Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HELP! yyy34.html -sear-h invaded my pc [resolved]


  • This topic is locked This topic is locked

#1
jermaldan

jermaldan

    Member

  • Member
  • PipPip
  • 11 posts
HI,

I am new to the posts and have a serious problem. Yesturday I downloaded a prog from the net and there was no problem when I had it scanned with norton.

About an hour later I started recieving POpUps and software started installing itself. I have sent all last night trying to work out what has been going on but at the moment I am admitting defeat. I have installed 7 didderent anit-spyware/adware/malware programs and they all find something and kill it but this does not help. As soon as I restart the browser the popups start.

Even of the browser is not opened I still get popups!!!

I have heard of others having this problem and I need to avoid a restore.

Can anyone please help me. I am posting my Hijackthis logs below along with some others that will help diagnose the problem.

Thanks in advance!!!

HIJACKTHIS LOG...................

Logfile of HijackThis v1.99.1
Scan saved at 12:10:40, on 22/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\JERZY\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5482CF6B-C1D2-4884-A8DB-7BF6FBB67342}: NameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{5482CF6B-C1D2-4884-A8DB-7BF6FBB67342}: NameServer = 194.168.4.100 194.168.8.100
O20 - Winlogon Notify: Control Panel - C:\WINDOWS\system32\ir4sl5h71.dll (file missing)
O20 - Winlogon Notify: URL - C:\WINDOWS\system32\impeers.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

LM2FIX LOG.....................

L2MFIX find log 1.04a
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Control Panel]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\ir4sl5h71.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\URL]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\impeers.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{1BA0226A-7F3E-1F12-3B50-6B38B5804A87}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{2F603045-309F-11CF-9774-0020AFD0CFF6}"="Synaptics Control Panel"
"{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{F3F1ED6A-A38D-4317-BA4C-7EC6D29A0FAA}"=""

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{F3F1ED6A-A38D-4317-BA4C-7EC6D29A0FAA}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F3F1ED6A-A38D-4317-BA4C-7EC6D29A0FAA}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F3F1ED6A-A38D-4317-BA4C-7EC6D29A0FAA}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{F3F1ED6A-A38D-4317-BA4C-7EC6D29A0FAA}\InprocServer32]
@="C:\\WINDOWS\\system32\\kodpl1.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
kodpl1.dll Sat 22 Oct 2005 11:05:06 ..S.R 235,362 229.84 K
impeers.dll Sat 22 Oct 2005 10:20:54 ..... 235,362 229.84 K
s32evnt1.dll Thu 28 Jul 2005 14:52:18 A.... 91,856 89.70 K
dnlq01~1.dll Sat 22 Oct 2005 1:52:26 ..S.R 235,563 230.04 K
i8420i~1.dll Sat 22 Oct 2005 10:51:54 ..S.R 235,362 229.84 K
legitc~1.dll Mon 29 Aug 2005 13:27:12 A.... 520,968 508.76 K
w95inf16.dll Sun 18 Sep 2005 15:24:38 A.... 2,272 2.22 K
w95inf32.dll Sun 18 Sep 2005 15:24:38 A.... 4,608 4.50 K
cmdlin~1.dll Wed 21 Sep 2005 13:58:06 A.... 98,304 96.00 K

9 items found: 9 files (3 H/S), 0 directories.
Total of file sizes: 1,659,657 bytes 1.58 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Volume in drive C is ACER
Volume Serial Number is 1569-13D7

Directory of C:\WINDOWS\System32

22/10/2005 11:05 235,362 kodpl1.dll
22/10/2005 10:51 235,362 i8420ihoe84c0.dll
22/10/2005 01:52 235,563 dnlq0135e.dll
17/08/2004 13:27 <DIR> Microsoft
17/08/2004 13:09 <DIR> dllcache
30/09/1999 19:21 166,672 mstext35.dll
28/09/1999 21:42 1,050,896 msjet35.dll
09/09/1999 22:06 252,688 msexcl35.dll
09/09/1999 22:06 168,720 msltus35.dll
25/08/1999 14:57 415,504 msrepl35.dll
10/06/1999 09:34 24,848 msjter35.dll
10/06/1999 09:34 123,664 msjint35.dll
07/06/1999 18:59 250,128 mspdox35.dll
25/04/1999 17:00 252,176 Msrd2x35.dll
25/04/1999 17:00 368,912 Vbar332.dll
25/04/1999 17:00 287,504 Msxbse35.dll
14 File(s) 4,067,999 bytes
2 Dir(s) 8,230,944,768 bytes free


EWIDO SECURITY LOGS.......

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:31:08, 22/10/2005
+ Report-Checksum: F1979F68

+ Scan result:

[292] C:\WINDOWS\system32\kodpl1.dll -> Spyware.Look2Me : Error during cleaning
[920] C:\WINDOWS\system32\kodpl1.dll -> Spyware.Look2Me : Error during cleaning
C:\WINDOWS\system32\dnlq0135e.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\Temp\Cookies\jerzy@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\JERZY\Local Settings\Temp\Cookies\jerzy@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\JERZY\Local Settings\Temp\Cookies\jerzy@www.myaffiliateprogram[2].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\JERZY\Local Settings\Temp\Cookies\jerzy@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\JERZY\Local Settings\Temp\Cookies\jerzy@adtech[2].txt -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Documents and Settings\JERZY\Local Settings\Temp\Cookies\jerzy@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\JERZY\Local Settings\Temporary Internet Files\Content.IE5\X8GBPX4X\WinFixer2005ScannerInstall[1].exe -> Not-A-Virus.Downloader.Agent.d : Cleaned with backup
C:\Documents and Settings\JERZY\Local Settings\Temporary Internet Files\Content.IE5\X8GBPX4X\ysb[1].dll -> TrojanDownloader.IstBar.lv : Cleaned with backup
C:\Documents and Settings\JERZY\Local Settings\Temporary Internet Files\Content.IE5\UDZSL8RQ\tnsp0561[1].exe/run.exe -> TrojanDownloader.VB.qr : Cleaned with backup
C:\Documents and Settings\JERZY\Local Settings\Temporary Internet Files\Content.IE5\UDZSL8RQ\contextplus[1].exe -> Trojan.Crypt.t : Cleaned with backup
C:\Documents and Settings\JERZY\Local Settings\Temporary Internet Files\Content.IE5\UDZSL8RQ\ysbinstall_1003585[1].exe -> TrojanDownloader.IstBar.is : Cleaned with backup
C:\Documents and Settings\JERZY\Local Settings\Temporary Internet Files\Content.IE5\UDZSL8RQ\SAcc.prod.v1116.20oct2005.exe[1].263a5acb41f0de25ba4efcdf6cdd662a -> Spyware.SurfAccuracy : Cleaned with backup
C:\Documents and Settings\JERZY\Local Settings\Temporary Internet Files\Content.IE5\VZ5BV9WW\drsmartload[1].exe -> Spyware.SmartLoad : Cleaned with backup
C:\System Volume Information\_restore{AFDD5784-4FFA-413C-84B1-64EE165D77E0}\RP39\A0008520.exe -> TrojanDownloader.VB.qr : Cleaned with backup
C:\System Volume Information\_restore{AFDD5784-4FFA-413C-84B1-64EE165D77E0}\RP40\A0008730.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{AFDD5784-4FFA-413C-84B1-64EE165D77E0}\RP40\A0008746.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{AFDD5784-4FFA-413C-84B1-64EE165D77E0}\RP40\A0009746.dll -> Spyware.Look2Me : Cleaned with backup


::Report End
  • 0

Advertisements


#2
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Welcome jermaldan to Geeks to Go!

Let's see if we can do this today.

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link on the right - next to "SpySweeper for Home Computers" to download the program.
  • Install it.
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, close SpySweeper for now.
  • Reboot to safe mode.

    1) Restart your computer
    2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
    3) Instead of Windows loading as normal, a menu should appear
    4) Select the first option, to run Windows in Safe Mode.

    For additional help in booting into Safe Mode, see the following site:
    http://www.pchell.co.../safemode.shtml
  • Open SpySweeper again, click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
Reboot back to normal mode.
Paste the contents of the session log you copied into your next reply.
  • 0

#3
jermaldan

jermaldan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi,

Sorry it took so long but my computer is running really slow, probably because of all the spyware stuff I have installed to combat this infection.

Thanks again for your help.

Below is the log....

********
14:07: | Start of Session, 23 October 2005 |
14:07: Spy Sweeper started
14:07: Sweep initiated using definitions version 560
14:07: Starting Memory Sweep
14:08: Found Adware: icannnews
14:08: Detected running threat: C:\WINDOWS\system32\irr4l59q1.dll (ID = 83)
14:08: Detected running threat: C:\WINDOWS\system32\koduzb.dll (ID = 83)
14:08: Memory Sweep Complete, Elapsed Time: 00:01:34
14:08: Starting Registry Sweep
14:08: Found Adware: targetsaver
14:08: HKU\S-1-5-21-3813546887-258051792-3329231128-1004\software\tsl2\ (1 subtraces) (ID = 143616)
14:08: Registry Sweep Complete, Elapsed Time:00:00:09
14:08: Starting Cookie Sweep
14:08: Found Spy Cookie: go.com cookie
14:08: jerzy@abc.go[1].txt (ID = 2729)
14:08: jerzy@rsi.abc.go[1].txt (ID = 2729)
14:08: jerzy@forums.go[1].txt (ID = 2729)
14:08: jerzy@go[2].txt (ID = 2728)
14:08: jerzy@register.go[1].txt (ID = 2729)
14:08: Found Spy Cookie: 4u.pl cookie
14:08: jerzy@ad.stat.4u[1].txt (ID = 1978)
14:08: Found Spy Cookie: web-stat cookie
14:08: jerzy@server3.web-stat[1].txt (ID = 3649)
14:08: Found Spy Cookie: touchclarity cookie
14:08: jerzy@easyjet.touchclarity[1].txt (ID = 3566)
14:08: Found Spy Cookie: a cookie
14:08: jerzy@a[1].txt (ID = 2027)
14:08: Found Spy Cookie: about cookie
14:08: jerzy@politicalhumor.about[1].txt (ID = 2038)
14:08: jerzy@quotations.about[2].txt (ID = 2038)
14:08: Cookie Sweep Complete, Elapsed Time: 00:00:00
14:08: Starting File Sweep
14:08: Warning: Failed to open file "c:\pagefile.sys". Access is denied
14:11: Warning: Failed to open file "c:\windows\system32\koduzb.dll". The process cannot access the file because it is being used by another process
14:11: Warning: Failed to open file "c:\windows\system32\mvlml9311.dll". The process cannot access the file because it is being used by another process
14:11: Warning: Failed to open file "c:\windows\system32\irr4l59q1.dll". The process cannot access the file because it is being used by another process
14:11: Warning: Failed to open file "c:\windows\system32\config\system.log". The process cannot access the file because it is being used by another process
14:11: Warning: Failed to open file "c:\windows\system32\config\software.log". The process cannot access the file because it is being used by another process
14:11: Warning: Failed to open file "c:\windows\system32\config\default.log". The process cannot access the file because it is being used by another process
14:11: Warning: Failed to open file "c:\windows\system32\config\security". The process cannot access the file because it is being used by another process
14:11: Warning: Failed to open file "c:\windows\system32\config\sam". The process cannot access the file because it is being used by another process
14:11: Warning: Failed to open file "c:\windows\system32\config\sam.log". The process cannot access the file because it is being used by another process
14:11: Warning: Failed to open file "c:\windows\system32\config\security.log". The process cannot access the file because it is being used by another process
14:11: Warning: Failed to open file "c:\windows\system32\config\system". The process cannot access the file because it is being used by another process
14:11: Warning: Failed to open file "c:\windows\system32\config\software". The process cannot access the file because it is being used by another process
14:11: Warning: Failed to open file "c:\windows\system32\config\default". The process cannot access the file because it is being used by another process
14:12: Warning: Failed to open file "c:\windows\system32\drivers\atapi.sys". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs0141f940-37f5-49a7-8309-490c1551bd51.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs7d758b66-a35c-4be1-acb6-2d0f922fb84e.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs8bc43964-d828-4a15-b08e-0fa64e1f5c10.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs50e0c4ea-4c24-4408-8f93-c3cae52b869d.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs9fb5a62c-6d69-46d4-b780-71f91df4aa35.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs4b9ab918-95bc-4eb7-9e40-cfc4975d076d.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs4e3c2f45-cec1-4c5f-91f4-b301de7b2447.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs37c7b749-ceeb-46e8-bcf0-35d055ef32d5.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsf405a0f5-7339-40b6-ab77-f02875aada14.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsc1d54578-add2-48b6-a4ef-b45b17405b65.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsf87009e0-acda-47cf-89c2-80e3bb70b03b.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsc680946f-91f2-44d5-a06c-79a7a324b383.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs2397b70f-8bb3-492d-8bdf-0146427a787e.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsd1076e02-1981-4fe3-98d1-7a7f836b97d2.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs10920639-4ab1-41d5-9c94-7b2360cc93da.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs83ebf4c9-7af4-46a0-9e21-8231c92d1cdb.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs6af0a272-6ecc-4178-8025-f01f2df46665.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs583de3c9-79ad-4d12-aa2e-7bc7b3af49f4.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs3733eb87-52c7-4980-acf4-244e6b3bbaf8.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs4316eac8-816e-4929-84b8-3522407fee09.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs5864dddc-0ed0-4689-a311-20afa7239f3a.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs72a20b5c-00a5-471a-95ce-def8e9ec23ee.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs40789ad2-1593-4c18-a7e5-8463c9cf26bb.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscse97ae5bf-ee75-4559-9ce7-38c1f06bf2a2.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscse82fdc4a-7c1f-43b6-98f4-e55e8b737b71.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs573f792f-64ae-4612-829a-d216aa00a71a.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsbf657866-84a1-495e-a742-6b9086e639eb.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsb8d82be3-f44f-4152-9f05-0ff8f9c6e79e.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs9115edb3-09f2-4a05-bf55-eb6788f4cba1.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs3409cbd6-df7f-4678-9e36-6305541fd83f.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs7e5d73b9-c711-412f-940d-70d6afde201b.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs0b8c9978-0058-4d16-877a-37dfa73bd706.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs43b6ee34-3ca3-4737-a8b4-f377a89d350e.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs18fc9929-5162-494b-bc6f-75e026efaf10.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs2102ee8d-827a-488e-a733-bf80554ae1ad.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs93dfe43f-4f8d-4e9b-a2e5-2b18ee4b26ed.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs4c225de6-1f8a-42f5-be7d-7aacd9020d1a.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsf12298c7-a0b0-43d6-bf59-4eddfe4272a1.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs0fffa85f-6b5d-4306-9757-276e7e3346dd.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsec9e7091-6742-407f-8ed7-784b0e1579a0.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs704c8062-6341-4a3c-a6b2-ae96f560470f.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs5867a772-f8c9-48b0-b072-0b6b5eeef204.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs8ea9e13a-92f9-4742-925a-e9363beef088.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs96a744e3-0137-4ce4-81a8-b9cc3b779170.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsa88717e3-8638-4ca8-87b9-0156ec9803e3.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsf5398601-87b4-4ead-8b0c-32be0d3e085a.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsd91fe3e1-7b1d-4516-8cb7-e65fed0590eb.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs7e0fd636-5425-4cac-a7b4-76ce7879b33b.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsc806cdf5-3f23-4f02-98b0-ffe1d3cd5e75.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsae1e3cd6-8340-4b6f-a9fe-040f66ca23f7.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs002b181d-d84e-45be-acfd-a6cd852a9ca7.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsabd8d63e-c69a-49d4-a004-786a57fcf144.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs60013dea-3d26-4bfa-999c-3f11df60c559.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs69b6f987-2d42-42e7-83d2-21fba7dcc073.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsc0e6d7de-9ee6-41d0-86ca-313c85205792.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs19625b49-1eed-4af2-9046-2ed95fca686e.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsd737033b-6b0b-42f0-a43c-f91de7f56505.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs9cefb280-6986-4428-8042-af4ebc520a2f.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs72f5e1f7-221c-4fe6-9fa0-9fb07f7c42c6.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsa7fe7d31-6ea6-4836-847b-ae575b5625a1.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs9073b2b3-dae5-4871-a4fe-fd9082a7484e.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs174b4d5b-3d04-4066-b00f-aa8298332658.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs8c0f3c3c-710d-4595-bf7e-96cc89c172b8.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs0005de9d-2741-407f-854c-a075b8111998.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs86bab0bb-976d-4f5e-b035-cc6ceca9def2.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscse50527e7-aa7a-4d7d-83ba-07e48b0e73c7.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscscbd6bbab-cbe4-4c8f-9e04-4e941ac9410e.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs9159bf9a-e93e-473a-aecc-e5bbb9887cd9.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsdef2494b-eaff-46c4-96e2-15bcf2cd2592.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs03986ea6-45e8-42e0-b795-4cee75cb829b.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs5270e878-09d4-463b-b4c7-ef6960f8bf87.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs29e16ddd-44b4-4065-a6eb-b2141c04cb4c.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs7988d135-a198-49ac-ae8c-03f050f30de2.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsc6aea9ce-446f-4952-9fad-96e273f9cae0.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsf96b09e2-3f4a-4ec0-953c-787f59e6e825.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs0a439037-317b-4219-b111-bd8fd8b10c48.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs1f6394b3-c769-40f9-ac21-362faf3998f9.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsf3d588b6-3890-4233-837d-49a3bb85977b.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs0a4ba346-9498-4a5f-a745-d7d54669b565.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs43e302f0-dcd0-4368-bcf8-01b117cc6306.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs9f77c80b-2d09-4986-8cb1-9931afd08f20.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsa11a3997-5b17-4642-9c3b-9ee32edae972.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs816a1b6d-bc58-41d3-a784-84916f707fe1.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs8a459293-711c-4201-ade3-0becc1fdabbf.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs9a700d98-83f1-47d8-9cc5-c26c6c8eaf0e.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs5c740725-679d-4ebf-99e9-1ed880513312.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs916c1b46-3ccd-4123-8fbf-24290bc86d44.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsed802be7-198d-4e48-aa06-c8d591869db5.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs267fdf39-7d89-4ed9-b52d-3308cc119613.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsc7de25f8-748e-4670-8399-8828136bd7f6.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs778efe1d-bdbb-40ea-967c-cff3b86b3256.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsc0c522b6-5fbd-4112-9a95-60ca6bc9ab10.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscse9741cb5-cb53-4137-8f04-2ccff4010e54.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsfff03dea-911b-4362-9ab8-b18db92aa59b.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs1e5f4676-a495-4590-94b1-7acac88dd0bf.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsfaccd5a7-3306-4245-b622-830d257298e4.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsd7ec268e-5882-46c0-bef1-47d1c87af64f.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsbc055627-ec4c-4363-84dd-c5ad5d233286.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsf3b5f326-8f45-447a-bb5d-cdf2b8f09c28.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs2ee36ae1-5ee7-4ef2-afe9-10aa24f4511b.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsdcdb464a-5afc-4efd-98db-cbc5f609fe03.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsfd056d9f-aa39-4706-a181-0df5f3788688.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs6521ce0a-c481-4fce-9201-23f39ae259c9.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs7b591f34-e08e-42df-881d-af7438bf0af2.tmp". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\jerzy\ntuser.dat". The process cannot access the file because it is being used by another process
14:15: Warning: Failed to open file "c:\documents and settings\jerzy\ntuser.dat.log". The process cannot access the file because it is being used by another process
14:17: Warning: Failed to open file "c:\documents and settings\jerzy\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
14:17: Warning: Failed to open file "c:\documents and settings\jerzy\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
14:17: Found Adware: ist yoursitebar
14:17: yoursitebar[1].xml (ID = 131226)
14:17: Found Adware: surf accuracy
14:17: sacc[1].cfg (ID = 162775)
14:17: tsupdate[1].ini (ID = 112322)
14:17: 113_dollarrevenue_4_0_3_9[1].exe (ID = 166444)
14:21: Found Adware: apropos
14:21: wingenerics.dll (ID = 50187)
14:22: 00000046 (ID = 78246)
14:22: 00000047 (ID = 78275)
14:22: 00000048 (ID = 78246)
14:22: Found Adware: effective-i toolbar
14:22: 00000057 (ID = 59843)
14:22: Found Adware: sp2ms
14:22: 00000330.exe (ID = 148759)
14:22: 00000447.exe (ID = 78276)
14:22: File Sweep Complete, Elapsed Time: 00:13:21
14:22: Full Sweep has completed. Elapsed time 00:15:10
14:22: Traces Found: 26
********
13:58: | Start of Session, 23 October 2005 |
13:58: Spy Sweeper started
13:58: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
13:58: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
13:59: Your spyware definitions have been updated.
14:01: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
14:01: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
14:01: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
14:01: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
14:02: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
14:02: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
14:02: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
14:02: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
14:06: Program Version 4.5.3 (Build 560) Using Spyware Definitions 560
14:07: | End of Session, 23 October 2005 |
  • 0

#4
jermaldan

jermaldan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi,

Since running your instructions I have not seen any POPUPS! :tazz:

Its been at least 20 minutes and by now I would have had a dosen at least. Could this be solved already?

Should I run the hijackhis logs again and l2mfix?

I am getting really exited by this!!! :) :woot: :woot:
  • 0

#5
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
:tazz: We´re not there yet.

Did you run SpySweeper in safe mode?
  • 0

#6
jermaldan

jermaldan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Yes,

Just like the doctor ordered!!:tazz:

That was over an hour ago and still no POPUPS!!

Edited by jermaldan, 23 October 2005 - 08:13 AM.

  • 0

#7
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new Hijackthis log, and we'll clean up what's left. :tazz:

IMPORTANT: Do NOT run any other files in the l2mfix folder unless you are asked to do so!
  • 0

#8
jermaldan

jermaldan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
OK, Here is the l2mfix log and right below it you will find the Hijack log
There were some errors that came up (as you will notice from the log)

Is everythink OK now?


C:\
Setting Directory
C:\
C:\
System Rebooted!

Running From:
C:\

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 400 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 652 'rundll32.exe'

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!
Backing Up: C:\WINDOWS\system32\dycpmon.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\mvlml9311.dll
1 file(s) copied.
Backing Up: C:\WINDOWS\system32\wansrv.dll
1 file(s) copied.
deleting: C:\WINDOWS\system32\dycpmon.dll
Successfully Deleted: C:\WINDOWS\system32\dycpmon.dll
deleting: C:\WINDOWS\system32\mvlml9311.dll
Successfully Deleted: C:\WINDOWS\system32\mvlml9311.dll
deleting: C:\WINDOWS\system32\wansrv.dll
Successfully Deleted: C:\WINDOWS\system32\wansrv.dll


Zipping up files for submission:
adding: dycpmon.dll (deflated 4%)
adding: mvlml9311.dll (deflated 5%)
adding: wansrv.dll (deflated 5%)
adding: clear.reg (deflated 37%)
adding: lo2.txt (deflated 64%)
adding: test2.txt (deflated 16%)
adding: test3.txt (deflated 16%)
adding: test5.txt (deflated 16%)
adding: test.txt (deflated 49%)
adding: xfind.txt (deflated 44%)

Restoring Registry Permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!


Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrators ... successful

Restoring Windows Update Certificates.:

deleting local copy: dycpmon.dll
deleting local copy: mvlml9311.dll
deleting local copy: wansrv.dll

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
"Asynchronous"=dword:00000000
"DllName"="WRLogonNTF.dll"
"Impersonate"=dword:00000001
"Lock"="WRLock"
"StartScreenSaver"="WRStartScreenSaver"
"StartShell"="WRStartShell"
"Startup"="WRStartup"
"StopScreenSaver"="WRStopScreenSaver"
"Unlock"="WRUnlock"
"Shutdown"="WRShutdown"
"Logoff"="WRLogoff"
"Logon"="WRLogon"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000


The following are the files found:
****************************************************************************
C:\WINDOWS\system32\dycpmon.dll
C:\WINDOWS\system32\mvlml9311.dll
C:\WINDOWS\system32\wansrv.dll

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{8910F7E0-C814-4A6C-BEE9-19C8CB45D8C4}"=-
"{43386037-2A34-43B2-9881-5E729D3378E6}"=-
[-HKEY_CLASSES_ROOT\CLSID\{8910F7E0-C814-4A6C-BEE9-19C8CB45D8C4}]
[-HKEY_CLASSES_ROOT\CLSID\{43386037-2A34-43B2-9881-5E729D3378E6}]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Logfile of HijackThis v1.99.1
Scan saved at 15:38:41, on 23/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\JERZY\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5482CF6B-C1D2-4884-A8DB-7BF6FBB67342}: NameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{5482CF6B-C1D2-4884-A8DB-7BF6FBB67342}: NameServer = 194.168.4.100 194.168.8.100
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
  • 0

#9
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Okay, so far so good.

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download AproposFix from here:
http://swandog46.gee.../aproposfix.exe

Save it to your desktop but do NOT run it yet.

Then please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


Once in Safe Mode, please double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.

When the tool is finished, please reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file in the aproposfix folder.
  • 0

#10
jermaldan

jermaldan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Ok,

Heres the contents of log.txt and hijackthis.....

Log of AproposFix v1

************

Running from directory:
C:\Documents and Settings\JERZY\Desktop\aproposfix

************

Registry entries found:

[HKEY_LOCAL_MACHINE\Software\CqSQFAB9KT68]
@="iD2y3:5HIIHIIJIedLLGAw\\HIIHXKIrdiYjrnI9F9Az3ONIy8:Cz89IvOP37vxJ9F9"
"Device"="\\\\.\\JI00ztbg"
"DriverPath"="C:\\WINDOWS\\system32\\drivers\\a34mqac.sys"
"DriverName"="Nwldmio"
"HideUninstallerName"="C:\\Program Files\\Movamd\\wmicsccp.exe"
"HDll"="C:\\WINDOWS\\system32\\usefview.dll"
"ServerAddress"="adchannel.contextplus.net"
"LegalNote"="http://adchannel.con...onbranded.html"
"PartnerId"="CP.LAV"
"InstallationId"="{X8715018-63e7-3eb6-6109-97d79ea4fdae}"
"PageFiltering"=dword:00000001
"ClientName"="C:\\Program Files\\Movamd\\msdinpun.exe"
"AutoUpdater"="C:\\WINDOWS\\system32\\wuwtcprx.exe"
"Version"="2.0.106"
"LastAURestoreMsgTS"="2005:10:21-21:51:45:671"

************

Removing hidden service:
Service Nwldmio removed.

Removing hidden folder:
Deletion of folder Movamd succeeded!

Deleting files:

Deletion of file C:\WINDOWS\system32\drivers\a34mqac.sys succeeded!
Deletion of file C:\WINDOWS\system32\wuwtcprx.exe succeeded!
Deletion of file C:\WINDOWS\system32\usefview.dll succeeded!

Backing up files:
Done!

Removing registry entries:

REGEDIT4

[-HKEY_CURRENT_USER\Software\CqSQFAB9KT68]
[-HKEY_LOCAL_MACHINE\Software\CqSQFAB9KT68]

Done!

Finished!




++++++++++++++++++++++++++++++++++++++++++++++++++++++
++++++++++++++++++++++++++++++++++++++++++++++++++++++
Logfile of HijackThis v1.99.1
Scan saved at 17:04:24, on 23/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\DivXsm.exe
C:\Documents and Settings\JERZY\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
  • 0

Advertisements


#11
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
I'm statisfied.

Let's see if there's something you need to get ride of.
  • Open HijackThis
  • Click on the configure button on the bottom right
  • Click on the tab "Misc Tools"
  • Click on the Box that says "Uninstall Manager"
  • Click on the button "Save list"
  • Copy and past the List from notepad into your post
Is the computer running okay now?
  • 0

#12
jermaldan

jermaldan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Here it is! The PC is better but its a little slow for my liking. When I uninstall the
spycathing soft it should be better. ....I hope..:woot:

I would just like to say that you are a legend, nothing has happened with popups since the first prog that we ran and instead of letting me go then you stuck with its and made sure everythiong is that way that it should be. Real Quality!!!! :tazz: :)

The next thing that I have to do is to learn how to stip down XP to its bare essentials so to incerease the performance. Any suggestions (where to look... I dont expect you to help me tune XP for me :woot: Luckily for me my workplace doesnt enforce SOE builds :woot:

Heres my software inventory

Acer eManager for Notebook
Ad-Aware SE Personal
Adobe Reader 6.0
Athlon 64 Processor Driver
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Broadcom 802.11 Network Adapter
ccCommon
Codec Pack - All In 1 6.0.2.7
ewido security suite
Google Toolbar for Internet Explorer
HijackThis 1.99.1
Internet Worm Protection
J2SE Runtime Environment 5.0 Update 5
Launch Manager V1.0.8.1
LiveReg (Symantec Corporation)
LiveUpdate 2.5 (Symantec Corporation)
Microsoft AntiSpyware
MSRedist
Norton AntiVirus 2005
Norton AntiVirus 2005 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton CleanSweep
Norton Ghost 9.0
Norton SystemWorks
Norton SystemWorks 2005 Premier
Norton SystemWorks 2005 Premier (Symantec Corporation)
Norton Utilities
Norton WMI Update
NSW_DRM_COLLECTION
NTI Backup NOW! 4
NTI CD & DVD-Maker
Panda spyXposer
PowerDVD
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB901214)
Skype 1.4
SoftV90 Data Fax Modem with SmartCP
SPBBC
SpeedTouch USB Software
Spy Sweeper
Spybot - Search & Destroy 1.4
Symantec
Symantec Script Blocking Installer
SymNet
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515 drivers.
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
WinRAR archiver
XoftSpy
  • 0

#13
jermaldan

jermaldan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Here it is! The PC is better but its a little slow for my liking. When I uninstall the
spycathing soft it should be better. ....I hope..:woot:

I would just like to say that you are a legend, nothing has happened with popups since the first prog that we ran and instead of letting me go then you stuck with its and made sure everythiong is that way that it should be. Real Quality!!!! :tazz: :)

The next thing that I have to do is to learn how to stip down XP to its bare essentials so to incerease the performance. Any suggestions (where to look... I dont expect you to help me tune XP for me :woot: Luckily for me my workplace doesnt enforce SOE builds :woot:

Heres my software inventory

Acer eManager for Notebook
Ad-Aware SE Personal
Adobe Reader 6.0
Athlon 64 Processor Driver
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Broadcom 802.11 Network Adapter
ccCommon
Codec Pack - All In 1 6.0.2.7
ewido security suite
Google Toolbar for Internet Explorer
HijackThis 1.99.1
Internet Worm Protection
J2SE Runtime Environment 5.0 Update 5
Launch Manager V1.0.8.1
LiveReg (Symantec Corporation)
LiveUpdate 2.5 (Symantec Corporation)
Microsoft AntiSpyware
MSRedist
Norton AntiVirus 2005
Norton AntiVirus 2005 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton CleanSweep
Norton Ghost 9.0
Norton SystemWorks
Norton SystemWorks 2005 Premier
Norton SystemWorks 2005 Premier (Symantec Corporation)
Norton Utilities
Norton WMI Update
NSW_DRM_COLLECTION
NTI Backup NOW! 4
NTI CD & DVD-Maker
Panda spyXposer
PowerDVD
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB901214)
Skype 1.4
SoftV90 Data Fax Modem with SmartCP
SPBBC
SpeedTouch USB Software
Spy Sweeper
Spybot - Search & Destroy 1.4
Symantec
Symantec Script Blocking Installer
SymNet
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515 drivers.
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
WinRAR archiver
XoftSpy
  • 0

#14
jermaldan

jermaldan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Here it is! The PC is better but its a little slow for my liking. When I uninstall the
spycathing soft it should be better. ....I hope..:woot:

I would just like to say that you are a legend, nothing has happened with popups since the first prog that we ran and instead of letting me go then you stuck with its and made sure everythiong is that way that it should be. Real Quality!!!! :tazz: :)

The next thing that I have to do is to learn how to stip down XP to its bare essentials so to incerease the performance. Any suggestions (where to look... I dont expect you to help me tune XP for me :woot: Luckily for me my workplace doesnt enforce SOE builds :woot:

Heres my software inventory

Acer eManager for Notebook
Ad-Aware SE Personal
Adobe Reader 6.0
Athlon 64 Processor Driver
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Broadcom 802.11 Network Adapter
ccCommon
Codec Pack - All In 1 6.0.2.7
ewido security suite
Google Toolbar for Internet Explorer
HijackThis 1.99.1
Internet Worm Protection
J2SE Runtime Environment 5.0 Update 5
Launch Manager V1.0.8.1
LiveReg (Symantec Corporation)
LiveUpdate 2.5 (Symantec Corporation)
Microsoft AntiSpyware
MSRedist
Norton AntiVirus 2005
Norton AntiVirus 2005 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton CleanSweep
Norton Ghost 9.0
Norton SystemWorks
Norton SystemWorks 2005 Premier
Norton SystemWorks 2005 Premier (Symantec Corporation)
Norton Utilities
Norton WMI Update
NSW_DRM_COLLECTION
NTI Backup NOW! 4
NTI CD & DVD-Maker
Panda spyXposer
PowerDVD
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB901214)
Skype 1.4
SoftV90 Data Fax Modem with SmartCP
SPBBC
SpeedTouch USB Software
Spy Sweeper
Spybot - Search & Destroy 1.4
Symantec
Symantec Script Blocking Installer
SymNet
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515 drivers.
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
WinRAR archiver
XoftSpy
  • 0

#15
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
I don't like XoftSpy, but it's personal.

You can cleanup a bit:
To clean up your Internet Explorer, clear the History, Temporary Internet Files, and your Cookies by perform the following steps:
  • Click Tools.
    The Internet Options window appears.
  • Under the General tab, click Delete Cookies.
    The Delete Cookies window appears.
  • Delete all cookies in the Temporary Internet Files folder? appears.
  • Click OK.
    This may take several minutes to complete.
  • After deleting the cookies in the Temporary Internet Files folder, click Delete Files.
    The Delete Files window appears.
  • Click Ok to Delete all files in the Temporary Internet Files Folder?.
    This may take several minutes to complete.
  • Click Clear History.
    A new Internet Options window appears.
  • When asked Are you sure you want Windows to delete your history of visited Web sites?, click Yes.
    This may take several minutes to complete.
***

Download CleanUp!.
If that doesn’t work, use this link.
Here is a tutorial which describes its usage:
http://www.bleepingc...tutorial93.html

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options"
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Scan local drives for temporary files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

Once it's done, press Close. Reboot the system. This will remove files that were in use during the scan.

***

If a lot was removed you may want to defragment the disk.

***

We have a whole bunch of experts on Geeks to Go!

You can post your request in the forum Windows XP.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP