Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help Me With My Hjt Log.


  • Please log in to reply
9 replies to this topic

#1 kona77

kona77

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 31 January 2006 - 03:56 PM

Hello,
Please help me eliminate the pop-ups I get when on Explorer. I have run Spybot Search & Destray and Norton 2005. They have eliminated a lot of the spyware, but not all. Another problem I'm having is I can't install any programs onto my computer. Installshield won't engage, when I click on a ".exe" file nothing happens at all.
Thank you.

Here my HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 2:50:50 PM, on 1/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\System32\svchost.exe
c:\progra~1\Support.com\client\bin\tgcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\DOCUME~1\Mike\LOCALS~1\Temp\Temporary Directory 2 for HijackThis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.msn.co
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canada.com/national/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\poker.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1123802844952
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

BC AdBot (Login to Remove)

 


m

#2 kona77

kona77
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 01 February 2006 - 04:11 PM

Hello,

I hope somebody reads this post and can give me a hand. I was reading other posts and came accross activescan. I ran it and it picked up a tonne of stuff that norton antivirus and spybot missed. So I thought I would post the results along with my HJT log hoping someone can help me out.

I have multiple types of pop-ups from free ipods to christian dating services.

I also connot install any programs onto my computer. My guess is either something corrupt with windows or with the installshield program. I have downloaded the newer versions from the microsoft website and tried a system restore back to a date in December with no luck.

Please help,
Thank you.

Here is my active scan results.


Incident Status Location

Adware:adware/dyfuca Not disinfected Windows Registry
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Mike\Cookies\mike@burstnet[1].txt
Spyware:Cookie/Bs.serving-sys Not disinfected C:\Documents and Settings\Mike\Cookies\mike@bs.serving-sys[2].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Mike\Cookies\mike@revenue[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Mike\Cookies\mike@xiti[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Mike\Cookies\mike@toplist[1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Mike\Cookies\mike@rn11[2].txt
Spyware:Cookie/24/7 Realmedia Not disinfected C:\Documents and Settings\Mike\Cookies\mike@247realmedia[1].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Mike\Cookies\mike@webpower[1].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Mike\Cookies\mike@c.enhance[1].txt
Spyware:Cookie/XXXCounter Not disinfected C:\Documents and Settings\Mike\Cookies\mike@xxxcounter[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Mike\Cookies\mike@as1.falkag[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Mike\Cookies\mike@adrevolver[1].txt
Spyware:Cookie/Dyfuca Not disinfected C:\Documents and Settings\Mike\Cookies\mike@0[3].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Mike\Cookies\mike@adrevolver[2].txt
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\Mike\Cookies\mike@ask[1].txt
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Mike\Cookies\mike@paycounter[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Mike\Cookies\mike@serving-sys[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Mike\Cookies\mike@adopt.hbmediapro[2].txt
Spyware:Cookie/Advnt Not disinfected C:\Documents and Settings\Mike\Cookies\mike@www.advnt01[1].txt
Spyware:Cookie/Comclick Not disinfected C:\Documents and Settings\Mike\Cookies\mike@fl01.ct2.comclick[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Mike\Cookies\mike@belnk[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Mike\Cookies\mike@trafficmp[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Mike\Cookies\mike@ccbill[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Mike\Cookies\mike@dist.belnk[2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Mike\Cookies\mike@go[2].txt
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Mike\Cookies\mike@2o7[1].txt
Spyware:Cookie/Hypercount Not disinfected C:\Documents and Settings\Mike\Cookies\mike@hypercount[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Mike\Cookies\mike@zedo[2].txt
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Mike\Cookies\mike@landing.domainsponsor[1].txt
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Mike\Cookies\mike@cs.sexcounter[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Mike\Cookies\mike@perf.overture[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Mike\Cookies\mike@searchportal.information[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Mike\Cookies\mike@tribalfusion[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Mike\Cookies\mike@questionmarket[1].txt
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Mike\Cookies\mike@stat.onestat[1].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Mike\Cookies\mike@adtech[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Mike\Cookies\mike@server.iad.liveperson[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Mike\Cookies\mike@ads.pointroll[2].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Mike\Cookies\mike@z1.adserver[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Mike\Cookies\mike@casalemedia[1].txt
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Mike\Cookies\mike@kinghost[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Mike\Cookies\mike@apmebf[1].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Mike\Cookies\mike@qksrv[1].txt
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Mike\Cookies\mike@weborama[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Mike\Cookies\mike@ad.yieldmanager[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Mike\Cookies\mike@stats1.reliablestats[2].txt
Spyware:Cookie/Clicktracks Not disinfected C:\Documents and Settings\Mike\Cookies\mike@stats1.clicktracks[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Mike\Cookies\mike@realmedia[1].txt
Spyware:Cookie/X10 Not disinfected C:\Documents and Settings\Mike\Cookies\mike@x10[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Mike\Cookies\mike@maxserving[2].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Mike\Cookies\mike@clickbank[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Mike\Cookies\mike@statcounter[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Mike\Cookies\mike@bluestreak[1].txt
Spyware:Cookie/2o7.net Not disinfected C:\FOUND.000\FILE0054.CHK
Adware:Adware/PowerScan Not disinfected C:\Documents and Settings\Mike\Local Settings\Temp\uninstall.exe
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Mike\Local Settings\Temp\Cookies\mike@2o7[2].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Mike\Local Settings\Temp\Cookies\mike@ccbill[1].txt
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Mike\Local Settings\Temp\Cookies\mike@paycounter[1].txt
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Mike\Local Settings\Temp\Cookies\mike@cs.sexcounter[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Mike\Cookies\mike@burstnet[1].txt
Spyware:Cookie/Bs.serving-sys Not disinfected C:\Documents and Settings\Mike\Cookies\mike@bs.serving-sys[2].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Mike\Cookies\mike@revenue[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Mike\Cookies\mike@xiti[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Mike\Cookies\mike@toplist[1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Mike\Cookies\mike@rn11[2].txt
Spyware:Cookie/24/7 Realmedia Not disinfected C:\Documents and Settings\Mike\Cookies\mike@247realmedia[1].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Mike\Cookies\mike@webpower[1].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Mike\Cookies\mike@c.enhance[1].txt
Spyware:Cookie/XXXCounter Not disinfected C:\Documents and Settings\Mike\Cookies\mike@xxxcounter[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Mike\Cookies\mike@as1.falkag[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Mike\Cookies\mike@adrevolver[1].txt
Spyware:Cookie/Dyfuca Not disinfected C:\Documents and Settings\Mike\Cookies\mike@0[3].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Mike\Cookies\mike@adrevolver[2].txt
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\Mike\Cookies\mike@ask[1].txt
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Mike\Cookies\mike@paycounter[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Mike\Cookies\mike@serving-sys[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Mike\Cookies\mike@adopt.hbmediapro[2].txt
Spyware:Cookie/Advnt Not disinfected C:\Documents and Settings\Mike\Cookies\mike@www.advnt01[1].txt
Spyware:Cookie/Comclick Not disinfected C:\Documents and Settings\Mike\Cookies\mike@fl01.ct2.comclick[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Mike\Cookies\mike@belnk[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Mike\Cookies\mike@trafficmp[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Mike\Cookies\mike@ccbill[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Mike\Cookies\mike@dist.belnk[2].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Mike\Cookies\mike@go[2].txt
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\Mike\Cookies\mike@2o7[1].txt
Spyware:Cookie/Hypercount Not disinfected C:\Documents and Settings\Mike\Cookies\mike@hypercount[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Mike\Cookies\mike@zedo[2].txt
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Mike\Cookies\mike@landing.domainsponsor[1].txt
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Mike\Cookies\mike@cs.sexcounter[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Mike\Cookies\mike@perf.overture[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Mike\Cookies\mike@searchportal.information[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Mike\Cookies\mike@tribalfusion[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Mike\Cookies\mike@questionmarket[1].txt
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Mike\Cookies\mike@stat.onestat[1].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Mike\Cookies\mike@adtech[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Mike\Cookies\mike@server.iad.liveperson[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Mike\Cookies\mike@ads.pointroll[2].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Mike\Cookies\mike@z1.adserver[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Mike\Cookies\mike@casalemedia[1].txt
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Mike\Cookies\mike@kinghost[1].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Mike\Cookies\mike@apmebf[1].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Mike\Cookies\mike@qksrv[1].txt
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Mike\Cookies\mike@weborama[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Mike\Cookies\mike@ad.yieldmanager[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Mike\Cookies\mike@stats1.reliablestats[2].txt
Spyware:Cookie/Clicktracks Not disinfected C:\Documents and Settings\Mike\Cookies\mike@stats1.clicktracks[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Mike\Cookies\mike@realmedia[1].txt
Spyware:Cookie/X10 Not disinfected C:\Documents and Settings\Mike\Cookies\mike@x10[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Mike\Cookies\mike@maxserving[2].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Mike\Cookies\mike@clickbank[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Mike\Cookies\mike@statcounter[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Mike\Cookies\mike@bluestreak[1].txt
Virus:Trj/Downloader.L Disinfected G:\WINDOWS\inf\susp.inf
Virus:Trj/Keyhost.A Disinfected G:\WINDOWS\inf\host.inf
Spyware:Spyware/Altnet Not disinfected G:\WINDOWS\Temp\Altnet\adm.exe
Spyware:Spyware/Altnet Not disinfected G:\WINDOWS\Temp\Altnet\dmfiles.cab
Spyware:Spyware/Altnet Not disinfected G:\WINDOWS\Temp\Altnet\dmfiles.cab[AltnetUninstall.exe]
Spyware:Spyware/Altnet Not disinfected G:\WINDOWS\Temp\Altnet\dmfiles.cab[asmend.exe]
Potentially unwanted tool:Application/MyWay Not disinfected G:\WINDOWS\Temp\Altnet\mysearch.cab
Potentially unwanted tool:Application/MyWay Not disinfected G:\WINDOWS\Temp\Altnet\mysearch.cab[mySetp.exe]
Spyware:Spyware/Altnet Not disinfected G:\WINDOWS\Temp\Altnet\pmexe.cab
Spyware:Spyware/Altnet Not disinfected G:\WINDOWS\Temp\Altnet\pmexe.cab[Points Manager.exe]
Spyware:Spyware/Altnet Not disinfected G:\WINDOWS\Temp\Altnet\Setup.exe
Spyware:Spyware/BetterInet Not disinfected G:\WINDOWS\Downloaded Program Files\turbo.inf
Virus:Trj/Seeker.U Disinfected G:\WINDOWS\sysdllwm.reg
Virus:Exploit/Mhtredir.gen Disinfected G:\Documents and Settings\Valued Customer\Local Settings\Temp\Temporary Internet Files\Content.IE5\K713MI79\CA1C0FT1.HTM
Virus:Exploit/Mhtredir.gen Disinfected G:\Documents and Settings\Valued Customer\Local Settings\Temp\Temporary Internet Files\Content.IE5\K713MI79\CAIJCH2N.HTM
Virus:Trojan Horse Disinfected G:\Documents and Settings\Valued Customer\Local Settings\Temp\Temporary Internet Files\Content.IE5\K713MI79\xxx[1].hta
Virus:Trojan Horse Disinfected G:\Documents and Settings\Valued Customer\Local Settings\Temp\Temporary Internet Files\Content.IE5\K713MI79\xxx[2].hta
Virus:Exploit/Mhtredir.gen Disinfected G:\Documents and Settings\Valued Customer\Local Settings\Temp\Temporary Internet Files\Content.IE5\GLMJKPI3\CAP0O3HP.HTM
Virus:Trojan Horse Disinfected G:\Documents and Settings\Valued Customer\Local Settings\Temp\Temporary Internet Files\Content.IE5\GLMJKPI3\xxx[2].hta
Virus:Trojan Horse Disinfected G:\Documents and Settings\Valued Customer\Local Settings\Temp\Temporary Internet Files\Content.IE5\GLMJKPI3\xxx[3].hta
Virus:Trojan Horse Disinfected G:\Documents and Settings\Valued Customer\Local Settings\Temp\Temporary Internet Files\Content.IE5\GLMJKPI3\xxx[4].hta
Virus:Trojan Horse Disinfected G:\Documents and Settings\Valued Customer\Local Settings\Temp\Temporary Internet Files\Content.IE5\GLMJKPI3\xxx[1].hta
Virus:Exploit/Mhtredir.gen Disinfected G:\Documents and Settings\Valued Customer\Local Settings\Temp\Temporary Internet Files\Content.IE5\GLMJKPI3\CA6705QB.HTM
Virus:Exploit/Codebase.gen Not disinfected G:\Documents and Settings\Valued Customer\Local Settings\Temp\Temporary Internet Files\Content.IE5\GLMJKPI3\chm[6].chm[l.html]
Virus:Trj/Downloader.IW Not disinfected G:\Documents and Settings\Valued Customer\Local Settings\Temp\Temporary Internet Files\Content.IE5\GLMJKPI3\chm[6].chm[e.exe]
Adware:Adware/ISearch Not disinfected G:\Documents and Settings\Valued Customer\Local Settings\Temp\Temporary Internet Files\Content.IE5\GLMJKPI3\chm[5].chm[initial.inf]
Adware:Adware/ISearch Not disinfected G:\Documents and Settings\Valued Customer\Local Settings\Temp\Temporary Internet Files\Content.IE5\GLMJKPI3\chm[1].chm[initial.inf]
Virus:Exploit/Codebase.gen Not disinfected G:\Documents and Settings\Valued Customer\Local Settings\Temp\Temporary Internet Files\Content.IE5\GLMJKPI3\chm[2].chm[l.html]
Virus:Trj/Downloader.IW Not disinfected G:\Documents and Settings\Valued Customer\Local Settings\Temp\Temporary Internet Files\Content.IE5\GLMJKPI3\chm[2].chm[e.exe]
Virus:Exploit/Codebase.gen Not disinfected G:\Documents and Settings\Valued Customer\Local Settings\Temp\Temporary Internet Files\Content.IE5\GLMJKPI3\chm[3].chm[l.html]
Virus:Trj/Downloader.IW Not disinfected G:\Documents and Settings\Valued Customer\Local Settings\Temp\Temporary Internet Files\Content.IE5\GLMJKPI3\chm[3].chm[e.exe]
Virus:Exploit/Codebase.gen Not disinfected G:\Documents and Settings\Valued Customer\Local Settings\Temp\Temporary Internet Files\Content.IE5\GLMJKPI3\chm[4].chm[l.html]
Virus:Trj/Downloader.IW Not disinfected G:\Documents and Settings\Valued Customer\Local Settings\Temp\Temporary Internet Files\Content.IE5\GLMJKPI3\chm[4].chm[e.exe]
Virus:Exploit/Codebase.gen Not disinfected G:\Documents and Settings\Valued Customer\Local Settings\Temp\Temporary Internet Files\Content.IE5\GLMJKPI3\chm[7].chm[l.html]
Virus:Trj/Downloader.IW Not disinfected G:\Documents and Settings\Valued Customer\Local Settings\Temp\Temporary Internet Files\Content.IE5\GLMJKPI3\chm[7].chm[e.exe]
Adware:Adware/MediaTickets Not disinfected G:\Documents and Settings\Valued Customer\Local Settings\Temp\Temporary Internet Files\Content.IE5\4VF3YWT1\CA7ESVJX.HTM
Adware:Adware/MediaTickets Not disinfected G:\Documents and Settings\Valued Customer\Local Settings\Temp\Temporary Internet Files\Content.IE5\4VF3YWT1\CAOPELLA.HTM
Adware:Adware/MediaTickets Not disinfected G:\Documents and Settings\Valued Customer\Local Settings\Temp\Temporary Internet Files\Content.IE5\4VF3YWT1\CAQJG9Q9.HTM
Virus:Trojan Horse Disinfected G:\Documents and Settings\Valued Customer\Local Settings\Temp\Temporary Internet Files\Content.IE5\4VF3YWT1\xxx[1].hta
Security Risk:Exploit/MIE.CHM Not disinfected G:\Documents and Settings\Valued Customer\Local Settings\Temp\Temporary Internet Files\Content.IE5\4VF3YWT1\x1[1].html
Adware:Adware/MediaTickets Not disinfected G:\Documents and Settings\Valued Customer\Local Settings\Temp\Temporary Internet Files\Content.IE5\5WWRXLG5\CAKHO5CJ.HTM
Virus:Trj/Zerolin.D Not disinfected G:\Documents and Settings\Valued Customer\Local Settings\Temp\Temporary Internet Files\Content.IE5\0XGDQR81\gallery[1].chm[gallery.html]
Adware:Adware/MediaTickets Not disinfected G:\Documents and Settings\Valued Customer\Local Settings\Temp\Temporary Internet Files\Content.IE5\C1OJK3K7\CA4DEZS9.HTM
Virus:Trojan Horse Disinfected G:\Documents and Settings\Valued Customer\Local Settings\Temp\Temporary Internet Files\Content.IE5\65NC5ORI\xxx[1].hta
Virus:Exploit/Mhtredir.gen Disinfected G:\Documents and Settings\Valued Customer\Local Settings\Temp\Temporary Internet Files\Content.IE5\43FZE4X5\CA4LCL4B.HTM
Virus:Exploit/Mhtredir.gen Disinfected G:\Documents and Settings\Valued Customer\Local Settings\Temp\Temporary Internet Files\Content.IE5\43FZE4X5\CAKPYZ0T.HTM
Adware:Adware/MediaTickets Not disinfected G:\Documents and Settings\Valued Customer\Local Settings\Temp\Temporary Internet Files\Content.IE5\43FZE4X5\CA9GMXHF.HTM
Adware:Adware/MediaTickets Not disinfected G:\Documents and Settings\Valued Customer\Local Settings\Temp\Temporary Internet Files\Content.IE5\43FZE4X5\CAARWNR8.HTM
Adware:Adware/MediaTickets Not disinfected G:\Documents and Settings\Valued Customer\Local Settings\Temp\Temporary Internet Files\Content.IE5\43FZE4X5\CA2JKTIB.HTM
Adware:Adware/SearchAid Not disinfected G:\Documents and Settings\Valued Customer\

#3 kona77

kona77
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 02 February 2006 - 04:22 PM

Hello,

I'll keep updating my status untill someone can read this.

I've been following the steps from the "start here" part of the forum with some success.

I can now install programs again "phew" so that is great, but I am still getting annoying pop-up such as "Free ipods", "PC Showbuzz" and "Christian Dating Service". I used to get the "Winfixer" pop-up but haven't for awhile. I was able to install again after running Ad-aware.

The last steps I have to do is run MacAvee Stinger and install a better firewall, I am running the windows one right now. Other than that I have followed every other step.

I am still hoping I can post a new HJT log after all of the steps are done to make sure everything looks great from someone who knows. Please reply when this is possible.

Thank you.

#4 kona77

kona77
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 03 February 2006 - 03:38 PM

Hello,

O.k. so I've now run stinger which found nothing and installed zonealarm firewall to use instead of windows xp. I have now done every step on the list and would still like to post a new HJT log to make sure everything looks good. I still am getting the odd pop-up and would like to eliminate those as well.

Please respond when I can post my new HJT log.

Thank you.

#5 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 06 February 2006 - 10:21 AM

Go to the link below and download the trial version of SpySweeper:

SpySweeper http://www.webroot.com/consumer/products/s...&rc=4129&ac=tsg

* Click the Free Trial link under "SpySweeper" to download the program.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits

o Please UNCHECK Do not Sweep System Restore Folder.

* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.
Also post a new Hijack This log.
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#6 kona77

kona77
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 07 February 2006 - 09:40 AM

Hello,

I completed the Spy Sweeper scan and whatta ya know, it found more.

Here is the log for the scan.

4:07 PM: | Start of Session, Monday, February 06, 2006 |
4:07 PM: Spy Sweeper started
4:07 PM: Sweep initiated using definitions version 611
4:07 PM: Starting Memory Sweep
4:11 PM: Memory Sweep Complete, Elapsed Time: 00:03:46
4:11 PM: Starting Registry Sweep
4:11 PM: Registry Sweep Complete, Elapsed Time:00:00:37
4:11 PM: Starting Cookie Sweep
4:11 PM: Found Spy Cookie: tribalfusion cookie
4:11 PM: mike@tribalfusion[1].txt (ID = 3589)
4:11 PM: Found Spy Cookie: tacoda cookie
4:11 PM: mike@tacoda[1].txt (ID = 6444)
4:11 PM: Found Spy Cookie: 2o7.net cookie
4:11 PM: mike@sportingnews.122.2o7[1].txt (ID = 1958)
4:11 PM: mike@2o7[2].txt (ID = 1957)
4:11 PM: Found Spy Cookie: serving-sys cookie
4:11 PM: mike@serving-sys[2].txt (ID = 3343)
4:11 PM: Found Spy Cookie: overture cookie
4:11 PM: mike@perf.overture[1].txt (ID = 3106)
4:11 PM: Found Spy Cookie: reliablestats cookie
4:11 PM: mike@stats1.reliablestats[2].txt (ID = 3254)
4:11 PM: Found Spy Cookie: partypoker cookie
4:12 PM: mike@partypoker[1].txt (ID = 3111)
4:12 PM: Found Spy Cookie: falkag cookie
4:12 PM: mike@as1.falkag[2].txt (ID = 2650)
4:12 PM: mike@partygaming.122.2o7[1].txt (ID = 1958)
4:12 PM: Found Spy Cookie: burstnet cookie
4:12 PM: mike@burstnet[1].txt (ID = 2336)
4:12 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
4:12 PM: Starting File Sweep
4:12 PM: Warning: Failed to open file "c:\pagefile.sys". Access is denied
4:12 PM: Warning: Failed to open file "c:\hiberfil.sys". Access is denied
4:14 PM: Warning: Failed to open file "c:\windows\system32\config\system.log". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\windows\system32\config\software.log". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\windows\system32\config\default.log". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\windows\system32\config\security". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\windows\system32\config\sam". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\windows\system32\config\sam.log". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\windows\system32\config\security.log". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\windows\system32\config\system". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\windows\system32\config\software". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\windows\system32\config\default". The process cannot access the file because it is being used by another process
4:16 PM: Warning: Failed to open file "c:\windows\temp\zlt01e23.tmp". The process cannot access the file because it is being used by another process
4:17 PM: Warning: Failed to open file "c:\windows\softwaredistribution\eventcache\{f4443267-0219-4fa5-a2eb-4b3430b953fd}.bin". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs34ea65f7-3438-4340-af42-96b7def0e54c.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf91536c0-d406-4772-aeb3-754d96705076.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsfe6bbd01-502a-4a83-a437-3bc65e611472.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5d880144-b6b9-4126-94f4-9f5fac9b02bf.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs1508933c-b738-4713-9044-8d14fe192e9f.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa86d581f-b22d-4884-9d97-414f503dac56.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs73b9e2ad-3785-4c8c-878f-e8694c1cf639.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb0ba454c-dcd9-4563-9af9-a9bea5b40594.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc11617ae-e360-47a5-9c6f-0199bb588faa.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsbf21af99-26c9-444d-acb9-f418dd91bfb2.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs7c4ef670-62fb-465b-bb7e-9d6ca305198f.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa62e1136-154f-4802-bc35-730a6b3b71ca.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs02fe3e20-6e0d-4dea-9c8e-90fb2d500405.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc043905b-e0bb-4237-bcd7-8a2c10d2dd9d.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4bcc4a83-45bb-4038-89cc-6ab7a0923657.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs88b194d8-7f18-4fe6-b226-2f482a777fbf.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs64fbbd8a-62b9-42b9-8c0b-cc8465371f56.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc54022a1-5377-4c16-955b-392859b95692.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsce7fa03d-a242-4528-b4c0-730e44de027b.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3a340f1c-eb65-4ad4-a903-85f43e6ffe4f.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs623a4c83-ce77-4e47-a8a8-e6715170fd94.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs267a0130-c032-4bea-9f6f-ea737086227a.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsbba2dd34-e322-4865-b951-a8f10f6a550a.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc1132ed0-183b-4f5c-9bc7-28a9f77e1171.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse85c906b-a08c-4702-9b0e-2537c0288064.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa90ccf67-80f1-48d2-abb3-807417afea70.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf54ce07c-03ef-4baa-9b32-38e660aeeecd.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs451ebe93-9d3b-4a61-bfc1-b6cad0ba02a8.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb57c1cd1-464c-43fe-94ac-8231118609a5.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs302aeced-24b3-44e7-8031-c5a185b4ae54.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb883a3be-4e63-40c7-89d3-c3d40d8dde9b.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs1efb851c-32db-4d8e-9cbc-cf8bd6178d12.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs598a4c69-9681-49a2-93b1-02f522b981de.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsefd0145d-94db-4f7b-8d07-a7c3df9cd6fc.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs58dae0f2-a2bb-43cc-95f3-b29afc6e310b.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs7e40caed-33cf-43fd-834e-bf85a714eb18.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2f26fa05-1d11-43a4-b4a9-6abd6af893a8.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs957d8128-2cff-450b-adfc-5ce85dcce9f0.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs18f421d8-7ccb-4cbc-a9cd-935f987eb6fb.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsfe730df0-7647-412c-8f2f-deb155bdf0da.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2a4742e1-03ab-4b89-9097-5ba2815cf142.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsdb960018-3617-4cc6-b798-230b9d28b45f.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs241f9fc8-02a5-42e1-bbeb-e01f7dd0b186.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs76557618-d672-478c-8e1f-1c5abfa301a5.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse1ffc4e5-1b87-4045-8798-4e0f9f6e8c11.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs904d5f32-bb4a-4af0-bc7c-36142cd432e1.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa88c0c6a-82b8-459a-b3ef-686b4c3a9725.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf615f5ef-be1d-413b-ae92-d3823f155bc6.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsfb44320c-2d39-42f0-8bba-a54eef2f51b7.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsaca214d5-5307-4a16-bec4-ccf31bc5f0d7.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsfbc4442d-1e4a-4c70-99c4-e3ca1cdf3a55.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa940864f-1e8d-4f49-87e9-7e029030bc25.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd7319f34-ab3a-4cbe-9c12-366c05347513.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9719c946-80b8-4d81-ae9e-3e025a70484a.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc271f591-41f2-4601-a5cb-fcc442e18247.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsba9d2a2d-dabd-4ac8-85be-b1d732f492c8.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf5a8900d-f19a-486b-8c81-c5ab500e24b5.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs925dd733-db0b-4863-98f6-e77eff2f0b96.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5b8e71ae-26cb-4a76-afd9-f64824057554.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs097ac1f6-aa0f-4504-87ce-a13fb221d58d.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc85a0d01-8fd1-4080-b33e-8876adf97e00.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd35edbdc-8355-4f1d-9318-27b562fa854c.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd31edbb8-2870-4b80-9265-f2b08cd2b656.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb49c8185-ed37-4ed2-aca1-363fcb736093.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs52a2949b-ac51-4b2d-bde1-78f3246a4a30.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs7c316051-587d-4910-8dd8-f5380064f81a.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs7003ae90-f431-48b5-9b7b-c7abe720ec14.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsaafce613-a2f9-4b7c-b0b5-213b1c747fb8.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6601f5cd-19f7-4279-8a98-a25749c4003c.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs071877d1-38a8-4f76-975d-73eb439bf962.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf491fd1d-3f87-433c-b80f-76f5cf175c79.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs0541df19-4577-4767-afcd-e9733b93484e.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4185cb31-e714-47da-a750-ee89aa91c249.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsbf0b12ed-d86a-4c9a-b200-f917779f2c53.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs28f8557f-bb48-4647-a83f-570af6f2381f.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3d4f9d18-cf06-4bd9-b356-ead148489864.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs07d14d16-3f39-42bb-8f35-c72349ad7941.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsfd71a216-1f66-471e-9b0b-6227fa25f33d.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb95426a7-20ab-4426-a240-f00cdd4bd9bd.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4bdffed4-c079-495f-9927-515a16452f39.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5df210c5-25c0-4357-9b64-732d229a3af5.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc0233507-83c3-4135-88d1-478d9ca27506.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse184f765-d0c1-43b2-b0b1-c4b8362bbcac.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc8f7f244-d236-479e-ae53-b3ca50322ce3.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs72f8cf7c-8817-4bfd-84aa-eb92918820c0.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse7ab5efc-3eac-40f1-93ee-773fc43c8c1d.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsbc06b2b9-8189-4b67-9461-3985afdd5e17.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa82a5106-e6ba-43cc-81b4-874bd8527630.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4b6fa873-1219-4179-b0ad-b205361cd1d3.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd5236d89-bb60-4cdf-b9fa-75fcc14da70b.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs172b67c9-9486-420a-810e-541ae40e5915.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs912f7f0e-d439-4d44-a42b-54147c6e6c14.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs272e45fc-d493-497a-897d-816f7549dd44.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4a892b8b-986e-4e31-9949-20fe12e08513.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2fae5e9d-18b6-48ac-8731-ca644de781d2.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscseb5da011-da54-4d9d-b5ed-520c64fa712c.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd77c2160-3f9b-47fe-bc61-87996e99baeb.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscscce44d5a-db2d-4adc-b90e-6602c18dcf50.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb0d810b0-d9f0-4905-960f-1c3e1213020c.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsebc2c045-f260-4820-b386-736ce958bc51.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd3cd9149-373a-447c-9559-4d6d834fce52.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse2a0d1fc-13ef-4d85-a89b-cfbd47e58efd.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsfee6607c-5406-48f0-8127-455ee9b5bb7e.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs767cb7cf-33ba-4666-92c3-16ed006d86cc.tmp". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\owner\ntuser.dat.log". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\owner\ntuser.dat". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\mike\ntuser.dat.log". The process cannot access the file because it is being used by another process
4:24 PM: Warning: Failed to open file "c:\documents and settings\mike\ntuser.dat". The process cannot access the file because it is being used by another process
4:24 PM: Found Adware: ist powerscan
4:24 PM: uninstall.exe (ID = 72675)
4:25 PM: Warning: Failed to open file "c:\documents and settings\mike\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
4:25 PM: Warning: Failed to open file "c:\documents and settings\mike\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
4:26 PM: Warning: Failed to open file "c:\program files\common files\symantec shared\ccpd-lc\symlcrst.dll". The process cannot access the file because it is being used by another process
4:34 PM: Found Adware: coolwebsearch (cws)
4:34 PM: mtwcnl32.dll (ID = 54330)
4:35 PM: icnfe.dll (ID = 54008)
4:35 PM: icqrt.dll (ID = 54187)
4:35 PM: icvbr.dll (ID = 54008)
4:35 PM: xcwer32.dll (ID = 54008)
4:35 PM: sdfup.dll (ID = 54008)
4:35 PM: cidft.dll (ID = 54008)
4:35 PM: cidpoq32.dll (ID = 54008)
4:35 PM: gupd.dll (ID = 54008)
4:35 PM: zxmsn.dll (ID = 54008)
4:35 PM: wecxg32.dll (ID = 54008)
4:38 PM: Found Adware: bullguard popup ad
4:38 PM: bulldownload.exe (ID = 52017)
4:38 PM: Found Adware: altnet
4:38 PM: adm.exe (ID = 185451)
4:38 PM: mysearch.cab (ID = 49849)
4:47 PM: Found Adware: directrevenue-abetterinternet
4:47 PM: susp.ini (ID = 83527)
4:47 PM: Found Adware: gain - common components
4:47 PM: bundle.inf (ID = 61287)
4:47 PM: __unin__.exe (ID = 49795)
4:48 PM: Warning: Failed to open file "g:\documents and settings\valued customer\local settings\temp\temporary internet files\content.ie5\k713mi79\scoring;feat=scoring;feat=leaderboard;tour=pga;!category=richm;arena=golf;type=psa;user=anonymous;myspl=no;fteam=nfl-none;fteam=nba-none;fteam=mlb-none;fteam=nhl-none;fte[1].js". The system cannot find the path specified
4:48 PM: Warning: Failed to open file "g:\documents and settings\valued customer\local settings\temp\temporary internet files\content.ie5\k713mi79\scoring;feat=scoring;feat=leaderboard;tour=pga;!category=richm;arena=golf;type=psa;user=anonymous;myspl=no;fteam=nfl-none;fteam=nba-none;fteam=mlb-none;fteam=nhl-none;fte[2].js". The system cannot find the path specified
4:48 PM: Warning: Failed to open file "g:\documents and settings\valued customer\local settings\temp\temporary internet files\content.ie5\k713mi79\homead;arena=home;arena=golf;type=psa;user=anonymous;myspl=no;fteam=nfl-none;fteam=nba-none;fteam=mlb-none;fteam=nhl-none;fteam=ncaaf-none;fteam=ncaab-none;vip=no;seg=non[1].js". The system cannot find the path specified
4:49 PM: Warning: Failed to open file "g:\documents and settings\valued customer\local settings\temp\temporary internet files\content.ie5\glmjkpi3\britishopen;event=britishopen;feat=stories;!category=auto;arena=golf;type=psa;page=lower;seg=nonaol;ctype=lan;lang=en-us;lang=en-us;vt=null;dcopt=ist;u=null;sz=468x60;ti[1]". The system cannot find the path specified
5:02 PM: Warning: Failed to open file "g:\documents and settings\valued customer\local settings\temp\temporary internet files\content.ie5\94s7p9ot\international-hub;abr=!webtv;mode=bn;loc=lower;adpg=international;arena=international;arena=front;;ops=;nc=;kw=;pos=;sz=300x250;tile=3;ord=5064846318320307[1].js". The system cannot find the path specified
5:02 PM: Warning: Failed to open file "g:\documents and settings\valued customer\local settings\temp\temporary internet files\content.ie5\94s7p9ot\caxk47ph.subglamour&border_color=%23000000&background_color=%23000000&title_color=%23800000&override=1&text_color=%23ffffff&show_join_link=0&show_title=0&width=360". The system cannot find the path specified
5:04 PM: Warning: Failed to open file "g:\documents and settings\valued customer\local settings\temp\temporary internet files\content.ie5\gh6j8lan\scoring;feat=scoring;feat=leaderboard;tour=pga;!category=richm;arena=golf;type=psa;user=anonymous;myspl=no;fteam=nfl-none;fteam=nba-none;fteam=mlb-none;fteam=nhl-none;fte[1].js". The system cannot find the path specified
5:04 PM: Warning: Failed to open file "g:\documents and settings\valued customer\local settings\temp\temporary internet files\content.ie5\gh6j8lan\players;feat=players;feat=scorecards;tour=pgatour;arena=golf;type=psa;playr=132030;user=anonymous;myspl=no;fteam=nfl-none;fteam=nba-none;fteam=mlb-none;fteam=nhl-none;fte[1].js". The system cannot find the path specified
5:04 PM: Warning: Failed to open file "g:\documents and settings\valued customer\local settings\temp\temporary internet files\content.ie5\gh6j8lan\scoring;feat=scoring;feat=leaderboard;tour=pga;!category=richm;arena=golf;type=psa;user=anonymous;myspl=no;fteam=nfl-none;fteam=nba-none;fteam=mlb-none;fteam=nhl-none;fte[2].js". The system cannot find the path specified
5:04 PM: Warning: Failed to open file "g:\documents and settings\valued customer\local settings\temp\temporary internet files\content.ie5\gh6j8lan\scoring;feat=scoring;feat=leaderboard;tour=pga;!category=richm;arena=golf;type=psa;user=anonymous;myspl=no;fteam=nfl-none;fteam=nba-none;fteam=mlb-none;fteam=nhl-none;fte[3].js". The system cannot find the path specified
5:04 PM: Warning: Failed to open file "g:\documents and settings\valued customer\local settings\temp\temporary internet files\content.ie5\gh6j8lan\scoring;feat=scoring;feat=leaderboard;tour=pga;!category=richm;arena=golf;type=psa;user=anonymous;myspl=no;fteam=nfl-none;fteam=nba-none;fteam=mlb-none;fteam=nhl-none;fte[4].js". The system cannot find the path specified
5:07 PM: Warning: Failed to open file "g:\documents and settings\valued customer\local settings\temp\temporary internet files\content.ie5\65nc5ori\cazucjrt.subglamour&border_color=%23000000&background_color=%23000000&title_color=%23800000&override=1&text_color=%23ffffff&show_join_link=0&show_title=0&width=360". The system cannot find the path specified
5:08 PM: Warning: Failed to open file "g:\documents and settings\valued customer\local settings\temp\temporary internet files\content.ie5\43fze4x5\kta7.subdal&border_color=%23f2f5f7&background_color=%23f2f5f7&title_color=%23000000&text_color=%23000000&override=1&class=my_banner_class&show_title=0&show_join_link=0&width=120". The system cannot find the path specified
5:08 PM: counter[1].chm (ID = 54025)
5:09 PM: Warning: Failed to open file "g:\documents and settings\valued customer\local settings\temp\temporary internet files\content.ie5\ud9qnqp0\factsheet;mk=honda_passengercar_r;md=s2000_honda_passengercar_r;cat=passengercar_r;scat=sporty_r;make=honda;model=s2000;segment=passengercar;subsegment=sporty;sect=resea[1]". The system cannot find the path specified
5:09 PM: Warning: Failed to open file "g:\documents and settings\valued customer\local settings\temp\temporary internet files\content.ie5\ud9qnqp0\homead;arena=nfl;arena=home;type=psa;team=home;user=anonymous;myspl=no;fteam=nfl-none;fteam=nba-none;fteam=mlb-none;fteam=nhl-none;fteam=ncaaf-none;fteam=ncaab-none;seg=[1]". The system cannot find the path specified
5:09 PM: Warning: Failed to open file "g:\documents and settings\valued customer\local settings\temp\temporary internet files\content.ie5\ud9qnqp0\homead;arena=nfl;arena=home;type=psa;team=home;user=anonymous;myspl=no;fteam=nfl-none;fteam=nba-none;fteam=mlb-none;fteam=nhl-none;fteam=ncaaf-none;fteam=ncaab-none;seg=[2]". The system cannot find the path specified
5:09 PM: Warning: Failed to open file "g:\documents and settings\valued customer\local settings\temp\temporary internet files\content.ie5\ud9qnqp0\homead;arena=nfl;arena=home;type=psa;team=home;user=anonymous;myspl=no;fteam=nfl-none;fteam=nba-none;fteam=mlb-none;fteam=nhl-none;fteam=ncaaf-none;fteam=ncaab-none;seg=n[1].js". The system cannot find the path specified
5:10 PM: Warning: Failed to open file "g:\documents and settings\valued customer\local settings\temp\temporary internet files\content.ie5\s7k72f4f\macintosh_computers-networking_w0qqsofocuszsoqqsbrftogz1qqfromzr10qqsacatz58058qqcatrefzc6qqflocz1qqsargnz-1qqsaslcz1qqftrtz1qqftrvz1qqfsopz1qqfsooz1qqcoactionzcompareq[1].html". The system cannot find the path specified
5:10 PM: Warning: Failed to open file "g:\documents and settings\valued customer\local settings\temp\temporary internet files\content.ie5\s7k72f4f\dental-milling-machine_w0qqsofocuszbsqqsbrftogz1qqfclz4qqfnuz1qqmaxrecordsreturnedz300qqfrppz50qqfromzr10qqfcclz1qqsacatz-1qqcatrefzc6qqsargnz-1qqsaslcz3qqftrtz1qqftrvz[1].html". The system cannot find the path specified
5:14 PM: Warning: Failed to open file "g:\documents and settings\valued customer\local settings\temp\temporary internet files\content.ie5\grxneubp\pentax-optio_w0qqsofocuszbsqqsbrftogz1qqfromzr10qqsacategoryz-1q26catrefq3dc6qqsoloctogz9q26salocatedincountryq3d2qqsotrz2qqsosortpropertyz1q26sosortorderq3d1qqcoaction[1].html". The system cannot find the path specified
5:17 PM: Warning: Failed to open file "g:\documents and settings\valued customer\local settings\temp\temporary internet files\content.ie5\f2gjb1w9\piclist[2].subbabes&border_color=%23ffffff&background_color=%23ffffff&title_color=%23000000&text_color=%23000000&override=1&class=my_banner_class&show_title=0&show_join_link=0". The system cannot find the path specified
5:25 PM: bl.dat (ID = 53986)
5:33 PM: Warning: Invalid Stream
5:34 PM: Warning: Invalid Stream
5:34 PM: File Sweep Complete, Elapsed Time: 01:22:25
5:34 PM: Full Sweep has completed. Elapsed time 01:14:36
5:34 PM: Traces Found: 31
8:32 AM: Removal process initiated
8:32 AM: Quarantining All Traces: directrevenue-abetterinternet
8:32 AM: Quarantining All Traces: coolwebsearch (cws)
8:32 AM: Quarantining All Traces: altnet
8:32 AM: Quarantining All Traces: bullguard popup ad
8:32 AM: Quarantining All Traces: ist powerscan
8:32 AM: Quarantining All Traces: 2o7.net cookie
8:32 AM: Quarantining All Traces: burstnet cookie
8:32 AM: Quarantining All Traces: falkag cookie
8:32 AM: Quarantining All Traces: gain - common components
8:32 AM: Quarantining All Traces: overture cookie
8:32 AM: Quarantining All Traces: partypoker cookie
8:32 AM: Quarantining All Traces: reliablestats cookie
8:32 AM: Quarantining All Traces: serving-sys cookie
8:32 AM: Quarantining All Traces: tacoda cookie
8:32 AM: Quarantining All Traces: tribalfusion cookie
8:33 AM: Removal process completed. Elapsed time 00:01:15
********
10:06 AM: | Start of Session, Monday, February 06, 2006 |
10:06 AM: Spy Sweeper started
10:06 AM: Sweep initiated using definitions version 611
10:06 AM: Starting Memory Sweep
10:07 AM: Sweep Canceled
10:07 AM: Memory Sweep Complete, Elapsed Time: 00:01:23
10:07 AM: Traces Found: 0
4:07 PM: | End of Session, Monday, February 06, 2006 |
********
9:56 AM: | Start of Session, Monday, February 06, 2006 |
9:56 AM: Spy Sweeper started
9:57 AM: Your spyware definitions have been updated.
10:06 AM: | End of Session, Monday, February 06, 2006 |


I noticed during all the scans that I have a a lot of temporary files on drive G:. Should I remove these or do I have to worry about what I erase?

Thanks.

#7 kona77

kona77
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 07 February 2006 - 09:42 AM

Hello again,

Here is my new HJT log. Hope everything is looking good.

Thanks again.

Logfile of HijackThis v1.99.1
Scan saved at 8:39:46 AM, on 2/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\progra~1\Support.com\client\bin\tgcmd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijackthis\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canada.com/national/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\poker.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1123802844952
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

#8 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 07 February 2006 - 04:37 PM

Delete what you can from G

Delete all thin from this

g:\documents and settings\valued customer\local settings\temp

Log looks good - how are things
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#9 kona77

kona77
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 08 February 2006 - 12:11 PM

Hello MFDnSC,

I deleted everything in the temp file an G: which was a lot of crap.

Everything seems great now thanks to you and this site's information!

If you have a second I have two quick questions and then I'm good to go.

1) How can a spyware/ malware program interfere with the installation programs on my computer. Like I said earlier I was able to install things again after I ran Ad-aware. I thought they only track what you do and bog down your computer.

2) What does Zonealarm mean when it informs me that a program is trying to act like a server (itunes, etc.). Should I allow or deny these type of requests.

That is everything thank you again for all your help.

#10 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:09:43 PM

Posted 08 February 2006 - 02:41 PM

1) all this malware garbage is capable of anything not just tracking and bogging down

2) From ZA

Exercise caution when granting permission for programs to act as a server, as Trojan horses and other types of malware often need server rights in order to do mischief. Permission to act as a server should be reserved for programs you know and trust, and that need server permission to operate properly.

Said another way deny it - if the program that wants it is not working correctly the allow it - but ONLY on programs u know and trust
"Nothing could be finer than to be in South Carolina ............"

Member ASAP




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users