Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijacked And Nothing So Far Nothing Has Worked


  • Please log in to reply
26 replies to this topic

#1 jjccp

jjccp

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 28 February 2006 - 04:44 PM

Hijacked – Nothing Gets Rid of It

Attemped to use your Preparation Guide, but….

CoolWWWSearchSmartKiller – downloaded, unzipped

Try to run and receive message window: CoolWWWSearchSmartKiller (v1/v2) has not been found on your system.

Hijack This – downloaded, unzipped

Try to run and receive message window: A required.DLL file, MSVBVM60.DLL, was not found.

Ad-Aware SE Personal – downloaded

Will run and find files and will delete. Upon next reboot everything is back

Spybot Search&Destroy – downloaded

No problems found

Trend Micro CW Shredder – downloaded

Will run and find files and fix. Upon next reboot everything is back

Windows Update – on line

Won’t scan system because of problem with computer clock???


Addiditonal info:

Problem is on a Toshiba laptop using Windows 98



Please Advise, Thanks

Edited by jjccp, 28 February 2006 - 04:46 PM.


BC AdBot (Login to Remove)

 


#2 dahli

dahli

  • Members
  • 278 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 28 February 2006 - 06:37 PM

Hello jjccp and welcome to BC,

Download msvbvm60 from here and then post a HijackThis log

http://www.dll-files.com/dllindex/dll-files.shtml?msvbvm60
Steven

#3 jjccp

jjccp
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 28 February 2006 - 06:56 PM

Thanks for the quick reply, here you go:


Logfile of HijackThis v1.99.1
Scan saved at 5:58:22 PM, on 2/28/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - URLSearchHook: (no name) - {739D5CD7-8B88-35EA-1ACA-3D6BCE2AC18C} - PasswdMon.dll (file missing)
O2 - BHO: YBIOCtrl Class - {004A5840-FF59-11d2-B50D-0090271D3FD4} - (no file)
O2 - BHO: Internet Explorer Hot Fix - {A37324E0-DF6A-11D9-8400-00A00C4030FD} - C:\WINDOWS\SYSTEM\YIEFA.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = mra
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.184.84,195.225.176.37

#4 dahli

dahli

  • Members
  • 278 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 28 February 2006 - 07:23 PM

Download about:Buster and unzip it to your Desktop. Doubleclick on AboutBuster.exe to run it and then click on Update > Check for Update. If there is an update available, click on 'Download Update and wait while it downloads. Once downloaded, click on Exit.

When you have done this, boot into Safe Mode (restart your PC and tap F8 as it restarts) and make sure that you can view hidden files and folders.

Close all open windows and run Hijack This again. Check the below entries and click on Fix Checked.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O2 - BHO: YBIOCtrl Class - {004A5840-FF59-11d2-B50D-0090271D3FD4} - (no file)

Close Hijack This and run about:Buster again, click the 'Start' button and then click the 'OK' button. Let it scan (the scan can take some time to complete, so be patient.). Once the first scan has completed, it will ask you if you wish for about:Buster to scan once more. Click Yes and let it scan a second time. Once the second scan has finished, copy and paste the report to Notepad and save it on your drive.

To copy and paste the report to a log file, select (highlight) all of the text produced by the scan with your mouse, right-click and select 'Copy'.

Next, launch Notepad (click Start > Run > type notepad.exe and press enter). When the file is open, rightclick and select Paste. Click on File > Save As and save it in C:\ as Log.txt. Copy the log and post it back in this thread when you have rebooted.

Reboot, reset your Home Page and run a BitDefender scan. It will get rid of any remaining files. Post a new Hijack This log (and your About Buster log).
Steven

#5 jjccp

jjccp
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 28 February 2006 - 07:54 PM

Thanks. Downloaded About:Buster. The only option that I see after clicking on About:Buster.exe is “Begin Removal.” I don’t see an option for Update. I clicked Begin Removal and it scanned then received the following error window upon exit from the program.

Run-time error ‘339’

Component ‘comctl32.ocx’ or one of its dependencies not correctly registered: a file is missing or invalid.


I stopped at this point for further instructions.

#6 dahli

dahli

  • Members
  • 278 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 28 February 2006 - 08:08 PM

Download http://www.malwarebytes.org/libraries/COMCTL32.OCX

Copy it to the following folder:

C:\Windows\System\

Click Start > Run

Type the following:

regsvr32 \windows\system\comctl32.ocx

Press <Enter>

Rerun about:Buster
Steven

#7 jjccp

jjccp
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 28 February 2006 - 08:22 PM

That seems to have worked, here the log:

AboutBuster 6.0
Scan started on [2/28/06] at [8:15:10 PM]
-------------------------------------------------------------
Internet Explorer Instances Terminated!
HomeSearch Service stopped if present
-------------------------------------------------------------
Streams(ADS) not scanned: System not NTFS
-------------------------------------------------------------
No Files Found!
-------------------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 8:17:53 PM

Still no option for update, is that a problem?

Shall I continue with your first instructions. Hijacker is still alive.

Thanks

#8 dahli

dahli

  • Members
  • 278 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 28 February 2006 - 08:42 PM

yes - please continue
Steven

#9 jjccp

jjccp
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 28 February 2006 - 11:03 PM

Completed first instructions.

FYI About:Buster doesn't seem to have 'start' or 'open' button and there is no option to scan a second time. But it ran ok.

BitDefender ran but states that the computer is still infected. Home page is still hijacked.

Thanks


AboutBuster 6.0
Scan started on [2/28/06] at [8:15:10 PM]
-------------------------------------------------------------
Internet Explorer Instances Terminated!
HomeSearch Service stopped if present
-------------------------------------------------------------
Streams(ADS) not scanned: System not NTFS
-------------------------------------------------------------
No Files Found!
-------------------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 8:17:53 PM


AboutBuster 6.0
Scan started on [2/28/06] at [9:13:47 PM]
-------------------------------------------------------------
Internet Explorer Instances Terminated!
HomeSearch Service stopped if present
-------------------------------------------------------------
Streams(ADS) not scanned: System not NTFS
-------------------------------------------------------------
No Files Found!
-------------------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 9:15:12 PM



Logfile of HijackThis v1.99.1
Scan saved at 10:54:46 PM, on 2/28/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\MY DOCUMENTS\HIJACKTHIS\HIJACKTHIS.EXE

R3 - URLSearchHook: (no name) - {739D5CD7-8B88-35EA-1ACA-3D6BCE2AC18C} - PasswdMon.dll (file missing)
O2 - BHO: Internet Explorer Hot Fix - {A37324E0-DF6A-11D9-8400-00A00C4030FD} - C:\WINDOWS\SYSTEM\YIEFA.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = mra
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.184.84,195.225.176.37

#10 jjccp

jjccp
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 01 March 2006 - 08:04 AM

New Glitch

Just noticed that my Display Properties has changed on it's own. The computer seems to think that it now has 2 monitors and I can't change screen area size or colors back to where it was previously.

Please let me know how I can fix this.

Thanks

#11 dahli

dahli

  • Members
  • 278 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 01 March 2006 - 12:11 PM

Could you please post the Bitdefender log?

Is this computer on a network?
Steven

#12 jjccp

jjccp
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 01 March 2006 - 05:44 PM

Hi Steven,

Not currently on a network. Using it at home with cable modem and router. It was configured to work on a network of a former employer.

Reran BitDefender. After exporting and saving scan report, received a blue screen fatal exception error. Hope everything is there.


BitDefender Online Scanner



Scan report generated at: Wed, Mar 01, 2006 - 17:10:12





Scan path: A:\;C:\;D:\;E:\;







Statistics

Time
03:46:39

Files
92405

Folders
1205

Boot Sectors
2

Archives
1584

Packed Files
6602




Results

Identified Viruses
2

Infected Files
4

Suspect Files
3

Warnings
0

Disinfected
0

Deleted Files
6




Engines Info

Virus Definitions
289403

Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)

Scan plugins
13

Archive plugins
38

Unpack plugins
4

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\WINDOWS\SYSTEM\yiefa.dll
Infected with: Trojan.Startpage.XB

C:\WINDOWS\SYSTEM\yiefa.dll
Disinfection failed

C:\WINDOWS\SYSTEM\yiefa.dll
Delete failed

C:\WINDOWS\Application Data\Identities\{82E5D940-8212-11D3-8400-890187911502}\Microsoft\Outlook Express\Inbox.dbx=>(message 2)=>[Subject: Warning: could not send message for pa][Date: Fri, 29 Nov 2002 12:24:49 -0800 (PST)]=>(MIME part)=>(message)=>[Subject: Www.HyperCount.com ][Date: Fri, 29 Nov 2002 08:03:54 -0800]=>(MIME part)=>(message body)
Suspected of: Exploit.Iframe.Vulnerability

C:\WINDOWS\Application Data\Identities\{82E5D940-8212-11D3-8400-890187911502}\Microsoft\Outlook Express\Inbox.dbx=>(message 2)=>[Subject: Warning: could not send message for pa][Date: Fri, 29 Nov 2002 12:24:49 -0800 (PST)]=>(MIME part)=>(message)=>[Subject: Www.HyperCount.com ][Date: Fri, 29 Nov 2002 08:03:54 -0800]=>(MIME part)=>(message body)
Disinfection failed

C:\WINDOWS\Application Data\Identities\{82E5D940-8212-11D3-8400-890187911502}\Microsoft\Outlook Express\Inbox.dbx=>(message 2)=>[Subject: Warning: could not send message for pa][Date: Fri, 29 Nov 2002 12:24:49 -0800 (PST)]=>(MIME part)=>(message)=>[Subject: Www.HyperCount.com ][Date: Fri, 29 Nov 2002 08:03:54 -0800]=>(MIME part)=>(message body)
Deleted

C:\WINDOWS\Application Data\Identities\{82E5D940-8212-11D3-8400-890187911502}\Microsoft\Outlook Express\Inbox.dbx=>(message 2)=>[Subject: Warning: could not send message for pa][Date: Fri, 29 Nov 2002 12:24:49 -0800 (PST)]=>(MIME part)=>(message)=>[Subject: Www.HyperCount.com ][Date: Fri, 29 Nov 2002 08:03:54 -0800]=>(MIME part)
Updated

C:\WINDOWS\Application Data\Identities\{82E5D940-8212-11D3-8400-890187911502}\Microsoft\Outlook Express\Inbox.dbx=>(message 2)=>[Subject: Warning: could not send message for pa][Date: Fri, 29 Nov 2002 12:24:49 -0800 (PST)]=>(MIME part)=>(message)
Updated

C:\WINDOWS\Application Data\Identities\{82E5D940-8212-11D3-8400-890187911502}\Microsoft\Outlook Express\Inbox.dbx=>(message 2)=>[Subject: Warning: could not send message for pa][Date: Fri, 29 Nov 2002 12:24:49 -0800 (PST)]=>(MIME part)=>(message)=>[Subject: Www.HyperCount.com ][Date: Fri, 29 Nov 2002 08:03:54 -0800]=>(MIME part)=>lesbian.bat
Infected with: Win32.Klez.H@mm

C:\WINDOWS\Application Data\Identities\{82E5D940-8212-11D3-8400-890187911502}\Microsoft\Outlook Express\Inbox.dbx=>(message 2)=>[Subject: Warning: could not send message for pa][Date: Fri, 29 Nov 2002 12:24:49 -0800 (PST)]=>(MIME part)=>(message)=>[Subject: Www.HyperCount.com ][Date: Fri, 29 Nov 2002 08:03:54 -0800]=>(MIME part)=>lesbian.bat
Deleted

C:\WINDOWS\Application Data\Identities\{82E5D940-8212-11D3-8400-890187911502}\Microsoft\Outlook Express\Inbox.dbx=>(message 2)=>[Subject: Warning: could not send message for pa][Date: Fri, 29 Nov 2002 12:24:49 -0800 (PST)]=>(MIME part)=>(message)=>[Subject: Www.HyperCount.com ][Date: Fri, 29 Nov 2002 08:03:54 -0800]=>(MIME part)
Updated

C:\WINDOWS\Application Data\Identities\{82E5D940-8212-11D3-8400-890187911502}\Microsoft\Outlook Express\Inbox.dbx=>(message 2)=>[Subject: Warning: could not send message for pa][Date: Fri, 29 Nov 2002 12:24:49 -0800 (PST)]=>(MIME part)=>(message)
Updated

C:\WINDOWS\Application Data\Identities\{82E5D940-8212-11D3-8400-890187911502}\Microsoft\Outlook Express\Inbox.dbx=>(message 2)=>[Subject: Warning: could not send message for pa][Date: Fri, 29 Nov 2002 12:24:49 -0800 (PST)]=>(MIME part)
Updated

C:\WINDOWS\Application Data\Identities\{82E5D940-8212-11D3-8400-890187911502}\Microsoft\Outlook Express\Inbox.dbx=>(message 2)
Updated

C:\WINDOWS\Application Data\Identities\{82E5D940-8212-11D3-8400-890187911502}\Microsoft\Outlook Express\Inbox.dbx
Update failed

C:\WINDOWS\Application Data\Identities\{82E5D940-8212-11D3-8400-890187911502}\Microsoft\Outlook Express\Inbox.dbx=>(message 3)=>[Subject: Warning: could not send message for pa][Date: Fri, 29 Nov 2002 12:21:05 -0800 (PST)]=>(MIME part)=>(message)=>[Subject: Please try again][Date: Fri, 29 Nov 2002 08:08:08 -0800]=>(MIME part)=>(message body)
Suspected of: Exploit.Iframe.Vulnerability

C:\WINDOWS\Application Data\Identities\{82E5D940-8212-11D3-8400-890187911502}\Microsoft\Outlook Express\Inbox.dbx=>(message 3)=>[Subject: Warning: could not send message for pa][Date: Fri, 29 Nov 2002 12:21:05 -0800 (PST)]=>(MIME part)=>(message)=>[Subject: Please try again][Date: Fri, 29 Nov 2002 08:08:08 -0800]=>(MIME part)=>(message body)
Disinfection failed

C:\WINDOWS\Application Data\Identities\{82E5D940-8212-11D3-8400-890187911502}\Microsoft\Outlook Express\Inbox.dbx=>(message 3)=>[Subject: Warning: could not send message for pa][Date: Fri, 29 Nov 2002 12:21:05 -0800 (PST)]=>(MIME part)=>(message)=>[Subject: Please try again][Date: Fri, 29 Nov 2002 08:08:08 -0800]=>(MIME part)=>(message body)
Deleted

C:\WINDOWS\Application Data\Identities\{82E5D940-8212-11D3-8400-890187911502}\Microsoft\Outlook Express\Inbox.dbx=>(message 3)=>[Subject: Warning: could not send message for pa][Date: Fri, 29 Nov 2002 12:21:05 -0800 (PST)]=>(MIME part)=>(message)=>[Subject: Please try again][Date: Fri, 29 Nov 2002 08:08:08 -0800]=>(MIME part)
Updated

C:\WINDOWS\Application Data\Identities\{82E5D940-8212-11D3-8400-890187911502}\Microsoft\Outlook Express\Inbox.dbx=>(message 3)=>[Subject: Warning: could not send message for pa][Date: Fri, 29 Nov 2002 12:21:05 -0800 (PST)]=>(MIME part)=>(message)
Updated

C:\WINDOWS\Application Data\Identities\{82E5D940-8212-11D3-8400-890187911502}\Microsoft\Outlook Express\Inbox.dbx=>(message 3)=>[Subject: Warning: could not send message for pa][Date: Fri, 29 Nov 2002 12:21:05 -0800 (PST)]=>(MIME part)=>(message)=>[Subject: Please try again][Date: Fri, 29 Nov 2002 08:08:08 -0800]=>(MIME part)=>width.exe
Infected with: Win32.Klez.H@mm

C:\WINDOWS\Application Data\Identities\{82E5D940-8212-11D3-8400-890187911502}\Microsoft\Outlook Express\Inbox.dbx=>(message 3)=>[Subject: Warning: could not send message for pa][Date: Fri, 29 Nov 2002 12:21:05 -0800 (PST)]=>(MIME part)=>(message)=>[Subject: Please try again][Date: Fri, 29 Nov 2002 08:08:08 -0800]=>(MIME part)=>width.exe
Deleted

C:\WINDOWS\Application Data\Identities\{82E5D940-8212-11D3-8400-890187911502}\Microsoft\Outlook Express\Inbox.dbx=>(message 3)=>[Subject: Warning: could not send message for pa][Date: Fri, 29 Nov 2002 12:21:05 -0800 (PST)]=>(MIME part)=>(message)=>[Subject: Please try again][Date: Fri, 29 Nov 2002 08:08:08 -0800]=>(MIME part)
Updated

C:\WINDOWS\Application Data\Identities\{82E5D940-8212-11D3-8400-890187911502}\Microsoft\Outlook Express\Inbox.dbx=>(message 3)=>[Subject: Warning: could not send message for pa][Date: Fri, 29 Nov 2002 12:21:05 -0800 (PST)]=>(MIME part)=>(message)
Updated

C:\WINDOWS\Application Data\Identities\{82E5D940-8212-11D3-8400-890187911502}\Microsoft\Outlook Express\Inbox.dbx=>(message 3)=>[Subject: Warning: could not send message for pa][Date: Fri, 29 Nov 2002 12:21:05 -0800 (PST)]=>(MIME part)
Updated

C:\WINDOWS\Application Data\Identities\{82E5D940-8212-11D3-8400-890187911502}\Microsoft\Outlook Express\Inbox.dbx=>(message 3)
Updated

C:\WINDOWS\Application Data\Identities\{82E5D940-8212-11D3-8400-890187911502}\Microsoft\Outlook Express\Inbox.dbx
Update failed

C:\WINDOWS\Application Data\Identities\{82E5D940-8212-11D3-8400-890187911502}\Microsoft\Outlook Express\Inbox.dbx=>(message 4)=>[Subject: Returned mail: see transcript for deta][Date: Fri, 29 Nov 2002 08:26:59 -0800 (PST)]=>(MIME part)=>(message)=>[Subject: To continue.][Date: Fri, 29 Nov 2002 08:07:36 -0800]=>(MIME part)=>(message body)
Suspected of: Exploit.Iframe.Vulnerability

C:\WINDOWS\Application Data\Identities\{82E5D940-8212-11D3-8400-890187911502}\Microsoft\Outlook Express\Inbox.dbx=>(message 4)=>[Subject: Returned mail: see transcript for deta][Date: Fri, 29 Nov 2002 08:26:59 -0800 (PST)]=>(MIME part)=>(message)=>[Subject: To continue.][Date: Fri, 29 Nov 2002 08:07:36 -0800]=>(MIME part)=>(message body)
Disinfection failed

C:\WINDOWS\Application Data\Identities\{82E5D940-8212-11D3-8400-890187911502}\Microsoft\Outlook Express\Inbox.dbx=>(message 4)=>[Subject: Returned mail: see transcript for deta][Date: Fri, 29 Nov 2002 08:26:59 -0800 (PST)]=>(MIME part)=>(message)=>[Subject: To continue.][Date: Fri, 29 Nov 2002 08:07:36 -0800]=>(MIME part)=>(message body)
Deleted

C:\WINDOWS\Application Data\Identities\{82E5D940-8212-11D3-8400-890187911502}\Microsoft\Outlook Express\Inbox.dbx=>(message 4)=>[Subject: Returned mail: see transcript for deta][Date: Fri, 29 Nov 2002 08:26:59 -0800 (PST)]=>(MIME part)=>(message)=>[Subject: To continue.][Date: Fri, 29 Nov 2002 08:07:36 -0800]=>(MIME part)
Updated

C:\WINDOWS\Application Data\Identities\{82E5D940-8212-11D3-8400-890187911502}\Microsoft\Outlook Express\Inbox.dbx=>(message 4)=>[Subject: Returned mail: see transcript for deta][Date: Fri, 29 Nov 2002 08:26:59 -0800 (PST)]=>(MIME part)=>(message)
Updated

C:\WINDOWS\Application Data\Identities\{82E5D940-8212-11D3-8400-890187911502}\Microsoft\Outlook Express\Inbox.dbx=>(message 4)=>[Subject: Returned mail: see transcript for deta][Date: Fri, 29 Nov 2002 08:26:59 -0800 (PST)]=>(MIME part)=>(message)=>[Subject: To continue.][Date: Fri, 29 Nov 2002 08:07:36 -0800]=>(MIME part)=>INTRO.exe
Infected with: Win32.Klez.H@mm

C:\WINDOWS\Application Data\Identities\{82E5D940-8212-11D3-8400-890187911502}\Microsoft\Outlook Express\Inbox.dbx=>(message 4)=>[Subject: Returned mail: see transcript for deta][Date: Fri, 29 Nov 2002 08:26:59 -0800 (PST)]=>(MIME part)=>(message)=>[Subject: To continue.][Date: Fri, 29 Nov 2002 08:07:36 -0800]=>(MIME part)=>INTRO.exe
Deleted

C:\WINDOWS\Application Data\Identities\{82E5D940-8212-11D3-8400-890187911502}\Microsoft\Outlook Express\Inbox.dbx=>(message 4)=>[Subject: Returned mail: see transcript for deta][Date: Fri, 29 Nov 2002 08:26:59 -0800 (PST)]=>(MIME part)=>(message)=>[Subject: To continue.][Date: Fri, 29 Nov 2002 08:07:36 -0800]=>(MIME part)
Updated

C:\WINDOWS\Application Data\Identities\{82E5D940-8212-11D3-8400-890187911502}\Microsoft\Outlook Express\Inbox.dbx=>(message 4)=>[Subject: Returned mail: see transcript for deta][Date: Fri, 29 Nov 2002 08:26:59 -0800 (PST)]=>(MIME part)=>(message)
Updated

C:\WINDOWS\Application Data\Identities\{82E5D940-8212-11D3-8400-890187911502}\Microsoft\Outlook Express\Inbox.dbx=>(message 4)=>[Subject: Returned mail: see transcript for deta][Date: Fri, 29 Nov 2002 08:26:59 -0800 (PST)]=>(MIME part)
Updated

C:\WINDOWS\Application Data\Identities\{82E5D940-8212-11D3-8400-890187911502}\Microsoft\Outlook Express\Inbox.dbx=>(message 4)
Updated

C:\WINDOWS\Application Data\Identities\{82E5D940-8212-11D3-8400-890187911502}\Microsoft\Outlook Express\Inbox.dbx
Update failed

#13 dahli

dahli

  • Members
  • 278 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 01 March 2006 - 11:23 PM

Please download WebRoot SpySweeper from here:
http://www.webroot.com/consumer/products/s...c=4129&ac=spyll (It is a 2 week trial version.):
  • Click Download Now to download the program.
  • Install it. Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Options on the left side.
  • Click the Sweep Options tab.
  • Under What to Sweep please put a check next to the following:
    • Sweep Memory
    • Sweep Registry
    • Sweep Cookies
    • Sweep All User Accounts
    • Enable Direct Disk Sweeping
    • Sweep Contents of Compressed Files
    • Sweep for Rootkits
    • Please UNCHECK Do not Sweep System Restore Folder.
  • Click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next replyalong with a new HijackThis log.

Edited by dahli, 01 March 2006 - 11:24 PM.

Steven

#14 jjccp

jjccp
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 02 March 2006 - 09:17 AM

Hi Steven,

Another beautiful day.

Here are both logs. Had a message upon running Spysweeper that my screen resolution was lower than the program required, but it ran. Still can't change colors or screen size and everything seems to be running very slow. Home page now goes to 'blank' rather than being hijacked. Making progress.

Thanks

Logfile of HijackThis v1.99.1
Scan saved at 9:10:00 AM, on 3/2/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\WRSSSDK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\MY DOCUMENTS\HIJACKTHIS\HIJACKTHIS.EXE

R3 - URLSearchHook: (no name) - {739D5CD7-8B88-35EA-1ACA-3D6BCE2AC18C} - PasswdMon.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SpySweeper] "C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE" /startintray
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = mra
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.184.84,195.225.176.37



********
11:49 PM: | Start of Session, Wednesday, March 01, 2006 |
11:49 PM: Spy Sweeper started
11:49 PM: Sweep initiated using definitions version 624
11:49 PM: Starting Memory Sweep
11:51 PM: Found Adware: coolwebsearch (cws)
11:51 PM: Detected running threat: C:\WINDOWS\SYSTEM\YIEFA.DLL (ID = 54668)
11:55 PM: Memory Sweep Complete, Elapsed Time: 00:06:37
11:55 PM: Starting Registry Sweep
11:58 PM: Found Adware: searchtoolbar
11:58 PM: HKLM\software\searchtoolbar\ (3 subtraces) (ID = 141346)
11:58 PM: Found Trojan Horse: trojan-downloader-ruin
11:58 PM: HKLM\software\microsoft\windows\currentversion\urls\ (6 subtraces) (ID = 605127)
11:59 PM: HKU\.DEFAULT\software\searchtoolbar\ (5 subtraces) (ID = 141343)
11:59 PM: Found Trojan Horse: trojan-downloader-wareout
11:59 PM: HKU\.DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping\ || {bf69df00-2734-477f-8257-27cd04f88779} (ID = 144839)
11:59 PM: HKU\.DEFAULT\software\microsoft\internet explorer\toolbar\shellbrowser\ || {08bec6aa-49fc-4379-3587-4b21e286c19e} (ID = 1020297)
11:59 PM: Registry Sweep Complete, Elapsed Time:00:03:35
11:59 PM: Starting Cookie Sweep
11:59 PM: Found Spy Cookie: burstbeacon cookie
11:59 PM: gremlin@www.burstbeacon[1].txt (ID = 2335)
11:59 PM: Found Spy Cookie: myaffiliateprogram.com cookie
11:59 PM: gremlin@www.myaffiliateprogram[1].txt (ID = 3032)
11:59 PM: Found Spy Cookie: avenuea cookie
11:59 PM: gremlin@avenuea[2].txt (ID = 2259)
11:59 PM: Found Spy Cookie: burstnet cookie
11:59 PM: gremlin@burstnet[2].txt (ID = 2336)
11:59 PM: Found Spy Cookie: linkexchange cookie
11:59 PM: gremlin@linkexchange[1].txt (ID = 2920)
11:59 PM: Found Spy Cookie: tacoda cookie
11:59 PM: gremlin@tacoda[1].txt (ID = 6444)
11:59 PM: Found Spy Cookie: 2o7.net cookie
11:59 PM: gremlin@microsofteup.112.2o7[1].txt (ID = 1958)
11:59 PM: Found Spy Cookie: wtlive.com cookie
11:59 PM: gremlin@p.wtlive[1].txt (ID = 3700)
11:59 PM: Found Spy Cookie: sexhound cookie
11:59 PM: gremlin@sexhound[1].txt (ID = 3351)
11:59 PM: Found Spy Cookie: ugo cookie
11:59 PM: gremlin@mediamgr.ugo[1].txt (ID = 3609)
11:59 PM: Found Spy Cookie: homestore cookie
11:59 PM: gremlin@homestore[2].txt (ID = 2793)
11:59 PM: Found Spy Cookie: offshoreclicks cookie
11:59 PM: gremlin@php.offshoreclicks[2].txt (ID = 3090)
11:59 PM: Found Spy Cookie: 80503492 cookie
11:59 PM: gremlin@80503492[1].txt (ID = 2013)
11:59 PM: Found Spy Cookie: enhance cookie
11:59 PM: gremlin@c.enhance[1].txt (ID = 2614)
11:59 PM: Found Spy Cookie: 66.246.209 cookie
11:59 PM: gremlin@66.246.209[1].txt (ID = 1997)
11:59 PM: Found Spy Cookie: eroticy cookie
11:59 PM: gremlin@www.eroticy[1].txt (ID = 2624)
11:59 PM: Found Spy Cookie: webpower cookie
11:59 PM: gremlin@webpower[1].txt (ID = 3660)
11:59 PM: Found Spy Cookie: clickzs cookie
11:59 PM: gremlin@vip.clickzs[2].txt (ID = 2413)
11:59 PM: Found Spy Cookie: reunion cookie
11:59 PM: gremlin@reunion[2].txt (ID = 3255)
11:59 PM: gremlin@burstnet[1].txt (ID = 2336)
11:59 PM: gremlin@www.burstnet[1].txt (ID = 2337)
11:59 PM: Found Spy Cookie: go.com cookie
11:59 PM: gremlin@go[2].txt (ID = 2728)
11:59 PM: Found Spy Cookie: goclick cookie
11:59 PM: gremlin@c.goclick[1].txt (ID = 2733)
11:59 PM: Found Spy Cookie: nextag cookie
11:59 PM: gremlin@adq.nextag[1].txt (ID = 5015)
11:59 PM: Found Spy Cookie: reliablestats cookie
11:59 PM: gremlin@stats1.reliablestats[2].txt (ID = 3254)
11:59 PM: gremlin@northwestairlines.112.2o7[1].txt (ID = 1958)
11:59 PM: gremlin@nextag[1].txt (ID = 5014)
11:59 PM: Found Spy Cookie: mygeek cookie
11:59 PM: gremlin@mygeek[1].txt (ID = 3041)
11:59 PM: Cookie Sweep Complete, Elapsed Time: 00:00:16
11:59 PM: Starting File Sweep
12:02 AM: Warning: Failed to open file "c:\windows\win386.swp". The process cannot access the file because
it is being used by another process
12:35 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b7285-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:35 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b7286-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:35 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b7287-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:35 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b7288-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:35 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b7289-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:35 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b728a-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:35 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b728b-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:35 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b728c-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:35 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b728d-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:35 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b728e-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:35 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b728f-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:35 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b7290-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:35 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b7291-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:35 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b7292-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:35 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b7293-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:35 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b7294-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:35 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b7295-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:35 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b7296-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:35 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b7297-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:35 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b7298-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:35 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b7299-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:35 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b729a-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:35 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b729b-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:35 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b729c-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:35 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b729d-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:35 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b729e-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:35 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b729f-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:35 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72a0-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:35 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72a1-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:35 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72a2-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:35 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72a3-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:35 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72a4-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:35 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72a5-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:35 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72a6-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:35 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72a7-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:35 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72a8-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:35 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72a9-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:35 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72aa-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:35 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72ab-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:35 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72ac-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:35 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72ad-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:35 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72ae-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:35 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72af-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:35 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72b0-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:35 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72b1-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:35 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72b2-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:35 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72b3-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:35 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72b4-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:35 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72b5-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:35 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72b6-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:35 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72b7-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:38 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72b8-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:38 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72b9-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:38 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72ba-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:38 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72bb-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:38 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72bc-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:38 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72bd-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:38 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72be-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:38 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72bf-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:38 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72c0-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:38 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72c1-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:38 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72c2-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:38 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72c3-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:38 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72c4-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:38 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72c5-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:38 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72c6-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:38 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72c7-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:38 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72c8-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:38 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72c9-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:38 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72ca-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:38 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72cb-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:38 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72cc-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:38 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72cd-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:38 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72ce-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:38 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72cf-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:38 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72d0-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:38 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72d1-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:38 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72d2-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:38 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72d3-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:38 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72d4-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:38 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72d5-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:38 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72d6-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:38 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72d7-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:38 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72d8-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:38 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72d9-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:38 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72da-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:38 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72db-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:38 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72dc-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
it is being used by another process
12:38 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e9b72dd-a97c-11da-8400-00a00c4030fd.tmp". The process cannot access the file because
7:10 AM: Traces Found: 49

#15 dahli

dahli

  • Members
  • 278 posts
  • OFFLINE
  •  
  • Local time:02:42 PM

Posted 02 March 2006 - 10:40 AM

Let's download CWShredder from here: http://www.intermute.com/spysubtract/cwshr...r_download.html

Check for Updates and then run CWShredder.

FIX whatever it finds.

Try to reset your home page (Tools>Internet Options)

Download and scan with CCleaner
1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbarfree Basic version instead of the Standard Build.

2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

3. Then select the items you wish to clean up.

In the Windows Tab:
• Clean all entries in the "Internet Explorer" section except Cookies.
• Clean all the entries in the "Windows Explorer" section.
• Clean all entries in the "System" section.
• Clean all entries in the "Advanced" section.
• Clean any others that you choose.


In the Applications Tab:
• Clean all except cookies in the Firefox/Mozilla section if you use it.
• Clean all in the Opera section if you use it.
• Clean Sun Java in the Internet Section.
• Clean any others that you choose.

4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.
Steven




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users