Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Internet popup screen r driving me crazy

Started by El Jota , Nov 03 2005 02:35 PM

  • Please log in to reply

#16
Buckeye_Sam
Posted 15 November 2005 - 07:05 PM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing


Your logs show that Look2Me appears to be gone. But I'd like to see what Spysweeper is picking up on. Please run a scan with Spysweeper and post the log here in your next reply along with a new hijackthis log.
  • 0

Advertisements

#17
El Jota
Posted 16 November 2005 - 08:34 AM

El Jota

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Sam, here are the requested logs... thanks

********
8:42 PM: | Start of Session, Tuesday, November 15, 2005 |
8:42 PM: Spy Sweeper started
8:42 PM: Sweep initiated using definitions version 573
8:43 PM: Starting Memory Sweep
8:52 PM: The Spy Communication shield has blocked access to: banners.pennyweb.com
8:52 PM: The Spy Communication shield has blocked access to: banners.pennyweb.com
8:57 PM: Memory Sweep Complete, Elapsed Time: 00:14:03
8:57 PM: Starting Registry Sweep
8:59 PM: Registry Sweep Complete, Elapsed Time:00:02:18
8:59 PM: Starting Cookie Sweep
8:59 PM: Found Spy Cookie: 2o7.net cookie
8:59 PM: jesus.diaz@2o7[2].txt (ID = 1957)
8:59 PM: Found Spy Cookie: addynamix cookie
8:59 PM: [email protected][1].txt (ID = 2062)
8:59 PM: Found Spy Cookie: belnk cookie
8:59 PM: jesus.diaz@belnk[1].txt (ID = 2292)
8:59 PM: [email protected][2].txt (ID = 2293)
8:59 PM: Found Spy Cookie: realmedia cookie
8:59 PM: jesus.diaz@realmedia[2].txt (ID = 3235)
8:59 PM: Found Spy Cookie: starware.com cookie
8:59 PM: jesus.diaz@starware[2].txt (ID = 3441)
8:59 PM: Found Spy Cookie: tribalfusion cookie
8:59 PM: jesus.diaz@tribalfusion[2].txt (ID = 3589)
8:59 PM: Found Spy Cookie: screensavers.com cookie
8:59 PM: [email protected][2].txt (ID = 3298)
8:59 PM: Cookie Sweep Complete, Elapsed Time: 00:00:05
8:59 PM: Warning: System Error. Code: 3.
The system cannot find the path specified
8:59 PM: Starting File Sweep
8:59 PM: Warning: Failed to open file "c:\hiberfil.sys". The process cannot access the file because it is being used by another process
8:59 PM: Warning: Failed to open file "c:\pagefile.sys". The process cannot access the file because it is being used by another process
9:00 PM: Warning: Failed to open file "c:\documents and settings\jesus.diaz\ntuser.dat". The process cannot access the file because it is being used by another process
9:00 PM: Warning: Failed to open file "c:\documents and settings\jesus.diaz\ntuser.dat.log". The process cannot access the file because it is being used by another process
9:00 PM: Warning: Failed to open file "c:\documents and settings\jesus.diaz\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
9:00 PM: Warning: Failed to open file "c:\documents and settings\jesus.diaz\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
9:00 PM: Warning: Failed to open file "c:\documents and settings\jesus.diaz\local settings\temp\temporary internet files\content.ie5\sxub49a3\rch%3fq%3dexpositor&kw_type=broad&kw=expositor&num_radlinks=5&max_radlink_len=27®ion=def&cc=100&u_h=1024&u_w=1280&u_ah=994&u_aw=1280&u_cd=32&u_tz=-300&u_his=15&u_java=true". The system cannot find the path specified
9:01 PM: Warning: Failed to open file "c:\documents and settings\jesus.diaz\local settings\temp\temporary internet files\content.ie5\wh2zkl2n\subforum&border_color=%23ffffff&background_color=%23ffffff&title_color=%23ffffff&text_color=%23ffffff&override=1&class=my_banner_class&show_title=0&show_join_link=0&width=710". The system cannot find the path specified
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs07aa1192-f591-4bd7-9587-8bf9caa3f244.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs0accf05e-c272-4896-ba11-9efe880c0c6c.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs0ce0d695-567f-4c8e-8d0d-7e1f4d46e7ab.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs0fc834ca-190d-40d7-8277-daf42a97f5d4.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs126093f6-7951-46c6-aa72-29bbfb2d2366.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs12c458d6-f4dd-44b7-8f1e-d7e62e53fa5b.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs13bc83f2-7d0b-43e3-b2fa-2ec4820dac5c.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs159cdbb9-7938-45cd-9fa7-1960dcfe3c37.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs1b598f0b-6939-4c83-aeb0-d22d3f03acbb.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs1e6e0c3b-3fd7-4bd8-870d-0e47c0db38bb.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs1f7b3405-b473-4c96-9281-332efe8b8a91.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs20478af5-b5ed-4707-972b-bec5390e6bfe.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs218f7cca-4efc-4980-8fe1-eeeb7b7ae0b4.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs27ad7b14-5c7d-4be6-9368-3449669c04c9.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs28f937ba-4786-44f2-bf86-ad64f18d6d6f.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2920a27c-a4a0-416a-9e22-40f83bc74d24.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2a0f7907-9a59-4cdb-9d4f-2e1405c128d7.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2a6ed30e-49bd-4b07-9702-db1a4a3ddfaf.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2e6c926f-db4b-40dc-bce9-29026f5e1691.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2facb77a-85dd-4d0e-82eb-5ae9ed3a600f.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs37de55b2-eed1-41e1-bcaa-6f354ac19d8b.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3df49e44-1304-46e8-bcca-9ce6ea95570f.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs43457574-feb8-42cc-90ac-e3176923b044.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs43acddbc-4d4e-4779-b736-ef42c0d57f27.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4a58126a-c7d8-4c79-b621-a4da8f8b37b7.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4b04986b-a1a5-4951-a1d3-aae5004b2167.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4d93e886-40aa-4bca-81ae-000960154936.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4ef2aaf5-5d29-464f-9f9a-1f78fb3b5a39.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4f5579cc-9f41-4eaf-bdd0-d2e2f9d1eb6d.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs57babd0e-f194-4d90-8659-ca0c7a498e6c.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs57c1c1ca-1062-4181-92ac-1ca14fa1168c.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs583902be-c4e3-49d5-8d5a-f37320078320.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5a1d1401-17dd-4b38-8633-82d46cd460b7.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5b8168ea-4743-4a23-bf17-db929b3b1f95.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5f766f66-e5d2-4ecf-b46b-c1bbbd2bbd15.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs61ea3e00-74da-41e6-b7d0-c4e65f1fdf93.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs64b4ad1a-ae43-4cb6-ae60-db9c8b06aded.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs65af7355-6c89-48f1-98fa-a822fda64f87.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs66aba110-9dfa-47a5-aef8-b0591fe4a176.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6b584fa1-b07c-49f2-a13e-308edd39c7d8.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6de0e70f-483f-4c0f-ba3a-d22140811328.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs73750ac4-93a6-4e63-a1b7-0a836f220909.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs738feac3-1480-4cf3-8c7a-3e59fa0b9a13.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs7540a622-f11e-42fc-ba18-acc0cf0cf574.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs75986313-488b-4fa3-a7ab-b31282be9f5d.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs7729a187-7ba4-4fe5-9f4e-3ff1b0e85bde.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs79607873-1b6d-41f4-9382-c5dbda26ed44.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs7ae706b1-28d2-44a9-a709-09d6d63cd200.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs7e7b371c-196f-42d9-96e4-7fd9c779cf1f.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs83b0c3ed-1b12-435b-8980-2a42ac46ca0e.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs884cf840-ad22-4a5a-8ad1-d7801204d791.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs88ff9768-e0b4-449b-b992-1bef4486961a.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs89410ca7-f8ce-4e7a-95f6-fdf29a09099c.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8a356a27-a489-4f71-b1fe-5a53ca30d74a.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8b2022f4-f233-4362-90cc-285abdf23801.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8da2456b-3f85-41b8-babe-3ee3e208ef71.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8e43fe4a-50f7-4094-bbe8-94e1068c4a50.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs912f9e8e-0829-4db5-84ba-87ded458c537.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs91782732-21f4-4643-8cb7-c6c5b8635a64.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs95c75309-8869-46a4-8c8a-49688a333b0b.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs96a8369c-e248-4415-97ba-dd54ab69ebf5.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs99bbb7db-3be9-4a84-8b84-f1eda61e44e3.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9af5dd01-cba0-42c4-977f-3d65e01a6960.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9c7e2ca6-a743-4385-8e96-171543e728a1.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9d97e216-05e0-4407-962b-6bbf63154242.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9e55ff02-7e7f-496d-bcb1-2884f754170f.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9f17d82b-f164-4360-84dd-53e68d7fddce.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9fa3a738-3d71-4f8c-9628-3d8bb3720e77.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa609b56d-b936-4473-877f-cbbf919134aa.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa62e40b7-9103-449c-9f39-2497a7605369.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa77a81bc-7ecb-4ca7-ae1c-cc131808980f.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsaaa7020d-c053-4934-a470-e0dacaf6c359.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsacd0f64c-9e65-4403-989e-897be256c8f0.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb03136c4-dc36-40b8-9e6c-236b502eda69.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb1a2c2fe-6430-48eb-9afb-a7fc216dae65.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb4b9f10d-12df-49f1-bc0d-8276d41e64ca.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb5e1fe19-0672-46c7-8f76-b2028ed601bd.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb7f960e1-0f0c-4716-8596-48dc39df8ac9.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb8f7a7bc-94db-416b-9a99-0ad19448f84f.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsbc62c9fb-e6dc-4997-b038-389e0f599ef8.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsbfebfacb-de37-475d-b5cc-4605ae291ee7.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc1b9b0d3-a523-46bf-97bd-2e7d4337988f.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc3fec809-9d04-4a7f-b685-ab17a8e54a85.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc750e29b-c88f-4a07-9fde-9fa6fbbb4b41.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscscc0b7297-aea8-4bea-b3d2-3ade12ab37fc.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscscc5dbfb8-0947-40ae-a20f-8b58cb22267e.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscscd979ef7-233a-4ab5-a790-803aa55aa197.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscscf5ff658-f3bb-48ff-9eef-a08660084711.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscscfebb15c-270d-48a8-b3cb-a4157006def9.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd05c13d0-14f1-489a-a54e-96791c4b5126.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd6c02eab-db08-4e44-b564-879fd395d5f7.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd914b828-3c31-47dc-ae2e-ecdcf61700d9.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsdc39a4b4-7148-4bc2-b5f8-4a052df05c7c.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsdcdb0a49-a58b-4b23-8574-664533ee3469.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse138335f-74fc-4833-86a1-6880eae1a158.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse775aac0-c4aa-42dc-b090-3ee03284444b.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsea67751c-bc81-4219-9427-54f11879d738.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscseb33e902-0aba-43df-adb2-d95af8ce8eb3.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsed77ba98-c2d9-46f1-934b-44f34c067fd8.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsef9657e3-b385-41f9-a2ef-f924db696806.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsefab5d81-8793-40e3-af31-89685e5576af.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf817faff-4244-4b2e-8390-211f899825f7.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf9611769-e82b-466c-a3cd-55a9646a2a37.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsfeaa09e6-bcc7-4464-b395-9876ebcb6eed.tmp". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
9:03 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
9:20 PM: Warning: Failed to open file "c:\windows\softwaredistribution\eventcache\{cde45e11-263c-4ad9-afb9-4c64513fdf17}.bin". The process cannot access the file because it is being used by another process
9:25 PM: Warning: Failed to open file "c:\windows\system32\config\default". The process cannot access the file because it is being used by another process
9:25 PM: Warning: Failed to open file "c:\windows\system32\config\default.log". The process cannot access the file because it is being used by another process
9:25 PM: Warning: Failed to open file "c:\windows\system32\config\sam". The process cannot access the file because it is being used by another process
9:25 PM: Warning: Failed to open file "c:\windows\system32\config\sam.log". The process cannot access the file because it is being used by another process
9:25 PM: Warning: Failed to open file "c:\windows\system32\config\security". The process cannot access the file because it is being used by another process
9:25 PM: Warning: Failed to open file "c:\windows\system32\config\security.log". The process cannot access the file because it is being used by another process
9:25 PM: Warning: Failed to open file "c:\windows\system32\config\software". The process cannot access the file because it is being used by another process
9:25 PM: Warning: Failed to open file "c:\windows\system32\config\software.log". The process cannot access the file because it is being used by another process
9:25 PM: Warning: Failed to open file "c:\windows\system32\config\system". The process cannot access the file because it is being used by another process
9:25 PM: Warning: Failed to open file "c:\windows\system32\config\system.log". The process cannot access the file because it is being used by another process
9:32 PM: Warning: System Error. Code: 3.
The system cannot find the path specified
9:42 PM: File Sweep Complete, Elapsed Time: 00:43:15
9:42 PM: Full Sweep has completed. Elapsed time 00:59:56
9:42 PM: Traces Found: 8
9:22 AM: Removal process initiated
9:23 AM: Quarantining All Traces: 2o7.net cookie
9:23 AM: Quarantining All Traces: addynamix cookie
9:23 AM: Quarantining All Traces: belnk cookie
9:23 AM: Quarantining All Traces: realmedia cookie
9:23 AM: Quarantining All Traces: screensavers.com cookie
9:23 AM: Quarantining All Traces: starware.com cookie
9:23 AM: Quarantining All Traces: tribalfusion cookie
9:23 AM: Removal process completed. Elapsed time 00:00:17
********
6:17 PM: | Start of Session, Monday, November 14, 2005 |
6:17 PM: Spy Sweeper started
6:17 PM: Sweep initiated using definitions version 572
6:18 PM: Starting Memory Sweep
6:40 PM: Memory Sweep Complete, Elapsed Time: 00:22:55
6:40 PM: Starting Registry Sweep
6:41 PM: Found Adware: azsearch toolbar
6:41 PM: HKCR\azentretien.loader\ (5 subtraces) (ID = 103886)
6:41 PM: HKCR\clsid\{0d2def3a-f4f1-42ec-ac4f-132e7ba6e292}\ (11 subtraces) (ID = 103887)
6:41 PM: HKLM\software\azentretienco\ (3 subtraces) (ID = 103905)
6:41 PM: HKLM\software\classes\azentretien.loader.1\ (3 subtraces) (ID = 103909)
6:41 PM: HKLM\software\classes\azentretien.loader\ (5 subtraces) (ID = 103910)
6:41 PM: HKLM\software\classes\clsid\{0d2def3a-f4f1-42ec-ac4f-132e7ba6e292}\ (11 subtraces) (ID = 103911)
6:41 PM: HKLM\software\microsoft\code store database\distribution units\{d7bf3304-138b-4dd5-86ee-491bb6a2286c}\ (9 subtraces) (ID = 103943)
6:44 PM: Registry Sweep Complete, Elapsed Time:00:03:39
6:44 PM: Starting Cookie Sweep
6:44 PM: Found Spy Cookie: yieldmanager cookie
6:44 PM: [email protected][2].txt (ID = 3751)
6:44 PM: Found Spy Cookie: falkag cookie
6:44 PM: [email protected][1].txt (ID = 2650)
6:44 PM: Found Spy Cookie: azjmp cookie
6:44 PM: jesus.diaz@azjmp[2].txt (ID = 2270)
6:44 PM: Found Spy Cookie: belnk cookie
6:44 PM: jesus.diaz@belnk[1].txt (ID = 2292)
6:44 PM: [email protected][2].txt (ID = 2293)
6:44 PM: Found Spy Cookie: paypopup cookie
6:44 PM: jesus.diaz@paypopup[2].txt (ID = 3119)
6:44 PM: Found Spy Cookie: questionmarket cookie
6:44 PM: jesus.diaz@questionmarket[1].txt (ID = 3217)
6:44 PM: Found Spy Cookie: realmedia cookie
6:44 PM: jesus.diaz@realmedia[2].txt (ID = 3235)
6:44 PM: Found Spy Cookie: rn11 cookie
6:44 PM: jesus.diaz@rn11[2].txt (ID = 3261)
6:44 PM: [email protected][2].txt (ID = 2650)
6:44 PM: Found Spy Cookie: spylog cookie
6:44 PM: jesus.diaz@spylog[2].txt (ID = 3415)
6:44 PM: Found Spy Cookie: onestat.com cookie
6:44 PM: [email protected][2].txt (ID = 3098)
6:44 PM: Found Spy Cookie: statcounter cookie
6:44 PM: jesus.diaz@statcounter[2].txt (ID = 3447)
6:44 PM: Found Spy Cookie: toplist cookie
6:44 PM: jesus.diaz@toplist[2].txt (ID = 3557)
6:44 PM: Found Spy Cookie: tribalfusion cookie
6:44 PM: jesus.diaz@tribalfusion[2].txt (ID = 3589)
6:44 PM: Found Spy Cookie: yadro cookie
6:44 PM: jesus.diaz@yadro[1].txt (ID = 3743)
6:44 PM: Cookie Sweep Complete, Elapsed Time: 00:00:11
6:44 PM: Warning: System Error. Code: 3.
The system cannot find the path specified
6:44 PM: Starting File Sweep
6:44 PM: Warning: Failed to open file "c:\hiberfil.sys". The process cannot access the file because it is being used by another process
6:44 PM: Warning: Failed to open file "c:\pagefile.sys". The process cannot access the file because it is being used by another process
6:46 PM: Warning: Failed to open file "c:\documents and settings\jesus.diaz\ntuser.dat". The process cannot access the file because it is being used by another process
6:46 PM: Warning: Failed to open file "c:\documents and settings\jesus.diaz\ntuser.dat.log". The process cannot access the file because it is being used by another process
6:46 PM: Warning: Failed to open file "c:\documents and settings\jesus.diaz\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
6:46 PM: Warning: Failed to open file "c:\documents and settings\jesus.diaz\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
6:46 PM: Warning: Failed to open file "c:\documents and settings\jesus.diaz\local settings\temp\perflib_perfdata_cbc.dat". The process cannot access the file because it is being used by another process
6:46 PM: Warning: Failed to open file "c:\documents and settings\jesus.diaz\local settings\temp\~dfc158.tmp". The process cannot access the file because it is being used by another process
6:46 PM: Warning: Failed to open file "c:\documents and settings\jesus.diaz\local settings\temp\temporary internet files\content.ie5\sxub49a3\rch%3fq%3dexpositor&kw_type=broad&kw=expositor&num_radlinks=5&max_radlink_len=27®ion=def&cc=100&u_h=1024&u_w=1280&u_ah=994&u_aw=1280&u_cd=32&u_tz=-300&u_his=15&u_java=true". The system cannot find the path specified
6:47 PM: Warning: Failed to open file "c:\documents and settings\jesus.diaz\local settings\temp\temporary internet files\content.ie5\wh2zkl2n\subforum&border_color=%23ffffff&background_color=%23ffffff&title_color=%23ffffff&text_color=%23ffffff&override=1&class=my_banner_class&show_title=0&show_join_link=0&width=710". The system cannot find the path specified
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs07684047-0e9e-4331-ab96-8fce8e4a90a8.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs0f323367-3c76-4746-8e71-1d42ab649b14.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs103571da-757c-4a7f-a8cf-839e3c746710.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs112738b2-baf8-4e8e-988f-ce20eed3ff8f.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs16597bd9-86bc-41eb-9028-4077607ae4f4.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs1828bf3d-75a3-4335-92ed-35fece7126fe.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs1ab0a492-2bb5-4164-a827-c7c30269add3.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs1b423709-1582-4d13-a2f9-1ca3154d025f.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs1c5ad3f2-ae27-491a-9dff-23df069e2516.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs1e57598d-dc33-4b7b-9d2b-0148b4e66da3.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs20040a2f-17dc-4134-b52c-eb72f510191f.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2163c748-36ef-4ae3-b25d-2fe1992603df.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2456532f-8d98-4b54-ab56-48fec7b84d38.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs25d2dbaa-80be-4b40-87fb-16eabbc32633.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs29a97e65-ad0b-40e4-9f91-99afd1ce6b64.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2b19e298-6e3c-4c97-8223-9fcadc1e2ccc.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2b5135bc-6c2f-4679-a223-7af1bafab2fa.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs32a1a7c9-0006-48c2-bf16-fb6017e2df79.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs34780bd2-ddf4-4a35-ae37-4efe242ecb1a.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs34fbbdea-15a3-4cce-9e10-dc4b4543e5f9.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs384aee94-a174-4dd5-bc90-fc9bed9b888a.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3910c7c7-ea38-4655-a7a2-9580b26b3b2a.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3a6e8c1e-0294-4af7-87df-66c835f1b6ef.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3aa20250-8d7d-4c7b-b730-1bf97b043ff6.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3ab9dfe1-9b30-4753-9e23-8e3d1b8c1589.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3e915a60-c564-4d9c-a2cb-00064617bb25.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs406fd4da-d7cf-4bb4-b103-0f27bad86946.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4076c1fa-db24-4391-a43d-4207be1cedf2.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs42674464-a8ce-44bb-8b17-e35b13e93f5e.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs447420d6-0bcc-4c51-9c51-b8a64a5184e7.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4642caa9-e675-45ad-8368-ff1da4bceabf.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs468ce22d-d2ab-4e3d-b11e-4a50ca86643c.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs503614f7-4bca-4bf2-9932-81fa010a4c45.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs52932d09-8a33-444d-a765-5d892e13a2bd.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs52c87d87-03ce-43bc-ac7c-45f7d69968c3.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5409414d-2fd8-4fa8-9f45-7ef4907068e5.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs56c21dfe-e8d9-4d65-b17a-e4274c96a9e7.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5e71e018-3cf9-479c-962e-822d765b2b0b.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5edb7b19-ab0e-4614-a0c9-1acab43ff320.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs61fd7c68-5716-45cd-920e-69b834e06a3e.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs630ea1de-b428-42b2-a34b-e1cc10a10a5f.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs653244b0-ab69-4f30-85fa-5bba5d424141.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6642a7eb-e034-49bc-868b-29d9f3b8df47.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs68959a3d-fc9c-4b97-9d53-d74d7b0022fa.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs696cd347-387e-4272-8a7d-03d6c871a2a1.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs7067e73a-ff60-478b-b48d-3db6bdd5fa42.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs75042d24-2289-441c-9e05-ceea2157518b.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs78b5b2e0-f6a8-4cf0-bc8c-4a9753920b44.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs797838ae-dd08-45a2-a306-12d7b3986330.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs7ae024cb-ba48-4e75-8a68-2d6a587bb1d8.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs7ff66b10-4318-47d3-8322-fb85e785235b.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs81a87a97-e7a5-4143-ae28-4047eaf3234a.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs83f146f1-dab8-4bee-9697-4115e98f5b7e.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8af71f61-0ca6-4492-ba15-9d655202b7af.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8c0cce90-f357-467b-8758-3ef6568042ad.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8c6c676a-3517-4e2a-b635-949ed3bba318.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8cd8e8c1-241b-4d2e-a0a6-4d38674b3fa4.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8d23a66f-7ae1-4dde-8f22-1e6d6f2fae57.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8f3e238e-798c-4454-acf3-1c7cb05a1c7e.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs913fa1b2-7427-41e0-9a51-3c477d7f26d9.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs92cda52e-c6d0-4492-98ad-327d4bdf3cac.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs954e6f50-5908-49f3-9c15-2a00e6da48f3.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs95b44b81-e457-40e0-b05d-463409a06e25.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs965bee68-445b-4759-bfa9-74ae2c0611f7.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs96bad0f7-07bd-4b1f-b401-8832fc109d0e.tmp". The process cannot access the file because it is being used by another process
6:49 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs97d500c4-b305-4086-9b05-58ce5e407673.tmp". The process ca
  • 0

#18
Buckeye_Sam
Posted 16 November 2005 - 07:50 PM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Nothing useful. Let's take one more look at a different log just to be sure.

Download WindPFind

Extract WinPFind.zip to your c:\ folder.

Reboot your computer into Safe Mode
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
* if you have trouble getting into Safe mode go here for more info.


Then open c:\WinPFind and double-click on WinPFind.exe.
When the program is open, click on the Start Scan button to start scanning your computer. Be patient as this scan may take a while.
When it is done, it will show a log and tell you the scan is completed. Reboot your computer back to normal mode and and post the contents of c:\WinPFind\WinPFind.txt as a reply to this topic.
  • 0

#19
El Jota
Posted 17 November 2005 - 01:50 PM

El Jota

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Sam here is the log of WinPFind:

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Items found in C:\WINDOWS\hosts

PECompact2 11/3/2005 12:55:38 PM 16297517 C:\WINDOWS\LPT$VPN.925
qoologic 11/3/2005 12:55:38 PM 16297517 C:\WINDOWS\LPT$VPN.925
SAHAgent 11/3/2005 12:55:38 PM 16297517 C:\WINDOWS\LPT$VPN.925
UPX! 11/3/2005 12:55:40 PM 170053 C:\WINDOWS\tsc.exe
PECompact2 11/3/2005 12:55:38 PM 16297517 C:\WINDOWS\VPTNFILE.925
qoologic 11/3/2005 12:55:38 PM 16297517 C:\WINDOWS\VPTNFILE.925
SAHAgent 11/3/2005 12:55:38 PM 16297517 C:\WINDOWS\VPTNFILE.925
UPX! 11/3/2005 12:55:40 PM 1044560 C:\WINDOWS\vsapi32.dll
aspack 11/3/2005 12:55:40 PM 1044560 C:\WINDOWS\vsapi32.dll

Checking %System% folder...
PEC2 8/23/2001 7:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PEC2 10/26/2004 5:38:24 PM 716800 C:\WINDOWS\SYSTEM32\DivX.dll
PECompact2 10/26/2004 5:38:24 PM 716800 C:\WINDOWS\SYSTEM32\DivX.dll
UPX! 1/13/2005 9:41:48 PM 11254 C:\WINDOWS\SYSTEM32\locate.com
PECompact2 11/2/2005 12:34:18 AM 2368864 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 11/2/2005 12:34:18 AM 2368864 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/3/2004 5:56:38 PM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/3/2004 5:56:46 PM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
UPX! 1/20/2005 1:47:50 PM 175616 C:\WINDOWS\SYSTEM32\strings.exe
winsync 8/23/2001 7:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts
127.0.0.1 www.qoologic.com
127.0.0.1 www.urllogic.com


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
11/17/2005 2:28:56 PM S 2048 C:\WINDOWS\bootstat.dat
11/15/2005 2:10:26 PM H 54156 C:\WINDOWS\QTFont.qfn
11/14/2005 11:13:22 AM S 64 C:\WINDOWS\CSC\00000001
11/14/2005 10:31:30 AM S 64 C:\WINDOWS\CSC\00000002
10/20/2005 9:54:48 AM S 64 C:\WINDOWS\CSC\csc1.tmp
10/18/2005 12:54:56 PM H 65536 C:\WINDOWS\Minidump\Mini101805-01.dmp
10/5/2005 8:33:38 PM S 12849 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896424.cat
10/4/2005 6:17:42 PM S 21737 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896688.cat
9/28/2005 11:53:30 AM S 17402 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB900725.cat
11/17/2005 2:29:00 PM H 12288 C:\WINDOWS\system32\config\default.LOG
11/17/2005 2:29:16 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
11/17/2005 2:29:00 PM H 24576 C:\WINDOWS\system32\config\SECURITY.LOG
11/17/2005 2:29:38 PM H 106496 C:\WINDOWS\system32\config\software.LOG
11/17/2005 2:29:16 PM H 823296 C:\WINDOWS\system32\config\system.LOG
11/10/2005 3:25:08 PM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
11/1/2005 4:46:32 PM S 6385 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\486CC6AFD08942336C61FCD401C4A1D1
11/1/2005 4:46:32 PM S 18387 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\74BFD122C0875EC75DBE5C6DB4C59019
11/1/2005 4:46:32 PM S 120 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\486CC6AFD08942336C61FCD401C4A1D1
11/1/2005 4:46:32 PM S 124 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\74BFD122C0875EC75DBE5C6DB4C59019
11/17/2005 2:27:42 PM H 6 C:\WINDOWS\Tasks\SA.DAT
10/20/2005 11:46:12 AM HS 113 C:\WINDOWS\Temp\History\History.IE5\desktop.ini
10/20/2005 11:46:12 AM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini
11/3/2005 2:22:32 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\0HY3CTQR\desktop.ini
11/3/2005 2:22:32 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\4HWL0725\desktop.ini
11/3/2005 2:22:32 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\4N0RC9IN\desktop.ini
11/3/2005 2:22:32 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\OTQR8HIN\desktop.ini

Checking for CPL files...
Microsoft Corporation 8/3/2004 5:56:58 PM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/3/2004 5:56:58 PM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
6/21/1999 5:10:00 AM 183808 C:\WINDOWS\SYSTEM32\bdeadmin.cpl
Microsoft Corporation 8/3/2004 5:56:58 PM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/3/2004 5:56:58 PM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/3/2004 5:56:58 PM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/3/2004 5:56:58 PM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/3/2004 5:56:58 PM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/3/2004 5:56:58 PM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/3/2004 5:56:58 PM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/3/2004 5:56:58 PM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Microsoft Corporation 8/23/2001 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/3/2004 5:56:58 PM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/23/2001 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/3/2004 5:56:58 PM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/3/2004 5:56:58 PM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/23/2001 7:00:00 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 8/3/2004 5:56:58 PM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/3/2004 5:56:58 PM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 8/3/2004 5:56:58 PM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/23/2001 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/3/2004 5:56:58 PM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/3/2004 5:56:58 PM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/3/2004 5:56:58 PM 68608 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 8/3/2004 5:56:58 PM 549888 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 8/3/2004 5:56:58 PM 135168 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 8/3/2004 5:56:58 PM 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl
Microsoft Corporation 8/3/2004 5:56:58 PM 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 8/3/2004 5:56:58 PM 358400 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 8/3/2004 5:56:58 PM 129536 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 8/3/2004 5:56:58 PM 68608 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 8/23/2001 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/3/2004 5:56:58 PM 618496 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 8/23/2001 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/3/2004 5:56:58 PM 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl
Microsoft Corporation 8/3/2004 5:56:58 PM 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 8/23/2001 7:00:00 AM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 8/3/2004 5:56:58 PM 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 8/3/2004 5:56:58 PM 114688 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 8/3/2004 5:56:58 PM 155648 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 8/3/2004 5:56:58 PM 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 8/23/2001 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 8/3/2004 5:56:58 PM 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
Microsoft Corporation 8/3/2004 5:56:58 PM 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
5/24/2005 6:04:14 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
11/14/2005 3:23:02 PM 1854 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Spy Sweeper Fix.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
5/24/2005 12:34:16 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
11/2/2005 7:31:56 PM 1751 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...
5/24/2005 6:04:14 PM HS 84 C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
5/24/2005 12:34:16 PM HS 62 C:\Documents and Settings\Administrator\Application Data\desktop.ini

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{0445F05A-7CB4-4E63-A817-BB910385FE24} = C:\WINDOWS\system32\ltasrv.dll

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\EditPlus
{63AFBDFB-5EF8-4791-AF79-9A3C0DE48974} = C:\Program Files\EditPlus 2\eppshell.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TextPad
{2F25CF20-C569-11D1-B94C-00608CB45480} = C:\Program Files\TextPad 4\System\shellext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WS_FTP
{797F3885-5429-11D4-8823-0050DA59922B} = C:\Program Files\Ipswitch\WS_FTP Pro\wsftpsi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WS_FTP
{797F3885-5429-11D4-8823-0050DA59922B} = C:\Program Files\Ipswitch\WS_FTP Pro\wsftpsi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmesus.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\AutorunsDisabled
MenuText = :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
ButtonText = Messenger :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ButtonText = Research :

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\system32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SpySweeper "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
FLuninst C:\WINDOWS\system32\FLKill.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption Bienvenidos al Dominio TSS
legalnoticetext Esta estacion debe ser utlizada para fines estrictamente laborales
shutdownwithoutlogon 0
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier
= WRLogonNTF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 11/17/2005 2:40:06 PM
  • 0

#20
Buckeye_Sam
Posted 17 November 2005 - 02:03 PM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Not much there either, but these files are suspicious.

C:\WINDOWS\system32\FLKill.exe
C:\WINDOWS\system32\ltasrv.dll

  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan" box on the top of the page:

    • C:\WINDOWS\system32\FLKill.exe
  • Disable your firewall if you are using one.
  • Click on the submit button
  • Reenable your firewall as soon as you get results.
  • Please post the results in your next reply.
Do the same thing with C:\WINDOWS\system32\ltasrv.dll
  • 0

#21
El Jota
Posted 17 November 2005 - 02:23 PM

El Jota

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Sam,
I'm not using a firewall. Here are the results:

File: C:\WINDOWS\system32\FLKill.exe
Status: OK
MD5 78fd0be1fc90ab013d1a588b99e41887
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found nothing


File: C:\WINDOWS\system32\ltasrv.dll
The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file

I tried to look manually for the file ltasrv.dll but I could not find it.
  • 0

#22
Buckeye_Sam
Posted 17 November 2005 - 04:02 PM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Please open Notepad, and copy/paste the code in the box below into a new text file. Save it as fix.reg (set Filetype to "All Files") and save it on your Desktop.

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{0445F05A-7CB4-4E63-A817-BB910385FE24}"=-

Now Locate and DoubleClick fix.reg-> Allow it to merge into the Registry!


Reboot and post a new hijackthis log. Let me know what problems you are still having.
  • 0

#23
El Jota
Posted 22 November 2005 - 02:40 PM

El Jota

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Sam,

This is the last HijackThis log report, I can not use Webroot Spy Sweeper anymore because my subscription has exipred, anyway I tested the PC for a couple of days and I have no longer those nasty popups.
Thanks a lot for all your patience and help.
Rgds,
Jota

Logfile of HijackThis v1.99.1
Scan saved at 3:23:28 PM, on 11/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Yahoo!\Messenger\ypager.exe
D:\Management\Tickets Control\TicketsControl.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
D:\Downloads\Sw 2000 - XP\Ad-Aware\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://csg.fescopor...entDetection=On
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.micr...pdate?clid=1033
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Trans Solutions Systems S.A.
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Spy Sweeper Fix.lnk = C:\Program Files\Webroot\Spy Sweeper\SpySweeperFix.bat
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search &Dictionary - D:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - D:\Program files\Lexico\Toolbar\thesaurus.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesus.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesus.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {29EF91B9-7120-477C-A5CB-2D67F2FD088C} (TeleControl Class) - https://213.146.159.201/rrc.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.co...UC/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn...ro.cab34246.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://iss-shipping...bex/ieatgpc.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.re...lbar/lexico.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tss.com.pe
O17 - HKLM\Software\..\Telephony: DomainName = tss.com.pe
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = tss.com.pe
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = tss.com.pe
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = tss.com.pe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Visibroker Activation Daemon (oad) - Unknown owner - C:\PROGRA~1\Borland\vbroker\bin\oad.exe
O23 - Service: VisiBroker Smart Agent (osagent) - Unknown owner - C:\PROGRA~1\Borland\vbroker\bin\osagent.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
  • 0

#24
Buckeye_Sam
Posted 22 November 2005 - 08:03 PM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Your log is clean! :tazz:

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Managing Windows Millenium System Restore

    or

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:) :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP