Help! 246+ Infections! [CLOSED]

Geeks to Go Forums > Security > Virus, Spyware, Malware Removal

Today's New Content

Help! 246+ Infections! [CLOSED] I may have caught the AIM virus mc-110-0000080, but i have no idea how

#1 lmishler22

Group: Member
Posts: 3
Joined: 19-October 05

Posted 19 October 2005 - 01:16 PM

I think I caught the AIM virus mc-110-00000-80...Ive tried looking at others threads and following those steps but they havent seemed to help...I ran a scan with Spyware Doctor and it found 246+ Infections. I need some major help and soon...Im not the smartest with computers so please please please help!!

heres my HijackThis Log

Logfile of HijackThis v1.99.1
Scan saved at 3:01:58 PM, on 10/19/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\EN-US\MSNAPPAU.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\WINDIR32.EXE
C:\PROGRAM FILES\IJ ACCELERATOR\PROPELAC.EXE
C:\PROGRAM FILES\SOAO\EUAU.EXE
C:\WINDOWS\SYSTEM\WINDIR32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\MICROSOFT HOME PUBLISHING\MHPRMIND.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\KXSHSE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE
C:\PROGRAM FILES\QUICKTIME\QUICKTIMEPLAYER.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\PROGRAM FILES\IJ ACCELERATOR\PRPL_IEPOPUPBLOCKER.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O2 - BHO: (no name) - {4C575204-EEC1-FB1C-B7AD-C559A781FEC9} - C:\WINDOWS\SYSTEM\GQA.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\IJ Accelerator\trayctl.exe" /STARTUPLAUNCH
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - HKCU\..\Run: [Giymdabz] registry?CAPI: The install failed. The rsabase.dll that is being installed doesn't match the signature file or the value in the registry?CAPI: The install program could not find the signature resource5CAPI: The install program could not load the resource\tvsmk.exe
O4 - HKCU\..\Run: [Gvjyigr] registry?CAPI: The install failed. The rsabase.dll that is being installed doesn't match the signature file or the value in the registry?CAPI: The install program could not find the signature resource5CAPI: The install program could not load the resource\idcu.exe
O4 - HKCU\..\Run: [Ylmeh] registry?CAPI: The install failed. The rsabase.dll that is being installed doesn't match the signature file or the value in the registry?CAPI: The install program could not find the signature resource5CAPI: The install program could not load the resource\splgk.exe
O4 - HKCU\..\Run: [Vook] registry?CAPI: The install failed. The rsabase.dll that is being installed doesn't match the signature file or the value in the registry?CAPI: The install program could not find the signature resource5CAPI: The install program could not load the resource\fhxwkj.exe
O4 - HKCU\..\Run: [Xlxnm] registry?CAPI: The install failed. The rsabase.dll that is being installed doesn't match the signature file or the value in the registry?CAPI: The install program could not find the signature resource5CAPI: The install program could not load the resource\egyidmje.exe
O4 - HKCU\..\Run: [Kqoikz] registry?CAPI: The install failed. The rsabase.dll that is being installed doesn't match the signature file or the value in the registry?CAPI: The install program could not find the signature resource5CAPI: The install program could not load the resource\ppag.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE" /Q
O4 - HKCU\..\Run: [Ekmxu] registry?CAPI: The install failed. The rsabase.dll that is being installed doesn't match the signature file or the value in the registry?CAPI: The install program could not find the signature resource5CAPI: The install program could not load the resource\jfcjnik.exe
O4 - HKCU\..\Run: [Rbe] registry?CAPI: The install failed. The rsabase.dll that is being installed doesn't match the signature file or the value in the registry?CAPI: The install program could not find the signature resource5CAPI: The install program could not load the resource\wamxlko.exe
O4 - HKCU\..\Run: [Qnm] registry?CAPI: The install failed. The rsabase.dll that is being installed doesn't match the signature file or the value in the registry?CAPI: The install program could not find the signature resource5CAPI: The install program could not load the resource\umva.exe
O4 - HKCU\..\Run: [Ofljf] registry?CAPI: The install failed. The rsabase.dll that is being installed doesn't match the signature file or the value in the registry?CAPI: The install program could not find the signature resource5CAPI: The install program could not load the resource\affxhne.exe
O4 - HKCU\..\Run: [Dhoekoce] registry?CAPI: The install failed. The rsabase.dll that is being installed doesn't match the signature file or the value in the registry?CAPI: The install program could not find the signature resource5CAPI: The install program could not load the resource\opuusa.exe
O4 - HKCU\..\Run: [Xloaz] C:\WINDOWS\SYSTEM\kxshse.exe
O4 - HKCU\..\Run: [Aues] "C:\Program Files\soao\euau.exe" -vt tzt
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Greetings Reminders.lnk = C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\IJ Accelerator\pac-page.html
O8 - Extra context menu item: Allow pop-ups from this site - C:\Program Files\IJ Accelerator\pac-addwl.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\IJ Accelerator\pac-image.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O12 - Plugin for .wmv: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O12 - Plugin for .asf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O16 - DPF: {4226E9B7-D637-40E8-893A-13298AB41477} (CWDL_DownLoadControl Class) - http://www.callwave....DL_DownLoad.CAB
O16 - DPF: Yahoo! Word Racer - http://download.game...nts/y/wt1_x.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.subs...ve/makeover.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....ta/SymAData.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O16 - DPF: Yahoo! Freecell Solitaire - http://yog55.games.s...og/y/fs10_x.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/...s/msnchat45.cab
O18 - Filter: text/html - (no CLSID) - (no file)

Again PLEASE help me!!

#2 Buckeye_Sam

Group: Member
Posts: 10,019
Joined: 10-July 05

Posted 23 October 2005 - 03:03 PM

Hi and welcome to GeeksToGo! My name is Sam and I will be helping you.

I apologize for the delay getting to your log, the helpers here are very busy.
If you still need help, please post a fresh Hijack log, in this thread, so I can help you with your Malware Problems.

If you have resolved this issue please let us know.

#3 lmishler22

Group: Member
Posts: 3
Joined: 19-October 05

Posted 23 October 2005 - 08:07 PM

Thank you so much for taking the time to help me...and YES I still do the help!! Heres my latest HijackThis log!

Logfile of HijackThis v1.99.1
Scan saved at 9:22:51 PM, on 10/23/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\EN-US\MSNAPPAU.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\WINDIR32.EXE
C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE
C:\PROGRAM FILES\SOAO\EUAU.EXE
C:\WINDOWS\SYSTEM\WINDIR32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\MICROSOFT HOME PUBLISHING\MHPRMIND.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\IJ ACCELERATOR\PROPELAC.EXE
C:\WINDOWS\SYSTEM\KXSHSE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\AIM\AIM.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\WINWORD.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE
C:\PROGRAM FILES\QUICKTIME\QUICKTIMEPLAYER.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\PROGRAM FILES\IJ ACCELERATOR\PRPL_IEPOPUPBLOCKER.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O2 - BHO: (no name) - {4C575204-EEC1-FB1C-B7AD-C559A781FEC9} - C:\WINDOWS\SYSTEM\GQA.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\IJ Accelerator\trayctl.exe" /STARTUPLAUNCH
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - HKCU\..\Run: [Giymdabz] registry?CAPI: The install failed. The rsabase.dll that is being installed doesn't match the signature file or the value in the registry?CAPI: The install program could not find the signature resource5CAPI: The install program could not load the resource\tvsmk.exe
O4 - HKCU\..\Run: [Gvjyigr] registry?CAPI: The install failed. The rsabase.dll that is being installed doesn't match the signature file or the value in the registry?CAPI: The install program could not find the signature resource5CAPI: The install program could not load the resource\idcu.exe
O4 - HKCU\..\Run: [Ylmeh] registry?CAPI: The install failed. The rsabase.dll that is being installed doesn't match the signature file or the value in the registry?CAPI: The install program could not find the signature resource5CAPI: The install program could not load the resource\splgk.exe
O4 - HKCU\..\Run: [Vook] registry?CAPI: The install failed. The rsabase.dll that is being installed doesn't match the signature file or the value in the registry?CAPI: The install program could not find the signature resource5CAPI: The install program could not load the resource\fhxwkj.exe
O4 - HKCU\..\Run: [Xlxnm] registry?CAPI: The install failed. The rsabase.dll that is being installed doesn't match the signature file or the value in the registry?CAPI: The install program could not find the signature resource5CAPI: The install program could not load the resource\egyidmje.exe
O4 - HKCU\..\Run: [Kqoikz] registry?CAPI: The install failed. The rsabase.dll that is being installed doesn't match the signature file or the value in the registry?CAPI: The install program could not find the signature resource5CAPI: The install program could not load the resource\ppag.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE" /Q
O4 - HKCU\..\Run: [Ekmxu] registry?CAPI: The install failed. The rsabase.dll that is being installed doesn't match the signature file or the value in the registry?CAPI: The install program could not find the signature resource5CAPI: The install program could not load the resource\jfcjnik.exe
O4 - HKCU\..\Run: [Rbe] registry?CAPI: The install failed. The rsabase.dll that is being installed doesn't match the signature file or the value in the registry?CAPI: The install program could not find the signature resource5CAPI: The install program could not load the resource\wamxlko.exe
O4 - HKCU\..\Run: [Qnm] registry?CAPI: The install failed. The rsabase.dll that is being installed doesn't match the signature file or the value in the registry?CAPI: The install program could not find the signature resource5CAPI: The install program could not load the resource\umva.exe
O4 - HKCU\..\Run: [Ofljf] registry?CAPI: The install failed. The rsabase.dll that is being installed doesn't match the signature file or the value in the registry?CAPI: The install program could not find the signature resource5CAPI: The install program could not load the resource\affxhne.exe
O4 - HKCU\..\Run: [Dhoekoce] registry?CAPI: The install failed. The rsabase.dll that is being installed doesn't match the signature file or the value in the registry?CAPI: The install program could not find the signature resource5CAPI: The install program could not load the resource\opuusa.exe
O4 - HKCU\..\Run: [Xloaz] C:\WINDOWS\SYSTEM\kxshse.exe
O4 - HKCU\..\Run: [Aues] "C:\Program Files\soao\euau.exe" -vt tzt
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Greetings Reminders.lnk = C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\IJ Accelerator\pac-page.html
O8 - Extra context menu item: Allow pop-ups from this site - C:\Program Files\IJ Accelerator\pac-addwl.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\IJ Accelerator\pac-image.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O12 - Plugin for .wmv: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O12 - Plugin for .asf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O16 - DPF: {4226E9B7-D637-40E8-893A-13298AB41477} (CWDL_DownLoadControl Class) - http://www.callwave....DL_DownLoad.CAB
O16 - DPF: Yahoo! Word Racer - http://download.game...nts/y/wt1_x.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.subs...ve/makeover.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....ta/SymAData.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O16 - DPF: Yahoo! Freecell Solitaire - http://yog55.games.s...og/y/fs10_x.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/...s/msnchat45.cab
O18 - Filter: text/html - (no CLSID) - (no file)

I hope you can help me!! thanks again!

#4 Buckeye_Sam

Group: Member
Posts: 10,019
Joined: 10-July 05

Posted 24 October 2005 - 02:12 PM

Please download the trial version of WebRoot SpySweeper

Click the Free Trial link under to "SpySweeper" to download the program.
Install it.
Once the program is installed, it will open.
It will prompt you to update to the latest definitions, click Yes.
Close Spysweeper for now.

Please follow these steps:

Please make sure that you can View Hidden Files
- Click Start -> My Computer
- Select Tools -> Folder options
- Select the View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled.
- Also make sure that 'Display the contents of system folders' is checked.
- For more info on how to show hidden files click here.
Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
O2 - BHO: (no name) - {4C575204-EEC1-FB1C-B7AD-C559A781FEC9} - C:\WINDOWS\SYSTEM\GQA.DLL
O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [Giymdabz] registry?CAPI: The install failed. The rsabase.dll that is being installed doesn't match the signature file or the value in the registry?CAPI: The install program could not find the signature resource5CAPI: The install program could not load the resource\tvsmk.exe
O4 - HKCU\..\Run: [Gvjyigr] registry?CAPI: The install failed. The rsabase.dll that is being installed doesn't match the signature file or the value in the registry?CAPI: The install program could not find the signature resource5CAPI: The install program could not load the resource\idcu.exe
O4 - HKCU\..\Run: [Ylmeh] registry?CAPI: The install failed. The rsabase.dll that is being installed doesn't match the signature file or the value in the registry?CAPI: The install program could not find the signature resource5CAPI: The install program could not load the resource\splgk.exe
O4 - HKCU\..\Run: [Vook] registry?CAPI: The install failed. The rsabase.dll that is being installed doesn't match the signature file or the value in the registry?CAPI: The install program could not find the signature resource5CAPI: The install program could not load the resource\fhxwkj.exe
O4 - HKCU\..\Run: [Xlxnm] registry?CAPI: The install failed. The rsabase.dll that is being installed doesn't match the signature file or the value in the registry?CAPI: The install program could not find the signature resource5CAPI: The install program could not load the resource\egyidmje.exe
O4 - HKCU\..\Run: [Kqoikz] registry?CAPI: The install failed. The rsabase.dll that is being installed doesn't match the signature file or the value in the registry?CAPI: The install program could not find the signature resource5CAPI: The install program could not load the resource\ppag.exe
O4 - HKCU\..\Run: [Ekmxu] registry?CAPI: The install failed. The rsabase.dll that is being installed doesn't match the signature file or the value in the registry?CAPI: The install program could not find the signature resource5CAPI: The install program could not load the resource\jfcjnik.exe
O4 - HKCU\..\Run: [Rbe] registry?CAPI: The install failed. The rsabase.dll that is being installed doesn't match the signature file or the value in the registry?CAPI: The install program could not find the signature resource5CAPI: The install program could not load the resource\wamxlko.exe
O4 - HKCU\..\Run: [Qnm] registry?CAPI: The install failed. The rsabase.dll that is being installed doesn't match the signature file or the value in the registry?CAPI: The install program could not find the signature resource5CAPI: The install program could not load the resource\umva.exe
O4 - HKCU\..\Run: [Ofljf] registry?CAPI: The install failed. The rsabase.dll that is being installed doesn't match the signature file or the value in the registry?CAPI: The install program could not find the signature resource5CAPI: The install program could not load the resource\affxhne.exe
O4 - HKCU\..\Run: [Dhoekoce] registry?CAPI: The install failed. The rsabase.dll that is being installed doesn't match the signature file or the value in the registry?CAPI: The install program could not find the signature resource5CAPI: The install program could not load the resource\opuusa.exe
O4 - HKCU\..\Run: [Xloaz] C:\WINDOWS\SYSTEM\kxshse.exe
O4 - HKCU\..\Run: [Aues] "C:\Program Files\soao\euau.exe" -vt tzt
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
Please reboot your computer in SafeMode by doing the following:
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
- Instead of Windows loading as normal, a menu should appear
- Select the first option, to run Windows in Safe Mode.
- If you have trouble getting into Safe mode go here for more info.
Once in Safe mode, delete these files or directories (Do not be concerned if they do not exist):

C:\WINDOWS\SYSTEM\GQA.DLL
C:\WINDOWS\SYSTEM\windir32.exe
C:\WINDOWS\SYSTEM\kxshse.exe
C:\Program Files\soao <-- delete this folder
Open up Spysweeper.
- Click the Start button.
- When it's done scanning, click the Next button.
- Make sure everything has a check next to it, then click the Next button.
- It will remove all of the items found.
- Click Session Log in the upper right corner, copy everything in that window.
- Click the Summary tab and click Finish.
- Paste the contents of the session log you copied into your next reply.

Reboot your computer to go back to normal mode and post a new hijackthislog and the log from Spysweeper.

#5 lmishler22

Group: Member
Posts: 3
Joined: 19-October 05

Posted 26 October 2005 - 07:47 PM

I cant thank you enough for helping me out with this, I'll definetly make a donation as soon as possible!

anyways here is the new HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 9:35:21 PM, on 10/26/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\EN-US\MSNAPPAU.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\IJ ACCELERATOR\PROPELAC.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\MICROSOFT HOME PUBLISHING\MHPRMIND.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\WRSSSDK.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\MY DOCUMENTS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\PROGRAM FILES\MSN APPS\ST\01.03.0000.1005\EN-XU\STMAIN.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\PROGRAM FILES\IJ ACCELERATOR\PRPL_IEPOPUPBLOCKER.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\EN-US\MSNTB.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\IJ Accelerator\trayctl.exe" /STARTUPLAUNCH
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [SpySweeper] "C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE" /startintray
O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - HKCU\..\Run: [Spyware Doctor] "C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE" /Q
O4 - HKCU\..\Run: [Ekmxu] registry?CAPI: The install failed. The rsabase.dll that is being installed doesn't match the signature file or the value in the registry?CAPI: The install program could not find the signature resource5CAPI: The install program could not load the resource\jfcjnik.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Greetings Reminders.lnk = C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\IJ Accelerator\pac-page.html
O8 - Extra context menu item: Allow pop-ups from this site - C:\Program Files\IJ Accelerator\pac-addwl.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\IJ Accelerator\pac-image.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O12 - Plugin for .wmv: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O12 - Plugin for .asf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O16 - DPF: {4226E9B7-D637-40E8-893A-13298AB41477} (CWDL_DownLoadControl Class) - http://www.callwave....DL_DownLoad.CAB
O16 - DPF: Yahoo! Word Racer - http://download.game...nts/y/wt1_x.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.subs...ve/makeover.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....ta/SymAData.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O16 - DPF: Yahoo! Freecell Solitaire - http://yog55.games.s...og/y/fs10_x.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/...s/msnchat45.cab

and here is the Spy Sweeper Log:

********
9:07 PM: | Start of Session, Wednesday, October 26, 2005 |
9:07 PM: Spy Sweeper started
9:07 PM: Sweep initiated using definitions version 562
9:07 PM: Starting Memory Sweep
9:09 PM: Memory Sweep Complete, Elapsed Time: 00:02:21
9:09 PM: Starting Registry Sweep
9:10 PM: Found Adware: cws-aboutblank
9:10 PM: HKCR\protocols\filter\text/html\ (ID = 114343)
9:10 PM: HKLM\software\classes\protocols\filter\text/html\ (ID = 115907)
9:11 PM: Registry Sweep Complete, Elapsed Time:00:01:36
9:11 PM: Starting Cookie Sweep
9:11 PM: Found Spy Cookie: netratingsselect cookie
9:11 PM: susan@nnselect[2].txt (ID = 3065)
9:11 PM: Found Spy Cookie: ask cookie
9:11 PM: susan@ask[1].txt (ID = 2245)
9:11 PM: Found Spy Cookie: tripod cookie
9:11 PM: susan@tripod[1].txt (ID = 3591)
9:11 PM: Found Spy Cookie: servlet cookie
9:11 PM: susan@servlet[2].txt (ID = 3345)
9:11 PM: Found Spy Cookie: azjmp cookie
9:11 PM: susan@azjmp[2].txt (ID = 2270)
9:11 PM: Found Spy Cookie: rightmedia cookie
9:11 PM: susan@rightmedia[2].txt (ID = 3259)
9:11 PM: susan@rightmedia[1].txt (ID = 3259)
9:11 PM: Found Spy Cookie: pch cookie
9:11 PM: susan@sb.pch[1].txt (ID = 3124)
9:11 PM: Found Spy Cookie: about cookie
9:11 PM: susan@rarediseases.about[1].txt (ID = 2038)
9:11 PM: Found Spy Cookie: targetnet cookie
9:11 PM: susan@targetnet[1].txt (ID = 3489)
9:11 PM: Found Spy Cookie: yieldmanager cookie
9:11 PM: susan@yieldmanager[2].txt (ID = 3749)
9:11 PM: Found Spy Cookie: oinadserve cookie
9:11 PM: susan@oinadserve[1].txt (ID = 3091)
9:11 PM: susan@ad.yieldmanager[4].txt (ID = 3751)
9:11 PM: susan@ad.yieldmanager[1].txt (ID = 3751)
9:11 PM: susan@ad.yieldmanager[3].txt (ID = 3751)
9:11 PM: susan@ad.yieldmanager[2].txt (ID = 3751)
9:11 PM: Found Spy Cookie: screensavers.com cookie
9:11 PM: susan@i.screensavers[2].txt (ID = 3298)
9:11 PM: Cookie Sweep Complete, Elapsed Time: 00:00:06
9:11 PM: Starting File Sweep
9:11 PM: Warning: Failed to open file "c:\windows\win386.swp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59ca1-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59ca2-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59ca3-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59ca4-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59ca5-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59ca6-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59ca7-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59ca8-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59ca9-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59caa-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cab-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cac-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cad-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cae-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59caf-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cb0-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cb1-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cb2-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cb3-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cb4-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cb5-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cb6-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cb7-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cb8-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cb9-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cba-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cbb-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cbc-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cbd-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cbe-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cbf-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cc0-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cc1-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cc2-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cc3-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cc4-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cc5-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cc6-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cc7-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cc8-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cc9-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cca-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59ccb-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59ccc-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59ccd-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cce-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59ccf-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cd0-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cd1-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cd2-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cd3-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cd4-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cd5-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cd6-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cd7-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cd8-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cd9-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cda-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cdb-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cdc-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cdd-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cde-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cdf-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59ce0-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59ce1-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59ce2-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59ce3-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59ce4-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59ce5-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59ce6-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59ce7-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59ce8-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59ce9-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cea-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59ceb-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cec-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59ced-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cee-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cef-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cf0-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cf1-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cf2-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cf3-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cf4-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cf5-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cf6-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cf7-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cf8-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cf9-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cfa-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cfb-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cfc-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cfd-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cfe-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59cff-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59d00-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59d01-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59d02-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59d03-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59d04-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59d05-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59d06-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59d07-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs64a59d08-4664-11da-bf64-85fc0265712d.tmp". The process cannot access the file because
it is being used by another process
9:16 PM: File Sweep Complete, Elapsed Time: 00:05:27
9:16 PM: Full Sweep has completed. Elapsed time 00:09:34
9:16 PM: Traces Found: 19
9:19 PM: Removal process initiated
9:19 PM: Quarantining All Traces: cws-aboutblank
9:19 PM: Quarantining All Traces: about cookie
9:19 PM: Quarantining All Traces: ask cookie
9:19 PM: Quarantining All Traces: azjmp cookie
9:19 PM: Quarantining All Traces: netratingsselect cookie
9:19 PM: Quarantining All Traces: oinadserve cookie
9:19 PM: Quarantining All Traces: pch cookie
9:19 PM: Quarantining All Traces: rightmedia cookie
9:19 PM: Quarantining All Traces: screensavers.com cookie
9:19 PM: Quarantining All Traces: servlet cookie
9:19 PM: Quarantining All Traces: targetnet cookie
9:19 PM: Quarantining All Traces: tripod cookie
9:19 PM: Quarantining All Traces: yieldmanager cookie
9:19 PM: Removal process completed. Elapsed time 00:00:10
********
7:54 PM: | Start of Session, Wednesday, October 26, 2005 |
7:54 PM: Spy Sweeper started
7:59 PM: Your spyware definitions have been updated.
8:32 PM: Processing Startup Alerts
8:32 PM: Removed Startup entry: Aues

#6 Buckeye_Sam

Group: Member
Posts: 10,019
Joined: 10-July 05

Posted 27 October 2005 - 03:54 PM

Please fix this line with Hijackthis.

O4 - HKCU\..\Run: [Ekmxu] registry?CAPI: The install failed. The rsabase.dll that is being installed doesn't match the signature file or the value in the registry?CAPI: The install program could not find the signature resource5CAPI: The install program could not load the resource\jfcjnik.exe

Please run Panda Online Virus Scan

You must allow the active-x control to run when asked.
You may need to disable your antivirus program while this scan runs.
There may be files that this scan will not remove.
Please include that information in your next post.
Make sure to reenable your antivirus program if you disabled it.

Reboot and post a new hijackthis log and the info from your virus scan.

Let me know how things are running for you now.

#7 Buckeye_Sam

Group: Member
Posts: 10,019
Joined: 10-July 05

Posted 10 November 2005 - 02:09 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

Back to Virus, Spyware, Malware Removal

Share this topic:

Page 1 of 1

Please log in to reply

Help! 246+ Infections! [CLOSED] - Geeks to Go Forums