[mdoc]

I had Winfixer that did not display the telltale "O2 - BHO: MSEvents Object" line in the HijackThis log, so i was in a fix (winfixer, remember?)

--there is a very protracted manual removal procedure; but it's a list 3 pages full of running tasks, DLLs, registry entries, files and directories for removal (found at www.spyware-removal-guideline.com/winfixer-removal). So I was in a bigger (protracted) fix.

But after downloading the trial version of Spy Sweeper, it was successfully removed, and here's the session log. The HJK log is at the bottom of this post, this log is after the fact (after removal). Anything else i should remove? Thanks.

[BTW winfixer nomanclature is now changed to "winantispyware 2005" by the author in Sept 2005. Watch for this, the threat characteristics have changed! Also there is no telltale MSEvents line in HJK log results.]


SPY SWEEPER SESSION LOG
********
9:35 AM: | Start of Session, Wednesday, November 16, 2005 |
9:35 AM: Spy Sweeper started
9:35 AM: Sweep initiated using definitions version 573
9:35 AM: Starting Memory Sweep
9:39 AM: Found Adware: winantispyware 2005
9:39 AM: Detected running threat: C:\Documents and Settings\moconnor\Local Settings\Temp\NI.UWFX5\setup.exe (ID = 162517)
9:39 AM: Memory Sweep Complete, Elapsed Time: 00:04:35
9:39 AM: Starting Registry Sweep
9:40 AM: HKLM\software\winsoftware\winfixer 2005\ (1 subtraces) (ID = 528193)
9:40 AM: HKCR\compcleancore.appcleane\ (5 subtraces) (ID = 812589)
9:40 AM: HKCR\compcleancore.appcleane.1\ (3 subtraces) (ID = 812595)
9:40 AM: HKCR\compcleancore.cquickscan\ (5 subtraces) (ID = 812599)
9:40 AM: HKCR\compcleancore.cquickscan.1\ (3 subtraces) (ID = 812605)
9:40 AM: HKCR\compcleancore.filecleane\ (5 subtraces) (ID = 812609)
9:40 AM: HKCR\compcleancore.filecleane.1\ (3 subtraces) (ID = 812615)
9:40 AM: HKCR\compcleancore.inetcleane\ (5 subtraces) (ID = 812619)
9:40 AM: HKCR\compcleancore.inetcleane.1\ (3 subtraces) (ID = 812625)
9:40 AM: HKCR\compcleancore.regcleane\ (5 subtraces) (ID = 812629)
9:40 AM: HKCR\compcleancore.regcleane.1\ (3 subtraces) (ID = 812635)
9:40 AM: HKCR\compcleancore.systemcleane\ (5 subtraces) (ID = 812639)
9:40 AM: HKCR\compcleancore.systemcleane.1\ (3 subtraces) (ID = 812645)
9:40 AM: HKCR\df_fixer.fixe\ (5 subtraces) (ID = 812649)
9:40 AM: HKCR\df_fixer.fixe.1\ (3 subtraces) (ID = 812655)
9:40 AM: HKCR\df_proxy.drivermanipulat\ (5 subtraces) (ID = 812659)
9:40 AM: HKCR\df_proxy.drivermanipulat.1\ (3 subtraces) (ID = 812665)
9:40 AM: HKCR\ffwraper.ffenginwrape\ (5 subtraces) (ID = 812669)
9:40 AM: HKCR\ffwraper.ffenginwrape.1\ (3 subtraces) (ID = 812675)
9:40 AM: HKCR\fixcore.mmfixcor\ (5 subtraces) (ID = 812679)
9:40 AM: HKCR\fixcore.mmfixcor.1\ (3 subtraces) (ID = 812685)
9:40 AM: HKCR\flfxr.flfixer\ (3 subtraces) (ID = 812689)
9:40 AM: HKCR\mmfixctrl.cofixengin\ (5 subtraces) (ID = 812693)
9:40 AM: HKCR\mmfixctrl.cofixengin.1\ (3 subtraces) (ID = 812699)
9:40 AM: HKCR\pcheck.pcheck\ (5 subtraces) (ID = 812703)
9:40 AM: HKCR\pcheck.pcheck.1\ (3 subtraces) (ID = 812709)
9:40 AM: HKCR\appid\compcl.dll\ (1 subtraces) (ID = 812722)
9:40 AM: HKCR\appid\ffwrape.dll\ (1 subtraces) (ID = 812724)
9:40 AM: HKCR\appid\fixcor.dll\ (1 subtraces) (ID = 812726)
9:40 AM: HKCR\appid\mmfixctr.dll\ (1 subtraces) (ID = 812728)
9:40 AM: HKCR\appid\{133d56d3-f40c-4073-a219-f1d8c319aade}\ (1 subtraces) (ID = 812732)
9:40 AM: HKCR\appid\{aacd62b9-6292-4c3f-909a-4f47bc860917}\ (1 subtraces) (ID = 812735)
9:40 AM: HKCR\appid\{b5275135-5cde-4b00-b669-67eee11fb691}\ (1 subtraces) (ID = 812737)
9:40 AM: HKCR\appid\{e136b475-884f-49be-92ae-9f399e6b2277}\ (1 subtraces) (ID = 812739)
9:40 AM: HKCR\clsid\{0ad69724-fcc3-440a-9ace-ebcf5175c2d9}\ (12 subtraces) (ID = 812741)
9:40 AM: HKCR\clsid\{11bbb65e-b3f3-4bc7-b927-3cd7cfe8571e}\ (12 subtraces) (ID = 812754)
9:40 AM: HKCR\clsid\{1e9c908f-962a-4cf4-9a6a-cd50a2ed2965}\ (4 subtraces) (ID = 812767)
9:40 AM: HKCR\clsid\{4a7eae6a-00a6-4167-a026-e09c0748c676}\ (12 subtraces) (ID = 812772)
9:40 AM: HKCR\clsid\{4b2df42b-9d7f-4471-92d1-d32e39b5f864}\ (4 subtraces) (ID = 812785)
9:40 AM: HKCR\clsid\{542862a0-9b06-4b37-9494-430aacde1b48}\ (21 subtraces) (ID = 812790)
9:40 AM: HKCR\clsid\{7422da06-7834-4703-9209-442e3a0abee9}\ (12 subtraces) (ID = 812812)
9:40 AM: HKCR\clsid\{7f0e7e0a-3386-464f-a0f0-3683782c1227}\ (12 subtraces) (ID = 812825)
9:40 AM: HKCR\clsid\{8ec5abc2-0b35-43d4-82e0-c54f72d78976}\ (21 subtraces) (ID = 812844)
9:40 AM: HKCR\clsid\{93b11ae3-cb8d-43cc-a730-752caab185c0}\ (10 subtraces) (ID = 812866)
9:40 AM: HKCR\clsid\{a9e29c93-2086-4ea6-8f54-7e5f1849b59a}\ (12 subtraces) (ID = 812877)
9:40 AM: HKCR\clsid\{af78faab-79e9-4c95-bfa5-2b6da5ec29c9}\ (12 subtraces) (ID = 812890)
9:40 AM: HKCR\clsid\{b1f31ac7-8876-475b-89f0-df3f3e1359eb}\ (12 subtraces) (ID = 812903)
9:40 AM: HKCR\clsid\{d4060dc6-c043-4ddd-a9d3-3149fb024d03}\ (12 subtraces) (ID = 812916)
9:40 AM: HKCR\clsid\{d8cedc28-27f1-4aa7-ab59-3aadb1c8b47b}\ (4 subtraces) (ID = 812929)
9:40 AM: HKCR\clsid\{fd1a9e6b-05da-4ca2-830d-654da1ddbd9e}\ (14 subtraces) (ID = 812934)
9:40 AM: HKCR\typelib\{3bff2ef1-25ba-4342-a1e8-ec1e2cb9f22b}\ (9 subtraces) (ID = 812960)
9:40 AM: HKCR\typelib\{42a860e7-6f32-4191-94e8-08b6ab251e91}\ (9 subtraces) (ID = 812970)
9:40 AM: HKCR\typelib\{776081cc-ae15-4ac7-a3db-bd929c201694}\ (9 subtraces) (ID = 812980)
9:40 AM: HKCR\typelib\{8ba69d29-ae03-4ab2-b424-dded400e4804}\ (9 subtraces) (ID = 812990)
9:40 AM: HKCR\typelib\{b23f7271-53cb-4bb3-91af-3b98557baeac}\ (9 subtraces) (ID = 813000)
9:40 AM: HKCR\typelib\{c293551a-cc48-4d7f-9396-2ed35c4548d2}\ (9 subtraces) (ID = 813010)
9:40 AM: HKCR\typelib\{c8122510-d163-4c89-95ef-88972d5a56b1}\ (9 subtraces) (ID = 813020)
9:40 AM: HKCR\typelib\{dd35d052-76f9-4bfa-9005-69f1b26dc72a}\ (9 subtraces) (ID = 813030)
9:40 AM: HKLM\system\currentcontrolset\control\safeboot\minimal\dfd.sys\ (1 subtraces) (ID = 813075)
9:40 AM: HKLM\system\currentcontrolset\control\safeboot\network\dfd.sys\ (1 subtraces) (ID = 813077)
9:40 AM: HKLM\software\classes\compcleancore.appcleane\ (5 subtraces) (ID = 813091)
9:40 AM: HKLM\software\classes\compcleancore.appcleane.1\ (3 subtraces) (ID = 813097)
9:40 AM: HKLM\software\classes\compcleancore.cquickscan\ (5 subtraces) (ID = 813101)
9:40 AM: HKLM\software\classes\compcleancore.cquickscan.1\ (3 subtraces) (ID = 813107)
9:40 AM: HKLM\software\classes\compcleancore.filecleane\ (5 subtraces) (ID = 813111)
9:40 AM: HKLM\software\classes\compcleancore.filecleane.1\ (3 subtraces) (ID = 813117)
9:40 AM: HKLM\software\classes\compcleancore.inetcleane\ (5 subtraces) (ID = 813121)
9:40 AM: HKLM\software\classes\compcleancore.regcleane\ (5 subtraces) (ID = 813131)
9:40 AM: HKLM\software\classes\compcleancore.systemcleane\ (5 subtraces) (ID = 813141)
9:40 AM: HKLM\software\classes\df_fixer.fixe\ (5 subtraces) (ID = 813151)
9:40 AM: HKLM\software\classes\df_fixer.fixe.1\ (3 subtraces) (ID = 813157)
9:40 AM: HKLM\software\classes\df_proxy.drivermanipulat\ (5 subtraces) (ID = 813161)
9:40 AM: HKLM\software\classes\df_proxy.drivermanipulat.1\ (3 subtraces) (ID = 813167)
9:40 AM: HKLM\software\classes\ffwraper.ffenginwrape\ (5 subtraces) (ID = 813171)
9:40 AM: HKLM\software\classes\fixcore.mmfixcor\ (5 subtraces) (ID = 813181)
9:40 AM: HKLM\software\classes\flfxr.flfixer\ (3 subtraces) (ID = 813191)
9:40 AM: HKLM\software\classes\mmfixctrl.cofixengin\ (5 subtraces) (ID = 813195)
9:40 AM: HKLM\software\classes\pcheck.pcheck\ (5 subtraces) (ID = 813205)
9:40 AM: HKLM\software\classes\pcheck.pcheck.1\ (3 subtraces) (ID = 813211)
9:40 AM: HKLM\software\classes\appid\compcl.dll\ (1 subtraces) (ID = 813224)
9:40 AM: HKLM\software\classes\appid\ffwrape.dll\ (1 subtraces) (ID = 813226)
9:40 AM: HKLM\software\classes\appid\fixcor.dll\ (1 subtraces) (ID = 813228)
9:40 AM: HKLM\software\classes\appid\mmfixctr.dll\ (1 subtraces) (ID = 813230)
9:40 AM: HKLM\software\classes\appid\{133d56d3-f40c-4073-a219-f1d8c319aade}\ (1 subtraces) (ID = 813234)
9:40 AM: HKLM\software\classes\appid\{aacd62b9-6292-4c3f-909a-4f47bc860917}\ (1 subtraces) (ID = 813237)
9:40 AM: HKLM\software\classes\appid\{b5275135-5cde-4b00-b669-67eee11fb691}\ (1 subtraces) (ID = 813239)
9:40 AM: HKLM\software\classes\appid\{e136b475-884f-49be-92ae-9f399e6b2277}\ (1 subtraces) (ID = 813241)
9:40 AM: HKLM\software\classes\clsid\{0ad69724-fcc3-440a-9ace-ebcf5175c2d9}\ (12 subtraces) (ID = 813243)
9:40 AM: HKLM\software\classes\clsid\{11bbb65e-b3f3-4bc7-b927-3cd7cfe8571e}\ (12 subtraces) (ID = 813256)
9:40 AM: HKLM\software\classes\clsid\{1e9c908f-962a-4cf4-9a6a-cd50a2ed2965}\ (4 subtraces) (ID = 813269)
9:40 AM: HKLM\software\classes\clsid\{4a7eae6a-00a6-4167-a026-e09c0748c676}\ (12 subtraces) (ID = 813274)
9:40 AM: HKLM\software\classes\clsid\{4b2df42b-9d7f-4471-92d1-d32e39b5f864}\ (4 subtraces) (ID = 813287)
9:40 AM: HKLM\software\classes\clsid\{542862a0-9b06-4b37-9494-430aacde1b48}\ (21 subtraces) (ID = 813292)
9:40 AM: HKLM\software\classes\clsid\{7422da06-7834-4703-9209-442e3a0abee9}\ (12 subtraces) (ID = 813314)
9:40 AM: HKLM\software\classes\clsid\{7f0e7e0a-3386-464f-a0f0-3683782c1227}\ (12 subtraces) (ID = 813327)
9:40 AM: HKLM\software\classes\clsid\{8ec5abc2-0b35-43d4-82e0-c54f72d78976}\ (21 subtraces) (ID = 813346)
9:40 AM: HKLM\software\classes\clsid\{93b11ae3-cb8d-43cc-a730-752caab185c0}\ (10 subtraces) (ID = 813368)
9:40 AM: HKLM\software\classes\clsid\{a9e29c93-2086-4ea6-8f54-7e5f1849b59a}\ (12 subtraces) (ID = 813379)
9:40 AM: HKLM\software\classes\clsid\{af78faab-79e9-4c95-bfa5-2b6da5ec29c9}\ (12 subtraces) (ID = 813392)
9:40 AM: HKLM\software\classes\clsid\{b1f31ac7-8876-475b-89f0-df3f3e1359eb}\ (12 subtraces) (ID = 813405)
9:40 AM: HKLM\software\classes\clsid\{d4060dc6-c043-4ddd-a9d3-3149fb024d03}\ (12 subtraces) (ID = 813418)
9:40 AM: HKLM\software\classes\clsid\{d8cedc28-27f1-4aa7-ab59-3aadb1c8b47b}\ (4 subtraces) (ID = 813431)
9:40 AM: HKLM\software\classes\clsid\{fd1a9e6b-05da-4ca2-830d-654da1ddbd9e}\ (14 subtraces) (ID = 813436)
9:40 AM: HKLM\software\classes\typelib\{3bff2ef1-25ba-4342-a1e8-ec1e2cb9f22b}\ (9 subtraces) (ID = 813462)
9:40 AM: HKLM\software\classes\typelib\{42a860e7-6f32-4191-94e8-08b6ab251e91}\ (9 subtraces) (ID = 813472)
9:40 AM: HKLM\software\classes\typelib\{776081cc-ae15-4ac7-a3db-bd929c201694}\ (9 subtraces) (ID = 813482)
9:40 AM: HKLM\software\classes\typelib\{8ba69d29-ae03-4ab2-b424-dded400e4804}\ (9 subtraces) (ID = 813492)
9:40 AM: HKLM\software\classes\typelib\{b23f7271-53cb-4bb3-91af-3b98557baeac}\ (9 subtraces) (ID = 813502)
9:40 AM: HKLM\software\classes\typelib\{c293551a-cc48-4d7f-9396-2ed35c4548d2}\ (9 subtraces) (ID = 813512)
9:40 AM: HKLM\software\classes\typelib\{c8122510-d163-4c89-95ef-88972d5a56b1}\ (9 subtraces) (ID = 813522)
9:40 AM: HKLM\software\classes\typelib\{dd35d052-76f9-4bfa-9005-69f1b26dc72a}\ (9 subtraces) (ID = 813532)
9:40 AM: HKLM\software\microsoft\windows\currentversion\uninstall\uwfx5_is1\ (14 subtraces) (ID = 813553)
9:40 AM: HKLM\software\microsoft\windows\currentversion\run\ || ni.uwfx5 (ID = 819065)
9:40 AM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\program files\common files\winsoftware\fcrxml.dll (ID = 819066)
9:40 AM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\program files\common files\winsoftware\prcheck.dll (ID = 819067)
9:40 AM: Found Adware: 2020search
9:40 AM: HKU\WRSS_Profile_S-1-5-21-839522115-920026266-1343024091-500\software\2020installation\ (2 subtraces) (ID = 101905)
9:40 AM: Found Adware: popuptoast.com hijacker
9:40 AM: HKU\WRSS_Profile_S-1-5-21-839522115-920026266-1343024091-500\software\microsoft\internet explorer\main\ || search bar (ID = 101926)
9:40 AM: Found Adware: hotbar
9:40 AM: HKU\WRSS_Profile_S-1-5-21-839522115-920026266-1343024091-500\software\microsoft\internet explorer\toolbar\shellbrowser\ || {b195b3b3-8a05-11d3-97a4-0004aca6948e} (ID = 127585)
9:40 AM: HKU\WRSS_Profile_S-1-5-21-839522115-920026266-1343024091-500\software\microsoft\internet explorer\toolbar\webbrowser\ || {b195b3b3-8a05-11d3-97a4-0004aca6948e} (ID = 127587)
9:40 AM: Found Adware: srng
9:40 AM: HKU\WRSS_Profile_S-1-5-21-839522115-920026266-1343024091-500\software\srng\ (18 subtraces) (ID = 142260)
9:40 AM: Found Adware: shopnav.com hijacker
9:40 AM: HKU\WRSS_Profile_S-1-5-21-839522115-920026266-1343024091-500\software\microsoft\internet explorer\main\ || search page (ID = 142269)
9:40 AM: HKU\WRSS_Profile_S-1-5-21-839522115-920026266-1343024091-500\software\microsoft\internet explorer\main\ || search bar (ID = 775771)
9:40 AM: HKU\WRSS_Profile_S-1-5-21-839522115-920026266-1343024091-1004\software\2020installation\ (2 subtraces) (ID = 101905)
9:40 AM: HKU\WRSS_Profile_S-1-5-21-839522115-920026266-1343024091-1004\software\microsoft\internet explorer\toolbar\shellbrowser\ || {b195b3b3-8a05-11d3-97a4-0004aca6948e} (ID = 127585)
9:40 AM: HKU\WRSS_Profile_S-1-5-21-839522115-920026266-1343024091-1004\software\microsoft\internet explorer\toolbar\webbrowser\ || {b195b3b3-8a05-11d3-97a4-0004aca6948e} (ID = 127587)
9:40 AM: HKU\S-1-5-21-839522115-920026266-1343024091-1003\software\2020installation\ (2 subtraces) (ID = 101905)
9:40 AM: HKU\S-1-5-21-839522115-920026266-1343024091-1003\software\microsoft\internet explorer\toolbar\shellbrowser\ || {b195b3b3-8a05-11d3-97a4-0004aca6948e} (ID = 127585)
9:40 AM: HKU\S-1-5-21-839522115-920026266-1343024091-1003\software\microsoft\windows\currentversion\run\ || winfixer2005 (ID = 813065)
9:40 AM: HKU\S-1-5-20\software\2020installation\ (2 subtraces) (ID = 101905)
9:40 AM: HKU\S-1-5-20\software\microsoft\internet explorer\toolbar\shellbrowser\ || {b195b3b3-8a05-11d3-97a4-0004aca6948e} (ID = 127585)
9:40 AM: HKU\S-1-5-20\software\microsoft\internet explorer\toolbar\webbrowser\ || {b195b3b3-8a05-11d3-97a4-0004aca6948e} (ID = 127587)
9:40 AM: HKU\S-1-5-19\software\2020installation\ (2 subtraces) (ID = 101905)
9:40 AM: HKU\S-1-5-19\software\microsoft\internet explorer\toolbar\shellbrowser\ || {b195b3b3-8a05-11d3-97a4-0004aca6948e} (ID = 127585)
9:40 AM: HKU\S-1-5-19\software\microsoft\internet explorer\toolbar\webbrowser\ || {b195b3b3-8a05-11d3-97a4-0004aca6948e} (ID = 127587)
9:40 AM: HKU\S-1-5-18\software\2020installation\ (2 subtraces) (ID = 101905)
9:40 AM: HKU\S-1-5-18\software\microsoft\internet explorer\toolbar\shellbrowser\ || {b195b3b3-8a05-11d3-97a4-0004aca6948e} (ID = 127585)
9:40 AM: HKU\S-1-5-18\software\microsoft\internet explorer\toolbar\webbrowser\ || {b195b3b3-8a05-11d3-97a4-0004aca6948e} (ID = 127587)
9:40 AM: Registry Sweep Complete, Elapsed Time:00:00:24
9:40 AM: Starting Cookie Sweep
9:40 AM: Found Spy Cookie: nextag cookie
9:40 AM: michael o'connor2@nextag[2].txt (ID = 5014)
9:40 AM: Found Spy Cookie: screensavers.com cookie
9:40 AM: [email protected][2].txt (ID = 3298)
9:40 AM: Found Spy Cookie: go.com cookie
9:40 AM: moconnor@go[1].txt (ID = 2728)
9:40 AM: [email protected][1].txt (ID = 2729)
9:40 AM: [email protected][1].txt (ID = 2729)
9:40 AM: Found Spy Cookie: reunion cookie
9:40 AM: moconnor@reunion[1].txt (ID = 3255)
9:40 AM: Found Spy Cookie: infospace cookie
9:40 AM: moconnor@infospace[2].txt (ID = 2865)
9:40 AM: [email protected][1].txt (ID = 3256)
9:40 AM: Found Spy Cookie: xiti cookie
9:40 AM: moconnor@xiti[1].txt (ID = 3717)
9:40 AM: Found Spy Cookie: ask cookie
9:40 AM: moconnor@ask[1].txt (ID = 2245)
9:40 AM: Found Spy Cookie: stamps.com cookie
9:40 AM: moconnor@stamps[1].txt (ID = 3437)
9:40 AM: [email protected][1].txt (ID = 3438)
9:40 AM: Found Spy Cookie: gostats cookie
9:40 AM: moconnor@gostats[2].txt (ID = 2747)
9:40 AM: moconnor@nextag[1].txt (ID = 5014)
9:40 AM: moconnor@ask[2].txt (ID = 2245)
9:40 AM: moconnor@nextag[2].txt (ID = 5014)
9:40 AM: Found Spy Cookie: reliablestats cookie
9:40 AM: [email protected][1].txt (ID = 3254)
9:40 AM: [email protected][1].txt (ID = 2748)
9:40 AM: moconnor@reunion[3].txt (ID = 3255)
9:40 AM: Found Spy Cookie: touchclarity cookie
9:40 AM: [email protected][1].txt (ID = 3566)
9:40 AM: Found Spy Cookie: adminder cookie
9:40 AM: [email protected][2].txt (ID = 2079)
9:40 AM: moconnor@gostats[3].txt (ID = 2747)
9:40 AM: moconnor@infospace[3].txt (ID = 2865)
9:40 AM: Found Spy Cookie: 360i cookie
9:40 AM: [email protected][2].txt (ID = 1962)
9:40 AM: Found Spy Cookie: belnk cookie
9:40 AM: moconnor@belnk[1].txt (ID = 2292)
9:40 AM: [email protected][2].txt (ID = 2293)
9:40 AM: [email protected][2].txt (ID = 2293)
9:40 AM: Found Spy Cookie: enhance cookie
9:40 AM: [email protected][1].txt (ID = 2614)
9:40 AM: Found Spy Cookie: customer cookie
9:40 AM: moconnor@customer[1].txt (ID = 2481)
9:40 AM: Found Spy Cookie: yieldmanager cookie
9:40 AM: [email protected][1].txt (ID = 3751)
9:40 AM: Found Spy Cookie: adjuggler cookie
9:40 AM: [email protected][1].txt (ID = 2071)
9:40 AM: Found Spy Cookie: homestore cookie
9:40 AM: moconnor@homestore[1].txt (ID = 2793)
9:40 AM: [email protected][2].txt (ID = 3256)
9:40 AM: [email protected][3].txt (ID = 3256)
9:40 AM: Found Spy Cookie: did-it cookie
9:40 AM: moconnor@did-it[2].txt (ID = 2523)
9:40 AM: Found Spy Cookie: yadro cookie
9:40 AM: moconnor@yadro[1].txt (ID = 3743)
9:40 AM: Found Spy Cookie: aptimus cookie
9:40 AM: [email protected][2].txt (ID = 2235)
9:40 AM: Found Spy Cookie: monstermarketplace cookie
9:40 AM: moconnor@monstermarketplace[2].txt (ID = 3006)
9:40 AM: moconnor@nextag[4].txt (ID = 5014)
9:40 AM: Found Spy Cookie: adlegend cookie
9:40 AM: moconnor@adlegend[1].txt (ID = 2074)
9:40 AM: Found Spy Cookie: toplist cookie
9:40 AM: moconnor@toplist[1].txt (ID = 3557)
9:40 AM: Found Spy Cookie: ysbweb cookie
9:40 AM: moconnor@ysbweb[1].txt (ID = 3756)
9:40 AM: [email protected][3].txt (ID = 3254)
9:40 AM: moconnor@belnk[2].txt (ID = 2292)
9:40 AM: [email protected][3].txt (ID = 2293)
9:40 AM: moconnor@gostats[4].txt (ID = 2747)
9:40 AM: Cookie Sweep Complete, Elapsed Time: 00:00:01
9:40 AM: Starting File Sweep
9:40 AM: Warning: Failed to open file "c:\pagefile.sys". Access is denied
9:40 AM: Found System Monitor: spion
9:40 AM: unistb32.exe (ID = 76299)
9:40 AM: is-kjisp.lst (ID = 153521)
9:40 AM: is-btnsq.lst (ID = 153521)
9:41 AM: dfe.exe (ID = 153523)
9:41 AM: dfd.sys (ID = 162513)
9:41 AM: Warning: Failed to open file "c:\windows\system32\config\system.log". The process cannot access the file because it is being used by another process
9:41 AM: Warning: Failed to open file "c:\windows\system32\config\software.log". The process cannot access the file because it is being used by another process
9:41 AM: Warning: Failed to open file "c:\windows\system32\config\default.log". The process cannot access the file because it is being used by another process
9:41 AM: Warning: Failed to open file "c:\windows\system32\config\sam.log". The process cannot access the file because it is being used by another process
9:41 AM: Warning: Failed to open file "c:\windows\system32\config\security.log". The process cannot access the file because it is being used by another process
9:41 AM: Warning: Failed to open file "c:\windows\system32\config\default". The process cannot access the file because it is being used by another process
9:41 AM: Warning: Failed to open file "c:\windows\system32\config\security". The process cannot access the file because it is being used by another process
9:41 AM: Warning: Failed to open file "c:\windows\system32\config\software". The process cannot access the file because it is being used by another process
9:41 AM: Warning: Failed to open file "c:\windows\system32\config\system". The process cannot access the file because it is being used by another process
9:41 AM: Warning: Failed to open file "c:\windows\system32\config\sam". The process cannot access the file because it is being used by another process
9:42 AM: Warning: Failed to open file "c:\windows\system32\catroot2\edb.log". The process cannot access the file because it is being used by another process
9:42 AM: Warning: Failed to open file "c:\windows\system32\catroot2\tmp.edb". The process cannot access the file because it is being used by another process
9:43 AM: Warning: Failed to open file "c:\windows\temp\zlt0169e.tmp". The process cannot access the file because it is being used by another process
9:43 AM: Warning: Failed to open file "c:\windows\softwaredistribution\eventcache\{8cd86e57-61b4-4fcf-ade1-0f0ad8383143}.bin". The process cannot access the file because it is being used by another process
9:45 AM: c:\program files\common files\winsoftware (2 subtraces) (ID = -2147476682)
9:50 AM: Found Adware: hiwire
9:50 AM: hwaudio.dll (ID = 62164)
9:50 AM: hwmedia.exe (ID = 62163)
9:53 AM: c:\program files\winfixer2005 (56 subtraces) (ID = -2147471814)
9:53 AM: flash.ini (ID = 147247)
9:53 AM: dfd.sys (ID = 162513)
9:53 AM: flfxr.dll (ID = 153506)
9:53 AM: template.dbx (ID = 114914)
9:53 AM: updater.exe (ID = 188366)
9:53 AM: activate.dat (ID = 114890)
9:53 AM: up.dat (ID = 114916)
9:55 AM: Found Adware: kudd.com adware
9:55 AM: c:\program files\kudd.com (ID = -2147480736)
9:56 AM: Warning: Failed to open file "c:\documents and settings\moconnor\ntuser.dat.log". The process cannot access the file because it is being used by another process
9:56 AM: Warning: Failed to open file "c:\documents and settings\moconnor\ntuser.dat". The process cannot access the file because it is being used by another process
9:56 AM: winfixer2005setup.exe (ID = 162518)
9:56 AM: setup.exe (ID = 162517)
9:57 AM: Warning: Failed to open file "c:\documents and settings\moconnor\my documents\webpages\chats research\www_grooveradio_com-_files\division=ionly&market=web-io&format=dance&affiliate=grooveradio-sm&content=home&pagepos=1&timestamp=145271777_files\oframe;pageid=8-126-299&placid=banner&time=2001.7.1.21.39.58.html". The system cannot find the path specified
9:57 AM: Warning: Failed to open file "c:\documents and settings\moconnor\my documents\webpages\chats research\www_grooveradio_com-_files\division=ionly&market=web-io&format=dance&affiliate=grooveradio-sm&content=home&pagepos=11&timestamp=145271808_files\_newwindow_files\8d8b84a65dfd0ebef24b705ee20b937b.gif". The system cannot find the path specified
9:57 AM: Warning: Failed to open file "c:\documents and settings\moconnor\my documents\webpages\chats research\www_grooveradio_com-_files\division=ionly&market=web-io&format=dance&affiliate=grooveradio-sm&content=home&pagepos=7&timestamp=145271809_files\oframe;pageid=8-126-299&placid=banner&time=2001.7.1.21.36.6.html". The system cannot find the path specified
9:57 AM: Warning: Failed to open file "c:\documents and settings\moconnor\my documents\webpages\chats research\www_grooveradio_com-_files\division=ionly&market=web-io&format=dance&affiliate=grooveradio-sm&content=home&pagepos=12&timestamp=145271810_files\_newwindow_files\8d8b84a65dfd0ebef24b705ee20b937b.gif". The system cannot find the path specified
9:57 AM: Warning: Failed to open file "c:\documents and settings\moconnor\my documents\webpages\chats research\www_grooveradio_com-_files\division=ionly&market=web-io&format=dance&affiliate=grooveradio-sm&content=home&pagepos=9&timestamp=145271812_files\oframe;pageid=8-50-247&placid=unipixel&time=$time$.html". The system cannot find the path specified
9:57 AM: winfixer2005scannerinstall.exe (ID = 149941)
9:58 AM: Warning: Failed to open file "c:\documents and settings\moconnor\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\moconnor\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs89abadd5-5bb6-4149-b28b-a1a86c914f05.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3cff5358-caf9-4b7e-a6a8-6bad92037cde.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs46313d9f-646b-4787-8634-2b9ec99829a6.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs36aa8eb3-2ddb-4ed5-98c9-103b7a1c24fd.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs376252c7-fc4e-4c74-a175-70b31692593a.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs46841d26-5f6a-4864-80f9-b7689a78a833.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs0bfd5ddd-54d3-440f-b1d3-4bf6dcf81ed5.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs974fc6f5-91da-4864-a00f-b2ad8f67ab7a.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs0d31500e-0f14-45d9-8e1d-d329af62e42b.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb449575a-b119-4185-bcb3-fe1eba54e793.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs40e19902-3f71-4585-93c9-bd520943832e.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsaad8b112-51d1-4e1a-93d0-406aa3f3cf44.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs058c148b-b9d4-403f-be66-27bb58b01ebd.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd93253f0-2185-4e4d-aac0-939e00434088.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5a3db89a-c8fa-4fff-b979-2807bfb9ecbc.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa1bf7a2f-a297-4e64-a414-e72d0df2a95b.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa8ea831c-afc1-4354-94ad-8b30838e0a1e.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8bd3ac04-d05c-4c77-a7c4-d8a9cd3f6beb.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsaf8fcdb2-1134-4c1d-829c-ef5cad7328e0.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsefa10e53-4cc1-4fa2-b840-c62e68a33951.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse3a96a29-c4af-440f-8299-1e3299997b6d.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa1e32bef-7a84-45f2-a882-073ae5545d5e.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5fb5af3b-f30b-4dbf-8bd7-1a2e0042629a.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb7859188-e783-4eac-9553-d177a70f39d7.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9f8c3b0b-41fa-4ba7-9fc7-3f760fd49dfd.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc360a465-ba19-4e61-be0b-02f85b8a4b2a.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs886721c4-2705-4ce9-ade3-fdc4aa0b3abc.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs738fe3f7-0c80-4bda-923f-a4f8929760c6.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb7a6bd10-cc9f-4a43-b74e-36290ff36a01.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs7961583d-ff66-4b7d-a1ca-bbd05b5a719d.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9cb7a566-b40f-4d98-aef3-0da9d8b86b1f.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb03c75d3-e8ea-4aeb-ad8d-d932e5e7db68.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscseafc7722-7c57-422f-98df-86abc85d22cb.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs56d218e9-cc40-4390-b7b0-6a9f67002d00.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs27d9e22f-c2ae-4af0-8a8e-7896fbce2938.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsab0e69a9-9028-42a2-916b-9baa211722fe.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2c47a5a5-a24f-4a4b-9e45-d81d6c570598.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4e3206a6-4338-4d89-9fb3-928eac07df63.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs397db0db-58e2-4c40-b8b6-bced21cac564.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs1ebb3122-8e62-40b0-b600-f3f0863f32bf.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6585a818-f172-46a8-89fb-937f89352742.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs716d4873-6520-44bb-b771-d3d11746d314.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf5cb2395-7af8-4604-8960-78d4599d0f9d.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5257f086-4257-4ba7-b3dd-8c548ddda199.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs46e9e35f-a1db-4a1a-a9ba-798cc2aee3a5.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs69a89ec5-d910-4d2c-a8e6-e3ddd42a3a44.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs7625d723-7ff4-4b46-b1f9-6636a3876132.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscseaa47f47-9c95-427e-9781-2a2313c00124.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3aa8be77-8c1f-4415-9cfe-63cc955d7a77.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd3fbf1cf-f1c2-4271-984e-9566790c6d53.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3a44255f-90b9-4dfa-a0a8-13025f88f9f3.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs46204382-795d-41ad-bff0-b2aa5a457e11.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs81c4db74-739d-42fd-8d0f-f7796bcb05df.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsbac3ba91-dd8c-409c-b0c3-38c5b269b26b.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs47951d72-85a9-4278-861e-a444a60e3f43.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs190dc385-8b7c-4ef7-9165-a81985cac8d0.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs96996256-7dbe-4c39-90cd-e3ff0e610cf7.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscscf458ee1-58c1-482f-a282-670695926a87.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs04636765-0dd3-45b7-923b-225372e4fd37.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs560dfd5a-736c-4200-a6e1-4afdea78affa.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3baee69f-22b2-4b9a-9556-a695b0657ce0.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf67f2160-ea69-4b48-8e35-e88b916b558e.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf5d29e2f-b84d-4eb3-a5af-95b892ef8dde.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs18f6fb65-0a04-4391-8356-97b288777095.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsff2d2014-e6ed-4216-85f0-18c0a4010f00.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9b0e24a8-8c06-41f6-babd-0fa39cfea485.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs96d5078d-4dfe-4248-ac42-6d01eafe70db.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2dc94467-0150-4022-ae60-84eb41e2707a.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc86f92d8-62bd-4fb5-a92c-0a26fd0411ef.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa001c514-b0ee-48f7-bd19-9bbfca07fa47.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4c6353ec-2078-47cc-a76f-fa27903aab41.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsaee6a30c-14de-495c-a980-30a9b49070de.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs84bd4aeb-a2f5-4937-b623-3220397c59e2.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9699fcc1-b685-439e-ba0e-35a51a0fa8fa.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb47883a9-b68e-45a7-86a1-5463522d0131.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs957298b0-1dd4-4755-a69b-326e7527f8d2.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs422182cf-1be3-42a6-a84e-21c551668a1f.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs59829dff-0a37-475c-acb6-47901253653f.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs04f876ab-2f8c-4d01-840f-39adc82ddffb.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs091534bf-8285-4909-9b4d-8cbbccaa3bac.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs97a5289a-8918-467c-b8c0-0cc6c788c235.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs88855e18-81a8-43f0-a735-3275435757a8.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs84bd33ea-1475-449d-aeb1-b91a9588f36f.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs226fd3fd-6415-41e8-aefc-cfb36dacdf0a.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsaaee70ec-0c3b-47c8-b6d3-fd479b0c7202.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs14dcd031-4af3-479e-91eb-da9bdbd00220.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse15306f2-c859-4d30-a143-a22a5eb4b22f.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs57783229-eaa1-4446-be0f-c01e771bcc58.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsadff019e-0338-4093-9492-d753a356575e.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsda336d63-c0cd-4732-bcdf-3673223e9b42.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsbaa1c8d7-6714-4530-b04a-ccd07a005b27.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd69e0332-3738-4778-bd49-8a27eb00b1e8.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6d357642-4fd0-446b-9d3f-780f29c4656f.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8a15429e-e5ce-46af-a4ef-de12ebcd8230.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd7e3fbfe-9c45-452c-8d97-55dde200c077.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs720b6baa-3a06-401f-aa83-7f482e540cb2.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd8e00571-c3e0-4166-9c4f-007c2b53b5ab.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs291c995b-85c8-49dc-9749-f5815a6cd2b1.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs66547c61-907e-4a4c-9509-930f5c9069b9.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsfe80db3e-733e-4619-aec8-d6df7bfad201.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd7c77412-0b43-4917-bca1-11a7f7b5b74c.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8610a71d-d2d7-48e2-9427-253bb073b591.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5b4903ce-7dde-4759-acac-b9e0d81cefd7.tmp". The process cannot access the file because it is being used by another process
9:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs37c1b552-b6f6-45da-8463-70707f378a50.tmp". The process cannot access the file because it is being used by another process
9:59 AM: File Sweep Complete, Elapsed Time: 00:18:46
9:59 AM: Full Sweep has completed. Elapsed time 00:23:51
9:59 AM: Traces Found: 1021
10:00 AM: Removal process initiated
10:00 AM: Quarantining All Traces: spion
10:00 AM: Quarantining All Traces: 2020search
10:00 AM: Quarantining All Traces: hotbar
10:00 AM: Quarantining All Traces: srng
10:00 AM: Quarantining All Traces: hiwire
10:00 AM: Quarantining All Traces: kudd.com adware
10:00 AM: Quarantining All Traces: popuptoast.com hijacker
10:00 AM: Quarantining All Traces: shopnav.com hijacker
10:00 AM: Quarantining All Traces: winantispyware 2005
10:01 AM: Quarantining All Traces: 360i cookie
10:01 AM: Quarantining All Traces: adjuggler cookie
10:01 AM: Quarantining All Traces: adlegend cookie
10:01 AM: Quarantining All Traces: adminder cookie
10:01 AM: Quarantining All Traces: aptimus cookie
10:01 AM: Quarantining All Traces: ask cookie
10:01 AM: Quarantining All Traces: belnk cookie
10:01 AM: Quarantining All Traces: customer cookie
10:01 AM: Quarantining All Traces: did-it cookie
10:01 AM: Quarantining All Traces: enhance cookie
10:01 AM: Quarantining All Traces: go.com cookie
10:01 AM: Quarantining All Traces: gostats cookie
10:01 AM: Quarantining All Traces: homestore cookie
10:01 AM: Quarantining All Traces: infospace cookie
10:01 AM: Quarantining All Traces: monstermarketplace cookie
10:01 AM: Quarantining All Traces: nextag cookie
10:01 AM: Quarantining All Traces: reliablestats cookie
10:01 AM: Quarantining All Traces: reunion cookie
10:01 AM: Quarantining All Traces: screensavers.com cookie
10:01 AM: Quarantining All Traces: stamps.com cookie
10:01 AM: Quarantining All Traces: toplist cookie
10:01 AM: Quarantining All Traces: touchclarity cookie
10:01 AM: Quarantining All Traces: xiti cookie
10:01 AM: Quarantining All Traces: yadro cookie
10:01 AM: Quarantining All Traces: yieldmanager cookie
10:01 AM: Quarantining All Traces: ysbweb cookie
10:02 AM: Preparing to restart your computer. Please wait...
10:02 AM: Removal process completed. Elapsed time 00:01:42
10:46 AM: IE Security Shield: found: C:\PROGRAM FILES\MSN\MSNCOREFILES\MSN.EXE -- IE Security modification denied
11:35 AM: IE Security Shield: found: C:\PROGRAM FILES\MSN\MSNCOREFILES\MSN.EXE -- IE Security modification denied
11:36 AM: Deletion from quarantine initiated
11:36 AM: Processing: 2020search
11:36 AM: Processing: 360i cookie
11:36 AM: Processing: adjuggler cookie
11:36 AM: Processing: adlegend

Edited by mdoc, 16 November 2005 - 11:39 AM.

[Advertisements]

Looks like i exceeded the maximum size in the first post. Here's the HJK log. Anything else i should remove? Thanks

Logfile of HijackThis v1.99.1
Scan saved at 11:41:23 AM, on 11/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\SYSTEM32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\Program Files\A-DATA\USB Flash Disk Utility\PLBkMon.exe
C:\WINDOWS\system32\HotfixQ0306270.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Nikon\NkView5\NkvMon.exe
C:\Program Files\Microsoft Windows Feedback Panel\wfpscheduler.exe
C:\Program Files\Microsoft Windows Feedback Panel\wfpclr.exe
C:\Program Files\Microsoft Windows Feedback Panel\wfpcore.exe
C:\Program Files\Microsoft Windows Feedback Panel\asievecl.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [ADATA_PLUtil] C:\Program Files\A-DATA\USB Flash Disk Utility\PLBkMon.exe
O4 - HKLM\..\Run: [PLFFAP] C:\WINDOWS\system32\HotfixQ0306270.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\System\MOSearch\Bin\mosearch.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [cnet] "C:\Program Files\Kontiki\bin\kontiki.exe" -s cnet -q
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: WFPScheduler.lnk = C:\Program Files\Microsoft Windows Feedback Panel\wfpscheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .au: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O15 - Trusted Zone: www.fool.com
O16 - DPF: Win32 Classes -
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.co...laxoInstall.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1125445373446
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.co...loadControl.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futurema...lobal/msc34.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E447C7B1-1BC5-4CFB-AC03-622E7BFDF4E6}: NameServer = 199.45.32.43 199.45.32.38
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\SYSTEM32\IoctlSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\System32\ZoneLabs\vsmon.exe

[mdoc]

Looks like i exceeded the maximum size in the first post. Here's the HJK log. Anything else i should remove? Thanks

Logfile of HijackThis v1.99.1
Scan saved at 11:41:23 AM, on 11/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\SYSTEM32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\Program Files\A-DATA\USB Flash Disk Utility\PLBkMon.exe
C:\WINDOWS\system32\HotfixQ0306270.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Nikon\NkView5\NkvMon.exe
C:\Program Files\Microsoft Windows Feedback Panel\wfpscheduler.exe
C:\Program Files\Microsoft Windows Feedback Panel\wfpclr.exe
C:\Program Files\Microsoft Windows Feedback Panel\wfpcore.exe
C:\Program Files\Microsoft Windows Feedback Panel\asievecl.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: (no name) - {46AE04C0-BCFA-4728-90E7-00EB4A8B3863} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [ADATA_PLUtil] C:\Program Files\A-DATA\USB Flash Disk Utility\PLBkMon.exe
O4 - HKLM\..\Run: [PLFFAP] C:\WINDOWS\system32\HotfixQ0306270.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\System\MOSearch\Bin\mosearch.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [cnet] "C:\Program Files\Kontiki\bin\kontiki.exe" -s cnet -q
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: WFPScheduler.lnk = C:\Program Files\Microsoft Windows Feedback Panel\wfpscheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView5\NkvMon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM32\MSJAVA.DLL
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .au: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O15 - Trusted Zone: www.fool.com
O16 - DPF: Win32 Classes -
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.co...laxoInstall.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1125445373446
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.co...loadControl.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futurema...lobal/msc34.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E447C7B1-1BC5-4CFB-AC03-622E7BFDF4E6}: NameServer = 199.45.32.43 199.45.32.38
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\SYSTEM32\IoctlSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\System32\ZoneLabs\vsmon.exe