Error on downloading Panda ActiveScanAn error has occurred downloading Panda ActiveScan. Please repeat the process. If the error occurs again, restart your system and try again.
I had some trouble running SpySweeper. It would complete the scan but then when it was trying to remove the items it would freeze up and have to restart! I even got one of those Buffer Overrun detected messages once when SpySweeper was trying to remove the infected items and it closed everything!
OH NO............I just got a pop-up from: http://adopt.hbmedia...=0&r=h&rnd=2918 :ranting
and another from: http://count.exitexc...om/exit/1181164
Anyway it SpySweeper still saved the results of the scan so I deleted the files it found then went to the Registry Editor and deleted the keys it found. Then I ran SpySweeper again (in Safe Mode) and it found NOTHING!
Below is the Session Log (I had to run it 3 times, so I'm posting all 3) from SpySweeper and a new HJT log (wasn't sure wheter to run HJT in Safe or Normal Mode, so I ran it in Normal) . One other question...Should I disable my System Restore so these files that are being deleted are not stored in that?
Thanks again for your help! I'm going to try another scan with SpySweeper and see if those 2 pop-ups left anything while I wait for your reply! I'll let you know!
Angela
********
11:42 PM: |··· Start of Session, Sunday, July 17, 2005 ···|
11:42 PM: Spy Sweeper started
11:42 PM: Sweep initiated using definitions version 505
11:42 PM: Starting Memory Sweep
11:42 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
11:42 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
11:42 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
11:43 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\MSGSRV32.EXE
11:43 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
11:43 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
11:43 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 004DF3CF in module 'WRSSSDK.EXE'. Read of address 03B890A4
11:44 PM: Memory Sweep Complete, Elapsed Time: 00:02:20
11:44 PM: Starting Registry Sweep
11:46 PM: Registry Sweep Complete, Elapsed Time:00:02:04
11:46 PM: Starting Cookie Sweep
11:46 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
11:46 PM: Starting File Sweep
11:46 PM: Warning: Failed to open file "c:\windows\win386.swp". The process cannot access the file because it is being used by another process
11:46 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 0040533C in module 'WRSSSDK.EXE'. Read of address 1502FFFE
11:47 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00404C1E in module 'WRSSSDK.EXE'. Read of address FFFFFFFF
11:47 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
11:53 PM: File Sweep Complete, Elapsed Time: 00:06:21
11:53 PM: Full Sweep has completed. Elapsed time 00:10:50
11:53 PM: Traces Found: 0
11:53 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 004DF3CF in module 'WRSSSDK.EXE'. Read of address 03A53168
11:53 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 004DF3CF in module 'WRSSSDK.EXE'. Read of address 018CD324
11:53 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
********
10:34 PM: |··· Start of Session, Sunday, July 17, 2005 ···|
10:34 PM: Spy Sweeper started
10:34 PM: Sweep initiated using definitions version 505
10:34 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00404C1E in module 'WRSSSDK.EXE'. Read of address FFFFFFFF
10:34 PM: Starting Memory Sweep
10:34 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00404C1E in module 'WRSSSDK.EXE'. Read of address FFFFFFFF
10:34 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000004. Read of address 048BFEF8
10:35 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 004DF3CF in module 'WRSSSDK.EXE'. Read of address 01869498
10:35 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:35 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:35 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\MSGSRV32.EXE
10:35 PM: Memory Sweep Complete, Elapsed Time: 00:01:45
10:35 PM: Starting Registry Sweep
10:37 PM: Found Adware: ebates money maker
10:37 PM: HKU\.default\software\microsoft\internet explorer\extensions\cmdmapping\ || {6685509e-b47b-4f47-8e16-9a5f3a62f683} (ID = 4386605)
10:37 PM: HKU\.DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping\ || {6685509e-b47b-4f47-8e16-9a5f3a62f683} (ID = 4386609)
10:37 PM: Found Adware: hotbar
10:37 PM: HKU\.DEFAULT\software\microsoft\internet explorer\toolbar\shellbrowser\ || {b195b3b3-8a05-11d3-97a4-0004aca6948e} (ID = 4388580)
10:37 PM: Found Adware: 180search assistant
10:37 PM: HKU\.DEFAULT\software\sac\ (14 subtraces) (ID = 4396959)
10:37 PM: Found Trojan Horse: trojan-downloader-pacisoft
10:37 PM: HKU\.DEFAULT\software\psof1\ (6 subtraces) (ID = 4397754)
10:37 PM: Found Adware: redzip toolbar
10:37 PM: HKU\.DEFAULT\software\microsoft\windows\currentversion\explorer\ || insid (ID = 4400664)
10:38 PM: Registry Sweep Complete, Elapsed Time:00:02:02
10:38 PM: Starting Cookie Sweep
10:38 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
10:38 PM: Starting File Sweep
10:38 PM: Warning: Failed to open file "c:\windows\win386.swp". The process cannot access the file because it is being used by another process
10:38 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:38 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00011846. Read of address FFFFFFFF
10:38 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00404C1E in module 'WRSSSDK.EXE'. Read of address FFFFFFFF
10:44 PM: Found Adware: speeddelivery
10:44 PM: c:\gigex downloads (2 subtraces) (ID = 4120180)
10:44 PM: File Sweep Complete, Elapsed Time: 00:06:16
10:44 PM: Full Sweep has completed. Elapsed time 00:10:08
10:44 PM: Traces Found: 29
10:44 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00403AD4 in module 'WRSSSDK.EXE'. Read of address 032B7FFC
10:44 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:44 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:44 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:44 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:44 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:50 PM: Removal process initiated
10:50 PM: Quarantining All Traces: ebates money maker
10:50 PM: Quarantining All Traces: hotbar
10:50 PM: Quarantining All Traces: 180search assistant
10:50 PM: Quarantining All Traces: trojan-downloader-pacisoft
10:50 PM: Quarantining All Traces: redzip toolbar
10:50 PM: Quarantining All Traces: speeddelivery
10:55 PM: An error occurred during quarantine:
10:55 PM: The remote procedure call failed
10:55 PM: Removal process completed. Elapsed time 00:04:42
10:55 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:55 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:55 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:55 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00404C1E in module 'WRSSSDK.EXE'. Read of address FFFFFFFF
10:55 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:55 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:56 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:56 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:56 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
11:00 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
11:00 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
11:00 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
11:00 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
11:00 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
11:00 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
11:00 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
11:00 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000093. Write of address CBFFFF4D
11:00 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
11:00 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000093. Write of address CBFFFF4D
11:01 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
11:01 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 004DF3CF in module 'WRSSSDK.EXE'. Read of address 016873B8
11:01 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
11:04 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
11:04 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
11:04 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
11:04 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
11:04 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
11:04 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
11:04 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
11:04 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
11:04 PM: Warning: Hosts File Shield unable to read from hosts file. External exception C000001D
11:05 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
11:05 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
11:36 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
11:36 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
11:36 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
11:36 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
11:36 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
11:36 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
11:36 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
11:36 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 0162349E. Read of address FFFFFFFF
11:42 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
11:42 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00403AD4 in module 'WRSSSDK.EXE'. Read of address 0186BFFC
11:42 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
11:42 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
11:42 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
11:42 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
11:42 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
11:42 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00404C1E in module 'WRSSSDK.EXE'. Read of address FFFFFFFF
11:42 PM: |··· End of Session, Sunday, July 17, 2005 ···|
********
10:15 PM: |··· Start of Session, Sunday, July 17, 2005 ···|
10:15 PM: Spy Sweeper started
10:15 PM: Sweep initiated using definitions version 505
10:15 PM: Starting Memory Sweep
10:15 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:15 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00404C1E in module 'WRSSSDK.EXE'. Read of address FFFFFFFF
10:15 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 004DF3CF in module 'WRSSSDK.EXE'. Read of address 01681288
10:16 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:16 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:16 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:16 PM: Warning: Failed to load image: C:\WINDOWS\SYSTEM\MSGSRV32.EXE
10:18 PM: Memory Sweep Complete, Elapsed Time: 00:02:25
10:18 PM: Starting Registry Sweep
10:19 PM: Found Adware: ebates money maker
10:19 PM: HKU\.default\software\microsoft\internet explorer\extensions\cmdmapping\ || {6685509e-b47b-4f47-8e16-9a5f3a62f683} (ID = 4386605)
10:19 PM: HKU\.DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping\ || {6685509e-b47b-4f47-8e16-9a5f3a62f683} (ID = 4386609)
10:19 PM: HKLM\software\microsoft\windows\currentversion\uninstall\tmu\ (1 subtraces) (ID = 4386622)
10:19 PM: Found Adware: hotbar
10:19 PM: HKLM\software\classes\clsid\{954814c0-40f3-4249-8528-b4922cd2964e}\ (2 subtraces) (ID = 4388419)
10:19 PM: HKLM\software\classes\clsid\{a54814c0-40f3-4249-8528-b4922cd2964e}\ (2 subtraces) (ID = 4388422)
10:19 PM: HKU\.DEFAULT\software\microsoft\internet explorer\toolbar\shellbrowser\ || {b195b3b3-8a05-11d3-97a4-0004aca6948e} (ID = 4388580)
10:19 PM: Found Adware: look2me
10:19 PM: HKLM\software\tsvcin\ (2 subtraces) (ID = 4391088)
10:19 PM: HKLM\software\tsvcin\ || a (ID = 4391089)
10:19 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:19 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 004DF3CF in module 'WRSSSDK.EXE'. Read of address 03185838
10:19 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:19 PM: Found Adware: 180search assistant
10:19 PM: HKU\.DEFAULT\software\sac\ (14 subtraces) (ID = 4396959)
10:19 PM: HKLM\software\sac\ (10 subtraces) (ID = 4396960)
10:19 PM: Found Trojan Horse: trojan-downloader-pacisoft
10:19 PM: HKU\.DEFAULT\software\psof1\ (6 subtraces) (ID = 4397754)
10:19 PM: Found Adware: redzip toolbar
10:19 PM: HKU\.DEFAULT\software\microsoft\windows\currentversion\explorer\ || insid (ID = 4400664)
10:20 PM: Found Adware: winad
10:20 PM: HKCR\appid\mediagateway.exe\ (1 subtraces) (ID = 4408841)
10:20 PM: HKCR\clsid\{15ad6789-cdb4-47e1-a9da-992ee8e6bad6}\ (6 subtraces) (ID = 4408846)
10:20 PM: HKCR\mediagateway.installer\ (5 subtraces) (ID = 4408850)
10:20 PM: HKLM\software\classes\appid\mediagateway.exe\ (1 subtraces) (ID = 4408858)
10:20 PM: HKLM\software\classes\clsid\{15ad6789-cdb4-47e1-a9da-992ee8e6bad6}\ (6 subtraces) (ID = 4408863)
10:20 PM: HKLM\software\classes\mediagateway.installer\ (5 subtraces) (ID = 4408867)
10:20 PM: Registry Sweep Complete, Elapsed Time:00:02:12
10:20 PM: Starting Cookie Sweep
10:20 PM: Found Cookie: go2net.com cookie
10:20 PM: default@go2net[1].txt (ID = 181156)
10:20 PM: Found Cookie: azjmp cookie
10:20 PM: default@azjmp[2].txt (ID = 180691)
10:20 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:20 PM: Found Cookie: overture cookie
10:20 PM: default@overture[1].txt (ID = 181537)
10:20 PM: [email protected][1].txt (ID = 181538)
10:20 PM: Found Cookie: mygeek cookie
10:20 PM: default@mygeek[2].txt (ID = 181473)
10:20 PM: Found Cookie: winantiviruspro cookie
10:20 PM: [email protected][2].txt (ID = 182128)
10:20 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:20 PM: Found Cookie: reliablestats cookie
10:20 PM: [email protected][2].txt (ID = 181686)
10:20 PM: Found Cookie: adserver cookie
10:20 PM: [email protected][1].txt (ID = 180561)
10:20 PM: Found Cookie: addynamix cookie
10:20 PM: [email protected][2].txt (ID = 180477)
10:20 PM: Found Cookie: yieldmanager cookie
10:20 PM: [email protected][2].txt (ID = 182189)
10:20 PM: Found Cookie: zedo cookie
10:20 PM: default@zedo[1].txt (ID = 182200)
10:20 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:20 PM: Found Cookie: touchclarity cookie
10:20 PM: [email protected][2].txt (ID = 182001)
10:20 PM: Cookie Sweep Complete, Elapsed Time: 00:00:05
10:20 PM: Starting File Sweep
10:20 PM: Warning: Failed to open file "c:\windows\win386.swp". The process cannot access the file because it is being used by another process
10:23 PM: Found Adware: abetterinternet
10:23 PM: remtm3.exe (ID = 4128124)
10:23 PM: abiuninst.htm (ID = 4127732)
10:23 PM: saieau.dat (ID = 4113568)
10:23 PM: Found Adware: windows afa internet enhancement
10:23 PM: qbuninstaller.exe (ID = 4135464)
10:23 PM: mediagatewayx.dll (ID = 4135413)
10:26 PM: Found Adware: speeddelivery
10:26 PM: c:\gigex downloads (2 subtraces) (ID = 4120180)
10:27 PM: File Sweep Complete, Elapsed Time: 00:06:30
10:27 PM: Full Sweep has completed. Elapsed time 00:11:18
10:27 PM: Traces Found: 99
10:27 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:27 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:27 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:28 PM: Removal process initiated
10:28 PM: Quarantining All Traces: ebates money maker
10:28 PM: Quarantining All Traces: hotbar
10:28 PM: Quarantining All Traces: look2me
10:28 PM: Quarantining All Traces: 180search assistant
10:28 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:28 PM: Quarantining All Traces: trojan-downloader-pacisoft
10:28 PM: Quarantining All Traces: redzip toolbar
10:28 PM: Quarantining All Traces: winad
10:28 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:28 PM: Quarantining All Traces: go2net.com cookie
10:28 PM: Quarantining All Traces: azjmp cookie
10:28 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:28 PM: Quarantining All Traces: overture cookie
10:28 PM: Quarantining All Traces: mygeek cookie
10:28 PM: Quarantining All Traces: winantiviruspro cookie
10:28 PM: Quarantining All Traces: reliablestats cookie
10:28 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:28 PM: Quarantining All Traces: adserver cookie
10:28 PM: Quarantining All Traces: addynamix cookie
10:28 PM: Quarantining All Traces: yieldmanager cookie
10:28 PM: Quarantining All Traces: zedo cookie
10:28 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:28 PM: Quarantining All Traces: touchclarity cookie
10:28 PM: Quarantining All Traces: abetterinternet
10:28 PM: Quarantining All Traces: windows afa internet enhancement
10:28 PM: Quarantining All Traces: speeddelivery
10:28 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:28 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:29 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:29 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:29 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:29 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:32 PM: An error occurred during quarantine:
10:32 PM: The remote procedure call failed
10:32 PM: Removal process completed. Elapsed time 00:04:06
10:33 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:33 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:33 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:33 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:33 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:33 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:33 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:33 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:33 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 004023A8 in module 'WRSSSDK.EXE'. Write of address 00C3694E
10:33 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00402360 in module 'WRSSSDK.EXE'. Write of address 00C369C2
10:34 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:34 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:34 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:34 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:34 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:34 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:34 PM: |··· End of Session, Sunday, July 17, 2005 ···|
********
10:14 PM: |··· Start of Session, Sunday, July 17, 2005 ···|
10:14 PM: Spy Sweeper started
10:14 PM: Program Version 4.0.3 (Build 405) Using Spyware Definitions 505
10:14 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:14 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address C29D71AE. Read of address FFFFFFFF
10:14 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:15 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:15 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:15 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:15 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:15 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:15 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 00000003. Read of address FFFFFFFF
10:15 PM: |··· End of Session, Sunday, July 17, 2005 ···|
Logfile of HijackThis v1.99.1
Scan saved at 12:06:34 AM, on 7/18/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\CPQS\BWTOOLS\SCCENTER.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAM FILES\MOTIVE\MOTMON.EXE
C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
C:\WINDOWS\SYSTEM\HPZTSB07.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISSCH.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\FINEPIXVIEWER\QUICKDCF.EXE
C:\PROGRAM FILES\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\PROGRAM FILES\COMPAQ KNOWLEDGE CENTER\BIN\MPBTN.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YMSGR_TRAY.EXE
C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presa...onsumer&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Program Files\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe
O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe
O4 - HKLM\..\Run: [MotiveMonitor] C:\Program Files\Motive\motmon.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb07.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\issch.exe" -start
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Startup: Compaq Knowledge Center.lnk = C:\Program Files\Compaq Knowledge Center\bin\silent.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O12 - Plugin for .pps: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\NPDOC.DLL
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .ppt: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\NPDOC.DLL
O16 - DPF: {F5C90925-ABBF-4475-88F5-8622B452BA9E} (Compaq System Data Class) - http://www29.compaq....co/SysQuery.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt3_x.cab
O16 - DPF: {0854D220-A90A-466D-BC02-6683183802B7} (PrintPreview Class) - http://cat.fnismls.c...rintControl.cab
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.60...geWell-ipix.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by11fd.bay11....es/MsnPUpld.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.c...ropper1_6us.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-24.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support2.char...oad/tgctlcm.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab