWS\CRPR32.DLL
O2 - BHO: (no name) - {FEDB5C70-C8D3-5CE0-5433-3BFBF961AF4B} - (no file)
O2 - BHO: Class - {C741BF98-EA31-4B67-1454-78CAB7B849F1} - C:\WINDOWS\ATLMP.DLL
O2 - BHO: Class - {934F52F5-7431-6F8D-CF03-508A60646BCC} - C:\WINDOWS\IEFQ.DLL
O2 - BHO: Class - {41010D82-27CE-1228-A8BB-341928A71CFD} - C:\WINDOWS\SYSTEM\APPYD32.DLL
O2 - BHO: Class - {7713DD6B-A984-F8B8-9A9D-A8BCF01E58A9} - C:\WINDOWS\SYSTEM\ADDWV.DLL (file missing)
O2 - BHO: Class - {5DB4FA6D-8DF7-FEDD-6004-A7710DCAC5DE} - C:\WINDOWS\NETKR32.DLL
O2 - BHO: Class - {AD10418C-BD75-DC87-6301-A207FC431238} - C:\WINDOWS\SYSTEM\SDKKK.DLL
O2 - BHO: Class - {FD58D0EF-6B05-A1B1-205C-7FF5D9CFD4D2} - C:\WINDOWS\ADDJR.DLL
O2 - BHO: Class - {79594BEC-6756-9AEC-9631-43E29D822932} - C:\WINDOWS\SYSTEM\MSBU.DLL
O2 - BHO: Class - {1F9D9E07-1BFB-38C6-9A8A-B3173AE58D88} - C:\WINDOWS\NTRG.DLL
O2 - BHO: Class - {9D9DFEE4-D4FF-4DF2-9A8B-75B98238D291} - C:\WINDOWS\NTXD32.DLL
O2 - BHO: Class - {6551769C-283F-C130-EF18-154295944C63} - C:\WINDOWS\SYSTEM\ATLLT.DLL
O2 - BHO: Class - {B9C93552-27C4-F100-2F9A-7E94B1E64C0F} - C:\WINDOWS\SYSTEM\CRAW32.DLL (file missing)
O2 - BHO: Class - {91C44800-0214-FBD3-43F5-73434349FC66} - C:\WINDOWS\D3CF32.DLL (file missing)
O2 - BHO: Class - {A5E20C38-8603-769D-57FD-1F7334EABBE1} - C:\WINDOWS\SYSTEM\IPOM.DLL
O2 - BHO: Class - {97D10E10-8197-55F4-F520-EC1143F3F330} - C:\WINDOWS\SYSTEM\APPIY32.DLL
O2 - BHO: Class - {0283E400-BF96-1C65-2C3F-9441F31430C2} - C:\WINDOWS\IEOT32.DLL
O2 - BHO: Class - {BC94F47E-FA75-F7AE-6982-DA5E61BD1650} - C:\WINDOWS\MSAE.DLL
O2 - BHO: Class - {82EDCDC8-3679-E5AB-AE96-5016FD6F4A9B} - C:\WINDOWS\MSQW.DLL
O2 - BHO: Class - {61989847-C88E-6AA5-CDEC-F30792B55203} - C:\WINDOWS\SYSTEM\IEKW32.DLL
O2 - BHO: Class - {088535BC-DED7-DA54-0D5F-6BC96009E456} - C:\WINDOWS\CRRP.DLL
O2 - BHO: Class - {FEAF00B8-398A-9E71-81CD-EE13C80FA3DF} - C:\WINDOWS\SYSTEM\NETOL.DLL
O2 - BHO: Class - {2194DAA6-B789-5B57-3511-EF041C8D02F0} - C:\WINDOWS\CRTD.DLL
O2 - BHO: Class - {36CC50DE-E932-3435-B11B-709E3AFE8849} - C:\WINDOWS\SDKGR.DLL (file missing)
O2 - BHO: Class - {5D2B941B-D55B-519B-85FE-DBFDF91762AF} - C:\WINDOWS\APIZX32.DLL (file missing)
O2 - BHO: Class - {DBC707AD-CFF5-1A0D-EC45-75AB99E68265} - C:\WINDOWS\MSNC.DLL
O2 - BHO: Class - {992E13AE-D008-24B3-4C60-B18BF10373C7} - C:\WINDOWS\SYSTEM\ATLLQ.DLL
O2 - BHO: Class - {843F3B7B-39C3-66C6-F22C-66BE36B4EFD1} - C:\WINDOWS\SYSTEM\MFCOP32.DLL
O2 - BHO: Class - {C2E7372D-7966-AE9D-84A5-B6BC009118C4} - C:\WINDOWS\SYSTEM\CRTK.DLL (file missing)
O2 - BHO: Class - {BB37280E-3BA4-0CF4-3710-D1E7E658044E} - C:\WINDOWS\APIHV.DLL
O2 - BHO: Class - {4D57FA16-5DA4-6BB0-8DE2-DD4789C18240} - C:\WINDOWS\SYSTEM\MFCYX.DLL
O2 - BHO: Class - {89E43E4E-2848-B42A-0ADB-B572F0397C37} - C:\WINDOWS\SYSTEM\MSSY.DLL
O2 - BHO: Class - {FC80064B-2F8B-2037-9399-180091F90881} - C:\WINDOWS\SYSTEM\MFCKP.DLL
O2 - BHO: Class - {BE166C01-C895-7DB1-E1E6-B6BD6196E91F} - C:\WINDOWS\NETXM32.DLL
O2 - BHO: Class - {CBCC2124-1931-5492-EAAF-C5C2E7437596} - C:\WINDOWS\SYSTEM\ADDUI.DLL
O2 - BHO: Class - {3DD54EF0-C455-3155-B9FA-1B8E9563E5AA} - C:\WINDOWS\SYSTEM\ATLJQ.DLL (file missing)
O2 - BHO: Class - {388C35E4-4B37-F24C-BB6E-80FD25B9D6EA} - C:\WINDOWS\SYSTEM\IEDV.DLL
O2 - BHO: Class - {DB1F0CAD-DFCA-D4CB-CE35-6727626309D9} - C:\WINDOWS\SYSTEM\WINVL32.DLL
O2 - BHO: Class - {3E57FD45-AF17-BDB1-B3E6-647628792796} - C:\WINDOWS\WINUX32.DLL
O2 - BHO: Class - {1C38F764-5211-C094-13C0-3AE414DC1B2A} - C:\WINDOWS\MSCW.DLL
O2 - BHO: Class - {B0BAA0D3-B86E-A237-D6EA-D5428A8C6CBC} - C:\WINDOWS\ADDUH32.DLL
O2 - BHO: Class - {D83EB827-761A-C8F4-42CF-3259313B99DB} - C:\WINDOWS\SYSTEM\APIIN32.DLL (file missing)
O2 - BHO: Class - {01C38962-50E8-FF21-1263-007E149E5D9C} - C:\WINDOWS\SYSTEM\ATLTZ.DLL
O2 - BHO: Class - {EE0622B9-E1DD-2901-FB4F-F5C1BFA6825D} - C:\WINDOWS\SYSTEM\WINSQ32.DLL (file missing)
O2 - BHO: Class - {299C0D6E-6A21-DC7E-43CF-A80D52149E2D} - C:\WINDOWS\ADDPB.DLL
O2 - BHO: Class - {082FA205-CF3A-E156-F50C-35DEC1A41A0F} - C:\WINDOWS\IPCR.DLL (file missing)
O2 - BHO: Class - {38F22DD8-5970-FD55-1177-27E5BB249D69} - C:\WINDOWS\SYSTEM\NETYW.DLL
O2 - BHO: Class - {9E45C8C1-AA50-A400-B9DA-69B4E3B82261} - C:\WINDOWS\SYSTEM\IPGE32.DLL
O2 - BHO: Class - {729087AF-F985-6D35-58ED-1A52E73988DF} - C:\WINDOWS\IPWV.DLL
O2 - BHO: Class - {6BEDB588-8705-AA0B-BFA3-5AF1BD56824B} - C:\WINDOWS\SYSTEM\JAVALB32.DLL
O2 - BHO: Class - {306F43F2-AC75-DC0C-F9B5-7FEDDF51F24D} - C:\WINDOWS\SYSTEM\CRMP32.DLL (file missing)
O2 - BHO: Class - {436CC2D6-13C5-6564-C2F0-1E89CB49E703} - C:\WINDOWS\NTRH.DLL
O2 - BHO: Class - {35A01210-A8E7-5949-8F4B-D83F54410DD6} - C:\WINDOWS\SYSTEM\MFCFV32.DLL
O2 - BHO: Class - {093585F1-45A2-F3FD-5DC8-CE8C707B844B} - C:\WINDOWS\IPPA.DLL (file missing)
O2 - BHO: Class - {DB309419-3C5C-375B-8765-4F2EE5877F1F} - C:\WINDOWS\APPJF32.DLL
O2 - BHO: Class - {551461B1-5C38-24A7-3B81-7F0347BA8044} - C:\WINDOWS\D3AO32.DLL
O2 - BHO: Class - {4FA3DEC1-D04D-E7B3-2CFE-A94E2B308831} - C:\WINDOWS\NTAI.DLL
O2 - BHO: Class - {C0E5E8CB-AF48-7FE8-39B9-CD037FE0CF7D} - C:\WINDOWS\ADDJB.DLL
O2 - BHO: (no name) - {F032F043-EDA1-57B1-CD1D-20AEBAA824CB} - (no file)
O2 - BHO: Class - {A23A37B0-4D47-787A-2542-90BAA46F7745} - C:\WINDOWS\APPIQ32.DLL (file missing)
O2 - BHO: Class - {8A3A1428-A50F-394F-7CFB-789596227CC4} - C:\WINDOWS\SDKNL32.DLL
O2 - BHO: Class - {0CE877B3-8B10-254F-3517-B88272EF3FF6} - C:\WINDOWS\SYSTEM\APPRM32.DLL
O2 - BHO: Class - {0B9BEF6F-48A7-B4E4-9373-E344FC57DCEA} - C:\WINDOWS\WINEK.DLL
O2 - BHO: Class - {60C941AF-A970-9E0B-BEFD-9B627853F77E} - C:\WINDOWS\SYSTEM\ADDAH.DLL
O2 - BHO: Class - {EC242DA4-E210-A44F-433D-92D6C9292A65} - C:\WINDOWS\JAVAKH.DLL (file missing)
O2 - BHO: Class - {5716EE74-FBF6-6197-AE1A-1ECC21EE958F} - C:\WINDOWS\SYSTEM\SYSBI32.DLL (file missing)
O2 - BHO: Class - {16BC716B-4CA1-1BCC-3013-0BB54033C395} - C:\WINDOWS\WINLU.DLL
O2 - BHO: Class - {FCD0707C-4D9F-46BA-9843-846B08A81ECE} - C:\WINDOWS\APIKN32.DLL
O2 - BHO: Class - {980E64CD-AF79-300D-D6F9-CA197FEC4945} - C:\WINDOWS\SYSTEM\SDKYT32.DLL
O2 - BHO: Class - {5B9FD345-F3DE-D005-2ECE-CAB9FE8750CF} - C:\WINDOWS\NETEW32.DLL
O2 - BHO: Class - {E44B2869-3C3C-2E0D-FE6F-F5D9CE7E35FE} - C:\WINDOWS\APIPA.DLL
O2 - BHO: Class - {50CEBE40-0931-C174-0942-791226F19C0F} - C:\WINDOWS\NTRY32.DLL (file missing)
O2 - BHO: Class - {E459619A-C171-75BF-3590-3D36A397D81B} - C:\WINDOWS\IPBP32.DLL
O2 - BHO: Class - {C15F2371-A742-8BA9-7A00-54C987BB597F} - C:\WINDOWS\APILQ.DLL
O2 - BHO: Class - {070658EF-FBB1-51FF-B02D-6C8EC243119E} - C:\WINDOWS\APIQZ.DLL
O2 - BHO: Class - {09D46D1A-7C15-52D7-CA95-F0B35470CD73} - C:\WINDOWS\CRDK.DLL
O2 - BHO: Class - {7DBD4D7B-18BA-1454-894C-6230CF52FCC5} - C:\WINDOWS\SYSTEM\SDKWK.DLL (file missing)
O2 - BHO: Class - {01B8230F-FFA5-630F-4267-7F2880D80B57} - C:\WINDOWS\CRUN.DLL
O2 - BHO: Class - {7EFE0B4F-CF0A-0367-88AF-EDB349FEAC20} - C:\WINDOWS\SYSTEM\NTSJ.DLL (file missing)
O2 - BHO: Class - {3C709686-1D4D-C97B-5E58-FE7B58DE9102} - C:\WINDOWS\SYSTEM\CRCZ.DLL
O2 - BHO: Class - {44CDEE57-A711-7BB5-5A48-6D6A0C169088} - C:\WINDOWS\MFCAV32.DLL (file missing)
O2 - BHO: Class - {2316F731-AD64-FBB4-5E87-59967C4541BF} - C:\WINDOWS\SYSTEM\JAVARQ32.DLL
O2 - BHO: Class - {D4453AEB-33E8-3237-5BB4-BD2626EAF5E2} - C:\WINDOWS\CRTV.DLL (file missing)
O2 - BHO: Class - {07146AF0-7FF5-EAB9-8DF4-A761A47B6EC0} - C:\WINDOWS\MFCEI.DLL
O2 - BHO: Class - {9B31480F-0711-B287-66EA-53C4344E07E5} - C:\WINDOWS\SYSTEM\APPBY.DLL (file missing)
O2 - BHO: Class - {207AE86C-EC5E-CC1A-C0F3-F84E29A81F51} - C:\WINDOWS\SYSTEM\IEWY.DLL (file missing)
O2 - BHO: (no name) - {FC8CAC2E-E32B-0FD0-16A5-10FEAEDA2D44} - (no file)
O2 - BHO: Class - {BD6D3515-13C8-89DB-38D3-4630B615B324} - C:\WINDOWS\ADDQI32.DLL
O2 - BHO: Class - {6F8DB982-F820-7376-2AB9-CA0E147B64BE} - C:\WINDOWS\NTAG.DLL
O2 - BHO: Class - {C0F1AE33-153C-4E19-A0B9-7155E429A4F5} - C:\WINDOWS\SYSTEM\WINSE32.DLL (file missing)
O2 - BHO: Class - {E8C707B8-4BFE-5F10-9A0F-ABCDA9B4A798} - C:\WINDOWS\SYSTEM\NETTQ32.DLL (file missing)
O2 - BHO: Class - {65515E86-744B-E7DC-1764-BE40FD487890} - C:\WINDOWS\CRDZ.DLL
O2 - BHO: Class - {61CA3AF6-2E10-18DB-BB89-818F7430DD7E} - C:\WINDOWS\SYSTEM\ADDTX32.DLL
O2 - BHO: Class - {AB05AE41-F1D5-D736-88F2-C487321270C0} - C:\WINDOWS\JAVARN32.DLL (file missing)
O2 - BHO: Class - {95910D88-5B54-A5C5-10A9-C5AD58D4CB50} - C:\WINDOWS\APIAM32.DLL
O2 - BHO: Class - {4D25DD00-BA7F-935D-7E47-576A8D08A148} - C:\WINDOWS\IEIT32.DLL (file missing)
O2 - BHO: Class - {F0643C15-D984-4C1A-869B-AC139041AF0F} - C:\WINDOWS\SYSTEM\CREX.DLL
O2 - BHO: Class - {BD562714-4CBF-6793-6BD0-85FA3F496C5B} - C:\WINDOWS\SYSTEM\MFCKE.DLL
O2 - BHO: Class - {4CF3F22B-5DA9-5DE0-5DEB-EE4100912572} - C:\WINDOWS\NETIQ32.DLL (file missing)
O2 - BHO: Class - {432A50E4-15E1-B224-9F27-8699E3BE07E3} - C:\WINDOWS\SYSTEM\WINKP32.DLL (file missing)
O2 - BHO: Class - {AF9077DF-1DBF-0114-80DB-267B601E8BF8} - C:\WINDOWS\SDKOK.DLL (file missing)
O2 - BHO: Class - {9FD846EF-6A74-8A53-3F0E-2C94011D4C95} - C:\WINDOWS\SYSTEM\IPJB.DLL
O2 - BHO: Class - {32FEF4E4-4FCC-2539-EFD7-A3A0AEB5064E} - C:\WINDOWS\SYSTEM\JAVALJ.DLL (file missing)
O2 - BHO: Class - {18C2B1ED-7635-92A8-5DB5-E71520573650} - C:\WINDOWS\D3JQ32.DLL
O2 - BHO: Class - {5F94CC3B-C656-9113-2D49-5844BD227846} - C:\WINDOWS\SYSTEM\ATLTL32.DLL
O2 - BHO: Class - {911C9539-EF96-7E39-FC5A-E64A99056168} - C:\WINDOWS\SYSTEM\APIQK.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Class - {E4D353C5-F038-4827-9CDA-ABDCF49E5AB5} - C:\WINDOWS\APPQA32.DLL
O2 - BHO: Class - {05A31BEE-9E35-88EA-21E0-006563AE97F4} - C:\WINDOWS\NTXF.DLL
O2 - BHO: Class - {A8F818F5-31A4-2D4C-AE8C-5FD1A39AC827} - C:\WINDOWS\SYSTEM\NTDO.DLL (file missing)
O2 - BHO: Class - {59499B40-7091-52FC-70B3-880BF84D9EE3} - C:\WINDOWS\SYSTEM\NETVI32.DLL (file missing)
O2 - BHO: Class - {C38BD7A9-5C15-E13B-D0D4-B82D49E338A3} - C:\WINDOWS\SYSTEM\NTQP32.DLL (file missing)
O2 - BHO: Class - {FDEEBCF1-BD77-3F48-90AD-29EE05803428} - C:\WINDOWS\IPFF32.DLL (file missing)
O2 - BHO: Class - {714B5AF2-602C-E2B6-5435-F9B5BE040934} - C:\WINDOWS\SYSTEM\ATLNG.DLL (file missing)
O2 - BHO: Class - {6C653AB5-E650-E0AB-7B19-3D05955C2EDA} - C:\WINDOWS\SYSTEM\D3QS32.DLL
O2 - BHO: Class - {E16B1DD3-344A-79E1-514A-8BF5E68E8461} - C:\WINDOWS\SYSTEM\NETMI32.DLL (file missing)
O2 - BHO: Class - {3EAE7E41-1C8C-F033-435F-737FE0B9121D} - C:\WINDOWS\WINMW.DLL (file missing)
O2 - BHO: Class - {D602B1C4-CBB2-797E-9F01-4F6B0FA20838} - C:\WINDOWS\SYSTEM\SDKZY.DLL (file missing)
O2 - BHO: Class - {0E0566F7-EA1D-1C67-9F75-7DAC95434628} - C:\WINDOWS\APPDB32.DLL
O2 - BHO: Class - {846E0BB2-4B7E-3DCA-BD80-7211A3EE88C4} - C:\WINDOWS\JAVAIM32.DLL
O2 - BHO: Class - {55B824BF-D05C-3C69-F473-2D569D9D604F} - C:\WINDOWS\SYSTEM\JAVAIT32.DLL (file missing)
O2 - BHO: Class - {DBF01E90-2654-1D4D-B857-B1C3A0B33591} - C:\WINDOWS\D3VX32.DLL (file missing)
O2 - BHO: Class - {06626DEE-A737-480F-0923-8A1A6B3424C9} - C:\WINDOWS\SYSTEM\MFCXK32.DLL (file missing)
O2 - BHO: Class - {7148010B-B7E6-0815-E592-F49DCDA5FF42} - C:\WINDOWS\SYSTEM\SDKXW32.DLL
O2 - BHO: Class - {89AEB6D2-A932-85DB-A6A3-0ADB07058BA3} - C:\WINDOWS\MFCFA32.DLL (file missing)
O2 - BHO: Class - {C124FC74-49CF-A8D2-DBF7-1F6B5C37337E} - C:\WINDOWS\ADDGU32.DLL (file missing)
O2 - BHO: Class - {46F0B586-63AE-3428-88FC-AD230B3E4D26} - C:\WINDOWS\NTRE32.DLL (file missing)
O2 - BHO: Class - {5F18F145-9A74-3477-D55F-52A7FEDA6984} - C:\WINDOWS\APIBH.DLL (file missing)
O2 - BHO: Class - {E8958CBA-D734-B7F0-2039-60657373729F} - C:\WINDOWS\APIZG.DLL (file missing)
O2 - BHO: Class - {60EE3993-541E-55E9-33E9-BB7AB0AC2EF3} - C:\WINDOWS\SYSTEM\APPNG.DLL
O2 - BHO: Class - {E7FEE8CD-D4D3-8260-44A7-67DD4A71E995} - C:\WINDOWS\SYSTEM\ATLPF.DLL (file missing)
O2 - BHO: Class - {02C2F74B-206D-DFEE-6CAE-D4094E17A18D} - C:\WINDOWS\SDKQG.DLL (file missing)
O2 - BHO: Class - {C63AB847-F5FF-3F45-DB28-0A94EB25589A} - C:\WINDOWS\SYSTEM\JAVAJD32.DLL (file missing)
O2 - BHO: Class - {9FD32095-ADF7-1A19-991F-C1758F72D8DC} - C:\WINDOWS\SYSTEM\APIGN32.DLL (file missing)
O2 - BHO: Class - {E32D915F-70AF-8742-291F-54510B403139} - C:\WINDOWS\NETKT32.DLL (file missing)
O2 - BHO: Class - {C2B4381A-624D-8F51-B758-89C0C91258DE} - C:\WINDOWS\IEZO32.DLL (file missing)
O2 - BHO: Class - {C228461E-7277-4842-97BB-2B22627E644A} - C:\WINDOWS\D3JK.DLL
O2 - BHO: Class - {E0C2E16D-3ECF-C5BB-22C0-BB528174D850} - C:\WINDOWS\SYSTEM\APPYT32.DLL (file missing)
O2 - BHO: Class - {692156AA-6605-5668-04D3-C5B2231A6A6A} - C:\WINDOWS\SYSTEM\IPUQ.DLL (file missing)
O2 - BHO: Class - {77B4CE71-F8EB-D009-07EA-8D5437684795} - C:\WINDOWS\ATLQY.DLL (file missing)
O2 - BHO: Class - {68F79F99-75BB-3696-AC11-DC7D8241232E} - C:\WINDOWS\ADDJN32.DLL (file missing)
O2 - BHO: Class - {BEDB0663-7AC0-B7C0-BE42-118165167350} - C:\WINDOWS\SDKTO32.DLL (file missing)
O2 - BHO: Class - {065681BC-006E-9E35-5DC5-EF4FEF1D58C6} - C:\WINDOWS\ATLKP32.DLL (file missing)
O2 - BHO: Class - {8A3738CE-3940-31B0-B55D-C8804EDED77B} - C:\WINDOWS\SYSTEM\NETWL.DLL (file missing)
O2 - BHO: Class - {4097E29E-2A74-3EEA-7090-0E73AF19AC3E} - C:\WINDOWS\APISA32.DLL (file missing)
O2 - BHO: Class - {B4124C0E-0880-9F8D-0AE8-633A1896EC0A} - C:\WINDOWS\SYSTEM\NTHM32.DLL (file missing)
O2 - BHO: Class - {2B49D9DE-8B8E-0B64-675D-28453B9B313A} - C:\WINDOWS\IPZG32.DLL (file missing)
O2 - BHO: Class - {C8D1C684-C2C9-372C-CB57-F9A72CB478D6} - C:\WINDOWS\NTVX32.DLL (file missing)
O2 - BHO: Class - {2F96309F-5728-7649-2879-9AF7D04FF706} - C:\WINDOWS\SYSTEM\JAVAJI.DLL (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\McUpdate.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe
O4 - HKLM\..\Run: [RxMon] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe
O4 - HKLM\..\Run: [madexe] C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [WAOL.EXE] C:\PROGRAM FILES\AMERICA ONLINE 9.0\WAOL.EXE
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [AOL TopSpeedMonitor] C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRAM FILES\AMERICA ONLINE 9.0\AOL.EXE" -b
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Startup: AdSubtract.lnk = C:\AdSub.exe
O15 - Trusted Zone: *.iframedollars.biz (HKLM)
O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.pw.aol.com/molbin/shared/m...77/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.pw.aol.com/molbin/shared/m...,18/mcgdmgr.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net


SpySweeper
Spysweeper
********
10:32 PM: | Start of Session, Wednesday, December 14, 2005 |
10:32 PM: Spy Sweeper started
10:32 PM: Sweep initiated using definitions version 584
10:32 PM: Starting Memory Sweep
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\JAVAOB.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\NETQU32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\WINVQ32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSOG32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\MFCBI32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\NETZV32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\ADDCV32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\JAVAWR.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\ATLWR32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\ADDOB.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\JAVANX.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\JAVAAB.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\CRPR32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\ADDGC.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\ATLMP.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\IEFQ.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\APPYD32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\NETKR32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\SDKKK.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\ADDJR.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\MSBU.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\NTRG.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\NTXD32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\ATLLT.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\IPOM.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\APPIY32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\IEOT32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\MSAE.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\MSQW.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\IEKW32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\CRRP.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\NETOL.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\CRTD.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\MSNC.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\ATLLQ.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\MFCOP32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\APIHV.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\MFCYX.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\MSSY.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\MFCKP.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\NETXM32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\ADDUI.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\IEDV.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\WINVL32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\WINUX32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\MSCW.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\ADDUH32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\ATLTZ.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\ADDPB.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\NETYW.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\IPGE32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\IPWV.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\JAVALB32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\NTRH.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\MFCFV32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\APPJF32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\D3AO32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\NTAI.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\ADDJB.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\IEWC.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\D3RP32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SDKNL32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\APPRM32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\WINEK.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\ADDAH.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\WINLU.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\APIKN32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\SDKYT32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\NETEW32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\APIPA.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\IPBP32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\APILQ.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\APIQZ.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\CRDK.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\CRUN.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\CRCZ.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\JAVARQ32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\MFCEI.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\IPQM32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\ADDQI32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\NTAG.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\CRDZ.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\ADDTX32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\APIAM32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\CREX.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\MFCKE.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\IPJB.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\D3JQ32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\ATLTL32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\APIQK.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\APPQA32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\NTXF.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\D3QS32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\APPDB32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\JAVAIM32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\SDKXW32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\APPNG.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\MFCTO32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\D3JK.DLL
10:43 PM: Memory Sweep Complete, Elapsed Time: 00:10:40
10:43 PM: Starting Registry Sweep
10:43 PM: Found Adware: brilliant digital
10:43 PM: HKCR\.s3d\ (1 subtraces) (ID = 104924)
10:43 PM: HKLM\software\classes\.s3d\ (1 subtraces) (ID = 104956)
10:43 PM: Found Adware: cws-aboutblank
10:43 PM: HKCR\clsid\{483c767c-e381-7083-fd10-379897aedefb}\ (2 subtraces) (ID = 113500)
10:43 PM: HKCR\clsid\{e5d9d755-2d91-6cbe-9628-de15e878caf8}\ (2 subtraces) (ID = 114160)
10:43 PM: HKCR\interface\{b3b79dd5-4cd5-4f97-8829-5e1f08d46c66}\ (8 subtraces) (ID = 114339)
10:43 PM: HKLM\software\classes\clsid\{483c767c-e381-7083-fd10-379897aedefb}\ (2 subtraces) (ID = 115075)
10:43 PM: HKLM\software\classes\clsid\{e5d9d755-2d91-6cbe-9628-de15e878caf8}\ (2 subtraces) (ID = 115726)
10:43 PM: HKLM\software\classes\interface\{b3b79dd5-4cd5-4f97-8829-5e1f08d46c66}\ (8 subtraces) (ID = 115903)
10:43 PM: HKLM\software\classes\typelib\{c89e0f84-3c34-43d1-a72c-af1a160a7c07}\ (2 subtraces) (ID = 115916)
10:43 PM: HKLM\software\classes\typelib\{cf87e7d9-d16a-485c-9104-943a0c088ef3}\ (9 subtraces) (ID = 115919)
10:43 PM: HKLM\software\classes\typelib\{cf87e7d9-d16a-485c-9104-943a0c088ef3}\1.0\0\win32\ (1 subtraces) (ID = 115920)
10:43 PM: HKCR\typelib\{c89e0f84-3c34-43d1-a72c-af1a160a7c07}\ (2 subtraces) (ID = 116776)
10:43 PM: HKCR\typelib\{cf87e7d9-d16a-485c-9104-943a0c088ef3}\ (9 subtraces) (ID = 116779)
10:43 PM: Found Adware: cws_ns3
10:43 PM: HKCR\clsid\{0b936818-a83d-004a-625a-757b4d758cc6}\ (2 subtraces) (ID = 117609)
10:43 PM: HKCR\clsid\{033935e4-a208-ab9e-dd2a-6a9b7e426d04}\ (2 subtraces) (ID = 117651)
10:43 PM: HKCR\clsid\{2a97db56-e2b4-967c-af9f-07fdf74289c2}\ (2 subtraces) (ID = 117739)
10:43 PM: HKCR\clsid\{24e10ff7-10aa-6198-95ae-258d49d9abca}\ (7 subtraces) (ID = 118110)
10:43 PM: HKCR\clsid\{50b9d537-5db0-52b1-ff6f-ed6c70da477e}\ (26 subtraces) (ID = 118189)
10:43 PM: HKCR\clsid\{67c68c5f-44c8-5ff5-ce7d-54e907d6d21c}\ (26 subtraces) (ID = 118238)
10:43 PM: HKCR\clsid\{90dee38b-0db3-a3ca-6f69-126542ad0fa1}\ (6 subtraces) (ID = 118300)
10:43 PM: HKCR\clsid\{4992e461-38dd-211a-fde8-64a8c67647ad}\ (24 subtraces) (ID = 118505)
10:43 PM: HKCR\clsid\{a5b3b4a7-6bd2-e7ce-e654-7a1d658d1bb3}\ (2 subtraces) (ID = 118745)
10:43 PM: HKCR\clsid\{a6bf9b01-2b57-89d9-ad1f-af854374c992}\ (2 subtraces) (ID = 118748)
10:43 PM: HKCR\clsid\{a9bb7c1a-e63b-e0a9-63eb-7124fa52d1b0}\ (2 subtraces) (ID = 118755)
10:43 PM: HKCR\clsid\{b1169abc-e367-2937-9f96-3b9cb54e0f31}\ (2 subtraces) (ID = 118884)
10:43 PM: HKCR\clsid\{c42cf26e-2b02-05de-7d7b-a16c5c2095bb}\ (2 subtraces) (ID = 118987)
10:43 PM: HKCR\clsid\{d7b5394e-d013-3545-35d0-45376236a8dc}\ (2 subtraces) (ID = 119095)
10:43 PM: HKCR\clsid\{d223f02d-058e-2cfe-d02d-81826009252b}\ (2 subtraces) (ID = 119115)
10:43 PM: HKCR\clsid\{eceaf197-b6ef-9e38-0846-ff3bb03983ad}\ (2 subtraces) (ID = 119305)
10:43 PM: HKCR\clsid\{ef3dbf8f-82ae-7c37-9e41-ff6768f169e3}\ (8 subtraces) (ID = 119327)
10:43 PM: HKCR\clsid\{f032f043-eda1-57b1-cd1d-20aebaa824cb}\ (24 subtraces) (ID = 119342)
10:43 PM: HKCR\clsid\{fc8cac2e-e32b-0fd0-16a5-10feaeda2d44}\ (8 subtraces) (ID = 119435)
10:43 PM: HKCR\clsid\{fedb5c70-c8d3-5ce0-5433-3bfbf961af4b}\ (26 subtraces) (ID = 119458)
10:43 PM: HKLM\software\classes\clsid\{0b936818-a83d-004a-625a-757b4d758cc6}\ (2 subtraces) (ID = 119488)
10:43 PM: HKLM\software\classes\clsid\{033935e4-a208-ab9e-dd2a-6a9b7e426d04}\ (2 subtraces) (ID = 119530)
10:43 PM: HKLM\software\classes\clsid\{2a97db56-e2b4-967c-af9f-07fdf74289c2}\ (2 subtraces) (ID = 119615)
10:43 PM: HKLM\software\classes\clsid\{50b9d537-5db0-52b1-ff6f-ed6c70da477e}\ (26 subtraces) (ID = 120046)
10:43 PM: HKLM\software\classes\clsid\{67c68c5f-44c8-5ff5-ce7d-54e907d6d21c}\ (26 subtraces) (ID = 120095)
10:43 PM: HKLM\software\classes\clsid\{90dee38b-0db3-a3ca-6f69-126542ad0fa1}\ (6 subtraces) (ID = 120156)
10:43 PM: HKLM\software\classes\clsid\{338e88e9-d821-1c15-a00d-907ab980e988}\ (2 subtraces) (ID = 120215)
10:43 PM: HKLM\software\classes\clsid\{4992e461-38dd-211a-fde8-64a8c67647ad}\ (24 subtraces) (ID = 120352)
10:43 PM: HKLM\software\classes\clsid\{a5b3b4a7-6bd2-e7ce-e654-7a1d658d1bb3}\ (2 subtraces) (ID = 120584)
10:43 PM: HKLM\software\classes\clsid\{a6bf9b01-2b57-89d9-ad1f-af854374c992}\ (2 subtraces) (ID = 120587)
10:43 PM: HKLM\software\classes\clsid\{a9bb7c1a-e63b-e0a9-63eb-7124fa52d1b0}\ (2 subtraces) (ID = 120594)
10:43 PM: HKLM\software\classes\clsid\{b1169abc-e367-2937-9f96-3b9cb54e0f31}\ (2 subtraces) (ID = 120722)
10:43 PM: HKLM\software\classes\clsid\{c42cf26e-2b02-05de-7d7b-a16c5c2095bb}\ (2 subtraces) (ID = 120824)
10:43 PM: HKLM\software\classes\clsid\{d7b5394e-d013-3545-35d0-45376236a8dc}\ (2 subtraces) (ID = 120931)
10:43 PM: HKLM\software\classes\clsid\{d223f02d-058e-2cfe-d02d-81826009252b}\ (2 subtraces) (ID = 120951)
10:43 PM: HKLM\software\classes\clsid\{eceaf197-b6ef-9e38-0846-ff3bb03983ad}\ (2 subtraces) (ID = 121136)
10:43 PM: HKLM\software\classes\clsid\{ef3dbf8f-82ae-7c37-9e41-ff6768f169e3}\ (8 subtraces) (ID = 121157)
10:43 PM: HKLM\software\classes\clsid\{f032f043-eda1-57b1-cd1d-20aebaa824cb}\ (24 subtraces) (ID = 121172)
10:43 PM: HKLM\software\classes\clsid\{fc8cac2e-e32b-0fd0-16a5-10feaeda2d44}\ (8 subtraces) (ID = 121260)
10:43 PM: HKLM\software\classes\clsid\{fedb5c70-c8d3-5ce0-5433-3bfbf961af4b}\ (26 subtraces) (ID = 121283)
10:43 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{50b9d537-5db0-52b1-ff6f-ed6c70da477e}\ (1 subtraces) (ID = 122607)
10:43 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{67c68c5f-44c8-5ff5-ce7d-54e907d6d21c}\ (1 subtraces) (ID = 122635)
10:43 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{4992e461-38dd-211a-fde8-64a8c67647ad}\ (1 subtraces) (ID = 122777)
10:43 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{ef3dbf8f-82ae-7c37-9e41-ff6768f169e3}\ (1 subtraces) (ID = 123212)
10:44 PM: Found Adware: isearch toolbar
10:44 PM: HKLM\software\ietoolbarpluginpersist\ (1 subtraces) (ID = 129025)
10:45 PM: Found System Monitor: netchatspy
10:45 PM: HKLM\software\classes\typelib\{de10c540-810e-11cf-bbe7-444553540000}\ (9 subtraces) (ID = 1039932)
10:45 PM: HKCR\regobj.registry\ (5 subtraces) (ID = 1040122)
10:45 PM: HKCR\regobj.registry.1\ (3 subtraces) (ID = 1040128)
10:45 PM: HKCR\clsid\{c55a1680-cd5a-11cf-8d29-444553540000}\ (12 subtraces) (ID = 1040337)
10:45 PM: HKCR\typelib\{de10c540-810e-11cf-bbe7-444553540000}\ (9 subtraces) (ID = 1040859)
10:45 PM: HKLM\software\classes\regobj.registry\ (5 subtraces) (ID = 1041079)
10:45 PM: HKLM\software\classes\regobj.registry.1\ (3 subtraces) (ID = 1041083)
10:45 PM: HKLM\software\classes\clsid\{c55a1680-cd5a-11cf-8d29-444553540000}\ (12 subtraces) (ID = 1041291)
10:45 PM: Registry Sweep Complete, Elapsed Time:00:01:57
10:45 PM: Starting Cookie Sweep
10:45 PM: Found Spy Cookie: centrport net cookie
10:45 PM: default@centrport[1].txt (ID = 2374)
10:45 PM: Found Spy Cookie: atwola cookie
10:45 PM: default@atwola[1].txt (ID = 2255)
10:45 PM: Found Spy Cookie: burstnet cookie
10:45 PM: default@burstnet[1].txt (ID = 2336)
10:45 PM: Found Spy Cookie: casalemedia cookie
10:45 PM: default@casalemedia[1].txt (ID = 2354)
10:45 PM: Found Spy Cookie: 2o7.net cookie
10:45 PM: default@2o7[2].txt (ID = 1957)
10:45 PM: Found Spy Cookie: pointroll cookie
10:45 PM: default@ads.pointroll[1].txt (ID = 3148)
10:45 PM: Found Spy Cookie: questionmarket cookie
10:45 PM: default@questionmarket[1].txt (ID = 3217)
10:45 PM: Found Spy Cookie: coolsavings cookie
10:45 PM: default@coolsavings[2].txt (ID = 2465)
10:45 PM: Found Spy Cookie: paycounter cookie
10:45 PM: default@paycounter[1].txt (ID = 3115)
10:45 PM: Found Spy Cookie: ru4 cookie
10:45 PM: default@edge.ru4[2].txt (ID = 3269)
10:45 PM: Found Spy Cookie: zedo cookie
10:45 PM: default@zedo[2].txt (ID = 3762)
10:45 PM: Found Spy Cookie: overture cookie
10:45 PM: default@overture[2].txt (ID = 3105)
10:45 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
10:45 PM: Starting File Sweep
10:45 PM: Warning: Failed to open file "c:\windows\win386.swp". The process cannot access the file because it is being used by another process
11:32 PM: Found Adware: cws_tiny0
11:32 PM: d3rq.dll (ID = 205)
12:06 AM: Warning: Failed to open file "c:\windows\application data\aol\c_america online 9.0\idb\art.idx". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\aol\c_america online 9.0\idb\apps.lst". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\aol\c_america online 9.0\idb\sysnews.lst". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\aol\c_america online 9.0\idb\spool.lst". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs2a369da6-0a7a-4d72-9712-4156ff29dc64.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf775e845-a053-46b5-bead-6a1b1ba1dcfa.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs8df0541f-0f78-491e-9523-31b5e10444c7.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsba4f5401-b0ab-4807-954b-e074ba10c152.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb9d25f7f-6980-4cb7-bb4c-8e08753c3043.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs921cbfd7-8c90-416f-923f-6fe8d188e275.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb42134fc-419c-4812-a6b4-c1644cffbc33.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsd021ddfd-637e-4942-8179-6b5dfb915a8f.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs57674da3-8a45-4058-9e30-fd172f3b6685.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsd0a38388-3144-4287-b6a9-f292e9cbf15c.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs2619a778-3bf2-40ba-9d8a-2e29213b0353.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs703ea2d7-f531-443e-995b-9970d7988ee8.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsa37b4ab0-0e86-47dd-8b88-9fb711163c7e.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs62371f1e-9004-42a2-b4ec-4166107f6be1.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs70156c2f-3bbf-4c9f-8813-6648a225532b.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsa795e935-33e4-4b15-bb3c-00041e14fdc4.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscscb475c8f-b5b0-4084-b5b0-be67b57c4c87.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf95490ee-8064-4ebe-86d8-478a6654bd13.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs5272c372-97ad-479a-9706-97c08e767814.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs85c1ba2a-8158-474e-a46d-c05b621cd548.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs2f44eb6c-a6ae-499d-a335-196cb3a09a4a.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsd69be380-c381-4be6-861f-70bc3dc99546.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsa1f5a39d-46b3-4e44-87d8-3b0a56d85263.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsefc91382-3990-401a-b4b5-b500bcf2b4ea.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsa02453b1-4a75-4e9f-ab42-5e6817fa7262.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsc6816e17-302c-4422-ba11-626f737fe5d7.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs24d3e607-771d-4043-9635-d0e8b2afdd28.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs0d0db583-2839-4bb4-8e70-c4d0925ec39f.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscse6668275-e309-48c0-9e30-d2c557d32a67.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs3cb26801-a66d-4ae7-930d-3a234e6d3f87.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsa15282d7-4f51-4855-97d7-20d2b4362f9c.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs70117928-d9d9-4cc0-8e02-961fe6cc1fe2.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs8e8e2e57-2833-4215-a216-52cefae0ece4.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsc0de00d9-b93e-46ac-9f5c-07c73d6c2e99.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb5cca80b-5af7-47c0-a94c-357b964a510e.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs7c1d2b40-6adc-4d8f-9620-0c3530c2ce94.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs1614c24c-5c74-461b-ae41-75913db0b0f2.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs13d63b88-647a-4276-8879-9ae46787c359.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs6e61f7e8-7b09-4950-b421-58f9841f87d5.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs0555472c-1b3f-406a-bc23-692059ffc8e5.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb86e310c-ad59-4111-8e7a-ab85e2aeea43.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf0156260-9d6a-464f-89eb-4f6870362586.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs3e5aba7f-8b9d-4b8e-a328-f4d71b811409.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsad026e07-ad33-4f08-b66c-c54744e107a3.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6619637-3f45-40dd-bfa0-37a874607274.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaae287a2-0104-46f3-899d-3b33c098645e.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs00558562-0af5-4975-90fa-d1fddcf762f8.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsc840b5e9-2e2c-47fc-bde7-62e3cd069ab4.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsfcaa94b8-8170-478c-87c4-51d17a7bc5f3.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs2c8ee02b-32b2-40e8-b3ed-ec039067de67.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs9a600bf9-c039-48fe-9214-e645513e4692.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsd2e3f894-cc3f-4431-9b37-2f78e518ed93.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb24c9e71-da4e-4642-87a9-9dd6e1a74872.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs0ebc5a31-7933-4157-8376-8b13f07d82c7.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsd3062bac-32c3-4687-a6a1-c0c1f6e7599e.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs2c7cf26e-5d4a-4050-8b8f-84ddf91bc3f2.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsd25242f0-81fe-4043-8a24-232f5424202d.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb8223550-5e6c-4469-aba3-5075489e350c.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4d5f7325-9cca-4c24-9f2f-19450a44972e.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs60585dc3-cc0c-4425-bd63-9a4b26286db6.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4b24c906-0ad1-4c0b-8f51-6be415ffe4ba.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs5bc4a6cb-ce09-4b8b-a11c-76daa333d8bf.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs05937262-0eba-4614-a6ec-b3528abde546.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs767be739-6117-4243-8fc9-daf4fdcee624.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs00f5d524-be82-4198-93d7-58a321b21079.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs7dc6b593-91ab-4345-b598-0395a4c66d1a.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs96873cbb-e850-419f-8c2c-49b8d4b2213e.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs19b727b2-0332-46ab-801d-04265ee98432.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs8e29b7be-f842-465a-821a-ad486b09b755.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4425f111-3a72-44df-b362-164db668a408.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs6fa9f68d-913c-469a-91a0-7f4467aad8ea.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs7c7541e1-0345-4482-8310-c83e86371f5a.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs63fac94c-8558-478e-97ef-93679a9a4df6.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsd8a07f97-3368-47b1-b7e5-f792e7a1957c.tmp". The proce

#6 devanert

devanert
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male

Posted 18 December 2005 - 04:26 PM

Here is the Panda report

Incident Status Location

Adware:adware/navipromo Not disinfected C:\WINDOWS\SYSTEM\sdkza32.exe
Adware:adware/exact.bargainbuddyNot disinfected C:\WINDOWS\SYSTEM\msbe.dll
Dialer:dialer.bmb Not disinfected C:\WINDOWS\SYSTEM\netpe32.dll
Adware:adware/ncase Not disinfected C:\WINDOWS\SYSTEM\msbb.dll
Adware:adware/adshooter Not disinfected C:\WINDOWS\SYSTEM\syscr.dll
Adware:adware/winad Not disinfected C:\WINDOWS\SYSTEM\winad.dll
Adware:adware/cws.aboutblank Not disinfected C:\WINDOWS\SYSTEM\crhz32.dll
Adware:adware/globosearch Not disinfected C:\WINDOWS\SYSTEM\systr.dll
Adware:adware/cws.payfortrafficNot disinfected C:\WINDOWS\SYSTEM\msmk.dll
Adware:adware/searchaid Not disinfected C:\WINDOWS\SYSTEM\msrb.dll
Adware:adware/cws.008k Not disinfected C:\WINDOWS\SYSTEM\appfy32.dll
Adware:adware/mirar Not disinfected C:\WINDOWS\SYSTEM\winnb32.dll
Adware:adware/sbsoft Not disinfected C:\WINDOWS\SYSTEM\winsx.dll
Adware:adware/commandertoolbarNot disinfected C:\WINDOWS\SYSTEM\ietb.dll
Dialer:dialer.b Not disinfected C:\WINDOWS\SYSTEM\nethv32.dll
Spyware:spyware/petro-line Not disinfected C:\WINDOWS\SYSTEM\appbs32.dll
Adware:adware/exact.searchbar Not disinfected C:\WINDOWS\SYSTEM\mscb.dll
Spyware:spyware/new.net Not disinfected C:\WINDOWS\NDNuninstall4_34.exe
Adware:adware/cws.searchmeup Not disinfected C:\WINDOWS\loadclean.exe
Adware:adware/tvmedia Not disinfected C:\WINDOWS\addyu.dll
Adware:adware/cws Not disinfected Windows Registry
Dialer:Dialer.Gen Not disinfected C:\WINDOWS\SYSTEM\qpaeesv0.exe
Virus:Trj/Dropper.P Not disinfected C:\WINDOWS\SYSTEM\q8k0fsv0.exe
Adware:Adware/Startpage.CAY Not disinfected C:\WINDOWS\SYSTEM\valg.hta
Adware:Adware/Startpage.CAY Not disinfected C:\WINDOWS\SYSTEM\odbc.hta
Virus:Trj/Downloader.ABU Not disinfected C:\WINDOWS\SYSTEM\twink64.exe
Adware:Adware/Startpage.IE Not disinfected C:\WINDOWS\wlxr.exe
Adware:Adware/SuperSpider Not disinfected C:\WINDOWS\precontrol.exe
Virus:Trj/Downloader.DUU Not disinfected C:\WINDOWS\050218.exe
Virus:Trj/Downloader.MC Not disinfected C:\WINDOWS\digfilt.dll
Virus:Trj/Downloader.MC Not disinfected C:\WINDOWS\digfilt2.dll
Virus:Trj/Downloader.ABU Not disinfected C:\WINDOWS\loadclean.exe
Virus:Trj/Downloader.SO Not disinfected C:\Program Files\Internet Explorer\mlubejst.exe
Virus:Trj/Downloader.ND Not disinfected C:\Program Files\Internet Explorer\zba.exe
Virus:Trj/Downloader.AAN Not disinfected C:\Program Files\Internet Explorer\qvhblfim.exe
Virus:Trj/Downloader.ABU Not disinfected C:\Program Files\Internet Explorer\lsnkjwbp.exe
Possible Virus. Not disinfected C:\Program Files\Internet Explorer\yyvqlnpr.exe
Dialer:Dialer.BIX Not disinfected C:\Program Files\America Online 9.0\download\2253.TMP
Virus:Trj/Autodelete.A Not disinfected C:\Program Files\America Online 9.0\download\phdj.bat
Virus:Trj/Downloader.QL Not disinfected C:\loadpr25.exe
Adware:Adware/CWS.Aboutblank Not disinfected C:\Taxes\Tax03\sp.html
Virus:Trj/Downloader.SO Not disinfected C:\LOAD_MAS2_JAVA.EXE
Virus:Trj/Downloader.AJF Not disinfected C:\load_ro_java.exe
Virus:Trojan Horse Not disinfected C:\loadpr26.exe
Virus:Trojan Horse Not disinfected C:\loadpr27.exe
Virus:Trojan Horse Not disinfected C:\loadpr28.exe
Virus:Trj/Downloader.AGL Not disinfected C:\mmm_java.exe

#7 devanert

devanert
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:09 PM

Posted 18 December 2005 - 04:31 PM

and the latest and greatest Spysweeper log that I ran on the 16th.

********
9:01 PM: | Start of Session, Thursday, December 15, 2005 |
9:01 PM: Spy Sweeper started
9:01 PM: Sweep initiated using definitions version 584
9:01 PM: Starting Memory Sweep
9:01 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\JAVAOB.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\NETQU32.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\WINVQ32.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\SYSOG32.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\MFCBI32.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\NETZV32.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\ADDCV32.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\JAVAWR.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\ATLWR32.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\ADDOB.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\JAVANX.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\CRPR32.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\ATLMP.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\IEFQ.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\APPYD32.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\NETKR32.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\SDKKK.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\ADDJR.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\MSBU.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\NTRG.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\NTXD32.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\ATLLT.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\IPOM.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\APPIY32.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\IEOT32.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\MSAE.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\MSQW.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\IEKW32.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\CRRP.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\NETOL.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\CRTD.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\MSNC.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\ATLLQ.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\MFCOP32.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\APIHV.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\MFCYX.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\MSSY.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\MFCKP.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\NETXM32.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\ADDUI.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\IEDV.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\WINVL32.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\WINUX32.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\MSCW.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\ADDUH32.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\ATLTZ.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\ADDPB.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\NETYW.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\IPGE32.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\IPWV.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\JAVALB32.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\NTRH.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\MFCFV32.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\APPJF32.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\D3AO32.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\NTAI.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\ADDJB.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\SDKNL32.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\APPRM32.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\WINEK.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\ADDAH.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\WINLU.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\APIKN32.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\SDKYT32.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\NETEW32.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\APIPA.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\IPBP32.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\APILQ.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\APIQZ.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\CRDK.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\CRUN.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\CRCZ.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\JAVARQ32.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\MFCEI.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\ADDQI32.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\NTAG.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\CRDZ.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\ADDTX32.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\APIAM32.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\CREX.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\MFCKE.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\IPJB.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\D3JQ32.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\ATLTL32.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\APIQK.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\APPQA32.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\NTXF.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\D3QS32.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\APPDB32.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\JAVAIM32.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\SDKXW32.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\APPNG.DLL
9:01 PM: Warning: Failed to load image: C:\WINDOWS\D3JK.DLL
9:09 PM: Memory Sweep Complete, Elapsed Time: 00:07:45
9:09 PM: Starting Registry Sweep
9:11 PM: Registry Sweep Complete, Elapsed Time:00:01:40
9:11 PM: Starting Cookie Sweep
9:11 PM: Found Spy Cookie: centrport net cookie
9:11 PM: default@centrport[1].txt (ID = 2374)
9:11 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
9:11 PM: Starting File Sweep
9:11 PM: Warning: Failed to open file "c:\windows\win386.swp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\aol\c_america online 9.0\idb\art.idx". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\aol\c_america online 9.0\idb\apps.lst". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\aol\c_america online 9.0\idb\sysnews.lst". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\aol\c_america online 9.0\idb\spool.lst". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs8a96a4ee-f8f7-41d1-88ae-dcfa7538445a.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs3c0eca5c-f4f3-41dc-8cb4-4951f8b2816a.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs613e4bc3-8851-4a54-8040-dee15f8d0811.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs1b7b4872-26a9-4cb8-9911-fa9563cbf8c1.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf22741c3-9481-4e3b-be08-2f6c6ff10173.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs8c1a2c5d-abc1-4cc2-96b4-3044df1e7156.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscse63c5ff5-5797-429b-98a3-e090a25e7c36.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs22919a91-0ab9-479a-aec4-4c5eebec6bc3.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs17630900-909e-4ffc-b7f9-51c6d07cf78e.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs209a12b8-c166-4bc3-a6e7-171bd4ed4514.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs0a0adf82-bae5-44bd-8b8e-28138db629cc.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsa6d8d78a-60a8-42f5-b583-b760d904ea1f.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsdad26d5e-e764-4a0b-bda7-a5f48f2cb592.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsc7413e7f-8079-417d-b7b1-cbe27a47f804.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsa5438b06-edb0-4d4e-9153-a61d99c26053.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs3cd9aa4b-8bb0-41c4-810e-4ad02be53f0d.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs38076232-7033-492f-8c9b-672c0e4e2c88.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs884a9062-c89c-444a-943e-d699199907cc.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsacf36aff-a75d-4ac3-b526-409c4c2eb802.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscse567ddf5-3b0a-4724-87b7-7534e70a4a8e.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs5a444279-b570-4f6b-808a-df8fd0ef690e.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs1e3467c6-f02a-4871-9abe-1011fa9cd41f.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscse3ec99ec-c3b6-48b7-ab8a-094c18a85f7c.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsa4197e2d-e23e-4ef0-88a5-c4b600f19233.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsd7606694-5753-4b9f-a4c2-62b9496bb0fc.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs68d691dd-76d0-41bc-a693-997e297878a1.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs14587793-dcdc-441d-b78d-24a6612230d8.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb7671afe-eb64-40bb-8e7b-bddd0d339c29.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs59abe8ca-fbb9-46dd-8778-5ed809388120.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs681bb19c-ba19-492e-8045-ecc87f6215c1.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs79a9073d-3b0f-4db1-8693-521d823137d9.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb14d6735-801e-4ac7-aac0-e91069e8e94c.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs6597595c-937c-4885-aa95-d20494dfceb2.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs5bb5a996-ad62-41e6-9aca-b86f90474814.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsac3651fb-5759-42c4-93fd-9e00ffd00b97.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs18f34952-47cc-4948-83d3-74de63f5679e.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs8068b60d-06ff-4512-ba8f-7b18ea97fd3c.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb49f1434-979b-42bf-b287-fbf35bc12cd8.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs99903b99-f144-4cbd-a0a6-9fb9358044e0.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsc85407d2-3e03-4c69-b71b-9643dda926e1.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs5f09a1f4-b386-4f75-9b03-5d5de0b51cfd.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf8c1d676-f29b-4f15-9449-e80c7015b795.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs6ab48a92-73a3-46db-9a3d-a63325bd2df2.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsafeadca6-a519-42c1-932f-db376e807dca.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs44057dbe-9aa9-4c76-9662-349caae61bd7.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsd1ef2cc5-c60b-48b2-a602-666479ef9f94.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscseaff5f59-0308-4884-be37-a7e814429883.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscscf1f0874-a650-43e2-ab09-f2875d8ae808.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb59479b2-be4a-4f12-a175-6d390bd24815.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs2c4070cf-3173-4108-a087-c13cbd4979d6.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs8d6dfa17-5566-4446-91f3-7c95014a3fcc.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs74cf95eb-c123-4ff7-97d6-0fb10097a40c.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs2dd74798-ca17-4140-8b33-43afd93a59e1.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsd576821b-a96d-452d-b8c2-138c3f89bfb5.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs81051103-a40a-417f-b36e-4bbd1668007a.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4ef4fc24-0e8a-4eb1-9639-81eeedd1cdde.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf328b3b6-83bd-481d-8e9c-cc95630ab731.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs6888d32d-3814-4cfa-ac0b-b1aa2db911bf.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbf1556c5-bab1-460c-92a5-701d6c6f12e7.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs1be8fe71-d91d-4571-9b6d-540be556616b.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs171ddc52-beb3-42e8-8647-f97eda8fd2fd.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs5588e707-5587-40d6-b5af-c958fc56c773.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsef4247d5-fecd-47ca-87e8-4b6188c0e83f.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs47ff2880-969d-48b3-b7b1-77b7c883e5b0.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsce0bb37c-e6f2-4189-b436-3218e9d58e64.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs6d1d3442-bd97-4ef0-bfe4-353d1578bda4.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsc742bb24-3581-4c43-a368-45c299ac169b.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs6250b827-fdac-40c2-b897-ad64c4ae586b.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs8c9eeec3-e73c-4bfb-b311-6bf4320b4ad8.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs8b11a4c3-bb99-487b-8965-b4d3d95b92e4.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs03094003-4128-474a-9a88-042bf1f9a28f.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4a70be4e-5d54-4341-9f3d-311b071bce4f.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs119e04fb-6579-487d-ad23-3a0f1f2eb141.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs2a5005fc-aee3-460b-9d57-593d75b3b69d.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsccf51283-22d4-4be0-beb0-6d916cfd9d89.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsd9649c9d-ed5e-4b11-8dd2-b9649f32933e.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsdadfb645-54cb-43eb-b6c9-a76c11e62111.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscscb6e6ab8-e1dd-4034-9b43-9992b1c5b30c.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs1bc5c535-7c61-41f8-9b27-535f8c02d8db.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbbcd062e-3168-44e6-a820-87959e2b8898.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsa97dcdc9-00e6-4cc1-826a-aad4db773a62.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsac8596a2-6fcf-4b2c-b6a2-e3ec174700f5.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs089b9000-cb46-4a25-932e-4ee20dc7bc3e.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs03e08113-2998-4fc1-afcd-0d55b21c6158.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e18f92d-16d6-4046-97a5-2ce7cda3ee51.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsa4893531-394a-42a3-a7b7-3726f06c44f4.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs8cc1be1c-f0f8-4a0d-be69-02820aa9c106.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs964ee9d5-d471-40c2-a6af-c4a176ccfcb4.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsc8befde9-6c9c-44a8-bfef-ee0d458848e1.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs0aef9265-9ace-4ee7-b48e-d6009d7e93f5.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs25994ba2-5a12-4843-a97b-48bee85f89e8.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscse9123cd1-2944-4309-939d-bced46e8b777.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs3f26c9d7-0ccf-4995-8633-7b9d7fb7d4e7.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs59da4f23-fb4f-4024-ae85-40d0be0b4bd1.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs42a8a796-962a-4946-9f3e-1a3b204ca803.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs8e880962-ec63-479f-8e6f-582b11b98b23.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs485367fb-0661-4b13-a707-b6f94b7692db.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs8de71a15-2cad-4371-920c-1bb91a6fa8f4.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs83a7c5fe-5a23-4681-b157-2d30a2e6b4a9.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscse4cc5a1f-bd8a-481e-b909-4e97555881db.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbcdf76ec-fd8f-47a7-9668-b7780c53528e.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsc6560a74-e1d0-418c-82a6-965ec8546509.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs55ddfa0d-6344-4180-aee8-40b959b8848b.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs6349440c-95d8-48e5-bb6a-9454a3c047e9.tmp". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\all users\application data\aol\c_america online 9.0\organize\van68". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\all users\application data\aol\c_america online 9.0\organize\cache\van00". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\all users\application data\aol\c_america online 9.0\idb\snmaster.idx". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\all users\application data\aol\c_america online 9.0\idb\app10575.lst". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\all users\application data\aol\c_america online 9.0\idb\van68\mydb.idx". The process cannot access the file because it is being used by another process
10:35 PM: Warning: Failed to open file "c:\windows\all users\application data\aol\c_america online 9.0\idb\van68\toolbar.lst". The process cannot access the file because it is being used by another process
10:36 PM: Warning: Failed to open file "c:\windows\temp\jet8147.tmp". The process cannot access the file because it is being used by another process
10:52 PM: Found Adware: coolwebsearch (cws)
10:52 PM: a0031212.cpy (ID = 54632)
10:52 PM: Found Adware: ez-finder toolbar
10:52 PM: a0031339.cpy (ID = 60327)
10:52 PM: Found Adware: cws_tiny0
10:52 PM: a0033785.cpy (ID = 205)
11:01 PM: Warning: Failed to open file "c:\program files\kodak\kodak software updater\7288971\users\default\data\d0000000.fcs". The process cannot access the file because it is being used by another process
11:01 PM: Warning: Failed to open file "c:\program files\kodak\kodak software updater\7288971\users\default\data\chandir.dat". The process cannot access the file because it is being used by another process
11:01 PM: Warning: Failed to open file "c:\program files\kodak\kodak software updater\7288971\users\default\data\chandir.idx". The process cannot access the file because it is being used by another process
11:01 PM: Warning: Failed to open file "c:\program files\kodak\kodak software updater\7288971\users\default\data\storydb.dat". The process cannot access the file because it is being used by another process
11:01 PM: Warning: Failed to open file "c:\program files\kodak\kodak software updater\7288971\users\default\data\storydb.idx". The process cannot access the file because it is being used by another process
11:01 PM: Warning: Failed to open file "c:\program files\kodak\kodak software updater\7288971\users\default\data\chn.dat". The process cannot access the file because it is being used by another process
11:01 PM: Warning: Failed to open file "c:\program files\kodak\kodak software updater\7288971\users\default\data\chn.idx". The process cannot access the file because it is being used by another process
11:01 PM: Warning: Failed to open file "c:\program files\kodak\kodak software updater\7288971\users\default\data\prs_die.dat". The process cannot access the file because it is being used by another process
11:01 PM: Warning: Failed to open file "c:\program files\kodak\kodak software updater\7288971\users\default\data\prs_die.idx". The process cannot access the file because it is being used by another process
11:01 PM: Warning: Failed to open file "c:\program files\kodak\kodak software updater\7288971\users\default\data\prs_dnd.dat". The process cannot access the file because it is being used by another process
11:01 PM: Warning: Failed to open file "c:\program files\kodak\kodak software updater\7288971\users\default\data\prs_dnd.idx". The process cannot access the file because it is being used by another process
11:01 PM: Warning: Failed to open file "c:\program files\kodak\kodak software updater\7288971\users\default\data\prs_ext.dat". The process cannot access the file because it is being used by another process
11:01 PM: Warning: Failed to open file "c:\program files\kodak\kodak software updater\7288971\users\default\data\prs_ext.idx". The process cannot access the file because it is being used by another process
11:01 PM: Warning: Failed to open file "c:\program files\kodak\kodak software updater\7288971\users\default\data\prs_rcv.dat". The process cannot access the file because it is being used by another process
11:01 PM: Warning: Failed to open file "c:\program files\kodak\kodak software updater\7288971\users\default\data\prs_rcv.idx". The process cannot access the file because it is being used by another process
11:01 PM: Warning: Failed to open file "c:\program files\kodak\kodak software updater\7288971\users\default\data\prs.dat". The process cannot access the file because it is being used by another process
11:01 PM: Warning: Failed to open file "c:\program files\kodak\kodak software updater\7288971\users\default\data\prs.idx". The process cannot access the file because it is being used by another process
11:01 PM: Warning: Failed to open file "c:\program files\kodak\kodak software updater\7288971\users\default\data\l0000002.fcs". The process cannot access the file because it is being used by another process
11:05 PM: File Sweep Complete, Elapsed Time: 01:54:08
11:05 PM: Full Sweep has completed. Elapsed time 02:03:38
11:05 PM: Traces Found: 4
9:14 PM: Removal process initiated
9:14 PM: Quarantining All Traces: coolwebsearch (cws)
9:14 PM: coolwebsearch (cws) is in use. It will be removed on reboot.
9:14 PM: a0031212.cpy is in use. It will be removed on reboot.
9:14 PM: Quarantining All Traces: cws_tiny0
9:14 PM: cws_tiny0 is in use. It will be removed on reboot.
9:14 PM: a0033785.cpy is in use. It will be removed on reboot.
9:14 PM: Quarantining All Traces: ez-finder toolbar
9:14 PM: ez-finder toolbar is in use. It will be removed on reboot.
9:14 PM: a0031339.cpy is in use. It will be removed on reboot.
9:14 PM: Quarantining All Traces: centrport net cookie
9:14 PM: Removal process completed. Elapsed time 00:00:20
********
10:32 PM: | Start of Session, Wednesday, December 14, 2005 |
10:32 PM: Spy Sweeper started
10:32 PM: Sweep initiated using definitions version 584
10:32 PM: Starting Memory Sweep
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\JAVAOB.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\NETQU32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\WINVQ32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSOG32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\MFCBI32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\NETZV32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\ADDCV32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\JAVAWR.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\ATLWR32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\ADDOB.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\JAVANX.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\JAVAAB.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\CRPR32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\ADDGC.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\ATLMP.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\IEFQ.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\APPYD32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\NETKR32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\SDKKK.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\ADDJR.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\MSBU.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\NTRG.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\NTXD32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\ATLLT.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\IPOM.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\APPIY32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\IEOT32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\MSAE.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\MSQW.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\IEKW32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\CRRP.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\NETOL.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\CRTD.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\MSNC.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\ATLLQ.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\MFCOP32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\APIHV.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\MFCYX.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\MSSY.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\MFCKP.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\NETXM32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\ADDUI.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\IEDV.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\WINVL32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\WINUX32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\MSCW.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\ADDUH32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\ATLTZ.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\ADDPB.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\NETYW.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\IPGE32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\IPWV.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\JAVALB32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\NTRH.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\MFCFV32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\APPJF32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\D3AO32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\NTAI.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\ADDJB.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\IEWC.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\D3RP32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SDKNL32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\APPRM32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\WINEK.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\ADDAH.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\WINLU.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\APIKN32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\SDKYT32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\NETEW32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\APIPA.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\IPBP32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\APILQ.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\APIQZ.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\CRDK.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\CRUN.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\CRCZ.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\JAVARQ32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\MFCEI.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\IPQM32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\ADDQI32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\NTAG.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\CRDZ.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\ADDTX32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\APIAM32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\CREX.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\MFCKE.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\IPJB.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\D3JQ32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\ATLTL32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\APIQK.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\APPQA32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\NTXF.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\D3QS32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\APPDB32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\JAVAIM32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\SDKXW32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\APPNG.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\MFCTO32.DLL
10:32 PM: Warning: Failed to load image: C:\WINDOWS\D3JK.DLL
10:43 PM: Memory Sweep Complete, Elapsed Time: 00:10:40
10:43 PM: Starting Registry Sweep
10:43 PM: Found Adware: brilliant digital
10:43 PM: HKCR\.s3d\ (1 subtraces) (ID = 104924)
10:43 PM: HKLM\software\classes\.s3d\ (1 subtraces) (ID = 104956)
10:43 PM: Found Adware: cws-aboutblank
10:43 PM: HKCR\clsid\{483c767c-e381-7083-fd10-379897aedefb}\ (2 subtraces) (ID = 113500)
10:43 PM: HKCR\clsid\{e5d9d755-2d91-6cbe-9628-de15e878caf8}\ (2 subtraces) (ID = 114160)
10:43 PM: HKCR\interface\{b3b79dd5-4cd5-4f97-8829-5e1f08d46c66}\ (8 subtraces) (ID = 114339)
10:43 PM: HKLM\software\classes\clsid\{483c767c-e381-7083-fd10-379897aedefb}\ (2 subtraces) (ID = 115075)
10:43 PM: HKLM\software\classes\clsid\{e5d9d755-2d91-6cbe-9628-de15e878caf8}\ (2 subtraces) (ID = 115726)
10:43 PM: HKLM\software\classes\interface\{b3b79dd5-4cd5-4f97-8829-5e1f08d46c66}\ (8 subtraces) (ID = 115903)
10:43 PM: HKLM\software\classes\typelib\{c89e0f84-3c34-43d1-a72c-af1a160a7c07}\ (2 subtraces) (ID = 115916)
10:43 PM: HKLM\software\classes\typelib\{cf87e7d9-d16a-485c-9104-943a0c088ef3}\ (9 subtraces) (ID = 115919)
10:43 PM: HKLM\software\classes\typelib\{cf87e7d9-d16a-485c-9104-943a0c088ef3}\1.0\0\win32\ (1 subtraces) (ID = 115920)
10:43 PM: HKCR\typelib\{c89e0f84-3c34-43d1-a72c-af1a160a7c07}\ (2 subtraces) (ID = 116776)
10:43 PM: HKCR\typelib\{cf87e7d9-d16a-485c-9104-943a0c088ef3}\ (9 subtraces) (ID = 116779)
10:43 PM: Found Adware: cws_ns3
10:43 PM: HKCR\clsid\{0b936818-a83d-004a-625a-757b4d758cc6}\ (2 subtraces) (ID = 117609)
10:43 PM: HKCR\clsid\{033935e4-a208-ab9e-dd2a-6a9b7e426d04}\ (2 subtraces) (ID = 117651)
10:43 PM: HKCR\clsid\{2a97db56-e2b4-967c-af9f-07fdf74289c2}\ (2 subtraces) (ID = 117739)
10:43 PM: HKCR\clsid\{24e10ff7-10aa-6198-95ae-258d49d9abca}\ (7 subtraces) (ID = 118110)
10:43 PM: HKCR\clsid\{50b9d537-5db0-52b1-ff6f-ed6c70da477e}\ (26 subtraces) (ID = 118189)
10:43 PM: HKCR\clsid\{67c68c5f-44c8-5ff5-ce7d-54e907d6d21c}\ (26 subtraces) (ID = 118238)
10:43 PM: HKCR\clsid\{90dee38b-0db3-a3ca-6f69-126542ad0fa1}\ (6 subtraces) (ID = 118300)
10:43 PM: HKCR\clsid\{4992e461-38dd-211a-fde8-64a8c67647ad}\ (24 subtraces) (ID = 118505)
10:43 PM: HKCR\clsid\{a5b3b4a7-6bd2-e7ce-e654-7a1d658d1bb3}\ (2 subtraces) (ID = 118745)
10:43 PM: HKCR\clsid\{a6bf9b01-2b57-89d9-ad1f-af854374c992}\ (2 subtraces) (ID = 118748)
10:43 PM: HKCR\clsid\{a9bb7c1a-e63b-e0a9-63eb-7124fa52d1b0}\ (2 subtraces) (ID = 118755)
10:43 PM: HKCR\clsid\{b1169abc-e367-2937-9f96-3b9cb54e0f31}\ (2 subtraces) (ID = 118884)
10:43 PM: HKCR\clsid\{c42cf26e-2b02-05de-7d7b-a16c5c2095bb}\ (2 subtraces) (ID = 118987)
10:43 PM: HKCR\clsid\{d7b5394e-d013-3545-35d0-45376236a8dc}\ (2 subtraces) (ID = 119095)
10:43 PM: HKCR\clsid\{d223f02d-058e-2cfe-d02d-81826009252b}\ (2 subtraces) (ID = 119115)
10:43 PM: HKCR\clsid\{eceaf197-b6ef-9e38-0846-ff3bb03983ad}\ (2 subtraces) (ID = 119305)
10:43 PM: HKCR\clsid\{ef3dbf8f-82ae-7c37-9e41-ff6768f169e3}\ (8 subtraces) (ID = 119327)
10:43 PM: HKCR\clsid\{f032f043-eda1-57b1-cd1d-20aebaa824cb}\ (24 subtraces) (ID = 119342)
10:43 PM: HKCR\clsid\{fc8cac2e-e32b-0fd0-16a5-10feaeda2d44}\ (8 subtraces) (ID = 119435)
10:43 PM: HKCR\clsid\{fedb5c70-c8d3-5ce0-5433-3bfbf961af4b}\ (26 subtraces) (ID = 119458)
10:43 PM: HKLM\software\classes\clsid\{0b936818-a83d-004a-625a-757b4d758cc6}\ (2 subtraces) (ID = 119488)
10:43 PM: HKLM\software\classes\clsid\{033935e4-a208-ab9e-dd2a-6a9b7e426d04}\ (2 subtraces) (ID = 119530)
10:43 PM: HKLM\software\classes\clsid\{2a97db56-e2b4-967c-af9f-07fdf74289c2}\ (2 subtraces) (ID = 119615)
10:43 PM: HKLM\software\classes\clsid\{50b9d537-5db0-52b1-ff6f-ed6c70da477e}\ (26 subtraces) (ID = 120046)
10:43 PM: HKLM\software\classes\clsid\{67c68c5f-44c8-5ff5-ce7d-54e907d6d21c}\ (26 subtraces) (ID = 120095)
10:43 PM: HKLM\software\classes\clsid\{90dee38b-0db3-a3ca-6f69-126542ad0fa1}\ (6 subtraces) (ID = 120156)
10:43 PM: HKLM\software\classes\clsid\{338e88e9-d821-1c15-a00d-907ab980e988}\ (2 subtraces) (ID = 120215)
10:43 PM: HKLM\software\classes\clsid\{4992e461-38dd-211a-fde8-64a8c67647ad}\ (24 subtraces) (ID = 120352)
10:43 PM: HKLM\software\classes\clsid\{a5b3b4a7-6bd2-e7ce-e654-7a1d658d1bb3}\ (2 subtraces) (ID = 120584)
10:43 PM: HKLM\software\classes\clsid\{a6bf9b01-2b57-89d9-ad1f-af854374c992}\ (2 subtraces) (ID = 120587)
10:43 PM: HKLM\software\classes\clsid\{a9bb7c1a-e63b-e0a9-63eb-7124fa52d1b0}\ (2 subtraces) (ID = 120594)
10:43 PM: HKLM\software\classes\clsid\{b1169abc-e367-2937-9f96-3b9cb54e0f31}\ (2 subtraces) (ID = 120722)
10:43 PM: HKLM\software\classes\clsid\{c42cf26e-2b02-05de-7d7b-a16c5c2095bb}\ (2 subtraces) (ID = 120824)
10:43 PM: HKLM\software\classes\clsid\{d7b5394e-d013-3545-35d0-45376236a8dc}\ (2 subtraces) (ID = 120931)
10:43 PM: HKLM\software\classes\clsid\{d223f02d-058e-2cfe-d02d-81826009252b}\ (2 subtraces) (ID = 120951)
10:43 PM: HKLM\software\classes\clsid\{eceaf197-b6ef-9e38-0846-ff3bb03983ad}\ (2 subtraces) (ID = 121136)
10:43 PM: HKLM\software\classes\clsid\{ef3dbf8f-82ae-7c37-9e41-ff6768f169e3}\ (8 subtraces) (ID = 121157)
10:43 PM: HKLM\software\classes\clsid\{f032f043-eda1-57b1-cd1d-20aebaa824cb}\ (24 subtraces) (ID = 121172)
10:43 PM: HKLM\software\classes\clsid\{fc8cac2e-e32b-0fd0-16a5-10feaeda2d44}\ (8 subtraces) (ID = 121260)
10:43 PM: HKLM\software\classes\clsid\{fedb5c70-c8d3-5ce0-5433-3bfbf961af4b}\ (26 subtraces) (ID = 121283)
10:43 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{50b9d537-5db0-52b1-ff6f-ed6c70da477e}\ (1 subtraces) (ID = 122607)
10:43 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{67c68c5f-44c8-5ff5-ce7d-54e907d6d21c}\ (1 subtraces) (ID = 122635)
10:43 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{4992e461-38dd-211a-fde8-64a8c67647ad}\ (1 subtraces) (ID = 122777)
10:43 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{ef3dbf8f-82ae-7c37-9e41-ff6768f169e3}\ (1 subtraces) (ID = 123212)
10:44 PM: Found Adware: isearch toolbar
10:44 PM: HKLM\software\ietoolbarpluginpersist\ (1 subtraces) (ID = 129025)
10:45 PM: Found System Monitor: netchatspy
10:45 PM: HKLM\software\classes\typelib\{de10c540-810e-11cf-bbe7-444553540000}\ (9 subtraces) (ID = 1039932)
10:45 PM: HKCR\regobj.registry\ (5 subtraces) (ID = 1040122)
10:45 PM: HKCR\regobj.registry.1\ (3 subtraces) (ID = 1040128)
10:45 PM: HKCR\clsid\{c55a1680-cd5a-11cf-8d29-444553540000}\ (12 subtraces) (ID = 1040337)
10:45 PM: HKCR\typelib\{de10c540-810e-11cf-bbe7-444553540000}\ (9 subtraces) (ID = 1040859)
10:45 PM: HKLM\software\classes\regobj.registry\ (5 subtraces) (ID = 1041079)
10:45 PM: HKLM\software\classes\regobj.registry.1\ (3 subtraces) (ID = 1041083)
10:45 PM: HKLM\software\classes\clsid\{c55a1680-cd5a-11cf-8d29-444553540000}\ (12 subtraces) (ID = 1041291)
10:45 PM: Registry Sweep Complete, Elapsed Time:00:01:57
10:45 PM: Starting Cookie Sweep
10:45 PM: Found Spy Cookie: centrport net cookie
10:45 PM: default@centrport[1].txt (ID = 2374)
10:45 PM: Found Spy Cookie: atwola cookie
10:45 PM: default@atwola[1].txt (ID = 2255)
10:45 PM: Found Spy Cookie: burstnet cookie
10:45 PM: default@burstnet[1].txt (ID = 2336)
10:45 PM: Found Spy Cookie: casalemedia cookie
10:45 PM: default@casalemedia[1].txt (ID = 2354)
10:45 PM: Found Spy Cookie: 2o7.net cookie
10:45 PM: default@2o7[2].txt (ID = 1957)
10:45 PM: Found Spy Cookie: pointroll cookie
10:45 PM: default@ads.pointroll[1].txt (ID = 3148)
10:45 PM: Found Spy Cookie: questionmarket cookie
10:45 PM: default@questionmarket[1].txt (ID = 3217)
10:45 PM: Found Spy Cookie: coolsavings cookie
10:45 PM: default@coolsavings[2].txt (ID = 2465)
10:45 PM: Found Spy Cookie: paycounter cookie
10:45 PM: default@paycounter[1].txt (ID = 3115)
10:45 PM: Found Spy Cookie: ru4 cookie
10:45 PM: default@edge.ru4[2].txt (ID = 3269)
10:45 PM: Found Spy Cookie: zedo cookie
10:45 PM: default@zedo[2].txt (ID = 3762)
10:45 PM: Found Spy Cookie: overture cookie
10:45 PM: default@overture[2].txt (ID = 3105)
10:45 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
10:45 PM: Starting File Sweep
10:45 PM: Warning: Failed to open file "c:\windows\win386.swp". The process cannot access the file because it is being used by another process
11:32 PM: Found Adware: cws_tiny0
11:32 PM: d3rq.dll (ID = 205)
12:06 AM: Warning: Failed to open file "c:\windows\application data\aol\c_america online 9.0\idb\art.idx". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\aol\c_america online 9.0\idb\apps.lst". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\aol\c_america online 9.0\idb\sysnews.lst". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\aol\c_america online 9.0\idb\spool.lst". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs2a369da6-0a7a-4d72-9712-4156ff29dc64.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf775e845-a053-46b5-bead-6a1b1ba1dcfa.tmp". The process cannot access the file because it is being used by another process
12:06 AM: Warning: Failed to open file "c:\windows\application da

#8 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 18 December 2005 - 07:24 PM

OK here is what I need you to do.

Run SpySweeper once more if it prompts you to restart,then do so.(No Need to Post the session log.)

After its completed,Scan the PC with HijackThis and post that log.

Avoid Restarting the PC at all cost,if a restart occurs,the filenames will change and we will have to start over.

You can unplug the Internet connection after this so there is no chance of unwanted internet activity.


Post the HijackThis log and I will get up early in the morning and have a look and then make another set of instructions.

#9 devanert

devanert
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:09 PM

Posted 20 December 2005 - 08:41 AM

It prompted me to restart, so I did. Here is the log file:

Logfile of HijackThis v1.99.1
Scan saved at 6:30:01 AM, on 12/20/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\TOPSPEED\2.0\AOLTSMON.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\TOPSPEED\2.0\AOLTPSPD.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCUPDATE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RXMON9X.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\MOTIVEASSISTANT\BIN\MAD.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFTRAY.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\PROGRAM FILES\KODAK\KODAK SOFTWARE UPDATER\7288971\PROGRAM\KODAK SOFTWARE UPDATER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFAGENT.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\WAOL.EXE
C:\MY DOCUMENTS\HJT\HIJACKTHIS.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\SHELLMON.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCUPDATE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://205.134.182.164/1/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1044
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {7E7E564B-AB87-9CE8-1B6D-B588C2C0D77D} - C:\WINDOWS\SYSTEM\JAVAOB.DLL
O2 - BHO: Class - {BE19E8BB-F0BF-178F-378D-58D7C4786A75} - C:\WINDOWS\SYSTEM\JAVAEP32.DLL (file missing)
O2 - BHO: Class - {F9B855F1-C37E-F3A9-43FE-89E50B8A6AA5} - C:\WINDOWS\NETQU32.DLL
O2 - BHO: Class - {0D7352EB-9580-8DF3-0652-9E4F96290410} - C:\WINDOWS\SYSTEM\NETIE.DLL (file missing)
O2 - BHO: Class - {E7CE8BF6-99C9-789F-291B-FDF539AB5062} - C:\WINDOWS\WINVQ32.DLL
O2 - BHO: Class - {E8A8EAEF-49DA-8B9D-C95D-EFD0FE242915} - C:\WINDOWS\SYSOG32.DLL
O2 - BHO: Class - {E35DCA52-2CC6-C2D7-7D97-2147BA9343E8} - C:\WINDOWS\MFCBI32.DLL
O2 - BHO: Class - {C7424E0E-B482-9AA1-E2D5-31C7F1BFA828} - C:\WINDOWS\SYSTEM\NETZV32.DLL
O2 - BHO: Class - {EF960B35-05C6-089B-8BB5-E19DDB3FF55E} - C:\WINDOWS\SYSTEM\NETYN.DLL (file missing)
O2 - BHO: Class - {C4002AA0-E402-546F-B18D-E929FCC430C3} - C:\WINDOWS\SYSTEM\ADDCV32.DLL
O2 - BHO: Class - {A99F288F-818C-33EF-4102-BD7B7597C6CA} - C:\WINDOWS\SYSTEM\JAVAWR.DLL
O2 - BHO: Class - {316BA5B3-B79D-8735-D27E-9DCBD696F7BA} - C:\WINDOWS\NTVV.DLL (file missing)
O2 - BHO: Class - {64E12648-15FF-FBB2-81BB-3A6EE3432D79} - C:\WINDOWS\SYSTEM\ATLWR32.DLL
O2 - BHO: Class - {D83E8454-F737-08C7-6BBB-9567C0B82257} - C:\WINDOWS\ADDOB.DLL
O2 - BHO: Class - {12124D3D-77E8-3DE2-0B1D-33D312010FA5} - C:\WINDOWS\SYSTEM\JAVANX.DLL
O2 - BHO: Class - {289AF6D4-6FA6-CEAF-D9B3-6766F8EB32EB} - C:\WINDOWS\SYSTEM\NTXW.DLL (file missing)
O2 - BHO: Class - {236770E7-E878-8704-8A5E-45616824DA7F} - C:\WINDOWS\SYSTEM\MSHC.DLL (file missing)
O2 - BHO: Class - {3F78C941-E449-EC74-0DED-EF0707F1BD9C} - C:\WINDOWS\CRPR32.DLL
O2 - BHO: (no name) - {FEDB5C70-C8D3-5CE0-5433-3BFBF961AF4B} - (no file)
O2 - BHO: Class - {C741BF98-EA31-4B67-1454-78CAB7B849F1} - C:\WINDOWS\ATLMP.DLL
O2 - BHO: Class - {934F52F5-7431-6F8D-CF03-508A60646BCC} - C:\WINDOWS\IEFQ.DLL
O2 - BHO: Class - {41010D82-27CE-1228-A8BB-341928A71CFD} - C:\WINDOWS\SYSTEM\APPYD32.DLL
O2 - BHO: Class - {7713DD6B-A984-F8B8-9A9D-A8BCF01E58A9} - C:\WINDOWS\SYSTEM\ADDWV.DLL (file missing)
O2 - BHO: Class - {5DB4FA6D-8DF7-FEDD-6004-A7710DCAC5DE} - C:\WINDOWS\NETKR32.DLL
O2 - BHO: Class - {AD10418C-BD75-DC87-6301-A207FC431238} - C:\WINDOWS\SYSTEM\SDKKK.DLL
O2 - BHO: Class - {FD58D0EF-6B05-A1B1-205C-7FF5D9CFD4D2} - C:\WINDOWS\ADDJR.DLL
O2 - BHO: Class - {79594BEC-6756-9AEC-9631-43E29D822932} - C:\WINDOWS\SYSTEM\MSBU.DLL
O2 - BHO: Class - {1F9D9E07-1BFB-38C6-9A8A-B3173AE58D88} - C:\WINDOWS\NTRG.DLL
O2 - BHO: Class - {9D9DFEE4-D4FF-4DF2-9A8B-75B98238D291} - C:\WINDOWS\NTXD32.DLL
O2 - BHO: Class - {6551769C-283F-C130-EF18-154295944C63} - C:\WINDOWS\SYSTEM\ATLLT.DLL
O2 - BHO: Class - {B9C93552-27C4-F100-2F9A-7E94B1E64C0F} - C:\WINDOWS\SYSTEM\CRAW32.DLL (file missing)
O2 - BHO: Class - {91C44800-0214-FBD3-43F5-73434349FC66} - C:\WINDOWS\D3CF32.DLL (file missing)
O2 - BHO: Class - {A5E20C38-8603-769D-57FD-1F7334EABBE1} - C:\WINDOWS\SYSTEM\IPOM.DLL
O2 - BHO: Class - {97D10E10-8197-55F4-F520-EC1143F3F330} - C:\WINDOWS\SYSTEM\APPIY32.DLL
O2 - BHO: Class - {0283E400-BF96-1C65-2C3F-9441F31430C2} - C:\WINDOWS\IEOT32.DLL
O2 - BHO: Class - {BC94F47E-FA75-F7AE-6982-DA5E61BD1650} - C:\WINDOWS\MSAE.DLL
O2 - BHO: Class - {82EDCDC8-3679-E5AB-AE96-5016FD6F4A9B} - C:\WINDOWS\MSQW.DLL
O2 - BHO: Class - {61989847-C88E-6AA5-CDEC-F30792B55203} - C:\WINDOWS\SYSTEM\IEKW32.DLL
O2 - BHO: Class - {088535BC-DED7-DA54-0D5F-6BC96009E456} - C:\WINDOWS\CRRP.DLL
O2 - BHO: Class - {FEAF00B8-398A-9E71-81CD-EE13C80FA3DF} - C:\WINDOWS\SYSTEM\NETOL.DLL
O2 - BHO: Class - {2194DAA6-B789-5B57-3511-EF041C8D02F0} - C:\WINDOWS\CRTD.DLL
O2 - BHO: Class - {36CC50DE-E932-3435-B11B-709E3AFE8849} - C:\WINDOWS\SDKGR.DLL (file missing)
O2 - BHO: Class - {5D2B941B-D55B-519B-85FE-DBFDF91762AF} - C:\WINDOWS\APIZX32.DLL (file missing)
O2 - BHO: Class - {DBC707AD-CFF5-1A0D-EC45-75AB99E68265} - C:\WINDOWS\MSNC.DLL
O2 - BHO: Class - {992E13AE-D008-24B3-4C60-B18BF10373C7} - C:\WINDOWS\SYSTEM\ATLLQ.DLL
O2 - BHO: Class - {843F3B7B-39C3-66C6-F22C-66BE36B4EFD1} - C:\WINDOWS\SYSTEM\MFCOP32.DLL
O2 - BHO: Class - {C2E7372D-7966-AE9D-84A5-B6BC009118C4} - C:\WINDOWS\SYSTEM\CRTK.DLL (file missing)
O2 - BHO: Class - {BB37280E-3BA4-0CF4-3710-D1E7E658044E} - C:\WINDOWS\APIHV.DLL
O2 - BHO: Class - {4D57FA16-5DA4-6BB0-8DE2-DD4789C18240} - C:\WINDOWS\SYSTEM\MFCYX.DLL
O2 - BHO: Class - {89E43E4E-2848-B42A-0ADB-B572F0397C37} - C:\WINDOWS\SYSTEM\MSSY.DLL
O2 - BHO: Class - {FC80064B-2F8B-2037-9399-180091F90881} - C:\WINDOWS\SYSTEM\MFCKP.DLL
O2 - BHO: Class - {BE166C01-C895-7DB1-E1E6-B6BD6196E91F} - C:\WINDOWS\NETXM32.DLL
O2 - BHO: Class - {CBCC2124-1931-5492-EAAF-C5C2E7437596} - C:\WINDOWS\SYSTEM\ADDUI.DLL
O2 - BHO: Class - {3DD54EF0-C455-3155-B9FA-1B8E9563E5AA} - C:\WINDOWS\SYSTEM\ATLJQ.DLL (file missing)
O2 - BHO: Class - {388C35E4-4B37-F24C-BB6E-80FD25B9D6EA} - C:\WINDOWS\SYSTEM\IEDV.DLL
O2 - BHO: Class - {DB1F0CAD-DFCA-D4CB-CE35-6727626309D9} - C:\WINDOWS\SYSTEM\WINVL32.DLL
O2 - BHO: Class - {3E57FD45-AF17-BDB1-B3E6-647628792796} - C:\WINDOWS\WINUX32.DLL
O2 - BHO: Class - {1C38F764-5211-C094-13C0-3AE414DC1B2A} - C:\WINDOWS\MSCW.DLL
O2 - BHO: Class - {B0BAA0D3-B86E-A237-D6EA-D5428A8C6CBC} - C:\WINDOWS\ADDUH32.DLL
O2 - BHO: Class - {D83EB827-761A-C8F4-42CF-3259313B99DB} - C:\WINDOWS\SYSTEM\APIIN32.DLL (file missing)
O2 - BHO: Class - {01C38962-50E8-FF21-1263-007E149E5D9C} - C:\WINDOWS\SYSTEM\ATLTZ.DLL
O2 - BHO: Class - {EE0622B9-E1DD-2901-FB4F-F5C1BFA6825D} - C:\WINDOWS\SYSTEM\WINSQ32.DLL (file missing)
O2 - BHO: Class - {299C0D6E-6A21-DC7E-43CF-A80D52149E2D} - C:\WINDOWS\ADDPB.DLL
O2 - BHO: Class - {082FA205-CF3A-E156-F50C-35DEC1A41A0F} - C:\WINDOWS\IPCR.DLL (file missing)
O2 - BHO: Class - {38F22DD8-5970-FD55-1177-27E5BB249D69} - C:\WINDOWS\SYSTEM\NETYW.DLL
O2 - BHO: Class - {9E45C8C1-AA50-A400-B9DA-69B4E3B82261} - C:\WINDOWS\SYSTEM\IPGE32.DLL
O2 - BHO: Class - {729087AF-F985-6D35-58ED-1A52E73988DF} - C:\WINDOWS\IPWV.DLL
O2 - BHO: Class - {6BEDB588-8705-AA0B-BFA3-5AF1BD56824B} - C:\WINDOWS\SYSTEM\JAVALB32.DLL
O2 - BHO: Class - {306F43F2-AC75-DC0C-F9B5-7FEDDF51F24D} - C:\WINDOWS\SYSTEM\CRMP32.DLL (file missing)
O2 - BHO: Class - {436CC2D6-13C5-6564-C2F0-1E89CB49E703} - C:\WINDOWS\NTRH.DLL
O2 - BHO: Class - {35A01210-A8E7-5949-8F4B-D83F54410DD6} - C:\WINDOWS\SYSTEM\MFCFV32.DLL
O2 - BHO: Class - {093585F1-45A2-F3FD-5DC8-CE8C707B844B} - C:\WINDOWS\IPPA.DLL (file missing)
O2 - BHO: Class - {DB309419-3C5C-375B-8765-4F2EE5877F1F} - C:\WINDOWS\APPJF32.DLL
O2 - BHO: Class - {551461B1-5C38-24A7-3B81-7F0347BA8044} - C:\WINDOWS\D3AO32.DLL
O2 - BHO: Class - {4FA3DEC1-D04D-E7B3-2CFE-A94E2B308831} - C:\WINDOWS\NTAI.DLL
O2 - BHO: Class - {C0E5E8CB-AF48-7FE8-39B9-CD037FE0CF7D} - C:\WINDOWS\ADDJB.DLL
O2 - BHO: (no name) - {F032F043-EDA1-57B1-CD1D-20AEBAA824CB} - (no file)
O2 - BHO: Class - {A23A37B0-4D47-787A-2542-90BAA46F7745} - C:\WINDOWS\APPIQ32.DLL (file missing)
O2 - BHO: Class - {8A3A1428-A50F-394F-7CFB-789596227CC4} - C:\WINDOWS\SDKNL32.DLL
O2 - BHO: Class - {0CE877B3-8B10-254F-3517-B88272EF3FF6} - C:\WINDOWS\SYSTEM\APPRM32.DLL
O2 - BHO: Class - {0B9BEF6F-48A7-B4E4-9373-E344FC57DCEA} - C:\WINDOWS\WINEK.DLL
O2 - BHO: Class - {60C941AF-A970-9E0B-BEFD-9B627853F77E} - C:\WINDOWS\SYSTEM\ADDAH.DLL
O2 - BHO: Class - {EC242DA4-E210-A44F-433D-92D6C9292A65} - C:\WINDOWS\JAVAKH.DLL (file missing)
O2 - BHO: Class - {5716EE74-FBF6-6197-AE1A-1ECC21EE958F} - C:\WINDOWS\SYSTEM\SYSBI32.DLL (file missing)
O2 - BHO: Class - {16BC716B-4CA1-1BCC-3013-0BB54033C395} - C:\WINDOWS\WINLU.DLL
O2 - BHO: Class - {FCD0707C-4D9F-46BA-9843-846B08A81ECE} - C:\WINDOWS\APIKN32.DLL
O2 - BHO: Class - {980E64CD-AF79-300D-D6F9-CA197FEC4945} - C:\WINDOWS\SYSTEM\SDKYT32.DLL
O2 - BHO: Class - {5B9FD345-F3DE-D005-2ECE-CAB9FE8750CF} - C:\WINDOWS\NETEW32.DLL
O2 - BHO: Class - {E44B2869-3C3C-2E0D-FE6F-F5D9CE7E35FE} - C:\WINDOWS\APIPA.DLL
O2 - BHO: Class - {50CEBE40-0931-C174-0942-791226F19C0F} - C:\WINDOWS\NTRY32.DLL (file missing)
O2 - BHO: Class - {E459619A-C171-75BF-3590-3D36A397D81B} - C:\WINDOWS\IPBP32.DLL
O2 - BHO: Class - {C15F2371-A742-8BA9-7A00-54C987BB597F} - C:\WINDOWS\APILQ.DLL
O2 - BHO: Class - {070658EF-FBB1-51FF-B02D-6C8EC243119E} - C:\WINDOWS\APIQZ.DLL
O2 - BHO: Class - {09D46D1A-7C15-52D7-CA95-F0B35470CD73} - C:\WINDOWS\CRDK.DLL
O2 - BHO: Class - {7DBD4D7B-18BA-1454-894C-6230CF52FCC5} - C:\WINDOWS\SYSTEM\SDKWK.DLL (file missing)
O2 - BHO: Class - {01B8230F-FFA5-630F-4267-7F2880D80B57} - C:\WINDOWS\CRUN.DLL
O2 - BHO: Class - {7EFE0B4F-CF0A-0367-88AF-EDB349FEAC20} - C:\WINDOWS\SYSTEM\NTSJ.DLL (file missing)
O2 - BHO: Class - {3C709686-1D4D-C97B-5E58-FE7B58DE9102} - C:\WINDOWS\SYSTEM\CRCZ.DLL
O2 - BHO: Class - {44CDEE57-A711-7BB5-5A48-6D6A0C169088} - C:\WINDOWS\MFCAV32.DLL (file missing)
O2 - BHO: Class - {2316F731-AD64-FBB4-5E87-59967C4541BF} - C:\WINDOWS\SYSTEM\JAVARQ32.DLL
O2 - BHO: Class - {D4453AEB-33E8-3237-5BB4-BD2626EAF5E2} - C:\WINDOWS\CRTV.DLL (file missing)
O2 - BHO: Class - {07146AF0-7FF5-EAB9-8DF4-A761A47B6EC0} - C:\WINDOWS\MFCEI.DLL
O2 - BHO: Class - {9B31480F-0711-B287-66EA-53C4344E07E5} - C:\WINDOWS\SYSTEM\APPBY.DLL (file missing)
O2 - BHO: Class - {207AE86C-EC5E-CC1A-C0F3-F84E29A81F51} - C:\WINDOWS\SYSTEM\IEWY.DLL (file missing)
O2 - BHO: (no name) - {FC8CAC2E-E32B-0FD0-16A5-10FEAEDA2D44} - (no file)
O2 - BHO: Class - {BD6D3515-13C8-89DB-38D3-4630B615B324} - C:\WINDOWS\ADDQI32.DLL
O2 - BHO: Class - {6F8DB982-F820-7376-2AB9-CA0E147B64BE} - C:\WINDOWS\NTAG.DLL
O2 - BHO: Class - {C0F1AE33-153C-4E19-A0B9-7155E429A4F5} - C:\WINDOWS\SYSTEM\WINSE32.DLL (file missing)
O2 - BHO: Class - {E8C707B8-4BFE-5F10-9A0F-ABCDA9B4A798} - C:\WINDOWS\SYSTEM\NETTQ32.DLL (file missing)
O2 - BHO: Class - {65515E86-744B-E7DC-1764-BE40FD487890} - C:\WINDOWS\CRDZ.DLL
O2 - BHO: Class - {61CA3AF6-2E10-18DB-BB89-818F7430DD7E} - C:\WINDOWS\SYSTEM\ADDTX32.DLL
O2 - BHO: Class - {AB05AE41-F1D5-D736-88F2-C487321270C0} - C:\WINDOWS\JAVARN32.DLL (file missing)
O2 - BHO: Class - {95910D88-5B54-A5C5-10A9-C5AD58D4CB50} - C:\WINDOWS\APIAM32.DLL
O2 - BHO: Class - {4D25DD00-BA7F-935D-7E47-576A8D08A148} - C:\WINDOWS\IEIT32.DLL (file missing)
O2 - BHO: Class - {F0643C15-D984-4C1A-869B-AC139041AF0F} - C:\WINDOWS\SYSTEM\CREX.DLL
O2 - BHO: Class - {BD562714-4CBF-6793-6BD0-85FA3F496C5B} - C:\WINDOWS\SYSTEM\MFCKE.DLL
O2 - BHO: Class - {4CF3F22B-5DA9-5DE0-5DEB-EE4100912572} - C:\WINDOWS\NETIQ32.DLL (file missing)
O2 - BHO: Class - {432A50E4-15E1-B224-9F27-8699E3BE07E3} - C:\WINDOWS\SYSTEM\WINKP32.DLL (file missing)
O2 - BHO: Class - {AF9077DF-1DBF-0114-80DB-267B601E8BF8} - C:\WINDOWS\SDKOK.DLL (file missing)
O2 - BHO: Class - {9FD846EF-6A74-8A53-3F0E-2C94011D4C95} - C:\WINDOWS\SYSTEM\IPJB.DLL
O2 - BHO: Class - {32FEF4E4-4FCC-2539-EFD7-A3A0AEB5064E} - C:\WINDOWS\SYSTEM\JAVALJ.DLL (file missing)
O2 - BHO: Class - {18C2B1ED-7635-92A8-5DB5-E71520573650} - C:\WINDOWS\D3JQ32.DLL
O2 - BHO: Class - {5F94CC3B-C656-9113-2D49-5844BD227846} - C:\WINDOWS\SYSTEM\ATLTL32.DLL
O2 - BHO: Class - {911C9539-EF96-7E39-FC5A-E64A99056168} - C:\WINDOWS\SYSTEM\APIQK.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Class - {E4D353C5-F038-4827-9CDA-ABDCF49E5AB5} - C:\WINDOWS\APPQA32.DLL
O2 - BHO: Class - {05A31BEE-9E35-88EA-21E0-006563AE97F4} - C:\WINDOWS\NTXF.DLL
O2 - BHO: Class - {A8F818F5-31A4-2D4C-AE8C-5FD1A39AC827} - C:\WINDOWS\SYSTEM\NTDO.DLL (file missing)
O2 - BHO: Class - {59499B40-7091-52FC-70B3-880BF84D9EE3} - C:\WINDOWS\SYSTEM\NETVI32.DLL (file missing)
O2 - BHO: Class - {C38BD7A9-5C15-E13B-D0D4-B82D49E338A3} - C:\WINDOWS\SYSTEM\NTQP32.DLL (file missing)
O2 - BHO: Class - {FDEEBCF1-BD77-3F48-90AD-29EE05803428} - C:\WINDOWS\IPFF32.DLL (file missing)
O2 - BHO: Class - {714B5AF2-602C-E2B6-5435-F9B5BE040934} - C:\WINDOWS\SYSTEM\ATLNG.DLL (file missing)
O2 - BHO: Class - {6C653AB5-E650-E0AB-7B19-3D05955C2EDA} - C:\WINDOWS\SYSTEM\D3QS32.DLL
O2 - BHO: Class - {E16B1DD3-344A-79E1-514A-8BF5E68E8461} - C:\WINDOWS\SYSTEM\NETMI32.DLL (file missing)
O2 - BHO: Class - {3EAE7E41-1C8C-F033-435F-737FE0B9121D} - C:\WINDOWS\WINMW.DLL (file missing)
O2 - BHO: Class - {D602B1C4-CBB2-797E-9F01-4F6B0FA20838} - C:\WINDOWS\SYSTEM\SDKZY.DLL (file missing)
O2 - BHO: Class - {0E0566F7-EA1D-1C67-9F75-7DAC95434628} - C:\WINDOWS\APPDB32.DLL
O2 - BHO: Class - {846E0BB2-4B7E-3DCA-BD80-7211A3EE88C4} - C:\WINDOWS\JAVAIM32.DLL
O2 - BHO: Class - {55B824BF-D05C-3C69-F473-2D569D9D604F} - C:\WINDOWS\SYSTEM\JAVAIT32.DLL (file missing)
O2 - BHO: Class - {DBF01E90-2654-1D4D-B857-B1C3A0B33591} - C:\WINDOWS\D3VX32.DLL (file missing)
O2 - BHO: Class - {06626DEE-A737-480F-0923-8A1A6B3424C9} - C:\WINDOWS\SYSTEM\MFCXK32.DLL (file missing)
O2 - BHO: Class - {7148010B-B7E6-0815-E592-F49DCDA5FF42} - C:\WINDOWS\SYSTEM\SDKXW32.DLL
O2 - BHO: Class - {89AEB6D2-A932-85DB-A6A3-0ADB07058BA3} - C:\WINDOWS\MFCFA32.DLL (file missing)
O2 - BHO: Class - {C124FC74-49CF-A8D2-DBF7-1F6B5C37337E} - C:\WINDOWS\ADDGU32.DLL (file missing)
O2 - BHO: Class - {46F0B586-63AE-3428-88FC-AD230B3E4D26} - C:\WINDOWS\NTRE32.DLL (file missing)
O2 - BHO: Class - {5F18F145-9A74-3477-D55F-52A7FEDA6984} - C:\WINDOWS\APIBH.DLL (file missing)
O2 - BHO: Class - {E8958CBA-D734-B7F0-2039-60657373729F} - C:\WINDOWS\APIZG.DLL (file missing)
O2 - BHO: Class - {60EE3993-541E-55E9-33E9-BB7AB0AC2EF3} - C:\WINDOWS\SYSTEM\APPNG.DLL
O2 - BHO: Class - {E7FEE8CD-D4D3-8260-44A7-67DD4A71E995} - C:\WINDOWS\SYSTEM\ATLPF.DLL (file missing)
O2 - BHO: Class - {02C2F74B-206D-DFEE-6CAE-D4094E17A18D} - C:\WINDOWS\SDKQG.DLL (file missing)
O2 - BHO: Class - {C63AB847-F5FF-3F45-DB28-0A94EB25589A} - C:\WINDOWS\SYSTEM\JAVAJD32.DLL (file missing)
O2 - BHO: Class - {9FD32095-ADF7-1A19-991F-C1758F72D8DC} - C:\WINDOWS\SYSTEM\APIGN32.DLL (file missing)
O2 - BHO: Class - {E32D915F-70AF-8742-291F-54510B403139} - C:\WINDOWS\NETKT32.DLL (file missing)
O2 - BHO: Class - {C2B4381A-624D-8F51-B758-89C0C91258DE} - C:\WINDOWS\IEZO32.DLL (file missing)
O2 - BHO: Class - {C228461E-7277-4842-97BB-2B22627E644A} - C:\WINDOWS\D3JK.DLL
O2 - BHO: Class - {E0C2E16D-3ECF-C5BB-22C0-BB528174D850} - C:\WINDOWS\SYSTEM\APPYT32.DLL (file missing)
O2 - BHO: Class - {692156AA-6605-5668-04D3-C5B2231A6A6A} - C:\WINDOWS\SYSTEM\IPUQ.DLL (file missing)
O2 - BHO: Class - {77B4CE71-F8EB-D009-07EA-8D5437684795} - C:\WINDOWS\ATLQY.DLL (file missing)
O2 - BHO: Class - {68F79F99-75BB-3696-AC11-DC7D8241232E} - C:\WINDOWS\ADDJN32.DLL (file missing)
O2 - BHO: Class - {BEDB0663-7AC0-B7C0-BE42-118165167350} - C:\WINDOWS\SDKTO32.DLL (file missing)
O2 - BHO: Class - {065681BC-006E-9E35-5DC5-EF4FEF1D58C6} - C:\WINDOWS\ATLKP32.DLL (file missing)
O2 - BHO: Class - {8A3738CE-3940-31B0-B55D-C8804EDED77B} - C:\WINDOWS\SYSTEM\NETWL.DLL (file missing)
O2 - BHO: Class - {4097E29E-2A74-3EEA-7090-0E73AF19AC3E} - C:\WINDOWS\APISA32.DLL (file missing)
O2 - BHO: Class - {B4124C0E-0880-9F8D-0AE8-633A1896EC0A} - C:\WINDOWS\SYSTEM\NTHM32.DLL (file missing)
O2 - BHO: Class - {2B49D9DE-8B8E-0B64-675D-28453B9B313A} - C:\WINDOWS\IPZG32.DLL (file missing)
O2 - BHO: Class - {C8D1C684-C2C9-372C-CB57-F9A72CB478D6} - C:\WINDOWS\NTVX32.DLL (file missing)
O2 - BHO: Class - {2F96309F-5728-7649-2879-9AF7D04FF706} - C:\WINDOWS\SYSTEM\JAVAJI.DLL (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\McUpdate.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe
O4 - HKLM\..\Run: [RxMon] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe
O4 - HKLM\..\Run: [madexe] C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [WAOL.EXE] C:\PROGRAM FILES\AMERICA ONLINE 9.0\WAOL.EXE
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [AOL TopSpeedMonitor] C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRAM FILES\AMERICA ONLINE 9.0\AOL.EXE" -b
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Startup: AdSubtract.lnk = C:\AdSub.exe
O15 - Trusted Zone: *.iframedollars.biz (HKLM)
O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} -
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.pw.aol.com/molbin/shared/m...77/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.pw.aol.com/molbin/shared/m...,18/mcgdmgr.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net

#10 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 20 December 2005 - 06:45 PM

I put together a Text File that you will need for the next step,it has a list of files to be deleted and entries to be fixed with HijackThis,the list is too long to fit in one post so thats why i am using the Text File.

Download the Text File to your desktop for easy access.


Download cwsserviceremove and unzip it to your desktop.
http://ralphcaddell.com/Uploads/cwsserviceremove.zip
Don't run it yet.

Download ABout Buster
http://www.besttechie.net/forums/index.php?showtopic=1488

Follow the Instructions inside the link to Update it,We will run it it Safe Mode


Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    Use the list of files in the text file I had you download.

  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Select Delete on Reboot and Unregister .dll before Deleting
  • then Click on the All Files button.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.


Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam


Open HijackThis and put a check by these but DO NOT hit the Fix Checked button yet

Use the list from the text file for entries to be fixed with HijackThis.

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button


Run ABout Buster just as described in the link

Please run it until you get these Results:

No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY



Double-click the cwsserviceremove.reg file you downloaded at the beginning.
Answer "Yes"when prompted to add the contents to the registry.


Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK.

Make Sure Normal Startup is Checked

Select the tab labeled Startup and put a Check by every box there.

Click Apply-> Close-> Follow the Prompts to Restart


Restart Normal and have the PC Scanned here:
Panda Active Scan

You will need to be using Internet Explorer for the Scan to work

Save the Report it generates


Post back with a fresh HijackThis log and the report from Panda.

Attached Files


Edited by Cretemonster, 20 December 2005 - 06:47 PM.


#11 devanert

devanert
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:09 PM

Posted 22 December 2005 - 01:41 AM

Thanks again! Here's what happened.

I ran Killbox.
I followed your directions.

I didn't get the prompts that you stated, however I got the following message

"You will need to reboot the computer to complete the deletion. Do you want to ...."

I clicked yes and it restarted with no messages.

I had to run AboutBuster twice. The first time it found stuff; the second time it displaid the following:

"No files found"

I could not load the cwsserviceremove.reg file. I kept getting the error:

cannot import C:\WINDOWS\DESKTOP\cwsserviceremove.reg The specified file is not a registry script. you can only import registry files.

I already had MSCONFIG settings you recommended.

When I opened Internet Explorer (IE) to run Panda, It opened at about:blank.

Here is the files you asked for:

Logfile of HijackThis v1.99.1
Scan saved at 12:22:15 AM, on 12/22/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\TOPSPEED\2.0\AOLTSMON.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\TOPSPEED\2.0\AOLTPSPD.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\COMMON\BIN\RXMON9X.EXE
C:\PROGRAM FILES\DELL\RESOLUTION ASSISTANT\MOTIVEASSISTANT\BIN\MAD.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFTRAY.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\WAOL.EXE
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\PROGRAM FILES\KODAK\KODAK SOFTWARE UPDATER\7288971\PROGRAM\KODAK SOFTWARE UPDATER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFAGENT.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0\SHELLMON.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\MY DOCUMENTS\HJT\HIJACKTHIS.EXE

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe
O4 - HKLM\..\Run: [RxMon] C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe
O4 - HKLM\..\Run: [madexe] C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [WAOL.EXE] C:\PROGRAM FILES\AMERICA ONLINE 9.0\WAOL.EXE
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [AOL TopSpeedMonitor] C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRAM FILES\AMERICA ONLINE 9.0\AOL.EXE" -b
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Startup: AdSubtract.lnk = C:\AdSub.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.pw.aol.com/molbin/shared/m...77/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.pw.aol.com/molbin/shared/m...,18/mcgdmgr.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net


Panda
Incident Status Location

Adware:adware/searchaid Not disinfected C:\WINDOWS\SYSTEM\sdkza32.exe
Adware:adware/exact.bargainbuddyNot disinfected C:\WINDOWS\SYSTEM\msbe.dll
Dialer:dialer.bmb Not disinfected C:\WINDOWS\SYSTEM\netpe32.dll
Adware:adware/ncase Not disinfected C:\WINDOWS\SYSTEM\msbb.dll
Adware:adware/adshooter Not disinfected C:\WINDOWS\SYSTEM\syscr.dll
Adware:adware/winad Not disinfected C:\WINDOWS\SYSTEM\winad.dll
Adware:adware/cws.aboutblank Not disinfected C:\WINDOWS\SYSTEM\crhz32.dll
Adware:adware/globosearch Not disinfected C:\WINDOWS\SYSTEM\systr.dll
Adware:adware/cws.payfortrafficNot disinfected C:\WINDOWS\SYSTEM\msmk.dll
Adware:adware/cws.008k Not disinfected C:\WINDOWS\SYSTEM\appfy32.dll
Adware:adware/mirar Not disinfected C:\WINDOWS\SYSTEM\winnb32.dll
Adware:adware/sbsoft Not disinfected C:\WINDOWS\SYSTEM\winsx.dll
Adware:adware/commandertoolbarNot disinfected C:\WINDOWS\SYSTEM\ietb.dll
Dialer:dialer.b Not disinfected C:\WINDOWS\SYSTEM\nethv32.dll
Spyware:spyware/petro-line Not disinfected C:\WINDOWS\SYSTEM\appbs32.dll
Adware:adware/exact.searchbar Not disinfected C:\WINDOWS\SYSTEM\mscb.dll
Spyware:spyware/new.net Not disinfected C:\WINDOWS\NDNuninstall4_34.exe
Adware:adware/cws.searchmeup Not disinfected C:\WINDOWS\loadclean.exe
Adware:adware/tvmedia Not disinfected C:\WINDOWS\addyu.dll
Adware:adware/mediatickets Not disinfected Windows Registry
Dialer:Dialer.Gen Not disinfected C:\WINDOWS\SYSTEM\qpaeesv0.exe
Virus:Trj/Dropper.P Not disinfected C:\WINDOWS\SYSTEM\q8k0fsv0.exe
Adware:Adware/Startpage.CAY Not disinfected C:\WINDOWS\SYSTEM\valg.hta
Adware:Adware/Startpage.CAY Not disinfected C:\WINDOWS\SYSTEM\odbc.hta
Virus:Trj/Downloader.ABU Not disinfected C:\WINDOWS\SYSTEM\twink64.exe
Adware:Adware/Startpage.IE Not disinfected C:\WINDOWS\wlxr.exe
Adware:Adware/SuperSpider Not disinfected C:\WINDOWS\precontrol.exe
Virus:Trj/Downloader.DUU Not disinfected C:\WINDOWS\050218.exe
Virus:Trj/Downloader.MC Not disinfected C:\WINDOWS\digfilt.dll
Virus:Trj/Downloader.MC Not disinfected C:\WINDOWS\digfilt2.dll
Virus:Trj/Downloader.ABU Not disinfected C:\WINDOWS\loadclean.exe
Virus:Trj/Downloader.SO Not disinfected C:\Program Files\Internet Explorer\mlubejst.exe
Virus:Trj/Downloader.ND Not disinfected C:\Program Files\Internet Explorer\zba.exe
Virus:Trj/Downloader.AAN Not disinfected C:\Program Files\Internet Explorer\qvhblfim.exe
Virus:Trj/Downloader.ABU Not disinfected C:\Program Files\Internet Explorer\lsnkjwbp.exe
Possible Virus. Not disinfected C:\Program Files\Internet Explorer\yyvqlnpr.exe
Dialer:Dialer.BIX Not disinfected C:\Program Files\America Online 9.0\download\2253.TMP
Virus:Trj/Autodelete.A Not disinfected C:\Program Files\America Online 9.0\download\phdj.bat
Virus:Trj/Downloader.QL Not disinfected C:\loadpr25.exe
Adware:Adware/CWS.Aboutblank Not disinfected C:\Taxes\Tax03\sp.html
Virus:Trj/Downloader.SO Not disinfected C:\LOAD_MAS2_JAVA.EXE
Virus:Trj/Downloader.AJF Not disinfected C:\load_ro_java.exe
Virus:Trojan Horse Not disinfected C:\loadpr26.exe
Virus:Trojan Horse Not disinfected C:\loadpr27.exe
Virus:Trojan Horse Not disinfected C:\loadpr28.exe
Virus:Trj/Downloader.AGL Not disinfected C:\mmm_java.exe

#12 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 22 December 2005 - 04:42 AM

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet


Open Pocket Killbox and Copy&Paste the list below into it just as you did before.

C:\WINDOWS\digfilt.dll
C:\WINDOWS\digfilt2.dll
C:\WINDOWS\SYSTEM\sdkza32.exe
C:\WINDOWS\SYSTEM\msbe.dll
C:\WINDOWS\SYSTEM\netpe32.dll
C:\WINDOWS\SYSTEM\msbb.dll
C:\WINDOWS\SYSTEM\syscr.dll
C:\WINDOWS\SYSTEM\winad.dll
C:\WINDOWS\SYSTEM\crhz32.dll
C:\WINDOWS\SYSTEM\systr.dll
C:\WINDOWS\SYSTEM\msmk.dll
C:\WINDOWS\SYSTEM\appfy32.dll
C:\WINDOWS\SYSTEM\winnb32.dll
C:\WINDOWS\SYSTEM\winsx.dll
C:\WINDOWS\SYSTEM\ietb.dll
C:\WINDOWS\SYSTEM\nethv32.dll
C:\WINDOWS\SYSTEM\appbs32.dll
C:\WINDOWS\SYSTEM\mscb.dll
C:\WINDOWS\NDNuninstall4_34.exe
C:\WINDOWS\loadclean.exe
C:\WINDOWS\addyu.dll
C:\WINDOWS\SYSTEM\qpaeesv0.exe
C:\WINDOWS\SYSTEM\q8k0fsv0.exe
C:\WINDOWS\SYSTEM\valg.hta
C:\WINDOWS\SYSTEM\odbc.hta
C:\WINDOWS\SYSTEM\twink64.exe
C:\WINDOWS\wlxr.exe
C:\WINDOWS\precontrol.exe
C:\WINDOWS\050218.exe
C:\WINDOWS\loadclean.exe
C:\Program Files\Internet Explorer\mlubejst.exe
C:\Program Files\Internet Explorer\zba.exe
C:\Program Files\Internet Explorer\qvhblfim.exe
C:\Program Files\Internet Explorer\lsnkjwbp.exe
C:\Program Files\Internet Explorer\yyvqlnpr.exe
C:\Program Files\America Online 9.0\download\2253.TMP
C:\Program Files\America Online 9.0\download\phdj.bat
C:\loadpr25.exe
C:\Taxes\Tax03\sp.html
C:\LOAD_MAS2_JAVA.EXE
C:\load_ro_java.exe
C:\loadpr26.exe
C:\loadpr27.exe
C:\loadpr28.exe
C:\mmm_java.exe



Select Delete on Reboot and Unregister .dll before deleting file and Click the Red X to have Killbox delete the files on reboot,follow the prompts just as you did before.


Reboot into SAFE MODE(Tap F8 when restarting)


Once in Safe Mode-> Open and Run Ad-Aware-> Remove all it finds and make sure to delete all Quarantine files created.


Run AboutBuster just as before and again,let me know how many runs it takes until you see

No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY



Now,Open HijackThis and Click the tab labeled "Open Misc Tools Section"


Select Generate StartUpList log and make sure that both Boxes beside it are checked:

Put a check by:
List all minor sections(Full)
and
List Empty Sections(Complete)

It will produce a NotePad Page,Save it to your desktop,I will want to see it in the next reply.


Restart Normal and have the PC Scanned here:
eTrust Antivirus Web Scanner

You will need to be using Internet Explorer for the Scan to work

Save the Report it generates


Post back with the results of the eTrust Antivirus Web Scanner and the HijackThis Startup List log.

#13 devanert

devanert
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male

Posted 23 December 2005 - 09:24 AM

Adaware found one file that needed to be deleted at reboot. I didn't restart at exit. I restarted when you instructed me to restart normal.

Aboutbuster ran once and came back with the message: No files found.

When I restarted normal I got a message : set up is updating system settings. Adaware opened automatically. I closed it and continued with your instructions.

IE opened at the about:blank page again.
I ran the Etrust Antivirus Web Scanner. It ran and came back with a message: No viruses found. It didn't generate a log file for me to save, or at least it wasn't obvious to me. Is it going to send something to the email address I entered?

I'm going to have to send the file later. I brought it to work and I can't open it.

#14 devanert

devanert
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:09 PM

Posted 23 December 2005 - 05:25 PM

Here is the startup list generated by HJT.

StartupList report, 12/22/2005, 10:34:46 PM
StartupList version: 1.52.2
Started from : C:\MY DOCUMENTS\HJT\HIJACKTHIS.EXE
Detected: Windows ME (Win9x 4.90.3000)
Detected: Internet Explorer v5.50 (5.50.4134.0100)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\MY DOCUMENTS\HJT\HIJACKTHIS.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
AdSubtract.lnk = C:\AdSub.exe

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\WINDOWS\All Users\Start Menu\Programs\StartUp]
*No files*

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
PCHealth = C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
SystemTray = SysTray.Exe
TaskMonitor = C:\WINDOWS\taskmon.exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
MCUpdateExe = C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
Norton Auto-Protect = C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
KodakCCS = C:\WINDOWS\System32\Drivers\KodakCCS.exe
RxMon = C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon9x.exe
madexe = C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe
Speed racer = C:\Program Files\Creative\PlayCenter\CTSRReg.exe
AudioHQ = C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
Adaptec DirectCD = C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
MotiveMonitor = C:\Program Files\Motive\motmon.exe
UpdReg = C:\WINDOWS\Updreg.exe
MPFExe = C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
MCAgentExe = C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
QuickTime Task = "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
WAOL.EXE = C:\PROGRAM FILES\AMERICA ONLINE 9.0\WAOL.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

cadec2aa-42fc-4654-a09e-f2f82eb3f867 =
AAW = "C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\AD-AWARE.EXE" "+b1"

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

(Default) =

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent = mstask.exe
SSDPSRV = C:\WINDOWS\SYSTEM\ssdpsrv.exe
*StateMgr = C:\WINDOWS\System\Restore\StateMgr.exe
AOL TopSpeedMonitor = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
KB891711 = C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

AOL Fast Start = "C:\PROGRAM FILES\AMERICA ONLINE 9.0\AOL.EXE" -b

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\SYSTEM\MSHTA.EXE "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = C:\WINDOWS\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[SetupcPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection SetupcPerUser 64 C:\WINDOWS\INF\setupc.inf

[AppletsPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection AppletsPerUser 64 C:\WINDOWS\INF\applets.inf

[PerUser_CVT_Inis]
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64 C:\WINDOWS\INF\applets1.inf

[FontsPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection FontsPerUser 64 C:\WINDOWS\INF\fonts.inf

[PerUser_HNW_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_HNW_Inis 64 C:\WINDOWS\INF\ICS.inf

[PerUser_ICW_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ICW_Inis 0 C:\WINDOWS\INF\icw97.inf

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[{89820200-ECBD-11cf-8B85-00AA005B4395}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[PerUser_moviemaker] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_moviemaker 64 C:\WINDOWS\INF\moviemk.inf

[>PerUser_MSN_Clean] *
StubPath = C:\WINDOWS\msnmgsr1.exe

[{CA0A4247-44BE-11d1-A005-00805F8ABE06}] *
StubPath = RunDLL setupx.dll,InstallHinfSection PowerCfg.user 0 powercfg.inf

[PerUser_Msinfo] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo 64 C:\WINDOWS\INF\msinfo.inf

[PerUser_Msinfo2] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Msinfo2 64 C:\WINDOWS\INF\msinfo.inf

[MotownMmsysPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMmsysPerUser 64 C:\WINDOWS\INF\motown.inf

[MotownAvivideoPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownAvivideoPerUser 64 C:\WINDOWS\INF\motown.inf

[PerUser_Base] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Base 64 C:\WINDOWS\INF\msmail.inf

[SamplerPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection SamplerPerUser 64 C:\WINDOWS\INF\sampler.inf

[ShellPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection ShellPerUser 64 C:\WINDOWS\INF\shell.inf

[Shell2PerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Shell2PerUser 64 C:\WINDOWS\INF\shell2.inf

[PerUser_winbase_Links] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winbase_Links 64 C:\WINDOWS\INF\subase.inf

[PerUser_winapps_Links] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_winapps_Links 64 C:\WINDOWS\INF\subase.inf

[PerUser_LinkBar_URLs] *
StubPath = C:\WINDOWS\COMMAND\sulfnbk.exe /L

[TapiPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection TapiPerUser 64 C:\WINDOWS\INF\tapi.inf

[PerUser_MSWordPad_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_MSWordPad_Inis 64 C:\WINDOWS\INF\wordpad.inf

[PerUserOldLinks] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUserOldLinks 64 C:\WINDOWS\INF\appletpp.inf

[MmoptRegisterPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptRegisterPerUser 64 C:\WINDOWS\INF\mmopt.inf

[PerUser_CDPlayer_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CDPlayer_Inis 64 C:\WINDOWS\INF\mmopt.inf

[OlsPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsPerUser 64 C:\WINDOWS\INF\ols.inf

[OlsMsnPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsMsnPerUser 64 C:\WINDOWS\INF\ols.inf

[PerUser_PCHealth] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_PCHealth 64 C:\WINDOWS\INF\pchealth.inf

[{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

[PerUser_Paint_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Paint_Inis 64 C:\WINDOWS\INF\applets.inf

[PerUser_Calc_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Calc_Inis 64 C:\WINDOWS\INF\applets.inf

[PerUser_dxxspace_Links] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_dxxspace_Links 64 C:\WINDOWS\INF\applets1.inf

[PerUser_Enable_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Enable_Inis 64 C:\WINDOWS\INF\enable.inf

[PerUser_Wingames_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Wingames_Inis 64 C:\WINDOWS\INF\games.inf

[PerUser_ZoneGame_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ZoneGame_Inis 64 C:\WINDOWS\INF\games.inf

[PerUser_PBGame_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_PBGame_Inis 64 C:\WINDOWS\INF\games.inf

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser

[MotownRecPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownRecPerUser 64 C:\WINDOWS\INF\motown.inf

[PerUser_Vol] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Vol 64 C:\WINDOWS\INF\motown.inf

[MotownMPlayPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MotownMPlayPerUser 64 C:\WINDOWS\INF\motown.inf

[PerUser_RNA_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_RNA_Inis 64 C:\WINDOWS\INF\rna.inf

[PerUser_Sysmon_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Sysmon_Inis 64 C:\WINDOWS\INF\appletpp.inf

[PerUser_Sysmeter_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Sysmeter_Inis 64 C:\WINDOWS\INF\appletpp.inf

[PerUser_netwatch_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_netwatch_Inis 64 C:\WINDOWS\INF\appletpp.inf

[PerUser_CharMap_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_CharMap_Inis 64 C:\WINDOWS\INF\appletpp.inf

[PerUser_Onlinelnks_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Onlinelnks_Inis 64 C:\WINDOWS\INF\appletpp.inf

[PerUser_Dialer_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_Dialer_Inis 64 C:\WINDOWS\INF\appletpp.inf

[PerUser_ClipBrd_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_ClipBrd_Inis 64 C:\WINDOWS\INF\clip.inf

[MmoptMusicaPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptMusicaPerUser 64 C:\WINDOWS\INF\mmopt.inf

[MmoptJunglePerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptJunglePerUser 64 C:\WINDOWS\INF\mmopt.inf

[MmoptRobotzPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptRobotzPerUser 64 C:\WINDOWS\INF\mmopt.inf

[MmoptUtopiaPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection MmoptUtopiaPerUser 64 C:\WINDOWS\INF\mmopt.inf

[{44BBA842-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.W95

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02}

[OlsAolPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsAolPerUser 64 C:\WINDOWS\INF\ols.inf

[OlsAttPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsAttPerUser 64 C:\WINDOWS\INF\ols.inf

[OlsProdigyPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsProdigyPerUser 64 C:\WINDOWS\INF\ols.inf

[OlsEarthlinkPerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection OlsEarthlinkPerUser 64 C:\WINDOWS\INF\ols.inf

[Shell3PerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Shell3PerUser 64 C:\WINDOWS\INF\shell3.inf

[Theme_MoreWindows_PerUser] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection Themes_MoreWindows_PerUser 0 C:\WINDOWS\INF\themes.inf

[PerUser_Preptool] *
StubPath = rundll.exe Setupx.dll,InstallHinfSection Install 64 C:\WINDOWS\INF\RUNLAST.INF

[^RNA] *
StubPath = rundll rnasetup.dll,installoptionalcomponent rna

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\SYSTEM\ie4uinit.exe

[PerUser_DCC_Inis] *
StubPath = rundll.exe C:\WINDOWS\SYSTEM\setupx.dll,InstallHinfSection PerUser_DCC_Inis 64 C:\WINDOWS\INF\rna.inf

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=
run=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE=
drivers=mmsystem.dll power.drv

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

C:\WINDOWS\WININIT.INI listing:
(Created 22/12/2005, 21:47:0)

[Rename]
NUL=c:\!KillBox\050218.exe
NUL=c:\_RESTORE\TEMP\050218.0

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 22/12/2005, 21:16:6)

[Rename]
NUL=C:\WINDOWS\DIGFILT.DLL
NUL=C:\WINDOWS\DIGFILT2.DLL
NUL=C:\WINDOWS\SYSTEM\SDKZA32.EXE
NUL=C:\WINDOWS\SYSTEM\MSBE.DLL
NUL=C:\WINDOWS\SYSTEM\NETPE32.DLL
NUL=C:\WINDOWS\SYSTEM\MSBB.DLL
NUL=C:\WINDOWS\SYSTEM\SYSCR.DLL
NUL=C:\WINDOWS\SYSTEM\WINAD.DLL
NUL=C:\WINDOWS\SYSTEM\CRHZ32.DLL
NUL=C:\WINDOWS\SYSTEM\SYSTR.DLL
NUL=C:\WINDOWS\SYSTEM\MSMK.DLL
NUL=C:\WINDOWS\SYSTEM\APPFY32.DLL
NUL=C:\WINDOWS\SYSTEM\WINNB32.DLL
NUL=C:\WINDOWS\SYSTEM\WINSX.DLL
NUL=C:\WINDOWS\SYSTEM\IETB.DLL
NUL=C:\WINDOWS\SYSTEM\NETHV32.DLL
NUL=C:\WINDOWS\SYSTEM\APPBS32.DLL
NUL=C:\WINDOWS\SYSTEM\MSCB.DLL
NUL=C:\WINDOWS\NDNUNI~1.EXE
NUL=C:\WINDOWS\LOADCL~1.EXE
NUL=C:\WINDOWS\ADDYU.DLL
NUL=C:\WINDOWS\SYSTEM\QPAEESV0.EXE
NUL=C:\WINDOWS\SYSTEM\Q8K0FSV0.EXE
NUL=C:\WINDOWS\SYSTEM\VALG.HTA
NUL=C:\WINDOWS\SYSTEM\ODBC.HTA
NUL=C:\WINDOWS\SYSTEM\TWINK64.EXE
NUL=C:\WINDOWS\WLXR.EXE
NUL=C:\WINDOWS\PRECON~1.EXE
NUL=C:\WINDOWS\050218.EXE
NUL=C:\PROGRA~1\INTERN~1\MLUBEJST.EXE
NUL=C:\PROGRA~1\INTERN~1\ZBA.EXE
NUL=C:\PROGRA~1\INTERN~1\QVHBLFIM.EXE
NUL=C:\PROGRA~1\INTERN~1\LSNKJWBP.EXE
NUL=C:\PROGRA~1\INTERN~1\YYVQLNPR.EXE
NUL=C:\PROGRA~1\AMERIC~1.0\DOWNLOAD\2253.TMP
NUL=C:\PROGRA~1\AMERIC~1.0\DOWNLOAD\PHDJ.BAT
NUL=C:\LOADPR25.EXE
NUL=C:\TAXES\TAX03\SP~1.HTM
NUL=C:\LOAD_M~1.EXE
NUL=C:\LOAD_R~1.EXE
NUL=C:\LOADPR26.EXE
NUL=C:\LOADPR27.EXE
NUL=C:\LOADPR28.EXE
NUL=C:\MMM_JAVA.EXE

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

SET COMSPEC=C:\WINDOWS\COMMAND.COM
SET windir=C:\WINDOWS
SET winbootdir=C:\WINDOWS
SET PROMPT=$p$g
SET TEMP=C:\WINDOWS\TEMP
SET TMP=C:\WINDOWS\TEMP
SET PATH=C:\WINDOWS;C:\WINDOWS\COMMAND;C:\PROGRA~1\DELL\RESOLU~1\COMMON\BIN

--------------------------------------------------

C:\CONFIG.SYS listing:

*File is empty*

--------------------------------------------------

C:\WINDOWS\WINSTART.BAT listing:

C:\WINDOWS\tmpcpyis.bat

--------------------------------------------------

C:\WINDOWS\DOSSTART.BAT listing:

echo off
REM Notes:
REM DOSSTART.BAT is run whenenver you choose "Restart the computer
REM in MS-DOS mode" from the Shutdown menu in Windows. It allows
REM you to load programs that you might not want loaded in Windows,
REM (because they have functional equivalents) but that you do
REM want loaded under MS-DOS. The two primary candidates for
REM this are MSCDEX and a real mode driver for the mouse you ship
REM with your system. Commands that you want present in both Windows
REM and MS-DOS should be placed in the Autoexec.bat in the
REM \Image directory of your reference server. Please note that for
REM MSCDEX you will need to load the corresponding real-mode CD
REM driver in Config.sys. This driver won't be used by Windows 98
REM but will be available prior to and after Windows 98 exits.
REM
REM This file is also helpful if you want to F8 boot into MS-DOS 7.0
REM before Windows loads and access the CD-ROM. All you have to do
REM is press F8 and then run DOSSTART to load MSCDEX and your real
REM mode mouse driver (no need to remember the command line parameters
REM for these two files.
REM
REM - You MUST explicitly specify the CD ROM Drive Letter for MSCDEX.
REM - The string following the /D: statement must explicitly match
REM the string in CONFIG.SYS following your CD-ROM device driver.
REM MSCDEX.EXE /D:OEMCD001 /l:d
REM MOUSE.EXE
LH C:\PROGRA~1\MICROS~1\MOUSE\MOUSE.EXE

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

*No BHO's found*

--------------------------------------------------

Enumerating Task Scheduler jobs:

PCHealth Scheduler for Data Collection.job
Tune-up Application Start.job
Scan for Viruses.job
McAfee.com Update Check 11222005204618.job

--------------------------------------------------

Enumerating Download Program Files:

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso4.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[DirectAnimation Java Classes]
CODEBASE = file://C:\WINDOWS\SYSTEM\dajava.cab
OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

[QDiagAOLCCUpdateObj Class]
InProcServer32 = C:\WINDOWS\SYSTEM\QDIAGCC.OCX
CODEBASE = http://aolcc.aol.com/computercheckup/qdiagcc.cab

[McAfee.com Operating System Class]
InProcServer32 = C:\WINDOWS\SYSTEM\MCINSCTL.DLL
CODEBASE = http://download.pw.aol.com/molbin/shared/m...77/mcinsctl.cab

[DwnldGroupMgr Class]
InProcServer32 = C:\WINDOWS\SYSTEM\MCGDMGR.DLL
CODEBASE = http://download.pw.aol.com/molbin/shared/m...,18/mcgdmgr.cab

[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ASINST.DLL
CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\SYSTEM\rnr20.dll
Protocol #1: C:\WINDOWS\SYSTEM\mswsosp.dll
Protocol #2: C:\WINDOWS\SYSTEM\msafd.dll
Protocol #3: C:\WINDOWS\SYSTEM\msafd.dll
Protocol #4: C:\WINDOWS\SYSTEM\msafd.dll
Protocol #5: C:\WINDOWS\SYSTEM\rsvpsp.dll
Protocol #6: C:\WINDOWS\SYSTEM\rsvpsp.dll

--------------------------------------------------

Enumerating Win9x VxD services:

VNETSUP: vnetsup.vxd
VPOWERD: *VPOWERD
NDIS: ndis.vxd
JAVASUP: JAVASUP.VXD
CONFIGMG: *CONFIGMG
NTKern: *NTKERN
VWIN32: *VWIN32
VFBACKUP: *VFBACKUP
VCOMM: *VCOMM
COMBUFF: *COMBUFF
IFSMGR: *IFSMGR
IOS: *IOS
MTRR: *MTRR
SPOOLER: *SPOOLER
UDF: *UDF
VFAT: *VFAT
VCACHE: *VCACHE
VCOND: *VCOND
VCDFSD: *VCDFSD
VXDLDR: *VXDLDR
VDEF: *VDEF
VPICD: *VPICD
VTD: *VTD
REBOOT: *REBOOT
VDMAD: *VDMAD
VSD: *VSD
V86MMGR: *V86MMGR
PAGESWAP: *PAGESWAP
DOSMGR: *DOSMGR
VMPOLL: *VMPOLL
SHELL: *SHELL
PARITY: *PARITY
BIOSXLAT: *BIOSXLAT
VMCPD: *VMCPD
VTDAPI: *VTDAPI
PERF: *PERF
VNETBIOS: vnetbios.vxd
TurboVBF: turbovbf.vxd
VREDIR: vredir.vxd
DFS: dfs.vxd
NDISWAN: ndiswan.vxd

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL
UPnPMonitor: C:\WINDOWS\SYSTEM\UPNPUI.DLL
AUHook: C:\WINDOWS\SYSTEM\AUHOOK.DLL

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 27,533 bytes
Report generated in 0.374 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

#15 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 24 December 2005 - 05:06 AM

Allright,lets see how we did.

Open IE and Click Tools-> Internet Options-> Programs and then click "Reset Web Settings"

Choose to Reset your Homepage and set it to something simple for now like Google.com or MSN.com

We will see if it sticks.

Now go back and Click the Advanced Tab and then Click "Restore Defaults"


Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users