Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Pop up EXE's....PLEASE HELP.....Guys.. [RESOLVED]

Started by blonde_blueyes2 , Nov 05 2005 12:22 AM

  • This topic is locked This topic is locked

#1
blonde_blueyes2
Posted 05 November 2005 - 12:22 AM

blonde_blueyes2

    New Member

  • Member
  • Pip
  • 9 posts
Hey Guys, I just don't know what to do....I'm all alone in michigan trying to start my computer and I'm ready to chat with friends then : I'M IN POP UP H_E_L_L lol. Help....a woman out...if you can.....


thank you sweeties....wink wink



Logfile of HijackThis v1.99.1
Scan saved at 1:22:54 AM, on 11/5/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\WSCRIPT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\HIGHCRITERIA\TOTALRECORDER\TOTRECSCHED.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
C:\PROGRAM FILES\SONY\VAIO ACTION SETUP\VASERV.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOHMR08.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\INTEGRATOR.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOEVM08.EXE
C:\PROGRAM FILES\SUPPORT.COM\CLIENT\BIN\TGCMD.EXE
C:\WINDOWS\SYSTEM\HPZIPM12.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSTS08.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\NVUYQE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\NVUYQE.EXE
C:\WINDOWS\SYSTEM\NVUYQE.EXE
C:\WINDOWS\SYSTEM\NVUYQE.EXE
C:\WINDOWS\SYSTEM\NVUYQE.EXE
C:\WINDOWS\SYSTEM\NVUYQE.EXE
C:\WINDOWS\SYSTEM\NVUYQE.EXE
C:\WINDOWS\SYSTEM\NVUYQE.EXE
C:\WINDOWS\SYSTEM\NVUYQE.EXE
C:\WINDOWS\SYSTEM\NVUYQE.EXE
C:\WINDOWS\SYSTEM\NVUYQE.EXE
C:\WINDOWS\PROFILES\DARREN\APPLICATION DATA\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN3\YCOMP5_6_0_0.DLL
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - C:\WINDOWS\SYSTEM\qpf220.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN3\YCOMP5_6_0_0.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
O4 - HKLM\..\Run: [NAV Premend OEM Utility] A:\0107301.SYM\PREMEND.EXE -silent
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe
O4 - HKLM\..\Run: [OCAudioIni] C:\Program Files\One-click Audio Converter\OCAudioIni.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunOnce: [40HC4N.EXE] C:\WINDOWS\SYSTEM\40HC4N.EXE /k
O4 - HKCU\..\RunOnce: [40HC4N.EXE] C:\WINDOWS\SYSTEM\40HC4N.EXE /k
O4 - Startup: VAIO Action Setup (Server).lnk = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\hpis\bin\matcli.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
O4 - Startup: AntiCrash.lnk = C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe
O4 - User Startup: VAIO Action Setup (Server).lnk = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
O4 - User Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - User Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - User Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\hpis\bin\matcli.exe
O4 - User Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - User Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - User Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
O4 - User Startup: AntiCrash.lnk = C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

Edited by blonde_blueyes2, 05 November 2005 - 12:23 AM.

  • 0

Advertisements

#2
Buckeye_Sam
Posted 09 November 2005 - 08:50 PM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Hi and welcome to GeeksToGo! My name is Sam and I will be helping you. :tazz:

I apologize for the delay getting to your log, the helpers here are very busy.
If you still need help, please post a fresh Hijack log, in this thread, so I can help you with your Malware Problems.

If you have resolved this issue please let us know.
  • 0

#3
blonde_blueyes2
Posted 10 November 2005 - 02:34 AM

blonde_blueyes2

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Awwww.....Sam thank you so so so much...sweets....here u go...



Logfile of HijackThis v1.99.1
Scan saved at 3:34:30 AM, on 11/10/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\WSCRIPT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\HIGHCRITERIA\TOTALRECORDER\TOTRECSCHED.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
C:\PROGRAM FILES\SONY\VAIO ACTION SETUP\VASERV.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOHMR08.EXE
C:\WINDOWS\INTEGRATOR.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOEVM08.EXE
C:\PROGRAM FILES\SUPPORT.COM\CLIENT\BIN\TGCMD.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSTS08.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\3OF.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\3OF.EXE
C:\WINDOWS\SYSTEM\3OF.EXE
C:\WINDOWS\SYSTEM\3OF.EXE
C:\WINDOWS\SYSTEM\3OF.EXE
C:\WINDOWS\SYSTEM\3OF.EXE
C:\WINDOWS\SYSTEM\3OF.EXE
C:\WINDOWS\SYSTEM\3OF.EXE
C:\WINDOWS\SYSTEM\3OF.EXE
C:\WINDOWS\SYSTEM\3OF.EXE
C:\WINDOWS\PROFILES\DARREN\APPLICATION DATA\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN3\YCOMP5_6_0_0.DLL
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - C:\WINDOWS\SYSTEM\n16ph05.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN3\YCOMP5_6_0_0.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
O4 - HKLM\..\Run: [NAV Premend OEM Utility] A:\0107301.SYM\PREMEND.EXE -silent
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe
O4 - HKLM\..\Run: [OCAudioIni] C:\Program Files\One-click Audio Converter\OCAudioIni.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunOnce: [HABOQ0U.EXE] C:\WINDOWS\SYSTEM\HABOQ0U.EXE /k
O4 - HKCU\..\RunOnce: [HABOQ0U.EXE] C:\WINDOWS\SYSTEM\HABOQ0U.EXE /k
O4 - Startup: VAIO Action Setup (Server).lnk = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\hpis\bin\matcli.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
O4 - Startup: AntiCrash.lnk = C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe
O4 - User Startup: VAIO Action Setup (Server).lnk = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
O4 - User Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - User Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - User Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\hpis\bin\matcli.exe
O4 - User Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - User Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - User Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
O4 - User Startup: AntiCrash.lnk = C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
  • 0

#4
Buckeye_Sam
Posted 10 November 2005 - 07:48 AM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Let's see what we can do for ya. :tazz:

Please follow these steps:
  • Please make sure that you can View Hidden Files
    • Click Start -> My Computer
    • Select Tools -> Folder options
    • Select the View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled.
    • Also make sure that 'Display the contents of system folders' is checked.
    • For more info on how to show hidden files click here.


  • Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.


    O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - C:\WINDOWS\SYSTEM\n16ph05.dll
    O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
    O4 - HKLM\..\RunOnce: [HABOQ0U.EXE] C:\WINDOWS\SYSTEM\HABOQ0U.EXE /k
    O4 - HKCU\..\RunOnce: [HABOQ0U.EXE] C:\WINDOWS\SYSTEM\HABOQ0U.EXE /k
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab



  • Please reboot your computer in SafeMode by doing the following:
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
    • Instead of Windows loading as normal, a menu should appear
    • Select the first option, to run Windows in Safe Mode.
    • If you have trouble getting into Safe mode go here for more info.



  • Once in Safe mode, delete these files or directories (Do not be concerned if they do not exist):


    C:\WINDOWS\SYSTEM\HABOQ0U.EXE
    C:\WINDOWS\SYSTEM\n16ph05.dll
    C:\WINDOWS\SYSTEM\3OF.EXE
Reboot your computer to go back to normal mode.


Please run Panda Online Virus Scan
  • You must allow the active-x control to run when asked.
  • You may need to disable your antivirus program while this scan runs.
  • There may be files that this scan will not remove.
  • Please include that information in your next post.
  • Make sure to reenable your antivirus program if you disabled it.
Reboot and post a new hijackthis log and the info from your virus scan.
  • 0

#5
blonde_blueyes2
Posted 11 November 2005 - 02:17 PM

blonde_blueyes2

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Here you go: what do you think?



Logfile of HijackThis v1.99.1
Scan saved at 3:15:48 PM, on 11/11/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\WSCRIPT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\HIGHCRITERIA\TOTALRECORDER\TOTRECSCHED.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
C:\PROGRAM FILES\SONY\VAIO ACTION SETUP\VASERV.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOHMR08.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\INTEGRATOR.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOEVM08.EXE
C:\PROGRAM FILES\SUPPORT.COM\CLIENT\BIN\TGCMD.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSTS08.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\ACCESSORIES\WORDPAD.EXE
C:\WINDOWS\SYSTEM\HPZIPM12.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\PROFILES\DARREN\APPLICATION DATA\HIJACKTHIS.EXE
C:\WINDOWS\PROFILES\DARREN\APPLICATION DATA\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN3\YCOMP5_6_0_0.DLL
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN3\YCOMP5_6_0_0.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
O4 - HKLM\..\Run: [NAV Premend OEM Utility] A:\0107301.SYM\PREMEND.EXE -silent
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe
O4 - HKLM\..\Run: [OCAudioIni] C:\Program Files\One-click Audio Converter\OCAudioIni.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - Startup: VAIO Action Setup (Server).lnk = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\hpis\bin\matcli.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
O4 - Startup: AntiCrash.lnk = C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe
O4 - User Startup: VAIO Action Setup (Server).lnk = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
O4 - User Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - User Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - User Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\hpis\bin\matcli.exe
O4 - User Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - User Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - User Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
O4 - User Startup: AntiCrash.lnk = C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab






Incident Status Location

Adware:adware/pacimedia No disinfected C:\WINDOWS\TEMP\ptf_0031.exe
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS5.CAB[A0001091.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS5.CAB[A0001092.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS5.CAB[A0001104.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS5.CAB[A0001105.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS1.CAB[A0000010.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS1.CAB[A0000011.CPY]
Virus:Trj/Downloader.BYN No disinfected C:\_RESTORE\ARCHIVE\FS1.CAB[A0000032.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS6.CAB[A0002093.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS6.CAB[A0002094.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS6.CAB[A0002103.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS6.CAB[A0002104.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS4.CAB[A0000093.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS4.CAB[A0000094.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS4.CAB[A0000124.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS4.CAB[A0000125.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS7.CAB[A0002134.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS7.CAB[A0002135.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS7.CAB[A0002147.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS7.CAB[A0002148.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS8.CAB[A0003132.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS8.CAB[A0003133.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS8.CAB[A0003144.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS8.CAB[A0003145.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS12.CAB[A0007132.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS12.CAB[A0007133.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS12.CAB[A0007145.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS12.CAB[A0007146.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS14.CAB[A0009132.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS14.CAB[A0009133.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS14.CAB[A0009144.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS14.CAB[A0009145.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS9.CAB[A0004133.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS9.CAB[A0004134.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS9.CAB[A0004143.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS9.CAB[A0004144.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS15.CAB[A0009183.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS15.CAB[A0009184.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS15.CAB[A0009196.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS15.CAB[A0009197.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS16.CAB[A0010183.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS16.CAB[A0010184.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS16.CAB[A0010196.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS16.CAB[A0010197.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS19.CAB[A0010311.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS19.CAB[A0010312.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS19.CAB[A0010345.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS19.CAB[A0010346.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS21.CAB[A0011307.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS21.CAB[A0011308.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS21.CAB[A0011320.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS21.CAB[A0011321.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS25.CAB[A0014307.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS25.CAB[A0014308.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS25.CAB[A0014319.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS25.CAB[A0014320.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS26.CAB[A0014354.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS26.CAB[A0014355.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS26.CAB[A0014367.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS26.CAB[A0014368.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS30.CAB[A0018354.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS30.CAB[A0018355.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS30.CAB[A0018367.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS30.CAB[A0018368.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS11.CAB[A0006132.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS11.CAB[A0006133.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS11.CAB[A0006145.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS11.CAB[A0006146.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS10.CAB[A0005132.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS10.CAB[A0005133.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS10.CAB[A0005144.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS10.CAB[A0005145.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS29.CAB[A0017352.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS29.CAB[A0017353.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS29.CAB[A0017365.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS29.CAB[A0017366.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS33.CAB[A0019393.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS33.CAB[A0019394.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS33.CAB[A0019403.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS33.CAB[A0019404.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS34.CAB[A0019426.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS34.CAB[A0019427.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS34.CAB[A0019436.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS34.CAB[A0019437.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS24.CAB[A0013307.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS24.CAB[A0013308.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS24.CAB[A0013317.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS24.CAB[A0013318.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS22.CAB[A0012307.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS22.CAB[A0012308.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS22.CAB[A0012320.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS22.CAB[A0012321.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS17.CAB[A0010225.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS17.CAB[A0010226.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS17.CAB[A0010239.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS17.CAB[A0010240.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS17.CAB[A0010276.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS17.CAB[A0010277.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS17.CAB[A0010286.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS17.CAB[A0010287.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS35.CAB[A0020426.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS35.CAB[A0020427.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS35.CAB[A0020438.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS35.CAB[A0020439.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS36.CAB[A0020469.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS36.CAB[A0020470.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS36.CAB[A0020483.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS36.CAB[A0020484.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS37.CAB[A0021467.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS37.CAB[A0021468.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS37.CAB[A0021480.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS37.CAB[A0021481.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS28.CAB[A0016352.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS28.CAB[A0016353.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS28.CAB[A0016366.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS28.CAB[A0016367.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS27.CAB[A0015352.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS27.CAB[A0015353.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS27.CAB[A0015363.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS27.CAB[A0015364.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS27.CAB[A0015388.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS27.CAB[A0015389.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS27.CAB[A0015398.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS27.CAB[A0015399.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS39.CAB[A0023467.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS39.CAB[A0023468.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS39.CAB[A0023480.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS39.CAB[A0023481.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS40.CAB[A0024467.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS40.CAB[A0024468.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS40.CAB[A0024480.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS40.CAB[A0024481.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS41.CAB[A0024516.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS41.CAB[A0024517.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS41.CAB[A0024530.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS41.CAB[A0024531.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS42.CAB[A0025514.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS42.CAB[A0025515.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS42.CAB[A0025527.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS42.CAB[A0025528.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS48.CAB[A0028634.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS48.CAB[A0028635.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS48.CAB[A0028647.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS48.CAB[A0028648.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS49.CAB[A0028711.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS49.CAB[A0028712.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS49.CAB[A0028720.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS49.CAB[A0028721.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS49.CAB[A0028733.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS49.CAB[A0028734.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS51.CAB[A0030709.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS51.CAB[A0030710.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS51.CAB[A0030722.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS51.CAB[A0030723.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS43.CAB[A0026514.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS43.CAB[A0026515.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS43.CAB[A0026527.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS43.CAB[A0026528.CPY]
Adware:Adware/Adtomi No disinfected C:\_RESTORE\ARCHIVE\FS54.CAB[A0032746.CPY]

Edited by blonde_blueyes2, 11 November 2005 - 02:20 PM.

  • 0

#6
blonde_blueyes2
Posted 11 November 2005 - 02:30 PM

blonde_blueyes2

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Sam...somehow I cannot print the full log of Panda Scan....sorry



I uploaded the full Log for you......here you go:



http://s27.yousendit...U6183YT97I4NPHT

Edited by blonde_blueyes2, 11 November 2005 - 02:52 PM.

  • 0

#7
Buckeye_Sam
Posted 11 November 2005 - 05:57 PM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link under to "SpySweeper" to download the program.
  • Install it. Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Options on the left side.
  • Click the Sweep Options tab.
  • Under What to Sweep please put a check next to the following:
    • Sweep Memory
    • Sweep Registry
    • Sweep Cookies
    • Sweep All User Accounts
    • Enable Direct Disk Sweeping
    • Sweep Contents of Compressed Files
    • Sweep for Rootkits
    • Please UNCHECK Do not Sweep System Restore Folder.
  • Click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.

  • 0

#8
blonde_blueyes2
Posted 11 November 2005 - 08:42 PM

blonde_blueyes2

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hey Sam....thanks again...here's the log:



********
9:01 PM: | Start of Session, Friday, November 11, 2005 |
9:01 PM: Spy Sweeper started
9:01 PM: Sweep initiated using definitions version 572
9:01 PM: Starting Memory Sweep
9:06 PM: Memory Sweep Complete, Elapsed Time: 00:04:36
9:06 PM: Starting Registry Sweep
9:08 PM: Found Trojan Horse: trojan-downloader-moneymind
9:08 PM: HKU\DARREN\software\xjado\ (1 subtraces) (ID = 144725)
9:08 PM: HKU\WRSS_Profile_EUNICE\software\xjado\ (1 subtraces) (ID = 144725)
9:08 PM: Registry Sweep Complete, Elapsed Time:00:02:02
9:08 PM: Starting Cookie Sweep
9:08 PM: Found Spy Cookie: sextracker cookie
9:08 PM: [email protected][1].txt (ID = 3362)
9:08 PM: Found Spy Cookie: atlas dmt cookie
9:08 PM: darren@atdmt[2].txt (ID = 2253)
9:08 PM: Found Spy Cookie: revenue.net cookie
9:08 PM: darren@revenue[2].txt (ID = 3257)
9:08 PM: Found Spy Cookie: a cookie
9:08 PM: darren@a[1].txt (ID = 2027)
9:08 PM: Found Spy Cookie: go.com cookie
9:08 PM: [email protected][1].txt (ID = 2729)
9:08 PM: Found Spy Cookie: belnk cookie
9:08 PM: darren@belnk[1].txt (ID = 2292)
9:08 PM: Found Spy Cookie: centrport net cookie
9:08 PM: darren@centrport[1].txt (ID = 2374)
9:08 PM: Found Spy Cookie: toplist cookie
9:08 PM: darren@toplist[1].txt (ID = 3557)
9:08 PM: Found Spy Cookie: adecn cookie
9:08 PM: darren@adecn[1].txt (ID = 2063)
9:08 PM: Found Spy Cookie: xxxcounter cookie
9:08 PM: darren@xxxcounter[1].txt (ID = 3733)
9:08 PM: Found Spy Cookie: domainsponsor cookie
9:08 PM: [email protected][1].txt (ID = 2535)
9:08 PM: Found Spy Cookie: 247realmedia cookie
9:08 PM: darren@247realmedia[1].txt (ID = 1953)
9:08 PM: Found Spy Cookie: serving-sys cookie
9:08 PM: darren@serving-sys[1].txt (ID = 3343)
9:08 PM: Found Spy Cookie: adserver cookie
9:08 PM: [email protected][1].txt (ID = 2142)
9:08 PM: Found Spy Cookie: zedo cookie
9:08 PM: [email protected][2].txt (ID = 3763)
9:08 PM: Found Spy Cookie: adrevolver cookie
9:08 PM: darren@adrevolver[3].txt (ID = 2088)
9:08 PM: Found Spy Cookie: tickle cookie
9:08 PM: darren@tickle[2].txt (ID = 3529)
9:08 PM: Found Spy Cookie: trafficmp cookie
9:08 PM: darren@trafficmp[2].txt (ID = 3581)
9:08 PM: Found Spy Cookie: websponsors cookie
9:08 PM: [email protected][1].txt (ID = 3665)
9:08 PM: Found Spy Cookie: tripod cookie
9:08 PM: darren@tripod[1].txt (ID = 3591)
9:08 PM: Found Spy Cookie: clickzs cookie
9:08 PM: [email protected][2].txt (ID = 2413)
9:08 PM: Found Spy Cookie: ask cookie
9:08 PM: darren@ask[1].txt (ID = 2245)
9:08 PM: Found Spy Cookie: 2o7.net cookie
9:08 PM: [email protected][1].txt (ID = 1958)
9:08 PM: Found Spy Cookie: cc214142 cookie
9:08 PM: [email protected][2].txt (ID = 2367)
9:08 PM: Found Spy Cookie: xiti cookie
9:08 PM: darren@xiti[1].txt (ID = 3717)
9:08 PM: Found Spy Cookie: valuead cookie
9:08 PM: darren@valuead[1].txt (ID = 3626)
9:08 PM: Found Spy Cookie: anm.co.uk cookie
9:08 PM: [email protected][2].txt (ID = 2223)
9:08 PM: Found Spy Cookie: adtech cookie
9:08 PM: darren@adtech[2].txt (ID = 2155)
9:08 PM: Found Spy Cookie: fortunecity cookie
9:08 PM: darren@fortunecity[2].txt (ID = 2686)
9:08 PM: Found Spy Cookie: hbmediapro cookie
9:08 PM: [email protected][2].txt (ID = 2768)
9:08 PM: Found Spy Cookie: paycounter cookie
9:08 PM: darren@paycounter[1].txt (ID = 3115)
9:08 PM: Found Spy Cookie: rn11 cookie
9:08 PM: darren@rn11[2].txt (ID = 3261)
9:08 PM: Found Spy Cookie: onestat.com cookie
9:08 PM: [email protected][1].txt (ID = 3098)
9:08 PM: [email protected][2].txt (ID = 2413)
9:08 PM: [email protected][1].txt (ID = 1958)
9:08 PM: Found Spy Cookie: hotbar cookie
9:08 PM: [email protected][2].txt (ID = 4207)
9:08 PM: Found Spy Cookie: tribalfusion cookie
9:08 PM: darren@tribalfusion[1].txt (ID = 3589)
9:08 PM: Found Spy Cookie: sexsearch cookie
9:08 PM: [email protected][1].txt (ID = 3358)
9:08 PM: [email protected][2].txt (ID = 3362)
9:08 PM: darren@2o7[1].txt (ID = 1957)
9:08 PM: darren@go[1].txt (ID = 2728)
9:08 PM: Found Spy Cookie: paypopup cookie
9:08 PM: darren@paypopup[2].txt (ID = 3119)
9:08 PM: Found Spy Cookie: askmen cookie
9:08 PM: darren@askmen[2].txt (ID = 2247)
9:08 PM: Found Spy Cookie: atwola cookie
9:08 PM: darren@atwola[1].txt (ID = 2255)
9:08 PM: Found Spy Cookie: trb.com cookie
9:08 PM: darren@trb[1].txt (ID = 3587)
9:08 PM: Found Spy Cookie: bluestreak cookie
9:08 PM: darren@bluestreak[1].txt (ID = 2314)
9:08 PM: Found Spy Cookie: reliablestats cookie
9:08 PM: [email protected][2].txt (ID = 3254)
9:08 PM: [email protected][1].txt (ID = 1958)
9:08 PM: darren@adrevolver[2].txt (ID = 2088)
9:08 PM: Found Spy Cookie: tradedoubler cookie
9:08 PM: darren@tradedoubler[2].txt (ID = 3575)
9:08 PM: [email protected][2].txt (ID = 2293)
9:08 PM: Found Spy Cookie: burstnet cookie
9:08 PM: darren@burstnet[2].txt (ID = 2336)
9:08 PM: Found Spy Cookie: questionmarket cookie
9:08 PM: darren@questionmarket[1].txt (ID = 3217)
9:08 PM: Found Spy Cookie: adjuggler cookie
9:08 PM: [email protected][1].txt (ID = 2071)
9:08 PM: Found Spy Cookie: clickandtrack cookie
9:08 PM: [email protected][2].txt (ID = 2397)
9:08 PM: Found Spy Cookie: screensavers.com cookie
9:08 PM: [email protected][1].txt (ID = 3298)
9:08 PM: [email protected][1].txt (ID = 3627)
9:08 PM: Found Spy Cookie: reunion cookie
9:08 PM: darren@reunion[2].txt (ID = 3255)
9:08 PM: Found Spy Cookie: adknowledge cookie
9:08 PM: darren@adknowledge[1].txt (ID = 2072)
9:08 PM: Found Spy Cookie: excite cookie
9:08 PM: darren@excite[1].txt (ID = 2631)
9:08 PM: Found Spy Cookie: maxserving cookie
9:08 PM: darren@maxserving[2].txt (ID = 2966)
9:08 PM: Found Spy Cookie: ecomplanet cookie
9:08 PM: darren@ecomplanet[2].txt (ID = 2577)
9:08 PM: Found Spy Cookie: overture cookie
9:08 PM: [email protected][2].txt (ID = 3106)
9:08 PM: [email protected][1].txt (ID = 3362)
9:08 PM: Found Spy Cookie: webtrendslive cookie
9:08 PM: [email protected][2].txt (ID = 3667)
9:08 PM: [email protected][2].txt (ID = 2293)
9:08 PM: Found Spy Cookie: pro-market cookie
9:08 PM: darren@pro-market[2].txt (ID = 3197)
9:08 PM: [email protected][1].txt (ID = 1958)
9:08 PM: Found Spy Cookie: burstbeacon cookie
9:08 PM: [email protected][2].txt (ID = 2335)
9:08 PM: Found Spy Cookie: casalemedia cookie
9:08 PM: darren@casalemedia[1].txt (ID = 2354)
9:08 PM: Found Spy Cookie: falkag cookie
9:08 PM: [email protected][1].txt (ID = 2650)
9:08 PM: Found Spy Cookie: bilbo.counted.com cookie
9:08 PM: [email protected][2].txt (ID = 2306)
9:08 PM: Found Spy Cookie: bravenet cookie
9:08 PM: darren@bravenet[1].txt (ID = 2322)
9:08 PM: Found Spy Cookie: ru4 cookie
9:08 PM: [email protected][2].txt (ID = 3269)
9:08 PM: [email protected][1].txt (ID = 2729)
9:08 PM: Found Spy Cookie: nextag cookie
9:08 PM: darren@nextag[2].txt (ID = 5014)
9:08 PM: Found Spy Cookie: specificclick.com cookie
9:08 PM: [email protected][1].txt (ID = 3400)
9:08 PM: [email protected][1].txt (ID = 2729)
9:08 PM: Found Spy Cookie: 4u.pl cookie
9:08 PM: [email protected][1].txt (ID = 1978)
9:08 PM: [email protected][1].txt (ID = 2729)
9:08 PM: [email protected][1].txt (ID = 2650)
9:08 PM: Found Spy Cookie: targetnet cookie
9:08 PM: darren@targetnet[2].txt (ID = 3489)
9:08 PM: Found Spy Cookie: addynamix cookie
9:08 PM: [email protected][2].txt (ID = 2062)
9:08 PM: darren@zedo[2].txt (ID = 3762)
9:08 PM: Found Spy Cookie: webpower cookie
9:08 PM: darren@webpower[1].txt (ID = 3660)
9:08 PM: Found Spy Cookie: pointroll cookie
9:08 PM: [email protected][1].txt (ID = 3148)
9:08 PM: Found Spy Cookie: realmedia cookie
9:08 PM: darren@realmedia[2].txt (ID = 3235)
9:08 PM: Found Spy Cookie: yieldmanager cookie
9:08 PM: darren@yieldmanager[2].txt (ID = 3749)
9:08 PM: darren@sextracker[1].txt (ID = 3361)
9:08 PM: Found Spy Cookie: apmebf cookie
9:08 PM: darren@apmebf[2].txt (ID = 2229)
9:08 PM: Found Spy Cookie: qksrv cookie
9:08 PM: darren@qksrv[2].txt (ID = 3213)
9:08 PM: [email protected][1].txt (ID = 3751)
9:08 PM: Found Spy Cookie: yadro cookie
9:08 PM: darren@yadro[1].txt (ID = 3743)
9:08 PM: [email protected][2].txt (ID = 2729)
9:08 PM: Found Spy Cookie: servedby advertising cookie
9:08 PM: [email protected][2].txt (ID = 3335)
9:08 PM: Found Spy Cookie: advertising cookie
9:08 PM: darren@advertising[2].txt (ID = 2175)
9:08 PM: Found Spy Cookie: statcounter cookie
9:08 PM: darren@statcounter[1].txt (ID = 3447)
9:08 PM: Found Spy Cookie: linksynergy cookie
9:08 PM: darren@linksynergy[1].txt (ID = 2926)
9:08 PM: Found Spy Cookie: fastclick cookie
9:08 PM: darren@fastclick[2].txt (ID = 2651)
9:08 PM: eunice@adknowledge[2].txt (ID = 2072)
9:08 PM: [email protected][1].txt (ID = 3256)
9:08 PM: eunice@nextag[1].txt (ID = 5014)
9:08 PM: Found Spy Cookie: pricegrabber cookie
9:08 PM: eunice@pricegrabber[1].txt (ID = 3185)
9:08 PM: [email protected][2].txt (ID = 1958)
9:08 PM: Found Spy Cookie: about cookie
9:08 PM: [email protected][1].txt (ID = 2038)
9:08 PM: Found Spy Cookie: did-it cookie
9:08 PM: eunice@did-it[1].txt (ID = 2523)
9:08 PM: eunice@trb[2].txt (ID = 3587)
9:08 PM: eunice@go[1].txt (ID = 2728)
9:08 PM: Found Spy Cookie: coremetrics cookie
9:08 PM: [email protected][1].txt (ID = 2472)
9:08 PM: eunice@yieldmanager[1].txt (ID = 3749)
9:08 PM: Found Spy Cookie: directtrack cookie
9:08 PM: [email protected][2].txt (ID = 2528)
9:08 PM: eunice@targetnet[1].txt (ID = 3489)
9:08 PM: Found Spy Cookie: tracking cookie
9:08 PM: eunice@tracking[3].txt (ID = 3571)
9:08 PM: eunice@atdmt[2].txt (ID = 2253)
9:08 PM: Found Spy Cookie: ads.adsag cookie
9:08 PM: [email protected][1].txt (ID = 2108)
9:08 PM: [email protected][2].txt (ID = 2768)
9:08 PM: eunice@rn11[2].txt (ID = 3261)
9:08 PM: eunice@questionmarket[1].txt (ID = 3217)
9:08 PM: eunice@paypopup[1].txt (ID = 3119)
9:08 PM: Found Spy Cookie: ic-live cookie
9:08 PM: eunice@ic-live[1].txt (ID = 2821)
9:08 PM: eunice@tracking[2].txt (ID = 3571)
9:08 PM: [email protected][1].txt (ID = 1958)
9:08 PM: [email protected][1].txt (ID = 2142)
9:08 PM: eunice@advertising[1].txt (ID = 2175)
9:08 PM: eunice@burstnet[1].txt (ID = 2336)
9:08 PM: eunice@reunion[2].txt (ID = 3255)
9:08 PM: Found Spy Cookie: bizrate cookie
9:08 PM: eunice@bizrate[2].txt (ID = 2308)
9:08 PM: eunice@zedo[1].txt (ID = 3762)
9:08 PM: Found Spy Cookie: starware.com cookie
9:08 PM: eunice@starware[2].txt (ID = 3441)
9:08 PM: Found Spy Cookie: 360i cookie
9:08 PM: [email protected][2].txt (ID = 1962)
9:08 PM: eunice@fastclick[1].txt (ID = 2651)
9:08 PM: eunice@casalemedia[2].txt (ID = 2354)
9:08 PM: Found Spy Cookie: 888 cookie
9:08 PM: eunice@888[2].txt (ID = 2019)
9:08 PM: eunice@realmedia[2].txt (ID = 3235)
9:08 PM: Found Spy Cookie: dealtime cookie
9:08 PM: eunice@dealtime[2].txt (ID = 2505)
9:08 PM: [email protected][1].txt (ID = 2038)
9:08 PM: eunice@tribalfusion[1].txt (ID = 3589)
9:08 PM: [email protected][1].txt (ID = 1958)
9:08 PM: [email protected][1].txt (ID = 2337)
9:08 PM: [email protected][1].txt (ID = 3763)
9:08 PM: [email protected][2].txt (ID = 2335)
9:08 PM: eunice@atwola[1].txt (ID = 2255)
9:08 PM: eunice@tickle[2].txt (ID = 3529)
9:08 PM: Found Spy Cookie: gostats cookie
9:08 PM: [email protected][2].txt (ID = 2748)
9:08 PM: eunice@ask[1].txt (ID = 2245)
9:08 PM: [email protected][2].txt (ID = 2038)
9:08 PM: [email protected][1].txt (ID = 2729)
9:08 PM: eunice@about[1].txt (ID = 2037)
9:08 PM: eunice@tracking[4].txt (ID = 3571)
9:08 PM: [email protected][1].txt (ID = 2729)
9:08 PM: [email protected][1].txt (ID = 2038)
9:08 PM: [email protected][1].txt (ID = 2038)
9:08 PM: [email protected][1].txt (ID = 2038)
9:08 PM: eunice@maxserving[2].txt (ID = 2966)
9:08 PM: Found Spy Cookie: upspiral cookie
9:08 PM: [email protected][1].txt (ID = 3615)
9:08 PM: [email protected][1].txt (ID = 2038)
9:08 PM: eunice@trafficmp[1].txt (ID = 3581)
9:08 PM: eunice@2o7[2].txt (ID = 1957)
9:08 PM: [email protected][1].txt (ID = 2367)
9:08 PM: [email protected][1].txt (ID = 2506)
9:08 PM: [email protected][1].txt (ID = 3400)
9:08 PM: [email protected][1].txt (ID = 3269)
9:08 PM: Found Spy Cookie: servlet cookie
9:08 PM: eunice@servlet[1].txt (ID = 3345)
9:08 PM: [email protected][1].txt (ID = 2038)
9:08 PM: [email protected][2].txt (ID = 1958)
9:08 PM: [email protected][1].txt (ID = 2729)
9:08 PM: eunice@revenue[2].txt (ID = 3257)
9:08 PM: [email protected][2].txt (ID = 1958)
9:08 PM: eunice@adecn[1].txt (ID = 2063)
9:08 PM: Found Spy Cookie: myaffiliateprogram.com cookie
9:08 PM: [email protected][2].txt (ID = 3032)
9:08 PM: [email protected][1].txt (ID = 3106)
9:08 PM: [email protected][1].txt (ID = 3665)
9:08 PM: eunice@tradedoubler[2].txt (ID = 3575)
9:08 PM: [email protected][2].txt (ID = 3751)
9:08 PM: Found Spy Cookie: 3 cookie
9:08 PM: eunice@3[1].txt (ID = 1959)
9:08 PM: [email protected][1].txt (ID = 3254)
9:08 PM: eunice@adrevolver[2].txt (ID = 2088)
9:08 PM: Found Spy Cookie: hypertracker.com cookie
9:08 PM: eunice@hypertracker[2].txt (ID = 2817)
9:08 PM: [email protected][1].txt (ID = 2293)
9:08 PM: [email protected][2].txt (ID = 2062)
9:08 PM: [email protected][1].txt (ID = 3298)
9:08 PM: eunice@belnk[2].txt (ID = 2292)
9:08 PM: [email protected][2].txt (ID = 2293)
9:08 PM: Found Spy Cookie: findwhat cookie
9:08 PM: eunice@findwhat[1].txt (ID = 2674)
9:08 PM: eunice@adrevolver[3].txt (ID = 2088)
9:08 PM: Found Spy Cookie: offeroptimizer cookie
9:08 PM: eunice@offeroptimizer[2].txt (ID = 3087)
9:08 PM: [email protected][1].txt (ID = 2650)
9:08 PM: [email protected][1].txt (ID = 2650)
9:08 PM: [email protected][2].txt (ID = 3627)
9:08 PM: [email protected][2].txt (ID = 3335)
9:08 PM: [email protected][1].txt (ID = 2535)
9:08 PM: [email protected][1].txt (ID = 3148)
9:08 PM: eunice@247realmedia[1].txt (ID = 1953)
9:08 PM: [email protected][1].txt (ID = 3667)
9:08 PM: [email protected][2].txt (ID = 2397)
9:08 PM: Found Spy Cookie: server.iad.liveperson cookie
9:08 PM: [email protected][2].txt (ID = 3341)
9:08 PM: eunice@dcs8ir0f010000oyioyaka1kl_8j7n[2].txt (ID = 3673)
9:08 PM: eunice@tribalfusion[2].txt (ID = 3589)
9:08 PM: eunice@tradedoubler[1].txt (ID = 3575)
9:08 PM: [email protected][3].txt (ID = 2729)
9:08 PM: [email protected][2].txt (ID = 2729)
9:08 PM: [email protected][1].txt (ID = 1958)
9:08 PM: eunice@adknowledge[1].txt (ID = 2072)
9:08 PM: [email protected][1].txt (ID = 1958)
9:08 PM: [email protected][3].txt (ID = 2768)
9:08 PM: [email protected][3].txt (ID = 3335)
9:08 PM: eunice@targetnet[3].txt (ID = 3489)
9:08 PM: eunice@bluestreak[1].txt (ID = 2314)
9:08 PM: eunice@bizrate[1].txt (ID = 2308)
9:08 PM: [email protected][2].txt (ID = 3763)
9:08 PM: [email protected][3].txt (ID = 2650)
9:08 PM: eunice@trafficmp[3].txt (ID = 3581)
9:08 PM: eunice@yieldmanager[2].txt (ID = 3749)
9:08 PM: [email protected][2].txt (ID = 3400)
9:08 PM: eunice@tickle[1].txt (ID = 3529)
9:08 PM: eunice@pricegrabber[3].txt (ID = 3185)
9:08 PM: [email protected][3].txt (ID = 3627)
9:08 PM: [email protected][1].txt (ID = 2062)
9:08 PM: [email protected][2].txt (ID = 2506)
9:08 PM: [email protected][3].txt (ID = 2650)
9:08 PM: eunice@did-it[2].txt (ID = 2523)
9:08 PM: eunice@zedo[2].txt (ID = 3762)
9:08 PM: [email protected][3].txt (ID = 2142)
9:08 PM: Found Spy Cookie: hitslink cookie
9:08 PM: [email protected][2].txt (ID = 2790)
9:08 PM: eunice@nextag[3].txt (ID = 5014)
9:08 PM: Found Spy Cookie: humanclick cookie
9:08 PM: [email protected][1].txt (ID = 2810)
9:08 PM: eunice@linksynergy[2].txt (ID = 2926)
9:08 PM: eunice@go[3].txt (ID = 2728)
9:08 PM: eunice@statcounter[2].txt (ID = 3447)
9:08 PM: eunice@burstnet[3].txt (ID = 2336)
9:08 PM: [email protected][3].txt (ID = 2293)
9:08 PM: [email protected][3].txt (ID = 3269)
9:08 PM: [email protected][1].txt (ID = 2397)
9:08 PM: eunice@maxserving[3].txt (ID = 2966)
9:08 PM: eunice@casalemedia[3].txt (ID = 2354)
9:08 PM: [email protected][2].txt (ID = 3667)
9:08 PM: [email protected][1].txt (ID = 1962)
9:08 PM: [email protected][2].txt (ID = 4207)
9:08 PM: eunice@centrport[2].txt (ID = 2374)
9:08 PM: eunice@starware[3].txt (ID = 3441)
9:08 PM: [email protected][1].txt (ID = 3341)
9:08 PM: eunice@excite[2].txt (ID = 2631)
9:08 PM: [email protected][1].txt (ID = 2335)
9:08 PM: eunice@questionmarket[2].txt (ID = 3217)
9:08 PM: eunice@advertising[2].txt (ID = 2175)
9:08 PM: eunice@2o7[3].txt (ID = 1957)
9:08 PM: eunice@realmedia[3].txt (ID = 3235)
9:08 PM: [email protected][3].txt (ID = 3148)
9:08 PM: [email protected][3].txt (ID = 3751)
9:08 PM: [email protected][3].txt (ID = 3298)
9:08 PM: [email protected][1].txt (ID = 3298)
9:08 PM: [email protected][1].txt (ID = 1958)
9:08 PM: [email protected][1].txt (ID = 1958)
9:08 PM: eunice@fastclick[3].txt (ID = 2651)
9:08 PM: eunice@dcs8ir0f010000oyioyaka1kl_8j7n[1].txt (ID = 3673)
9:08 PM: Cookie Sweep Complete, Elapsed Time: 00:00:24
9:08 PM: Starting File Sweep
9:09 PM: Warning: Failed to open file "c:\windows\win386.swp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs9581291a-9205-44d2-bc2d-9f2fc505e308.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs2c881977-714f-40f1-ab8f-ae814dcb1a8c.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsa5fe3b61-b142-444b-9543-c57f5c4932cf.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs4bb37684-17cc-4003-9638-2cf18a4adc04.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs3046b55e-6276-4fa6-8fc7-a8aa29331f5c.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs4e3fb2d7-6e4e-4a6a-a6d3-6d6c3fe3ebea.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs9d2b208f-c204-4f5c-a7fe-256e45ee3fea.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs43ffc1b1-2599-4f82-a4a4-ec7b44e0535f.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsa8a6d27b-7501-4ff3-8ff1-ebdf95645f98.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs7891b65c-d0bf-4502-8386-c3ed3865c0b6.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsdf5211d3-7ce8-4cc5-8349-247d88c7e873.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsc1f6019c-efa3-4c70-9341-1d9abd685738.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsd24b243c-499c-4f7e-a8eb-93c45c776dc4.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs71230dc6-43c0-4f2a-8fc5-ca402a831a04.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsd22b13b2-1407-4a9c-92a5-aa4946b0d2ff.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs866acdfd-8931-4413-992e-6b2c468a99c1.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs5ea92ba1-a8cc-42fc-8704-ca7d8a349289.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs3830805b-40cf-4dc8-bcfe-1a4a797571b4.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs8759bb94-e17f-47db-bfe4-cc0dcbb35b6d.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs1fc0bdc7-adf3-47e4-9ff6-9202b1bb45e4.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsf78bfeb3-690e-477a-8f2b-32604c7672ea.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsa5fbe225-e568-490c-b898-55d3696e1c3d.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsd51b8d9c-4540-42dd-af35-e993c0f562b7.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs2f66627e-fcd2-493c-9711-b644b8f0d180.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs587ef91d-656a-4888-ac66-08bb3495a9e4.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs8e7c6b83-cf4d-42dd-95fd-26febbc7db9c.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsbd2ad27f-8fea-431b-b0a1-f1e4fd8d82b2.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsd5d150df-b3f6-4785-a9f0-866b630b6801.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs5ea71baf-c5b5-42a1-811d-43995f904482.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs75b2c48b-715f-443e-8b35-024e33f1f995.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs99dfa10d-4741-4952-840b-32d1a324627c.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsc14b4e40-a9a3-44b8-8524-86f157037737.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs197b9e87-60c6-452f-8a32-0b5b3a104473.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs1f3ebf08-3b88-41d0-b2b4-332cca443b85.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs76e08c51-2d2c-4808-b24e-935631fded85.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsf1ebbccc-fb96-4234-a131-71e617171c5a.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsde5e7d77-b3a6-4f6c-8543-cea442a90082.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs208815bc-0ec1-4cc0-bdc2-b03d3b842ad4.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs7f31d821-b6da-4367-a212-fed11565d189.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs7cb73ade-c6e0-473b-adf6-b67df73bd634.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs2e0e9a21-d70b-40c8-a5b2-e65a48fc128a.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsc34a5c12-7cc3-40b8-8ec6-d259f2e8199f.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsbd82c077-ccc3-493f-8e61-20e1987b4a71.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscse2ee5d82-c4c8-4e07-a5fb-e5b48e0b6551.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsd79b19c6-ff43-46d4-9e1c-e3788c8238dc.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs95beaea1-0322-44a3-916e-375421cd4e5c.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs28b8c0ad-0e89-462f-8c2a-f645e2868546.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscscd7647e2-9ffb-4ba8-a965-c718c1e6331e.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsee6f9ea6-78ba-405f-ab41-907c88bc4ba1.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscse4cd5f6b-50a5-49dd-9ccf-2965752f6ff9.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs02f7f0db-4943-461d-a169-d7b1814288d0.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscscceebead-f1aa-4b66-9450-41c95e20eb2d.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs8d2c9464-95f5-4542-bd7c-34db20166214.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs88496e2d-7970-4340-8536-c73ee713314d.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsb03c1c2b-9f09-4592-a6e6-7647a3c3467e.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsc839e1ed-b1c0-4c23-8b13-cc1ffec20e95.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsae492c1f-e42f-4f91-bf58-5733d619890f.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsae9dfae8-e510-4f97-a921-12bd5fa69415.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsc674c57e-33f6-4925-b78e-f9baa182d90c.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs5b5020e6-6e97-4bfd-95c8-78def6ee55bc.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs1adab18f-6b77-4f03-8c67-f7c199f28db8.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs1139d842-87cb-4c60-9260-18c261805542.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsc90748ee-1890-41ca-8de9-d6ff6f80e877.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs3109c48a-ce5a-418d-9033-5175573a26c0.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs1ab531be-1533-40ed-a8dd-dad69580396d.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs070165c2-a0e6-45d5-a12e-e5f57764e510.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs9f607bb7-4e2d-4671-8027-15039e84ac40.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscscda81963-849a-4404-be2a-b9f299ce8374.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs308921e4-de9c-4d01-be59-ca8b42621ada.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs4284e502-8255-4a39-a91d-bb681accca10.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs3d51a419-e72e-403b-868c-4bdda42e765f.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs2bb6af4f-84ed-404c-b4da-71b723a5b9a4.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs2f501182-fa45-416a-baea-bc904210c53a.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs0d7f5e79-acd8-4205-8195-cc350ab861bb.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs17528096-88d1-4145-a9b2-f15d5bcfa8f8.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscse590df7c-469f-4236-ba03-8e74c367fb1f.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs9d90832a-e83b-4deb-84f7-6d2df6efda54.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs63c6c094-e81f-482d-8921-3e8398161008.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsb776dc35-b8ae-407a-bcd5-42486520f87a.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsf37d944b-a95f-4304-8fdb-29b47796ae84.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs0da80432-f2d0-4485-a106-cbd6a43936fe.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs3531a707-fd6b-4b0e-8bdc-f8541e82f713.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs3993b180-7981-451f-8209-829de22a3051.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsf696a0c7-d70b-48f9-9df2-810230ad24ea.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs3619f748-aee3-44cc-9dff-2d766544e8c2.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs58f93182-e1ef-4ab4-b1da-1fd0ac352bb8.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs4978c080-94fa-42ea-8eac-38304c4b2d18.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsf2aa985a-a872-48b3-b6ae-02d008e595a5.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsf17e458b-cef0-4a84-b4fd-d9293e1eabcf.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsc6eed4d8-4959-4384-9500-1e9a10624ade.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsa5692872-e6bd-41d9-bea0-429aa86f3cb2.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs674fd06d-0cb7-44f9-b429-6d485b260171.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs85a99f6c-9a60-4137-90db-bf1498003c9c.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs106e6a34-19cc-4a4e-96c0-0aacf556faef.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs912282ca-593e-44e1-94ae-02ffcc6c9ceb.tmp". The process cannot access the file because it is being used by another process
9:39 PM: Traces Found: 259
  • 0

#9
Buckeye_Sam
Posted 12 November 2005 - 06:44 PM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Flush your system restore, this will delete any restore points that you have but it will also make sure that any malware hiding in system restore will be booted off.

Turn off System Restore:
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.


Please download and install Cleanup 4.0

Now run CleanUp
IMPORTANT!
CleanUp deletes EVERYTHING out of your temp/temporary folders, it does not make backups.
If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp

Running CleanUp
  • Start CleanUp by double-clicking the icon on your desktop (or from the Start > All Programs menu).
  • When CleanUp starts go to the Options button (right side of CleanUp screen)
  • Move the arrow down to "Custom CleanUp!"
  • Now place a checkmark next to the following (Make sure nothing else is checked!):
    • Delete Cookies
      This is optional, if you leave the box checked it will remove all of your cookies, at this point removing cookies is a good idea
    • Empty Recycle Bins
    • Delete Prefetch files
    • Cleanup! All Users
  • Click OK
  • Then click on the CleanUp button. This will take a short while, let it do its thing.
  • When asked to reboot system select Yes
  • Close CleanUp


After rebooting, run a new scan with Spysweeper and post the log from the scan as well as a new hijackthis log.
  • 0

#10
blonde_blueyes2
Posted 12 November 2005 - 10:20 PM

blonde_blueyes2

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
********
10:43 PM: | Start of Session, Saturday, November 12, 2005 |
10:43 PM: Spy Sweeper started
10:43 PM: Sweep initiated using definitions version 572
10:43 PM: Starting Memory Sweep
10:47 PM: Memory Sweep Complete, Elapsed Time: 00:04:29
10:47 PM: Starting Registry Sweep
10:49 PM: Found Trojan Horse: trojan-downloader-moneymind
10:49 PM: HKU\DARREN\software\xjado\ (1 subtraces) (ID = 144725)
10:49 PM: HKU\WRSS_Profile_EUNICE\software\xjado\ (1 subtraces) (ID = 144725)
10:49 PM: Registry Sweep Complete, Elapsed Time:00:01:43
10:49 PM: Starting Cookie Sweep
10:49 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
10:49 PM: Starting File Sweep
10:49 PM: Warning: Failed to open file "c:\windows\win386.swp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs8a14ca81-619c-4d28-b4b4-1a9e7a04466d.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs11f0d4aa-6d17-438d-abe1-c79233baae16.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsa88cbdf5-c0ba-454e-aa4a-1c8a4e18f5de.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs4ef78b76-4a49-471c-b8b1-e507c60bde2a.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsc80a73d4-177e-4541-98a8-48b5c02fe784.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs6aa183a7-ab0c-46aa-8095-e008bf3979a2.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs7f63ed93-b5a3-4d8c-9971-ec011a4ffa26.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs7a6e9388-7ae0-42d1-b278-12a3b8935892.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsa11c27f0-22e8-4a98-8a8d-83d96553067b.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs5e2104f3-568d-412c-be6c-d511f1b12321.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsd809ac36-a7f0-4b92-bef8-23545497b901.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs47edd678-d41b-4ae3-9b1b-c606f4c469c1.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsd279bc45-7e4f-4d3b-81c5-aaec52f45db0.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs8a98155c-b5db-4494-828e-525771927482.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsbdb48dbe-0046-4e4c-9620-b1f59236aa1b.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsd59af57c-44e1-4df1-97e2-fc204b4bbba7.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs00ca6216-a025-4cae-a820-3ae157cb1a52.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs45298d74-0b4f-4220-aa3b-3fa7ec80ef5b.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs1d122f76-4364-4417-943d-56ce8bf48608.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsc0ba6c9a-1fc8-48f3-b905-3f159a8d5ea4.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs380c97b7-bc38-423c-abac-d99ce8d3a89b.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsbef13bf8-6679-4a8c-a239-050b508a25de.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsa5d75f22-ddfe-4e2b-815e-42ff7c1a6ab4.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsfab168ec-8829-4586-8a50-510f8deefdcc.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs37c47b6c-732a-4597-9376-d2ed0d7592f1.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs7bfe5fe7-9627-428a-b542-8b0a27d3fffb.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs755c4a4c-5bae-4ae7-9bd8-07fba7ea07dd.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs55d34092-8376-421d-9ebf-533757c34394.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs2e764310-8900-4fd8-a254-f8d3701e37a2.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs1ecd33fd-f166-49f7-a7e1-44b170ac4cb9.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsd7f5ea50-4c7e-4161-8e13-fa0c4e7790bf.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs585ac769-d1a8-4411-9cb9-030c948f4e9b.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsb34d5ac4-4faa-43ff-bc75-16a94479186d.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs641990cc-66cf-4289-a350-5d302ec5fd83.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsd09e5464-9c44-4ae0-90bd-39a65ad84f38.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsf8838172-7c4d-4cc5-895a-42160b3d5408.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsc22aec26-e9c5-42e8-ac04-8b2fdd222f64.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsdb817041-27b3-49af-aa48-af4066399abf.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscse14ea523-f4c9-4c36-8e85-6eca9f1159c0.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs95b0f8c8-2d29-45b9-9297-e2b78a400817.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs6c6d2235-a5f4-4e02-8782-e3095ed16cb8.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsc1d5db00-0956-4663-b71e-2787a5fb9b91.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs7282d9a9-3046-45b7-934a-f9862ceacb50.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsb113a47e-01d5-4cb5-94a8-b62ee2972f28.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsb1c75a1f-cc0e-4a29-8c53-cacf836aea6e.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsea195012-4daf-476c-965e-af0be5aaf0ea.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs8e80ee45-7e94-4dcf-8fbd-0e451ccb99cc.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs790c7ab7-b6fe-4ac4-8bef-29d5f559fd47.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs4c29263d-81c0-4827-a4ed-3076defb5f3b.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs813a154f-e291-4d7e-ae58-d7cc5d499065.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsdf3d8af5-1dd2-4e3c-8434-2bb1a933f190.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs7f877281-a6f0-47b6-9dcd-fce4ece25e69.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs13eac3b2-cd3e-43b1-91d1-16689d330a38.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsf9dce940-1c40-4bde-8bb0-05bdbf56d0aa.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs282aa475-a730-427b-a416-5d4c0ee61fb9.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs8d530300-9e4f-4fc2-841f-a8e8b56cd582.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs94272110-90e1-4a89-af82-7357304b7090.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs6ad35631-3599-475c-8f0e-57b78a010442.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs2a148f74-c956-41f3-91bc-8d3a47e7317c.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs9e49d25e-351a-4c43-b5f2-4dc2d99299f9.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsb265cfc0-9160-468d-b2fe-885f4073d678.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs895733bb-4046-4730-a6e3-84dbcebc3671.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs241407ca-3f72-47fa-a49a-4f4e0333727c.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs19ce700a-509c-40b2-bf44-dc292b517a84.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs0a12a90e-52d9-462a-afef-33b5f1556a5a.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsd8cb0c11-0fe8-4c3d-bad5-0147bd6962cf.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs2ac1dd51-4fce-4fb7-ae53-f035bab57634.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsd0e1cd14-df52-45eb-b145-4efe69c0e4c5.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs3f49534a-e115-4ed9-8e96-f9aee4b568ac.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs96bc59c5-604d-4708-b7d4-517fbff9a70a.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs0d419709-9202-470f-9744-1c4befc19d41.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsc00a617a-d6e1-45b3-bfa0-a11c06f24386.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs54319577-3ee8-48f4-8e3d-f307425e5e64.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsf3841e16-5217-4522-98ce-a4eb68bb31b0.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsc50ab8cd-1430-44dc-8ef1-acec8b9e975f.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs195549c0-ef3c-458a-be0f-5dd436e1240f.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs21ce2157-63d3-4829-9968-47e6138b589f.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs90475d8c-1b8f-4ad0-8321-d0f0feeb8cf4.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs7d9206f6-3919-4efd-bc5d-4dfbbfd3ff78.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs94411915-380c-4020-8662-6646e60255a4.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs7a115b89-0644-4ac4-816f-1025f6cd9aff.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsfd83aee9-ad65-4f17-a5cf-2f062ac47b4a.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscse310f540-b9d1-46d4-a7ab-c76d3bc6d3b6.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs971f8cd9-da93-4465-bc53-999b5553c4e4.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsbe90cca8-6a28-458c-80cf-21e9b440b6af.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs1467968d-4abb-4f4e-abfa-825666e1af6e.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsf25d6ae0-dbb2-42c6-9e62-901f577e8f90.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs37be9711-cd95-445a-a8ec-3b75d0f77c24.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs62f3a626-57e7-4d21-a8b1-bea05c0ac7d4.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs609a2b7a-265f-4a61-a8b0-9818649247d7.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsdab4fa75-2dbd-4e0d-ade8-c7d8ca492ef3.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsde2f7f24-85f4-4acf-9ecf-469133fbdef2.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs46ede53c-48ea-4d90-b473-890488567f93.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs660ae601-9506-4962-8a72-a7d4c1e61f60.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs19292644-ef65-47f4-80dc-7c203bd65e06.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs4e3c7b63-967c-4993-8dc4-fc1325dbb544.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsfb481efa-cb94-4f35-9d56-70c6e652aab3.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs12f18297-1a4a-4a8c-9600-27e0661a4585.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsb808999a-939b-4394-8b55-052248c39338.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs453edbca-fd3a-405d-be5c-319cb41fbc11.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs087d692a-6b0e-4007-b7a2-56f76611b093.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsf37cddeb-7a5f-4554-8db1-24e7f3c8e327.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs49efd75f-d213-4cd8-bfdc-d337cafaaf94.tmp". The process cannot access the file because it is being used by another process
10:53 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs50a691ff-d546-4da3-a719-186a517dfe87.tmp". The process cannot access the file because it is being used by another process
10:54 PM: Warning: Failed to open file "c:\windows\internet logs\fwpktlog.txt". The process cannot access the file because it is being used by another process
10:54 PM: Warning: Failed to open file "c:\windows\internet logs\fwdbglog.txt". The process cannot access the file because it is being used by another process
11:07 PM: File Sweep Complete, Elapsed Time: 00:17:38
11:07 PM: Full Sweep has completed. Elapsed time 00:23:56
11:07 PM: Traces Found: 4
11:17 PM: Removal process initiated
11:17 PM: Quarantining All Traces: trojan-downloader-moneymind
11:17 PM: Warning: Out of memory
11:17 PM: Warning: Out of memory
11:17 PM: Removal process completed. Elapsed time 00:00:08
********
9:01 PM: | Start of Session, Friday, November 11, 2005 |
9:01 PM: Spy Sweeper started
9:01 PM: Sweep initiated using definitions version 572
9:01 PM: Starting Memory Sweep
9:06 PM: Memory Sweep Complete, Elapsed Time: 00:04:36
9:06 PM: Starting Registry Sweep
9:08 PM: Found Trojan Horse: trojan-downloader-moneymind
9:08 PM: HKU\DARREN\software\xjado\ (1 subtraces) (ID = 144725)
9:08 PM: HKU\WRSS_Profile_EUNICE\software\xjado\ (1 subtraces) (ID = 144725)
9:08 PM: Registry Sweep Complete, Elapsed Time:00:02:02
9:08 PM: Starting Cookie Sweep
9:08 PM: Found Spy Cookie: sextracker cookie
9:08 PM: [email protected][1].txt (ID = 3362)
9:08 PM: Found Spy Cookie: atlas dmt cookie
9:08 PM: darren@atdmt[2].txt (ID = 2253)
9:08 PM: Found Spy Cookie: revenue.net cookie
9:08 PM: darren@revenue[2].txt (ID = 3257)
9:08 PM: Found Spy Cookie: a cookie
9:08 PM: darren@a[1].txt (ID = 2027)
9:08 PM: Found Spy Cookie: go.com cookie
9:08 PM: [email protected][1].txt (ID = 2729)
9:08 PM: Found Spy Cookie: belnk cookie
9:08 PM: darren@belnk[1].txt (ID = 2292)
9:08 PM: Found Spy Cookie: centrport net cookie
9:08 PM: darren@centrport[1].txt (ID = 2374)
9:08 PM: Found Spy Cookie: toplist cookie
9:08 PM: darren@toplist[1].txt (ID = 3557)
9:08 PM: Found Spy Cookie: adecn cookie
9:08 PM: darren@adecn[1].txt (ID = 2063)
9:08 PM: Found Spy Cookie: xxxcounter cookie
9:08 PM: darren@xxxcounter[1].txt (ID = 3733)
9:08 PM: Found Spy Cookie: domainsponsor cookie
9:08 PM: [email protected][1].txt (ID = 2535)
9:08 PM: Found Spy Cookie: 247realmedia cookie
9:08 PM: darren@247realmedia[1].txt (ID = 1953)
9:08 PM: Found Spy Cookie: serving-sys cookie
9:08 PM: darren@serving-sys[1].txt (ID = 3343)
9:08 PM: Found Spy Cookie: adserver cookie
9:08 PM: [email protected][1].txt (ID = 2142)
9:08 PM: Found Spy Cookie: zedo cookie
9:08 PM: [email protected][2].txt (ID = 3763)
9:08 PM: Found Spy Cookie: adrevolver cookie
9:08 PM: darren@adrevolver[3].txt (ID = 2088)
9:08 PM: Found Spy Cookie: tickle cookie
9:08 PM: darren@tickle[2].txt (ID = 3529)
9:08 PM: Found Spy Cookie: trafficmp cookie
9:08 PM: darren@trafficmp[2].txt (ID = 3581)
9:08 PM: Found Spy Cookie: websponsors cookie
9:08 PM: [email protected][1].txt (ID = 3665)
9:08 PM: Found Spy Cookie: tripod cookie
9:08 PM: darren@tripod[1].txt (ID = 3591)
9:08 PM: Found Spy Cookie: clickzs cookie
9:08 PM: [email protected][2].txt (ID = 2413)
9:08 PM: Found Spy Cookie: ask cookie
9:08 PM: darren@ask[1].txt (ID = 2245)
9:08 PM: Found Spy Cookie: 2o7.net cookie
9:08 PM: [email protected][1].txt (ID = 1958)
9:08 PM: Found Spy Cookie: cc214142 cookie
9:08 PM: [email protected][2].txt (ID = 2367)
9:08 PM: Found Spy Cookie: xiti cookie
9:08 PM: darren@xiti[1].txt (ID = 3717)
9:08 PM: Found Spy Cookie: valuead cookie
9:08 PM: darren@valuead[1].txt (ID = 3626)
9:08 PM: Found Spy Cookie: anm.co.uk cookie
9:08 PM: [email protected][2].txt (ID = 2223)
9:08 PM: Found Spy Cookie: adtech cookie
9:08 PM: darren@adtech[2].txt (ID = 2155)
9:08 PM: Found Spy Cookie: fortunecity cookie
9:08 PM: darren@fortunecity[2].txt (ID = 2686)
9:08 PM: Found Spy Cookie: hbmediapro cookie
9:08 PM: [email protected][2].txt (ID = 2768)
9:08 PM: Found Spy Cookie: paycounter cookie
9:08 PM: darren@paycounter[1].txt (ID = 3115)
9:08 PM: Found Spy Cookie: rn11 cookie
9:08 PM: darren@rn11[2].txt (ID = 3261)
9:08 PM: Found Spy Cookie: onestat.com cookie
9:08 PM: [email protected][1].txt (ID = 3098)
9:08 PM: [email protected][2].txt (ID = 2413)
9:08 PM: [email protected][1].txt (ID = 1958)
9:08 PM: Found Spy Cookie: hotbar cookie
9:08 PM: [email protected][2].txt (ID = 4207)
9:08 PM: Found Spy Cookie: tribalfusion cookie
9:08 PM: darren@tribalfusion[1].txt (ID = 3589)
9:08 PM: Found Spy Cookie: sexsearch cookie
9:08 PM: [email protected][1].txt (ID = 3358)
9:08 PM: [email protected][2].txt (ID = 3362)
9:08 PM: darren@2o7[1].txt (ID = 1957)
9:08 PM: darren@go[1].txt (ID = 2728)
9:08 PM: Found Spy Cookie: paypopup cookie
9:08 PM: darren@paypopup[2].txt (ID = 3119)
9:08 PM: Found Spy Cookie: askmen cookie
9:08 PM: darren@askmen[2].txt (ID = 2247)
9:08 PM: Found Spy Cookie: atwola cookie
9:08 PM: darren@atwola[1].txt (ID = 2255)
9:08 PM: Found Spy Cookie: trb.com cookie
9:08 PM: darren@trb[1].txt (ID = 3587)
9:08 PM: Found Spy Cookie: bluestreak cookie
9:08 PM: darren@bluestreak[1].txt (ID = 2314)
9:08 PM: Found Spy Cookie: reliablestats cookie
9:08 PM: [email protected][2].txt (ID = 3254)
9:08 PM: [email protected][1].txt (ID = 1958)
9:08 PM: darren@adrevolver[2].txt (ID = 2088)
9:08 PM: Found Spy Cookie: tradedoubler cookie
9:08 PM: darren@tradedoubler[2].txt (ID = 3575)
9:08 PM: [email protected][2].txt (ID = 2293)
9:08 PM: Found Spy Cookie: burstnet cookie
9:08 PM: darren@burstnet[2].txt (ID = 2336)
9:08 PM: Found Spy Cookie: questionmarket cookie
9:08 PM: darren@questionmarket[1].txt (ID = 3217)
9:08 PM: Found Spy Cookie: adjuggler cookie
9:08 PM: [email protected][1].txt (ID = 2071)
9:08 PM: Found Spy Cookie: clickandtrack cookie
9:08 PM: [email protected][2].txt (ID = 2397)
9:08 PM: Found Spy Cookie: screensavers.com cookie
9:08 PM: [email protected][1].txt (ID = 3298)
9:08 PM: [email protected][1].txt (ID = 3627)
9:08 PM: Found Spy Cookie: reunion cookie
9:08 PM: darren@reunion[2].txt (ID = 3255)
9:08 PM: Found Spy Cookie: adknowledge cookie
9:08 PM: darren@adknowledge[1].txt (ID = 2072)
9:08 PM: Found Spy Cookie: excite cookie
9:08 PM: darren@excite[1].txt (ID = 2631)
9:08 PM: Found Spy Cookie: maxserving cookie
9:08 PM: darren@maxserving[2].txt (ID = 2966)
9:08 PM: Found Spy Cookie: ecomplanet cookie
9:08 PM: darren@ecomplanet[2].txt (ID = 2577)
9:08 PM: Found Spy Cookie: overture cookie
9:08 PM: [email protected][2].txt (ID = 3106)
9:08 PM: [email protected][1].txt (ID = 3362)
9:08 PM: Found Spy Cookie: webtrendslive cookie
9:08 PM: [email protected][2].txt (ID = 3667)
9:08 PM: [email protected][2].txt (ID = 2293)
9:08 PM: Found Spy Cookie: pro-market cookie
9:08 PM: darren@pro-market[2].txt (ID = 3197)
9:08 PM: [email protected][1].txt (ID = 1958)
9:08 PM: Found Spy Cookie: burstbeacon cookie
9:08 PM: [email protected][2].txt (ID = 2335)
9:08 PM: Found Spy Cookie: casalemedia cookie
9:08 PM: darren@casalemedia[1].txt (ID = 2354)
9:08 PM: Found Spy Cookie: falkag cookie
9:08 PM: [email protected][1].txt (ID = 2650)
9:08 PM: Found Spy Cookie: bilbo.counted.com cookie
9:08 PM: [email protected][2].txt (ID = 2306)
9:08 PM: Found Spy Cookie: bravenet cookie
9:08 PM: darren@bravenet[1].txt (ID = 2322)
9:08 PM: Found Spy Cookie: ru4 cookie
9:08 PM: [email protected][2].txt (ID = 3269)
9:08 PM: [email protected][1].txt (ID = 2729)
9:08 PM: Found Spy Cookie: nextag cookie
9:08 PM: darren@nextag[2].txt (ID = 5014)
9:08 PM: Found Spy Cookie: specificclick.com cookie
9:08 PM: [email protected][1].txt (ID = 3400)
9:08 PM: [email protected][1].txt (ID = 2729)
9:08 PM: Found Spy Cookie: 4u.pl cookie
9:08 PM: [email protected][1].txt (ID = 1978)
9:08 PM: [email protected][1].txt (ID = 2729)
9:08 PM: [email protected][1].txt (ID = 2650)
9:08 PM: Found Spy Cookie: targetnet cookie
9:08 PM: darren@targetnet[2].txt (ID = 3489)
9:08 PM: Found Spy Cookie: addynamix cookie
9:08 PM: [email protected][2].txt (ID = 2062)
9:08 PM: darren@zedo[2].txt (ID = 3762)
9:08 PM: Found Spy Cookie: webpower cookie
9:08 PM: darren@webpower[1].txt (ID = 3660)
9:08 PM: Found Spy Cookie: pointroll cookie
9:08 PM: [email protected][1].txt (ID = 3148)
9:08 PM: Found Spy Cookie: realmedia cookie
9:08 PM: darren@realmedia[2].txt (ID = 3235)
9:08 PM: Found Spy Cookie: yieldmanager cookie
9:08 PM: darren@yieldmanager[2].txt (ID = 3749)
9:08 PM: darren@sextracker[1].txt (ID = 3361)
9:08 PM: Found Spy Cookie: apmebf cookie
9:08 PM: darren@apmebf[2].txt (ID = 2229)
9:08 PM: Found Spy Cookie: qksrv cookie
9:08 PM: darren@qksrv[2].txt (ID = 3213)
9:08 PM: [email protected][1].txt (ID = 3751)
9:08 PM: Found Spy Cookie: yadro cookie
9:08 PM: darren@yadro[1].txt (ID = 3743)
9:08 PM: [email protected][2].txt (ID = 2729)
9:08 PM: Found Spy Cookie: servedby advertising cookie
9:08 PM: [email protected][2].txt (ID = 3335)
9:08 PM: Found Spy Cookie: advertising cookie
9:08 PM: darren@advertising[2].txt (ID = 2175)
9:08 PM: Found Spy Cookie: statcounter cookie
9:08 PM: darren@statcounter[1].txt (ID = 3447)
9:08 PM: Found Spy Cookie: linksynergy cookie
9:08 PM: darren@linksynergy[1].txt (ID = 2926)
9:08 PM: Found Spy Cookie: fastclick cookie
9:08 PM: darren@fastclick[2].txt (ID = 2651)
9:08 PM: eunice@adknowledge[2].txt (ID = 2072)
9:08 PM: [email protected][1].txt (ID = 3256)
9:08 PM: eunice@nextag[1].txt (ID = 5014)
9:08 PM: Found Spy Cookie: pricegrabber cookie
9:08 PM: eunice@pricegrabber[1].txt (ID = 3185)
9:08 PM: [email protected][2].txt (ID = 1958)
9:08 PM: Found Spy Cookie: about cookie
9:08 PM: [email protected][1].txt (ID = 2038)
9:08 PM: Found Spy Cookie: did-it cookie
9:08 PM: eunice@did-it[1].txt (ID = 2523)
9:08 PM: eunice@trb[2].txt (ID = 3587)
9:08 PM: eunice@go[1].txt (ID = 2728)
9:08 PM: Found Spy Cookie: coremetrics cookie
9:08 PM: [email protected][1].txt (ID = 2472)
9:08 PM: eunice@yieldmanager[1].txt (ID = 3749)
9:08 PM: Found Spy Cookie: directtrack cookie
9:08 PM: [email protected][2].txt (ID = 2528)
9:08 PM: eunice@targetnet[1].txt (ID = 3489)
9:08 PM: Found Spy Cookie: tracking cookie
9:08 PM: eunice@tracking[3].txt (ID = 3571)
9:08 PM: eunice@atdmt[2].txt (ID = 2253)
9:08 PM: Found Spy Cookie: ads.adsag cookie
9:08 PM: [email protected][1].txt (ID = 2108)
9:08 PM: [email protected][2].txt (ID = 2768)
9:08 PM: eunice@rn11[2].txt (ID = 3261)
9:08 PM: eunice@questionmarket[1].txt (ID = 3217)
9:08 PM: eunice@paypopup[1].txt (ID = 3119)
9:08 PM: Found Spy Cookie: ic-live cookie
9:08 PM: eunice@ic-live[1].txt (ID = 2821)
9:08 PM: eunice@tracking[2].txt (ID = 3571)
9:08 PM: [email protected][1].txt (ID = 1958)
9:08 PM: [email protected][1].txt (ID = 2142)
9:08 PM: eunice@advertising[1].txt (ID = 2175)
9:08 PM: eunice@burstnet[1].txt (ID = 2336)
9:08 PM: eunice@reunion[2].txt (ID = 3255)
9:08 PM: Found Spy Cookie: bizrate cookie
9:08 PM: eunice@bizrate[2].txt (ID = 2308)
9:08 PM: eunice@zedo[1].txt (ID = 3762)
9:08 PM: Found Spy Cookie: starware.com cookie
9:08 PM: eunice@starware[2].txt (ID = 3441)
9:08 PM: Found Spy Cookie: 360i cookie
9:08 PM: [email protected][2].txt (ID = 1962)
9:08 PM: eunice@fastclick[1].txt (ID = 2651)
9:08 PM: eunice@casalemedia[2].txt (ID = 2354)
9:08 PM: Found Spy Cookie: 888 cookie
9:08 PM: eunice@888[2].txt (ID = 2019)
9:08 PM: eunice@realmedia[2].txt (ID = 3235)
9:08 PM: Found Spy Cookie: dealtime cookie
9:08 PM: eunice@dealtime[2].txt (ID = 2505)
9:08 PM: [email protected][1].txt (ID = 2038)
9:08 PM: eunice@tribalfusion[1].txt (ID = 3589)
9:08 PM: [email protected][1].txt (ID = 1958)
9:08 PM: [email protected][1].txt (ID = 2337)
9:08 PM: [email protected][1].txt (ID = 3763)
9:08 PM: [email protected][2].txt (ID = 2335)
9:08 PM: eunice@atwola[1].txt (ID = 2255)
9:08 PM: eunice@tickle[2].txt (ID = 3529)
9:08 PM: Found Spy Cookie: gostats cookie
9:08 PM: [email protected][2].txt (ID = 2748)
9:08 PM: eunice@ask[1].txt (ID = 2245)
9:08 PM: [email protected][2].txt (ID = 2038)
9:08 PM: [email protected][1].txt (ID = 2729)
9:08 PM: eunice@about[1].txt (ID = 2037)
9:08 PM: eunice@tracking[4].txt (ID = 3571)
9:08 PM: [email protected][1].txt (ID = 2729)
9:08 PM: [email protected][1].txt (ID = 2038)
9:08 PM: [email protected][1].txt (ID = 2038)
9:08 PM: [email protected][1].txt (ID = 2038)
9:08 PM: eunice@maxserving[2].txt (ID = 2966)
9:08 PM: Found Spy Cookie: upspiral cookie
9:08 PM: [email protected][1].txt (ID = 3615)
9:08 PM: [email protected][1].txt (ID = 2038)
9:08 PM: eunice@trafficmp[1].txt (ID = 3581)
9:08 PM: eunice@2o7[2].txt (ID = 1957)
9:08 PM: [email protected][1].txt (ID = 2367)
9:08 PM: [email protected][1].txt (ID = 2506)
9:08 PM: [email protected][1].txt (ID = 3400)
9:08 PM: [email protected][1].txt (ID = 3269)
9:08 PM: Found Spy Cookie: servlet cookie
9:08 PM: eunice@servlet[1].txt (ID = 3345)
9:08 PM: [email protected][1].txt (ID = 2038)
9:08 PM: [email protected][2].txt (ID = 1958)
9:08 PM: [email protected][1].txt (ID = 2729)
9:08 PM: eunice@revenue[2].txt (ID = 3257)
9:08 PM: [email protected][2].txt (ID = 1958)
9:08 PM: eunice@adecn[1].txt (ID = 2063)
9:08 PM: Found Spy Cookie: myaffiliateprogram.com cookie
9:08 PM: [email protected][2].txt (ID = 3032)
9:08 PM: [email protected][1].txt (ID = 3106)
9:08 PM: [email protected][1].txt (ID = 3665)
9:08 PM: eunice@tradedoubler[2].txt (ID = 3575)
9:08 PM: [email protected][2].txt (ID = 3751)
9:08 PM: Found Spy Cookie: 3 cookie
9:08 PM: eunice@3[1].txt (ID = 1959)
9:08 PM: [email protected][1].txt (ID = 3254)
9:08 PM: eunice@adrevolver[2].txt (ID = 2088)
9:08 PM: Found Spy Cookie: hypertracker.com cookie
9:08 PM: eunice@hypertracker[2].txt (ID = 2817)
9:08 PM: [email protected][1].txt (ID = 2293)
9:08 PM: [email protected][2].txt (ID = 2062)
9:08 PM: [email protected][1].txt (ID = 3298)
9:08 PM: eunice@belnk[2].txt (ID = 2292)
9:08 PM: [email protected][2].txt (ID = 2293)
9:08 PM: Found Spy Cookie: findwhat cookie
9:08 PM: eunice@findwhat[1].txt (ID = 2674)
9:08 PM: eunice@adrevolver[3].txt (ID = 2088)
9:08 PM: Found Spy Cookie: offeroptimizer cookie
9:08 PM: eunice@offeroptimizer[2].txt (ID = 3087)
9:08 PM: [email protected][1].txt (ID = 2650)
9:08 PM: [email protected][1].txt (ID = 2650)
9:08 PM: [email protected][2].txt (ID = 3627)
9:08 PM: [email protected][2].txt (ID = 3335)
9:08 PM: [email protected][1].txt (ID = 2535)
9:08 PM: [email protected][1].txt (ID = 3148)
9:08 PM: eunice@247realmedia[1].txt (ID = 1953)
9:08 PM: [email protected][1].txt (ID = 3667)
9:08 PM: [email protected][2].txt (ID = 2397)
9:08 PM: Found Spy Cookie: server.iad.liveperson cookie
9:08 PM: [email protected][2].txt (ID = 3341)
9:08 PM: eunice@dcs8ir0f010000oyioyaka1kl_8j7n[2].txt (ID = 3673)
9:08 PM: eunice@tribalfusion[2].txt (ID = 3589)
9:08 PM: eunice@tradedoubler[1].txt (ID = 3575)
9:08 PM: [email protected][3].txt (ID = 2729)
9:08 PM: [email protected][2].txt (ID = 2729)
9:08 PM: [email protected][1].txt (ID = 1958)
9:08 PM: eunice@adknowledge[1].txt (ID = 2072)
9:08 PM: [email protected][1].txt (ID = 1958)
9:08 PM: [email protected][3].txt (ID = 2768)
9:08 PM: [email protected][3].txt (ID = 3335)
9:08 PM: eunice@targetnet[3].txt (ID = 3489)
9:08 PM: eunice@bluestreak[1].txt (ID = 2314)
9:08 PM: eunice@bizrate[1].txt (ID = 2308)
9:08 PM: [email protected][2].txt (ID = 3763)
9:08 PM: [email protected][3].txt (ID = 2650)
9:08 PM: eunice@trafficmp[3].txt (ID = 3581)
9:08 PM: eunice@yieldmanager[2].txt (ID = 3749)
9:08 PM: [email protected][2].txt (ID = 3400)
9:08 PM: eunice@tickle[1].txt (ID = 3529)
9:08 PM: eunice@pricegrabber[3].txt (ID = 3185)
9:08 PM: [email protected][3].txt (ID = 3627)
9:08 PM: [email protected][1].txt (ID = 2062)
9:08 PM: [email protected][2].txt (ID = 2506)
9:08 PM: [email protected][3].txt (ID = 2650)
9:08 PM: eunice@did-it[2].txt (ID = 2523)
9:08 PM: eunice@zedo[2].txt (ID = 3762)
9:08 PM: [email protected][3].txt (ID = 2142)
9:08 PM: Found Spy Cookie: hitslink cookie
9:08 PM: [email protected][2].txt (ID = 2790)
9:08 PM: eunice@nextag[3].txt (ID = 5014)
9:08 PM: Found Spy Cookie: humanclick cookie
9:08 PM: [email protected][1].txt (ID = 2810)
9:08 PM: eunice@linksynergy[2].txt (ID = 2926)
9:08 PM: eunice@go[3].txt (ID = 2728)
9:08 PM: eunice@statcounter[2].txt (ID = 3447)
9:08 PM: eunice@burstnet[3].txt (ID = 2336)
9:08 PM: [email protected][3].txt (ID = 2293)
9:08 PM: [email protected][3].txt (ID = 3269)
9:08 PM: [email protected][1].txt (ID = 2397)
9:08 PM: eunice@maxserving[3].txt (ID = 2966)
9:08 PM: eunice@casalemedia[3].txt (ID = 2354)
9:08 PM: [email protected][2].txt (ID = 3667)
9:08 PM: [email protected][1].txt (ID = 1962)
9:08 PM: [email protected][2].txt (ID = 4207)
9:08 PM: eunice@centrport[2].txt (ID = 2374)
9:08 PM: eunice@starware[3].txt (ID = 3441)
9:08 PM: [email protected][1].txt (ID = 3341)
9:08 PM: eunice@excite[2].txt (ID = 2631)
9:08 PM: [email protected][1].txt (ID = 2335)
9:08 PM: eunice@questionmarket[2].txt (ID = 3217)
9:08 PM: eunice@advertising[2].txt (ID = 2175)
9:08 PM: eunice@2o7[3].txt (ID = 1957)
9:08 PM: eunice@realmedia[3].txt (ID = 3235)
9:08 PM: [email protected][3].txt (ID = 3148)
9:08 PM: [email protected][3].txt (ID = 3751)
9:08 PM: [email protected][3].txt (ID = 3298)
9:08 PM: [email protected][1].txt (ID = 3298)
9:08 PM: [email protected][1].txt (ID = 1958)
9:08 PM: [email protected][1].txt (ID = 1958)
9:08 PM: eunice@fastclick[3].txt (ID = 2651)
9:08 PM: eunice@dcs8ir0f010000oyioyaka1kl_8j7n[1].txt (ID = 3673)
9:08 PM: Cookie Sweep Complete, Elapsed Time: 00:00:24
9:08 PM: Starting File Sweep
9:09 PM: Warning: Failed to open file "c:\windows\win386.swp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs9581291a-9205-44d2-bc2d-9f2fc505e308.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs2c881977-714f-40f1-ab8f-ae814dcb1a8c.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsa5fe3b61-b142-444b-9543-c57f5c4932cf.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs4bb37684-17cc-4003-9638-2cf18a4adc04.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs3046b55e-6276-4fa6-8fc7-a8aa29331f5c.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs4e3fb2d7-6e4e-4a6a-a6d3-6d6c3fe3ebea.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs9d2b208f-c204-4f5c-a7fe-256e45ee3fea.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs43ffc1b1-2599-4f82-a4a4-ec7b44e0535f.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsa8a6d27b-7501-4ff3-8ff1-ebdf95645f98.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs7891b65c-d0bf-4502-8386-c3ed3865c0b6.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsdf5211d3-7ce8-4cc5-8349-247d88c7e873.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsc1f6019c-efa3-4c70-9341-1d9abd685738.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsd24b243c-499c-4f7e-a8eb-93c45c776dc4.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs71230dc6-43c0-4f2a-8fc5-ca402a831a04.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsd22b13b2-1407-4a9c-92a5-aa4946b0d2ff.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs866acdfd-8931-4413-992e-6b2c468a99c1.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs5ea92ba1-a8cc-42fc-8704-ca7d8a349289.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs3830805b-40cf-4dc8-bcfe-1a4a797571b4.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs8759bb94-e17f-47db-bfe4-cc0dcbb35b6d.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs1fc0bdc7-adf3-47e4-9ff6-9202b1bb45e4.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsf78bfeb3-690e-477a-8f2b-32604c7672ea.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsa5fbe225-e568-490c-b898-55d3696e1c3d.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsd51b8d9c-4540-42dd-af35-e993c0f562b7.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs2f66627e-fcd2-493c-9711-b644b8f0d180.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs587ef91d-656a-4888-ac66-08bb3495a9e4.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs8e7c6b83-cf4d-42dd-95fd-26febbc7db9c.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsbd2ad27f-8fea-431b-b0a1-f1e4fd8d82b2.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsd5d150df-b3f6-4785-a9f0-866b630b6801.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs5ea71baf-c5b5-42a1-811d-43995f904482.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs75b2c48b-715f-443e-8b35-024e33f1f995.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs99dfa10d-4741-4952-840b-32d1a324627c.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsc14b4e40-a9a3-44b8-8524-86f157037737.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs197b9e87-60c6-452f-8a32-0b5b3a104473.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs1f3ebf08-3b88-41d0-b2b4-332cca443b85.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs76e08c51-2d2c-4808-b24e-935631fded85.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsf1ebbccc-fb96-4234-a131-71e617171c5a.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsde5e7d77-b3a6-4f6c-8543-cea442a90082.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs208815bc-0ec1-4cc0-bdc2-b03d3b842ad4.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs7f31d821-b6da-4367-a212-fed11565d189.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs7cb73ade-c6e0-473b-adf6-b67df73bd634.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs2e0e9a21-d70b-40c8-a5b2-e65a48fc128a.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsc34a5c12-7cc3-40b8-8ec6-d259f2e8199f.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsbd82c077-ccc3-493f-8e61-20e1987b4a71.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscse2ee5d82-c4c8-4e07-a5fb-e5b48e0b6551.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscsd79b19c6-ff43-46d4-9e1c-e3788c8238dc.tmp". The process cannot access the file because it is being used by another process
9:16 PM: Warning: Failed to open file "c:\windows\profiles\darren\application data\webroot\spy sweeper\temp\sscs95beaea1-0322-44a3-916e-375421cd4e5c.tmp". The process cannot access the file because it is being used
  • 0

Advertisements

#11
blonde_blueyes2
Posted 12 November 2005 - 10:20 PM

blonde_blueyes2

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Logfile of HijackThis v1.99.1
Scan saved at 11:20:47 PM, on 11/12/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\WSCRIPT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\HIGHCRITERIA\TOTALRECORDER\TOTRECSCHED.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\PROGRAM FILES\SONY\VAIO ACTION SETUP\VASERV.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOHMR08.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\INTEGRATOR.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOEVM08.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\WRSSSDK.EXE
C:\PROGRAM FILES\SUPPORT.COM\CLIENT\BIN\TGCMD.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSTS08.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\PROFILES\DARREN\APPLICATION DATA\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN3\YCOMP5_6_0_0.DLL
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN3\YCOMP5_6_0_0.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
O4 - HKLM\..\Run: [NAV Premend OEM Utility] A:\0107301.SYM\PREMEND.EXE -silent
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe
O4 - HKLM\..\Run: [OCAudioIni] C:\Program Files\One-click Audio Converter\OCAudioIni.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE" /startintray
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - Startup: VAIO Action Setup (Server).lnk = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\hpis\bin\matcli.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
O4 - Startup: AntiCrash.lnk = C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe
O4 - User Startup: VAIO Action Setup (Server).lnk = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
O4 - User Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - User Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - User Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - User Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\hpis\bin\matcli.exe
O4 - User Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - User Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - User Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
O4 - User Startup: AntiCrash.lnk = C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
  • 0

#12
Buckeye_Sam
Posted 13 November 2005 - 04:43 PM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Are you still getting popups?
  • 0

#13
blonde_blueyes2
Posted 14 November 2005 - 03:13 AM

blonde_blueyes2

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

Are you still getting popups?



Hey Buckeye Sam (Ohio State Buckeye? Michigan State Spartans are much better in every way
:tazz: )

The Pop Ups are gone: thank you so much Sam. Do I have any more spy junk on the computer? I really appreciate the Help: you are a LIFE SAVER....

Edited by blonde_blueyes2, 14 November 2005 - 03:34 AM.

  • 0

#14
Buckeye_Sam
Posted 14 November 2005 - 04:39 PM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
It's a good sign that you're not getting popups any longer. And your log looks clean to me! :tazz:

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Managing Windows Millenium System Restore

    or

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:) :woot:



Yes, I am an Ohio State Buckeye! :)
But I'm also a big Mich St. fan this weekend. Go Spartans! Beat Penn State! :woot:
  • 0

#15
blonde_blueyes2
Posted 16 November 2005 - 03:19 AM

blonde_blueyes2

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts

It's a good sign that you're not getting popups any longer. And your log looks clean to me! :tazz:

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Managing Windows Millenium System Restore

    or

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above
  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.

  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources
  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls
  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer
  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware
  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:) :P
Yes, I am an Ohio State Buckeye! :)
But I'm also a big Mich St. fan this weekend. Go Spartans! Beat Penn State! :woot:



Thank You again ....Sam for all of your help and GREAT TIPS!! I'm going to save everything you said

& yes, GO SPARTANS AGAINST PENN STATE.......


Posted Image




& OHIO STATE
:woot: :woot: :P :P
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP