Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Popup Adds in Internet Explorer [RESOLVED]

Started by zipnalong , Dec 21 2005 12:22 AM

  • This topic is locked This topic is locked

#1
zipnalong
Posted 21 December 2005 - 12:22 AM

zipnalong

    New Member

  • Member
  • Pip
  • 9 posts
I went through all the initial steps (Ad-aware, CWShredder, Spybot, AVG, etc) to try to get rid of the annoying popup adds that appear every so often, but to no avail. Below is a copy of my HiJackThis log. Any help would be greatly appreciated! Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 11:03:22 PM, on 12/20/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\ENCOMPASS\ENCMONTR.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE
C:\PROGRAM FILES\INTEL\INTEL PSNCU\CPUNUMBER.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\DIAMOND\INCONTROL TOOLS 99\DMHKEY.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 4.0\READER\ACRORD32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HJT\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com...ron/search.html
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YT.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"
O4 - HKLM\..\RunServices: [Encompass_ENCMONTR] C:\Program Files\Encompass\ENCMONTR.EXE
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKCU\..\Run: [IntelProcNumUtility] "C:\Program Files\Intel\Intel PSNCU\CpuNumber.exe" /nosplash
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: InControl Desktop Manager.lnk = C:\Program Files\Diamond\InControl Tools 99\DMHKEY.EXE
O4 - User Startup: InControl Desktop Manager.lnk = C:\Program Files\Diamond\InControl Tools 99\DMHKEY.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildt...iveLauncher.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct2_x.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} - http://adserver.shar...ver/Install.cab
  • 0

Advertisements

#2
retrac
Posted 26 December 2005 - 01:29 AM

retrac

    Visiting Staff

  • Member
  • PipPipPip
  • 578 posts
Hey zpnalong :) Happy Holidays and Welcome to GeeksToGo :tazz:

Sorry for the Delay on getting to your Log. We are very Busy These days :woot:



Next
Please open HiJackThis and scan. Check the boxes next to all the entries listed below.

O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildt...iveLauncher.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} - http://adserver.shar...ver/Install.cab

Now close all windows and browsers other than HiJackThis, then click Fix Checked.

Now Click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)

Now Close HijackThis


Next
Please run this online virus scan:
You will need to be using Microsoft Internet Explorer to do this scan : Link to ActiveScan
Click the "Scan Your PC" button in the middle of the page.
You will have to Allow the installation of Active X controls.
You will have to enter a valid e-mail address.
Then click "My Computer" when it asks what you want to scan.
Save the Report after scan finishes. (somewhere you can find it)


Next
Please make a NEW HijackThis Log



Here is what i will need :

1. uninstall_list.txt <---- Located in C:\HJT
2. Results of Panda ActiveScan
3. New HijackThis Log



Thanks :)
  • 0

#3
zipnalong
Posted 26 December 2005 - 05:53 PM

zipnalong

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hey retrac :) Merry Christmas to you! Not a problem on the delay. Thanks for responding, I figured it must be very busy.

I ran HiJackThis, scanned and removed the two entries you mentioned, then created the uninstall_list. I'm having trouble running the activescan though. :) It downloaded the ActiveX controls successfully and updated to the latest definitions, but when I click on "My Computer" to choose what to scan, I get an "Error on page" in the lower left part of my browser and nothing else happens. I'm using Internet Explorer, version 6.0.2800.1106. Any ideas??

Thanks again for your help! :tazz:
  • 0

#4
retrac
Posted 26 December 2005 - 06:12 PM

retrac

    Visiting Staff

  • Member
  • PipPipPip
  • 578 posts
Hey zipnalong :tazz: Welcome Back !!!

Lets try this one :

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Please post back with A New Hijackthis Log, uninstall_list.txt, and Kaspersky Online Scan Results

Thanks :)
  • 0

#5
zipnalong
Posted 27 December 2005 - 01:54 AM

zipnalong

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Much better luck with the Kaspersky online scanner! :tazz:

Here are the results from the online scan:
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, December 27, 2005 00:11:22
Operating System: Microsoft Windows 98 SE
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 27/12/2005
Kaspersky Anti-Virus database records: 167680
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
a:\
c:\
d:\
e:\

Scan Statistics:
Total number of scanned objects: 158954
Number of viruses found: 23
Number of infected objects: 70
Number of suspicious objects: 1
Duration of the scan process: 11011 sec

Infected Object Name - Virus Name
c:\OLDWIN\SYSTEM\myfm01.dll Infected: not-a-virus:AdWare.Win32.F1Organizer.a
c:\OLDWIN\SYSTEM\setup_incred_1.exe/data0002/data0002 Infected: Trojan-Downloader.Win32.Keenval
c:\OLDWIN\SYSTEM\setup_incred_1.exe/data0002/data0004 Infected: Trojan-Downloader.Win32.Keenval
c:\OLDWIN\SYSTEM\setup_incred_1.exe/data0002/data0005 Infected: Trojan-Downloader.Win32.Keenval
c:\OLDWIN\SYSTEM\setup_incred_1.exe/data0002 Infected: Trojan-Downloader.Win32.Keenval
c:\OLDWIN\SYSTEM\setup_incred_1.exe/data0008 Infected: Trojan-Downloader.Win32.Keenval.e
c:\OLDWIN\SYSTEM\setup_incred_1.exe/data0009 Infected: Trojan-Downloader.Win32.Keenval.e
c:\OLDWIN\SYSTEM\setup_incred_1.exe Infected: Trojan-Downloader.Win32.Keenval.e
c:\OLDWIN\Temporary Internet Files\Content.IE5\GHIJKLMN\QDow[1].cab/QDow.dll Infected: Trojan-Downloader.Win32.QDown.a
c:\OLDWIN\Temporary Internet Files\Content.IE5\GHIJKLMN\QDow[1].cab Infected: Trojan-Downloader.Win32.QDown.a
c:\OLDWIN\Profiles\Cody\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\OMG.class-4b4e04ec-7f94bede.class Infected: Trojan-Downloader.Java.OpenStream.y
c:\OLDWIN\lycos.exe/data0004 Infected: not-a-virus:AdWare.Win32.Sidesearch.a
c:\OLDWIN\lycos.exe Infected: not-a-virus:AdWare.Win32.Sidesearch.a
c:\OLDWIN\bargain.exe/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.a
c:\OLDWIN\bargain.exe/data0003 Infected: not-a-virus:AdWare.Win32.BargainBuddy.a
c:\OLDWIN\bargain.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.a
c:\OLDWIN\cnbabeie.exe/data0008 Infected: not-a-virus:AdWare.Win32.CommonName.b
c:\OLDWIN\cnbabeie.exe/data0009 Infected: not-a-virus:AdWare.Win32.CommonName.d
c:\OLDWIN\cnbabeie.exe/data0010 Infected: not-a-virus:AdWare.Win32.CommonName.d
c:\OLDWIN\cnbabeie.exe Infected: not-a-virus:AdWare.Win32.CommonName.d
c:\OLDWIN\hosts Infected: Trojan.Win32.Qhost.r
c:\OLDWIN\Outlook Express\Deleted Items.dbx/[From eBay Inc <[email protected]>][Date Fri, 19 Aug 2005 03:12:20 +0500]/UNNAMED/html Infected: Trojan-Spy.HTML.Bayfraud.hn
c:\OLDWIN\Outlook Express\Deleted Items.dbx/[From eBay Inc <[email protected]>][Date Fri, 19 Aug 2005 03:12:20 +0500]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.hn
c:\OLDWIN\Outlook Express\Deleted Items.dbx Infected: Trojan-Spy.HTML.Bayfraud.hn
c:\OLDDOC\download\toosweet4u0023\funnyshit.zip/hidestart.exe Infected: not-virus:BadJoke.Win32.HideStart.a
c:\OLDDOC\download\toosweet4u0023\funnyshit.zip Infected: not-virus:BadJoke.Win32.HideStart.a
c:\OLDPROG\Toolbar\toolbar.dll Infected: not-a-virus:AdWare.Win32.WebSearch.o
c:\secure32.html Infected: not-virus:Hoax.Win32.Renos.y
c:\WINDOWS\SYSTEM\NKTAPI.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ap
c:\WINDOWS\SYSTEM\FDSRCH.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ap
c:\WINDOWS\SYSTEM\MWCUIW32.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ap
c:\WINDOWS\SYSTEM\HVVIOL.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ap
c:\WINDOWS\SYSTEM\SCGE.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ap
c:\WINDOWS\SYSTEM\AZIFIL32.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ap
c:\WINDOWS\SYSTEM\MAMCI2.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ap
c:\WINDOWS\SYSTEM\DNMSSPXN.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ap
c:\WINDOWS\SYSTEM\DUDPMESH.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ap
c:\WINDOWS\SYSTEM\OBBCJI32.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ap
c:\WINDOWS\SYSTEM\SCCUR32.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ap
c:\WINDOWS\SYSTEM\MB3216.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ap
c:\WINDOWS\SYSTEM\OJBC32GT.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ap
c:\WINDOWS\SYSTEM\RYANP.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ap
c:\WINDOWS\SYSTEM\NTDD32.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ap
c:\WINDOWS\SYSTEM\SFI.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ap
c:\WINDOWS\SYSTEM\tQembed.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ap
c:\WINDOWS\SYSTEM\navshext1.dll Infected: not-a-virus:AdWare.Win32.Chiem.a
c:\WINDOWS\SYSTEM\myihnd.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ap
c:\WINDOWS\SYSTEM\ixctl.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ap
c:\WINDOWS\SYSTEM\OEEAUT32.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ap
c:\WINDOWS\SYSTEM\wpp.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ap
c:\WINDOWS\SYSTEM\MKRD2X40.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ap
c:\WINDOWS\SYSTEM\DVBAND.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ap
c:\WINDOWS\SYSTEM\IYNPSTUB.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ap
c:\WINDOWS\SYSTEM\OKBCBCP.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ap
c:\WINDOWS\SYSTEM\QDAP.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ap
c:\WINDOWS\SYSTEM\IBS.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ap
c:\WINDOWS\SYSTEM\wvp.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ap
c:\WINDOWS\SYSTEM\MPSTKPRP.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ap
c:\WINDOWS\SYSTEM\MGHTMLED.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ap
c:\WINDOWS\TEMP\Temporary Internet Files\Content.IE5\KPIBW1MN\CAA3KHMN.htm Suspicious: Exploit.HTML.Mht
c:\WINDOWS\TEMP\VVSNInst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bo
c:\WINDOWS\TEMP\tsinstall_4_0_4_0_b4.exe/WISE0009.BIN Infected: Trojan-Downloader.Win32.TSUpdate.n
c:\WINDOWS\TEMP\tsinstall_4_0_4_0_b4.exe/WISE0010.BIN Infected: Trojan-Downloader.Win32.TSUpdate.p
c:\WINDOWS\TEMP\tsinstall_4_0_4_0_b4.exe/WISE0011.BIN Infected: Trojan-Downloader.Win32.TSUpdate.l
c:\WINDOWS\TEMP\tsinstall_4_0_4_0_b4.exe/WISE0012.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f
c:\WINDOWS\TEMP\tsinstall_4_0_4_0_b4.exe Infected: Trojan-Downloader.Win32.TSUpdate.f
c:\WINDOWS\TEMP\cmdinst.exe Infected: not-a-virus:AdWare.Win32.MDH.e
c:\WINDOWS\Profiles\Blayne\Application Data\Identities\{7B585480-C714-11D9-AC55-AABF54E9963A}\Microsoft\Outlook Express\Deleted Items.dbx/[From eBay Inc <[email protected]>][Date Fri, 19 Aug 2005 03:12:20 +0500]/UNNAMED/html Infected: Trojan-Spy.HTML.Bayfraud.hn
c:\WINDOWS\Profiles\Blayne\Application Data\Identities\{7B585480-C714-11D9-AC55-AABF54E9963A}\Microsoft\Outlook Express\Deleted Items.dbx/[From eBay Inc <[email protected]>][Date Fri, 19 Aug 2005 03:12:20 +0500]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.hn
c:\WINDOWS\Profiles\Blayne\Application Data\Identities\{7B585480-C714-11D9-AC55-AABF54E9963A}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Trojan-Spy.HTML.Bayfraud.hn
c:\WINDOWS\secure32.html Infected: not-virus:Hoax.Win32.Renos.y

Scan process completed.


Below is the uninstall_list from HiJackThis:
Ad-Aware SE Personal
Adobe Acrobat 4.0
AOL Instant Messenger
AVG Free Edition
BearShare
Canon Camera Support Core Library
Canon Camera TWAIN Driver 6.4
Canon Camera Window for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
Command & Conquer Red Alert 2
Fast Food Tycoon 2
Google Toolbar for Internet Explorer
HijackThis 1.99.1
HyperLoad - Bowling
HyperLoad - Candystand MiniGolf
HyperLoad - Cool Darts
HyperLoad - Home Run Rally
HyperLoad - Mah Jongg
HyperLoad - NabiscoWorld MiniGolf
HyperLoad - QB Shootout
HyperLoad - Tennis
HyperLoad - Ultimate Bobsled
Intel Processor Serial Number Control Utility
Internet Explorer Q905915
J2SE Runtime Environment 5.0 Update 6
Macromedia Flash Player 8
Macromedia Shockwave Player
Micron Easy Internet
Microsoft Data Access Components KB870669
Microsoft Internet Explorer 6 SP1 and Internet Tools
Microsoft Office 2000 Small Business
Microsoft Outlook Express 6
Microsoft VGX Q833989
Microsoft Web Publishing Wizard 1.6
Microsoft Windows Critical Update Notification
MSN Messenger 7.0
Nero - Burning ROM
NVIDIA Windows 95/98 Display Drivers
Outlook Express Q837009
PokerStars
Promise Technology Inc. Ultra66 IDE Controller
QuickTime
Remote Desktop Connection
Sid Meier's Civil War Collection
SimFarm
Spybot - Search & Destroy 1.4
Stronghold 2
Stronghold Crusader
System Process
TrojanHunter 4.2
Uninstall InControl Tools 99
Viewpoint Manager (Remove Only)
Viewpoint Media Player
ViewSonic Monitor Drivers
ViewSonic Monitor Drivers
Westwood Shared Internet Components
Windows 98 KB891711 Update
Windows 98 KB896358 Update
Windows 98 Q823559 Update
Windows 98 Q840315 Update
Windows 98 Q888113 Update
Windows 98 Q890175 Update
Windows Media Player system update (9 Series)
WinMX
WinZip
Yahoo! extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Messenger Explorer Bar
Yahoo! Toolbar
ZoneAlarm

Below is my latest HiJackThis scan:

Logfile of HijackThis v1.99.1
Scan saved at 12:40:51 AM, on 12/27/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\ENCOMPASS\ENCMONTR.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWMGR.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\INTEL\INTEL PSNCU\CPUNUMBER.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\DIAMOND\INCONTROL TOOLS 99\DMHKEY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\AIM\AIM.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\HJT\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com...ron/search.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN0\YT.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE"
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [Encompass_ENCMONTR] C:\Program Files\Encompass\ENCMONTR.EXE
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [IntelProcNumUtility] "C:\Program Files\Intel\Intel PSNCU\CpuNumber.exe" /nosplash
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: InControl Desktop Manager.lnk = C:\Program Files\Diamond\InControl Tools 99\DMHKEY.EXE
O4 - User Startup: InControl Desktop Manager.lnk = C:\Program Files\Diamond\InControl Tools 99\DMHKEY.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct2_x.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...ebscan_ansi.cab

Thanks again for your help retrac! :)
  • 0

#6
retrac
Posted 27 December 2005 - 02:52 AM

retrac

    Visiting Staff

  • Member
  • PipPipPip
  • 578 posts
Hey zipnalong :tazz:



Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link on the right - next to "SpySweeper for Home Computers" to download the program.
  • Double-click the file to install it as follows:
    • Click "Next", read the agreement, Click "Next"
    • Choose "Custom" click "Next".
    • Leave the default installation directory as it is, then click "Next".
    • UNcheck "Run SpySweeper at Windows Startup" and "Add Sweep for Spyware to Windows Explorer Context Menu". Click "Next".
    • On the following screen you can leave the e-mail address field blank, if you wish. Click "Next".
    • Finally, click "Install"
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Options on the left side.
  • Click the Sweep Options tab.
  • Under What to Sweep please put a check next to the following:
    • Sweep Memory
    • Sweep Registry
    • Sweep Cookies
    • Sweep All User Accounts
    • Enable Direct Disk Sweeping
    • Sweep Contents of Compressed Files
    • Sweep for Rootkits
    • Please UNCHECK Do not Sweep System Restore Folder.
  • Click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.




Here is what i will need :

1. Session Log from Webroot SpySweeper
2. A New HijackThis Log

Thanks :)
  • 0

#7
zipnalong
Posted 27 December 2005 - 03:48 PM

zipnalong

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hey retrac! I downloaded and ran WebRoot SpySweeper and things are looking better already! :tazz: The popup ads have stopped!! :) Prior to viewing the session log, a dialog window came up informing me to click on "Sheilds", then the IE Tab and select Reset IE page settings to default since it appeared to be hijacked.

Here is the session log from WebRoot SpySweeper:
********
10:10 AM: | Start of Session, Tuesday, December 27, 2005 |
10:10 AM: Spy Sweeper started
10:10 AM: Sweep initiated using definitions version 589
10:10 AM: Starting Memory Sweep
10:13 AM: Found Adware: look2me
10:13 AM: Detected running threat: C:\WINDOWS\SYSTEM\HVVIOL.DLL (ID = 163642)
10:13 AM: Detected running threat: C:\WINDOWS\SYSTEM\MTSTKPRP.DLL (ID = 163642)
10:19 AM: Memory Sweep Complete, Elapsed Time: 00:08:16
10:19 AM: Starting Registry Sweep
10:21 AM: Found Trojan Horse: trojan-backdoor-zubox
10:21 AM: HKCR\*\shellex\contextmenuhandlers\sysacpildap\ (ID = 484093)
10:21 AM: HKLM\software\classes\*\shellex\contextmenuhandlers\sysacpildap\ (ID = 484152)
10:22 AM: Found Trojan Horse: trojan-downloader-conhook
10:22 AM: HKCR\clsid\{8e13dde1-e013-47ec-9c4c-27c2f78bdd26}\ (3 subtraces) (ID = 834750)
10:22 AM: HKLM\software\classes\clsid\{8e13dde1-e013-47ec-9c4c-27c2f78bdd26}\ (3 subtraces) (ID = 834754)
10:22 AM: Found Adware: systemprocess
10:22 AM: HKLM\software\microsoft\windows\currentversion\uninstall\startup\ (2 subtraces) (ID = 860412)
10:22 AM: Found Adware: dollarrevenue
10:22 AM: HKLM\software\microsoft\drsmartload\ (1 subtraces) (ID = 916795)
10:34 AM: HKU\Blayne\software\system process\ (1 subtraces) (ID = 860389)
10:34 AM: HKU\Blayne\software\system process\ || lastptime (ID = 860390)
10:35 AM: Registry Sweep Complete, Elapsed Time:00:15:55
10:35 AM: Starting Cookie Sweep
10:35 AM: Found Spy Cookie: counter cookie
10:35 AM: cody@counter[1].txt (ID = 2477)
10:35 AM: Found Spy Cookie: adserver cookie
10:35 AM: [email protected][1].txt (ID = 2142)
10:35 AM: Found Spy Cookie: mywebsearch cookie
10:35 AM: blayne@mywebsearch[1].txt (ID = 3051)
10:35 AM: Found Spy Cookie: infospace cookie
10:35 AM: blayne@infospace[1].txt (ID = 2865)
10:35 AM: Found Spy Cookie: a cookie
10:35 AM: blayne@a[1].txt (ID = 2027)
10:35 AM: Found Spy Cookie: 2o7.net cookie
10:35 AM: [email protected][2].txt (ID = 1958)
10:35 AM: blayne@counter[2].txt (ID = 2477)
10:35 AM: Found Spy Cookie: ask cookie
10:35 AM: blayne@ask[1].txt (ID = 2245)
10:35 AM: Found Spy Cookie: starware.com cookie
10:35 AM: [email protected][1].txt (ID = 3442)
10:35 AM: Found Spy Cookie: belointeractive cookie
10:35 AM: blayne@belointeractive[1].txt (ID = 2294)
10:35 AM: [email protected][1].txt (ID = 2295)
10:35 AM: Found Spy Cookie: reunion cookie
10:35 AM: [email protected][1].txt (ID = 3256)
10:35 AM: Found Spy Cookie: go.com cookie
10:35 AM: blayne@go[1].txt (ID = 2728)
10:35 AM: Found Spy Cookie: 3 cookie
10:35 AM: blayne@3[2].txt (ID = 1959)
10:35 AM: Found Spy Cookie: nextag cookie
10:35 AM: blayne@nextag[2].txt (ID = 5014)
10:35 AM: Found Spy Cookie: 66.246.209 cookie
10:35 AM: [email protected][1].txt (ID = 1997)
10:35 AM: Found Spy Cookie: xiti cookie
10:35 AM: blayne@xiti[1].txt (ID = 3717)
10:35 AM: Found Spy Cookie: belnk cookie
10:35 AM: blayne@belnk[1].txt (ID = 2292)
10:35 AM: Found Spy Cookie: wegcash cookie
10:35 AM: [email protected][2].txt (ID = 3682)
10:35 AM: Found Spy Cookie: imlive.com cookie
10:35 AM: blayne@imlive[1].txt (ID = 2843)
10:35 AM: Found Spy Cookie: bravenet cookie
10:35 AM: blayne@bravenet[1].txt (ID = 2322)
10:35 AM: [email protected][2].txt (ID = 3682)
10:35 AM: blayne@counter[1].txt (ID = 2477)
10:35 AM: Found Spy Cookie: burstbeacon cookie
10:35 AM: [email protected][1].txt (ID = 2335)
10:35 AM: Found Spy Cookie: gangbangsquad cookie
10:35 AM: blayne@gangbangsquad[2].txt (ID = 2720)
10:35 AM: Found Spy Cookie: hbmediapro cookie
10:35 AM: [email protected][2].txt (ID = 2768)
10:35 AM: Found Spy Cookie: webpower cookie
10:35 AM: blayne@webpower[2].txt (ID = 3660)
10:35 AM: Found Spy Cookie: paypopup cookie
10:35 AM: blayne@paypopup[2].txt (ID = 3119)
10:35 AM: Found Spy Cookie: clickads cookie
10:35 AM: [email protected][2].txt (ID = 4643)
10:35 AM: Found Spy Cookie: clickzs cookie
10:35 AM: [email protected][1].txt (ID = 2413)
10:35 AM: [email protected][1].txt (ID = 2413)
10:35 AM: [email protected][2].txt (ID = 2413)
10:35 AM: [email protected][2].txt (ID = 2413)
10:35 AM: Found Spy Cookie: adshooter cookie
10:35 AM: [email protected][1].txt (ID = 2150)
10:35 AM: Found Spy Cookie: college[bleep]tour cookie
10:35 AM: [email protected][bleep]tour[1].txt (ID = 2440)
10:35 AM: [email protected][2].txt (ID = 3120)
10:35 AM: Found Spy Cookie: trafficmp cookie
10:35 AM: blayne@trafficmp[2].txt (ID = 3581)
10:35 AM: [email protected][2].txt (ID = 2293)
10:35 AM: Found Spy Cookie: cc214142 cookie
10:35 AM: [email protected][2].txt (ID = 2367)
10:35 AM: Found Spy Cookie: askmen cookie
10:35 AM: blayne@askmen[2].txt (ID = 2247)
10:35 AM: Found Spy Cookie: sexsuche cookie
10:35 AM: [email protected][1].txt (ID = 3360)
10:35 AM: Found Spy Cookie: affiliatefuel.com cookie
10:35 AM: [email protected][2].txt (ID = 2202)
10:35 AM: Found Spy Cookie: inet-traffic.com cookie
10:35 AM: [email protected][2].txt (ID = 2856)
10:35 AM: Found Spy Cookie: directtrack cookie
10:35 AM: blayne@directtrack[2].txt (ID = 2527)
10:35 AM: Found Spy Cookie: hotbar cookie
10:35 AM: blayne@hotbar[1].txt (ID = 2797)
10:35 AM: Found Spy Cookie: burstnet cookie
10:35 AM: [email protected][1].txt (ID = 2337)
10:35 AM: Found Spy Cookie: screensavers.com cookie
10:35 AM: [email protected][1].txt (ID = 3298)
10:36 AM: Found Spy Cookie: banners cookie
10:36 AM: blayne@banners[2].txt (ID = 2282)
10:36 AM: Found Spy Cookie: atwola cookie
10:36 AM: blayne@atwola[2].txt (ID = 2255)
10:36 AM: blayne@reunion[2].txt (ID = 3255)
10:36 AM: [email protected][1].txt (ID = 2248)
10:36 AM: blayne@starware[2].txt (ID = 3441)
10:36 AM: [email protected][2].txt (ID = 2528)
10:36 AM: Found Spy Cookie: adjuggler cookie
10:36 AM: [email protected][1].txt (ID = 2071)
10:36 AM: [email protected][2].txt (ID = 3298)
10:36 AM: [email protected][3].txt (ID = 2768)
10:36 AM: Found Spy Cookie: specificclick.com cookie
10:36 AM: [email protected][1].txt (ID = 3400)
10:36 AM: Found Spy Cookie: about cookie
10:36 AM: [email protected][1].txt (ID = 2038)
10:36 AM: [email protected][1].txt (ID = 2293)
10:36 AM: Found Spy Cookie: falkag cookie
10:36 AM: [email protected][1].txt (ID = 2650)
10:36 AM: Found Spy Cookie: banner cookie
10:36 AM: blayne@banner[2].txt (ID = 2276)
10:36 AM: Found Spy Cookie: yadro cookie
10:36 AM: blayne@yadro[2].txt (ID = 3743)
10:36 AM: Found Spy Cookie: azjmp cookie
10:36 AM: blayne@azjmp[1].txt (ID = 2270)
10:36 AM: [email protected][1].txt (ID = 2038)
10:36 AM: Found Spy Cookie: bizrate cookie
10:36 AM: blayne@bizrate[2].txt (ID = 2308)
10:36 AM: Found Spy Cookie: websponsors cookie
10:36 AM: [email protected][2].txt (ID = 3665)
10:36 AM: [email protected][2].txt (ID = 2038)
10:36 AM: [email protected][1].txt (ID = 1958)
10:36 AM: blayne@burstnet[1].txt (ID = 2336)
10:36 AM: Found Spy Cookie: rn11 cookie
10:36 AM: blayne@rn11[2].txt (ID = 3261)
10:36 AM: [email protected][2].txt (ID = 1958)
10:36 AM: Found Spy Cookie: adknowledge cookie
10:36 AM: blayne@adknowledge[2].txt (ID = 2072)
10:36 AM: [email protected][1].txt (ID = 2729)
10:36 AM: Found Spy Cookie: freestats.net cookie
10:36 AM: [email protected][2].txt (ID = 2705)
10:36 AM: Found Spy Cookie: yieldmanager cookie
10:36 AM: blayne@yieldmanager[1].txt (ID = 3749)
10:36 AM: [email protected][1].txt (ID = 3751)
10:36 AM: Found Spy Cookie: clickandtrack cookie
10:36 AM: [email protected][2].txt (ID = 2397)
10:36 AM: [email protected][2].txt (ID = 2293)
10:36 AM: blayne@about[2].txt (ID = 2037)
10:36 AM: [email protected][1].txt (ID = 2038)
10:36 AM: Found Spy Cookie: atlas dmt cookie
10:36 AM: blayne@atdmt[2].txt (ID = 2253)
10:36 AM: [email protected][2].txt (ID = 2071)
10:36 AM: Found Spy Cookie: ru4 cookie
10:36 AM: [email protected][2].txt (ID = 3269)
10:36 AM: Found Spy Cookie: casalemedia cookie
10:36 AM: blayne@casalemedia[1].txt (ID = 2354)
10:36 AM: Found Spy Cookie: revenue.net cookie
10:36 AM: [email protected][1].txt (ID = 3258)
10:36 AM: [email protected][1].txt (ID = 2293)
10:36 AM: Found Spy Cookie: centrport net cookie
10:36 AM: blayne@centrport[1].txt (ID = 2374)
10:36 AM: blayne@belnk[3].txt (ID = 2292)
10:36 AM: blayne@starware[3].txt (ID = 3441)
10:36 AM: [email protected][2].txt (ID = 4207)
10:36 AM: Found Spy Cookie: pricegrabber cookie
10:36 AM: blayne@pricegrabber[2].txt (ID = 3185)
10:36 AM: Found Spy Cookie: clixgalore cookie
10:36 AM: [email protected][1].txt (ID = 2417)
10:36 AM: blayne@bizrate[1].txt (ID = 2308)
10:36 AM: Found Spy Cookie: adprofile cookie
10:36 AM: blayne@adprofile[2].txt (ID = 2084)
10:36 AM: blayne@banner[1].txt (ID = 2276)
10:36 AM: Found Spy Cookie: top-banners cookie
10:36 AM: [email protected][1].txt (ID = 3548)
10:36 AM: blayne@burstnet[2].txt (ID = 2336)
10:36 AM: [email protected][1].txt (ID = 2038)
10:36 AM: [email protected][1].txt (ID = 1958)
10:36 AM: Found Spy Cookie: adecn cookie
10:36 AM: [email protected][1].txt (ID = 2064)
10:36 AM: [email protected][3].txt (ID = 2367)
10:36 AM: Found Spy Cookie: stlyrics cookie
10:36 AM: [email protected][1].txt (ID = 3462)
10:36 AM: Found Spy Cookie: zedo cookie
10:36 AM: blayne@zedo[2].txt (ID = 3762)
10:36 AM: [email protected][1].txt (ID = 3442)
10:36 AM: blayne@adserver[1].txt (ID = 2141)
10:36 AM: blayne@about[3].txt (ID = 2037)
10:36 AM: blayne@rn11[1].txt (ID = 3261)
10:36 AM: blayne@adecn[1].txt (ID = 2063)
10:36 AM: blayne@yadro[1].txt (ID = 3743)
10:36 AM: Found Spy Cookie: bluestreak cookie
10:36 AM: blayne@bluestreak[1].txt (ID = 2314)
10:36 AM: Found Spy Cookie: tribalfusion cookie
10:36 AM: blayne@tribalfusion[1].txt (ID = 3589)
10:36 AM: blayne@atwola[3].txt (ID = 2255)
10:36 AM: [email protected][1].txt (ID = 2038)
10:36 AM: [email protected][1].txt (ID = 2038)
10:36 AM: Found Spy Cookie: fastclick cookie
10:36 AM: blayne@fastclick[2].txt (ID = 2651)
10:36 AM: blayne@ask[3].txt (ID = 2245)
10:36 AM: [email protected][1].txt (ID = 1958)
10:36 AM: [email protected][2].txt (ID = 3442)
10:36 AM: blayne@yieldmanager[3].txt (ID = 3749)
10:36 AM: blayne@revenue[2].txt (ID = 3257)
10:36 AM: Found Spy Cookie: hypertracker.com cookie
10:36 AM: blayne@hypertracker[1].txt (ID = 2817)
10:36 AM: blayne@cc214142[1].txt (ID = 2366)
10:36 AM: Found Spy Cookie: targetnet cookie
10:36 AM: blayne@targetnet[2].txt (ID = 3489)
10:36 AM: Found Spy Cookie: did-it cookie
10:36 AM: blayne@did-it[2].txt (ID = 2523)
10:36 AM: Found Spy Cookie: webtrendslive cookie
10:36 AM: [email protected][1].txt (ID = 3667)
10:36 AM: Found Spy Cookie: exitexchange cookie
10:36 AM: blayne@exitexchange[1].txt (ID = 2633)
10:36 AM: [email protected][1].txt (ID = 2038)
10:36 AM: blayne@adknowledge[3].txt (ID = 2072)
10:36 AM: [email protected][1].txt (ID = 2397)
10:36 AM: Found Spy Cookie: franklinsurveys cookie
10:36 AM: [email protected][1].txt (ID = 2689)
10:36 AM: Found Spy Cookie: partypoker cookie
10:36 AM: blayne@partypoker[2].txt (ID = 3111)
10:36 AM: Found Spy Cookie: enhance cookie
10:36 AM: [email protected][1].txt (ID = 2614)
10:36 AM: Found Spy Cookie: mygeek cookie
10:36 AM: blayne@mygeek[2].txt (ID = 3041)
10:36 AM: Found Spy Cookie: videodome cookie
10:36 AM: blayne@videodome[1].txt (ID = 3638)
10:36 AM: Found Spy Cookie: statcounter cookie
10:36 AM: blayne@statcounter[2].txt (ID = 3447)
10:36 AM: Found Spy Cookie: reliablestats cookie
10:36 AM: [email protected][2].txt (ID = 3254)
10:36 AM: Found Spy Cookie: delfinproject cookie
10:36 AM: blayne@delfinproject[2].txt (ID = 2509)
10:37 AM: Found Spy Cookie: aptimus cookie
10:37 AM: [email protected][2].txt (ID = 2235)
10:37 AM: blayne@paypopup[1].txt (ID = 3119)
10:37 AM: Found Spy Cookie: tickle cookie
10:37 AM: blayne@tickle[1].txt (ID = 3529)
10:37 AM: [email protected][2].txt (ID = 2335)
10:37 AM: Found Spy Cookie: overture cookie
10:37 AM: [email protected][2].txt (ID = 3106)
10:37 AM: Found Spy Cookie: ic-live cookie
10:37 AM: blayne@ic-live[2].txt (ID = 2821)
10:37 AM: Found Spy Cookie: 888 cookie
10:37 AM: blayne@888[2].txt (ID = 2019)
10:37 AM: [email protected][1].txt (ID = 2650)
10:37 AM: Found Spy Cookie: myaffiliateprogram.com cookie
10:37 AM: [email protected][2].txt (ID = 3032)
10:37 AM: [email protected][1].txt (ID = 1958)
10:37 AM: Found Spy Cookie: adrevolver cookie
10:37 AM: blayne@adrevolver[2].txt (ID = 2088)
10:37 AM: [email protected][1].txt (ID = 3106)
10:37 AM: Found Spy Cookie: tradedoubler cookie
10:37 AM: blayne@tradedoubler[1].txt (ID = 3575)
10:37 AM: [email protected][1].txt (ID = 1958)
10:37 AM: blayne@azjmp[3].txt (ID = 2270)
10:37 AM: blayne@adrevolver[3].txt (ID = 2088)
10:37 AM: blayne@2o7[2].txt (ID = 1957)
10:37 AM: blayne@nextag[1].txt (ID = 5014)
10:37 AM: Found Spy Cookie: advertising cookie
10:37 AM: blayne@advertising[2].txt (ID = 2175)
10:37 AM: [email protected][2].txt (ID = 2413)
10:37 AM: [email protected][1].txt (ID = 3298)
10:37 AM: [email protected][2].txt (ID = 3298)
10:37 AM: [email protected][2].txt (ID = 2650)
10:37 AM: [email protected][1].txt (ID = 2070)
10:37 AM: [email protected][1].txt (ID = 2070)
10:37 AM: Found Spy Cookie: apmebf cookie
10:37 AM: blayne@apmebf[2].txt (ID = 2229)
10:37 AM: [email protected][1].txt (ID = 1958)
10:37 AM: Found Spy Cookie: maxserving cookie
10:37 AM: blayne@maxserving[2].txt (ID = 2966)
10:37 AM: [email protected][3].txt (ID = 3665)
10:37 AM: [email protected][3].txt (ID = 2413)
10:37 AM: Found Spy Cookie: qksrv cookie
10:37 AM: blayne@qksrv[2].txt (ID = 3213)
10:37 AM: Found Spy Cookie: pointroll cookie
10:37 AM: [email protected][2].txt (ID = 3148)
10:37 AM: Found Spy Cookie: realmedia cookie
10:37 AM: blayne@realmedia[2].txt (ID = 3235)
10:37 AM: Found Spy Cookie: questionmarket cookie
10:37 AM: blayne@questionmarket[2].txt (ID = 3217)
10:37 AM: [email protected][1].txt (ID = 1958)
10:37 AM: [email protected][3].txt (ID = 3400)
10:37 AM: Found Spy Cookie: valuead cookie
10:37 AM: blayne@valuead[2].txt (ID = 3626)
10:37 AM: [email protected][3].txt (ID = 3751)
10:37 AM: Found Spy Cookie: addynamix cookie
10:37 AM: [email protected][2].txt (ID = 2062)
10:37 AM: Cookie Sweep Complete, Elapsed Time: 00:02:08
10:37 AM: Starting File Sweep
10:37 AM: Found Adware: spysheriff
10:37 AM: secure32.html (ID = 184319)
10:48 AM: Found Adware: commonname
10:48 AM: cnbabeie.exe (ID = 53748)
10:51 AM: Found Adware: sidesearch
10:51 AM: lycos.exe (ID = 94686)
10:57 AM: Found Adware: keenvalue/perfectnav
10:57 AM: setup_incred_1.exe (ID = 64972)
11:00 AM: Found Adware: ie driver
11:00 AM: sx.htm (ID = 63132)
11:00 AM: sx.htm (ID = 63132)
11:00 AM: Found Adware: directrevenue-abetterinternet
11:00 AM: biini.inf (ID = 83199)
11:00 AM: belt.inf (ID = 83154)
11:01 AM: Found Adware: netpal
11:01 AM: gamehouse games.url (ID = 70891)
11:01 AM: big fish games.url (ID = 70885)
11:01 AM: flyordie games.url (ID = 70890)
11:03 AM: Found Adware: websearch toolbar
11:03 AM: home.url (ID = 84894)
11:03 AM: frequently asked questions.url (ID = 84889)
11:03 AM: terms of use.url (ID = 86338)
11:03 AM: privacy policy.url (ID = 84923)
11:03 AM: Found Adware: blazefind
11:03 AM: zqonalph.inf (ID = 51544)
11:04 AM: home.url (ID = 84894)
11:04 AM: frequently asked questions.url (ID = 84889)
11:04 AM: terms of use.url (ID = 86338)
11:04 AM: privacy policy.url (ID = 84923)
11:05 AM: Found Adware: hotbar
11:05 AM: d_icons_buttons_1000.xip (ID = 62278)
11:05 AM: d_icons_buttons_2000.xip (ID = 62280)
11:05 AM: d_icons_buttons_3000.xip (ID = 62282)
11:05 AM: d_icons_buttons_logos.xip (ID = 62294)
11:05 AM: d_icons_buttons_other.xip (ID = 62294)
11:05 AM: tsd_bg.xip (ID = 62383)
11:05 AM: progress.xip (ID = 62368)
11:05 AM: d_icons_buttons_bar.xip (ID = 62294)
11:05 AM: business_promo.xip (ID = 121856)
11:05 AM: d_icons_buttons_1000.res (ID = 62277)
11:05 AM: d_icons_buttons_2000.res (ID = 62279)
11:05 AM: d_icons_buttons_3000.res (ID = 62281)
11:05 AM: d_icons_buttons_bar.res (ID = 62283)
11:05 AM: d_icons_buttons_logos.res (ID = 62283)
11:05 AM: d_icons_buttons_other.res (ID = 62283)
11:05 AM: lycos sidesearch.lnk (ID = 76058)
11:05 AM: Found Trojan Horse: 2nd-thought
11:05 AM: second thought.lnk (ID = 48334)
11:05 AM: hotbar-premium-hotbar-premium.mnu (ID = 121844)
11:05 AM: progress.res (ID = 62367)
11:05 AM: tsd_bg.res (ID = 62382)
11:05 AM: ss.dat (ID = 76073)
11:05 AM: home.url (ID = 84894)
11:05 AM: frequently asked questions.url (ID = 84889)
11:05 AM: terms of use.url (ID = 86338)
11:05 AM: privacy policy.url (ID = 84923)
11:05 AM: big fish games.url (ID = 70885)
11:05 AM: flyordie games.url (ID = 70890)
11:31 AM: Warning: Failed to open file "c:\windows\win386.swp". The process cannot access the file because
it is being used by another process
11:32 AM: Found Adware: diamond deal casino
11:32 AM: mblackjack.dll (ID = 59028)
11:32 AM: back.z (ID = 58992)
11:32 AM: card_1.3d (ID = 58994)
11:32 AM: card_1b.3d (ID = 58995)
11:32 AM: slots3reel_reel0.slt (ID = 59033)
11:32 AM: slots3reel_reel1.slt (ID = 59034)
11:32 AM: slots3reel_reel2.slt (ID = 59035)
11:32 AM: card_away_center.ani (ID = 58996)
11:32 AM: card_away_dealer.ani (ID = 58997)
11:32 AM: card_away_left.ani (ID = 58998)
11:32 AM: card_away_right.ani (ID = 58999)
11:32 AM: card_draw_center.ani (ID = 59000)
11:32 AM: card_draw_dealer.ani (ID = 59001)
11:32 AM: card_draw_dealer_face_down.ani (ID = 59002)
11:32 AM: card_draw_left.ani (ID = 59003)
11:32 AM: card_draw_right.ani (ID = 59004)
11:32 AM: card_flip.ani (ID = 59005)
11:32 AM: card_peek_dealer_down.ani (ID = 59006)
11:32 AM: card_peek_dealer_up.ani (ID = 59007)
11:32 AM: card_stand_center.ani (ID = 59008)
11:32 AM: card_stand_dealer.ani (ID = 59009)
11:32 AM: card_stand_left.ani (ID = 59010)
11:32 AM: card_stand_right.ani (ID = 59011)
11:33 AM: secure32.html (ID = 184319)
11:33 AM: drsmartload.dat (ID = 198788)
11:33 AM: nktapi.dll (ID = 163642)
11:33 AM: fdsrch.dll (ID = 163642)
11:33 AM: mwcuiw32.dll (ID = 163642)
11:33 AM: hvviol.dll (ID = 163642)
11:33 AM: scge.dll (ID = 163642)
11:33 AM: azifil32.dll (ID = 163642)
11:33 AM: mamci2.dll (ID = 163642)
11:34 AM: dnmsspxn.dll (ID = 163642)
11:34 AM: dudpmesh.dll (ID = 163642)
11:34 AM: obbcji32.dll (ID = 163642)
11:34 AM: sccur32.dll (ID = 163642)
11:34 AM: mb3216.dll (ID = 163642)
11:35 AM: ojbc32gt.dll (ID = 163642)
11:35 AM: ryanp.dll (ID = 163642)
11:36 AM: ntdd32.dll (ID = 163642)
11:37 AM: sfi.dll (ID = 163642)
11:37 AM: tqembed.dll (ID = 163642)
11:37 AM: navshext1.dll (ID = 161344)
11:37 AM: ustart.exe (ID = 161346)
11:37 AM: myihnd.dll (ID = 163642)
11:37 AM: ixctl.dll (ID = 163642)
11:37 AM: oeeaut32.dll (ID = 163642)
11:37 AM: wpp.dll (ID = 163642)
11:37 AM: mkrd2x40.dll (ID = 163642)
11:37 AM: Found Adware: targetsaver
11:37 AM: tsuninst.exe (ID = 193501)
11:37 AM: dvband.dll (ID = 163642)
11:37 AM: iynpstub.dll (ID = 163642)
11:37 AM: okbcbcp.dll (ID = 163642)
11:37 AM: qdap.dll (ID = 163642)
11:37 AM: ibs.dll (ID = 163642)
11:37 AM: wvp.dll (ID = 163642)
11:37 AM: mpstkprp.dll (ID = 163642)
11:37 AM: mtstkprp.dll (ID = 163642)
11:37 AM: wfv9vcm.dll (ID = 163642)
11:40 AM: Found Adware: whenu savenow
11:40 AM: vvsninst.exe (ID = 74460)
11:40 AM: tsinstall_4_0_4_0_b4.exe (ID = 193496)
11:40 AM: Found Adware: command
11:40 AM: cmdinst.exe (ID = 166756)
11:44 AM: install.dat (ID = 194435)
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065041-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065042-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065043-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065044-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065045-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065046-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065047-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065048-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065049-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706504a-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706504b-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706504c-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706504d-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706504e-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706504f-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065050-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065051-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065052-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065053-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065054-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065055-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065056-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065057-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065058-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065059-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706505a-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706505b-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706505c-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706505d-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706505e-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706505f-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065060-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065061-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065062-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065063-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065064-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065065-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065066-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065067-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065068-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065069-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706506a-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706506b-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706506c-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706506d-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706506e-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706506f-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065070-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065071-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065072-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065073-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065074-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065075-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065076-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065077-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065078-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065079-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706507a-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706507b-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706507c-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706507d-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706507e-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706507f-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065080-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065081-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065082-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065083-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065084-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065085-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065086-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065087-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065088-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065089-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706508a-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706508b-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706508c-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706508d-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706508e-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706508f-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065090-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065091-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065092-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065093-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065094-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065095-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065096-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065097-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065098-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065099-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706509a-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706509b-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706509c-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706509d-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706509e-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706509f-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse70650a0-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse70650a1-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse70650a2-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse70650a3-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse70650a4-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse70650a5-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse70650a6-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse70650a7-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse70650a8-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:57 AM: Warning: Unhandled Archive Type
11:57 AM: Warning: Unhandled Archive Type
11:57 AM: Warning: Unhandled Archive Type
11:57 AM: Warning: Unhandled Archive Type
11:57 AM: Warning: Unhandled Archive Type
11:57 AM: Warning: Unhandled Archive Type
11:57 AM: Warning: Unhandled Archive Type
11:59 AM: Warning: Invalid Stream
12:00 PM: File Sweep Complete, Elapsed Time: 01:22:59
12:00 PM: Full Sweep has completed. Elapsed time 01:49:28
12:00 PM: Traces Found: 306
12:02 PM: Removal process initiated
12:04 PM: Quarantining All Traces: 2nd-thought
12:04 PM: Warning: Out of memory
12:04 PM: Failed to quarantine 2nd-thought
12:04 PM: Failed to quarantine second thought.lnk
12:04 PM: Quarantining All Traces: directrevenue-abetterinternet
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Failed to quarantine directrevenue-abetterinternet
12:04 PM: Failed to quarantine biini.inf
12:04 PM: Failed to quarantine belt.inf
12:04 PM: Quarantining All Traces: ie driver
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Failed to quarantine ie driver
12:04 PM: Failed to quarantine sx.htm
12:04 PM: Failed to quarantine sx.htm
12:04 PM: Quarantining All Traces: look2me
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:05 PM: Warning: Out of memory
12:05 PM: Warning: Out of memory
12:05 PM: Failed to quarantine look2me
12:05 PM: Failed to quarantine nktapi.dll
12:05 PM: Failed to quarantine fdsrch.dll
12:05 PM: Failed to quarantine mwcuiw32.dll
12:05 PM: Failed to quarantine scge.dll
12:05 PM: Failed to quarantine azifil32.dll
12:05 PM: Failed to quarantine mamci2.dll
12:05 PM: Failed to quarantine dnmsspxn.dll
12:05 PM: Failed to quarantine dudpmesh.dll
12:05 PM: Failed to quarantine obbcji32.dll
12:05 PM: Failed to quarantine sccur32.dll
12:05 PM: Failed to quarantine mb3216.dll
12:05 PM: Failed to quarantine ojbc32gt.dll
12:05 PM: Failed to quarantine ryanp.dll
12:05 PM: Failed to quarantine ntdd32.dll
12:05 PM: Failed to quarantine sfi.dll
12:05 PM: Failed to quarantine tqembed.dll
12:05 PM: Failed to quarantine myihnd.dll
12:05 PM: Failed to quarantine ixctl.dll
12:05 PM: Failed to quarantine oeeaut32.dll
12:05 PM: Failed to quarantine wpp.dll
12:05 PM: Failed to quarantine mkrd2x40.dll
12:05 PM: Failed to quarantine dvband.dll
12:05 PM: Failed to quarantine iynpstub.dll
12:05 PM: Failed to quarantine okbcbcp.dll
12:05 PM: Failed to quarantine qdap.dll
12:05 PM: Failed to quarantine ibs.dll
12:05 PM: Failed to quarantine wvp.dll
12:05 PM: Failed to quarantine mpstkprp.dll
12:05 PM: Failed to quarantine wfv9vcm.dll
12:05 PM: Failed to quarantine C:\WINDOWS\SYSTEM\HVVIOL.DLL
12:05 PM: Failed to quarantine C:\WINDOWS\SYSTEM\MTSTKPRP.DLL
12:05 PM: Quarantining All Traces: spysheriff
12:05 PM: Warning: Out of memory
12:05 PM: Warning: Out of memory
12:05 PM: Warning: Out of memory
12:05 PM: Failed to quarantine spysheriff
12:05 PM: Failed to quarantine secure32.html
12:05 PM: Failed to quarantine secure32.html
12:05 PM: Failed to quarantine install.dat
12:05 PM: Quarantining All Traces: trojan-backdoor-zubox
12:05 PM: Warning: Out of memory
12:05 PM: Warning: Out of memory
12:05 PM: Failed to quarantine trojan-backdoor-zubox
12:05 PM: Failed to quarantine *\shellex\contextmenuhandlers\sysacpildap\
12:05 PM: Failed to quarantine HKLM: software\classes\*\shellex\contextmenuhandlers\sysacpildap\
12:05 PM: Quarantining All Traces: websearch toolbar
12:05 PM: Warning: Out of memory
12:05 PM: Warning: Out of memory
12:05 PM: Warning: Out of memory
12:05 PM: Warning: Out of memory
12:05 PM: Warning: Out of memory
12:05 PM: Warning: Out of memory
12:05 PM: Warning: Out of memory
12:05 PM: Warning: Out of memory
12:05 PM: Warning: lzma: LZMA_Init failed
12:05 PM: Warning: lzma: LZMA_Init failed
12:05 PM: Warning: lzma: LZMA_Init failed
12:05 PM: Warning: lzma: LZMA_Init failed
12:05 PM: Failed to quarantine websearch toolbar
12:05 PM: Failed to quarantine home.url
12:05 PM: Failed to quarantine frequently asked questions.url
12:05 PM: Failed to quarantine terms of use.url
12:05 PM: Failed to quarantine privacy policy.url
12:05 PM: Failed to quarantine home.url
12:05 PM: Failed to quarantine frequently asked questions.url
12:05 PM: Failed to quarantine terms of use.url
12:05 PM: Failed to quarantine privacy policy.url
12:05 PM: Failed to quarantine home.url
12:05 PM: Failed to quarantine frequently asked questions.url
12:05 PM: Failed to quaran
  • 0

#8
zipnalong
Posted 27 December 2005 - 03:56 PM

zipnalong

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
My last post timed out, so I'll try it again.

Hey retrac! I downloaded and ran WebRoot SpySweeper and things are looking better already! :tazz: The popup adds have stopped!! :) Prior to viewing the session log, a dialog window came up informing me to click on "Sheilds", then the IE Tab and select Reset IE page settings to default since it appeared to be hijacked.

Here is the session log from WebRoot SpySweeper:
********
10:10 AM: | Start of Session, Tuesday, December 27, 2005 |
10:10 AM: Spy Sweeper started
10:10 AM: Sweep initiated using definitions version 589
10:10 AM: Starting Memory Sweep
10:13 AM: Found Adware: look2me
10:13 AM: Detected running threat: C:\WINDOWS\SYSTEM\HVVIOL.DLL (ID = 163642)
10:13 AM: Detected running threat: C:\WINDOWS\SYSTEM\MTSTKPRP.DLL (ID = 163642)
10:19 AM: Memory Sweep Complete, Elapsed Time: 00:08:16
10:19 AM: Starting Registry Sweep
10:21 AM: Found Trojan Horse: trojan-backdoor-zubox
10:21 AM: HKCR\*\shellex\contextmenuhandlers\sysacpildap\ (ID = 484093)
10:21 AM: HKLM\software\classes\*\shellex\contextmenuhandlers\sysacpildap\ (ID = 484152)
10:22 AM: Found Trojan Horse: trojan-downloader-conhook
10:22 AM: HKCR\clsid\{8e13dde1-e013-47ec-9c4c-27c2f78bdd26}\ (3 subtraces) (ID = 834750)
10:22 AM: HKLM\software\classes\clsid\{8e13dde1-e013-47ec-9c4c-27c2f78bdd26}\ (3 subtraces) (ID = 834754)
10:22 AM: Found Adware: systemprocess
10:22 AM: HKLM\software\microsoft\windows\currentversion\uninstall\startup\ (2 subtraces) (ID = 860412)
10:22 AM: Found Adware: dollarrevenue
10:22 AM: HKLM\software\microsoft\drsmartload\ (1 subtraces) (ID = 916795)
10:34 AM: HKU\Blayne\software\system process\ (1 subtraces) (ID = 860389)
10:34 AM: HKU\Blayne\software\system process\ || lastptime (ID = 860390)
10:35 AM: Registry Sweep Complete, Elapsed Time:00:15:55
10:35 AM: Starting Cookie Sweep
10:35 AM: Found Spy Cookie: counter cookie
10:35 AM: cody@counter[1].txt (ID = 2477)
10:35 AM: Found Spy Cookie: adserver cookie
10:35 AM: [email protected][1].txt (ID = 2142)
10:35 AM: Found Spy Cookie: mywebsearch cookie
10:35 AM: blayne@mywebsearch[1].txt (ID = 3051)
10:35 AM: Found Spy Cookie: infospace cookie
10:35 AM: blayne@infospace[1].txt (ID = 2865)
10:35 AM: Found Spy Cookie: a cookie
10:35 AM: blayne@a[1].txt (ID = 2027)
10:35 AM: Found Spy Cookie: 2o7.net cookie
10:35 AM: [email protected][2].txt (ID = 1958)
10:35 AM: blayne@counter[2].txt (ID = 2477)
10:35 AM: Found Spy Cookie: ask cookie
10:35 AM: blayne@ask[1].txt (ID = 2245)
10:35 AM: Found Spy Cookie: starware.com cookie
10:35 AM: [email protected][1].txt (ID = 3442)
10:35 AM: Found Spy Cookie: belointeractive cookie
10:35 AM: blayne@belointeractive[1].txt (ID = 2294)
10:35 AM: [email protected][1].txt (ID = 2295)
10:35 AM: Found Spy Cookie: reunion cookie
10:35 AM: [email protected][1].txt (ID = 3256)
10:35 AM: Found Spy Cookie: go.com cookie
10:35 AM: blayne@go[1].txt (ID = 2728)
10:35 AM: Found Spy Cookie: 3 cookie
10:35 AM: blayne@3[2].txt (ID = 1959)
10:35 AM: Found Spy Cookie: nextag cookie
10:35 AM: blayne@nextag[2].txt (ID = 5014)
10:35 AM: Found Spy Cookie: 66.246.209 cookie
10:35 AM: [email protected][1].txt (ID = 1997)
10:35 AM: Found Spy Cookie: xiti cookie
10:35 AM: blayne@xiti[1].txt (ID = 3717)
10:35 AM: Found Spy Cookie: belnk cookie
10:35 AM: blayne@belnk[1].txt (ID = 2292)
10:35 AM: Found Spy Cookie: wegcash cookie
10:35 AM: [email protected][2].txt (ID = 3682)
10:35 AM: Found Spy Cookie: imlive.com cookie
10:35 AM: blayne@imlive[1].txt (ID = 2843)
10:35 AM: Found Spy Cookie: bravenet cookie
10:35 AM: blayne@bravenet[1].txt (ID = 2322)
10:35 AM: [email protected][2].txt (ID = 3682)
10:35 AM: blayne@counter[1].txt (ID = 2477)
10:35 AM: Found Spy Cookie: burstbeacon cookie
10:35 AM: [email protected][1].txt (ID = 2335)
10:35 AM: Found Spy Cookie: gangbangsquad cookie
10:35 AM: blayne@gangbangsquad[2].txt (ID = 2720)
10:35 AM: Found Spy Cookie: hbmediapro cookie
10:35 AM: [email protected][2].txt (ID = 2768)
10:35 AM: Found Spy Cookie: webpower cookie
10:35 AM: blayne@webpower[2].txt (ID = 3660)
10:35 AM: Found Spy Cookie: paypopup cookie
10:35 AM: blayne@paypopup[2].txt (ID = 3119)
10:35 AM: Found Spy Cookie: clickads cookie
10:35 AM: [email protected][2].txt (ID = 4643)
10:35 AM: Found Spy Cookie: clickzs cookie
10:35 AM: [email protected][1].txt (ID = 2413)
10:35 AM: [email protected][1].txt (ID = 2413)
10:35 AM: [email protected][2].txt (ID = 2413)
10:35 AM: [email protected][2].txt (ID = 2413)
10:35 AM: Found Spy Cookie: adshooter cookie
10:35 AM: [email protected][1].txt (ID = 2150)
10:35 AM: Found Spy Cookie: college[bleep]tour cookie
10:35 AM: [email protected][bleep]tour[1].txt (ID = 2440)
10:35 AM: [email protected][2].txt (ID = 3120)
10:35 AM: Found Spy Cookie: trafficmp cookie
10:35 AM: blayne@trafficmp[2].txt (ID = 3581)
10:35 AM: [email protected][2].txt (ID = 2293)
10:35 AM: Found Spy Cookie: cc214142 cookie
10:35 AM: [email protected][2].txt (ID = 2367)
10:35 AM: Found Spy Cookie: askmen cookie
10:35 AM: blayne@askmen[2].txt (ID = 2247)
10:35 AM: Found Spy Cookie: sexsuche cookie
10:35 AM: [email protected][1].txt (ID = 3360)
10:35 AM: Found Spy Cookie: affiliatefuel.com cookie
10:35 AM: [email protected][2].txt (ID = 2202)
10:35 AM: Found Spy Cookie: inet-traffic.com cookie
10:35 AM: [email protected][2].txt (ID = 2856)
10:35 AM: Found Spy Cookie: directtrack cookie
10:35 AM: blayne@directtrack[2].txt (ID = 2527)
10:35 AM: Found Spy Cookie: hotbar cookie
10:35 AM: blayne@hotbar[1].txt (ID = 2797)
10:35 AM: Found Spy Cookie: burstnet cookie
10:35 AM: [email protected][1].txt (ID = 2337)
10:35 AM: Found Spy Cookie: screensavers.com cookie
10:35 AM: [email protected][1].txt (ID = 3298)
10:36 AM: Found Spy Cookie: banners cookie
10:36 AM: blayne@banners[2].txt (ID = 2282)
10:36 AM: Found Spy Cookie: atwola cookie
10:36 AM: blayne@atwola[2].txt (ID = 2255)
10:36 AM: blayne@reunion[2].txt (ID = 3255)
10:36 AM: [email protected][1].txt (ID = 2248)
10:36 AM: blayne@starware[2].txt (ID = 3441)
10:36 AM: [email protected][2].txt (ID = 2528)
10:36 AM: Found Spy Cookie: adjuggler cookie
10:36 AM: [email protected][1].txt (ID = 2071)
10:36 AM: [email protected][2].txt (ID = 3298)
10:36 AM: [email protected][3].txt (ID = 2768)
10:36 AM: Found Spy Cookie: specificclick.com cookie
10:36 AM: [email protected][1].txt (ID = 3400)
10:36 AM: Found Spy Cookie: about cookie
10:36 AM: [email protected][1].txt (ID = 2038)
10:36 AM: [email protected][1].txt (ID = 2293)
10:36 AM: Found Spy Cookie: falkag cookie
10:36 AM: [email protected][1].txt (ID = 2650)
10:36 AM: Found Spy Cookie: banner cookie
10:36 AM: blayne@banner[2].txt (ID = 2276)
10:36 AM: Found Spy Cookie: yadro cookie
10:36 AM: blayne@yadro[2].txt (ID = 3743)
10:36 AM: Found Spy Cookie: azjmp cookie
10:36 AM: blayne@azjmp[1].txt (ID = 2270)
10:36 AM: [email protected][1].txt (ID = 2038)
10:36 AM: Found Spy Cookie: bizrate cookie
10:36 AM: blayne@bizrate[2].txt (ID = 2308)
10:36 AM: Found Spy Cookie: websponsors cookie
10:36 AM: [email protected][2].txt (ID = 3665)
10:36 AM: [email protected][2].txt (ID = 2038)
10:36 AM: [email protected][1].txt (ID = 1958)
10:36 AM: blayne@burstnet[1].txt (ID = 2336)
10:36 AM: Found Spy Cookie: rn11 cookie
10:36 AM: blayne@rn11[2].txt (ID = 3261)
10:36 AM: [email protected][2].txt (ID = 1958)
10:36 AM: Found Spy Cookie: adknowledge cookie
10:36 AM: blayne@adknowledge[2].txt (ID = 2072)
10:36 AM: [email protected][1].txt (ID = 2729)
10:36 AM: Found Spy Cookie: freestats.net cookie
10:36 AM: [email protected][2].txt (ID = 2705)
10:36 AM: Found Spy Cookie: yieldmanager cookie
10:36 AM: blayne@yieldmanager[1].txt (ID = 3749)
10:36 AM: [email protected][1].txt (ID = 3751)
10:36 AM: Found Spy Cookie: clickandtrack cookie
10:36 AM: [email protected][2].txt (ID = 2397)
10:36 AM: [email protected][2].txt (ID = 2293)
10:36 AM: blayne@about[2].txt (ID = 2037)
10:36 AM: [email protected][1].txt (ID = 2038)
10:36 AM: Found Spy Cookie: atlas dmt cookie
10:36 AM: blayne@atdmt[2].txt (ID = 2253)
10:36 AM: [email protected][2].txt (ID = 2071)
10:36 AM: Found Spy Cookie: ru4 cookie
10:36 AM: [email protected][2].txt (ID = 3269)
10:36 AM: Found Spy Cookie: casalemedia cookie
10:36 AM: blayne@casalemedia[1].txt (ID = 2354)
10:36 AM: Found Spy Cookie: revenue.net cookie
10:36 AM: [email protected][1].txt (ID = 3258)
10:36 AM: [email protected][1].txt (ID = 2293)
10:36 AM: Found Spy Cookie: centrport net cookie
10:36 AM: blayne@centrport[1].txt (ID = 2374)
10:36 AM: blayne@belnk[3].txt (ID = 2292)
10:36 AM: blayne@starware[3].txt (ID = 3441)
10:36 AM: [email protected][2].txt (ID = 4207)
10:36 AM: Found Spy Cookie: pricegrabber cookie
10:36 AM: blayne@pricegrabber[2].txt (ID = 3185)
10:36 AM: Found Spy Cookie: clixgalore cookie
10:36 AM: [email protected][1].txt (ID = 2417)
10:36 AM: blayne@bizrate[1].txt (ID = 2308)
10:36 AM: Found Spy Cookie: adprofile cookie
10:36 AM: blayne@adprofile[2].txt (ID = 2084)
10:36 AM: blayne@banner[1].txt (ID = 2276)
10:36 AM: Found Spy Cookie: top-banners cookie
10:36 AM: [email protected][1].txt (ID = 3548)
10:36 AM: blayne@burstnet[2].txt (ID = 2336)
10:36 AM: [email protected][1].txt (ID = 2038)
10:36 AM: [email protected][1].txt (ID = 1958)
10:36 AM: Found Spy Cookie: adecn cookie
10:36 AM: [email protected][1].txt (ID = 2064)
10:36 AM: [email protected][3].txt (ID = 2367)
10:36 AM: Found Spy Cookie: stlyrics cookie
10:36 AM: [email protected][1].txt (ID = 3462)
10:36 AM: Found Spy Cookie: zedo cookie
10:36 AM: blayne@zedo[2].txt (ID = 3762)
10:36 AM: [email protected][1].txt (ID = 3442)
10:36 AM: blayne@adserver[1].txt (ID = 2141)
10:36 AM: blayne@about[3].txt (ID = 2037)
10:36 AM: blayne@rn11[1].txt (ID = 3261)
10:36 AM: blayne@adecn[1].txt (ID = 2063)
10:36 AM: blayne@yadro[1].txt (ID = 3743)
10:36 AM: Found Spy Cookie: bluestreak cookie
10:36 AM: blayne@bluestreak[1].txt (ID = 2314)
10:36 AM: Found Spy Cookie: tribalfusion cookie
10:36 AM: blayne@tribalfusion[1].txt (ID = 3589)
10:36 AM: blayne@atwola[3].txt (ID = 2255)
10:36 AM: [email protected][1].txt (ID = 2038)
10:36 AM: [email protected][1].txt (ID = 2038)
10:36 AM: Found Spy Cookie: fastclick cookie
10:36 AM: blayne@fastclick[2].txt (ID = 2651)
10:36 AM: blayne@ask[3].txt (ID = 2245)
10:36 AM: [email protected][1].txt (ID = 1958)
10:36 AM: [email protected][2].txt (ID = 3442)
10:36 AM: blayne@yieldmanager[3].txt (ID = 3749)
10:36 AM: blayne@revenue[2].txt (ID = 3257)
10:36 AM: Found Spy Cookie: hypertracker.com cookie
10:36 AM: blayne@hypertracker[1].txt (ID = 2817)
10:36 AM: blayne@cc214142[1].txt (ID = 2366)
10:36 AM: Found Spy Cookie: targetnet cookie
10:36 AM: blayne@targetnet[2].txt (ID = 3489)
10:36 AM: Found Spy Cookie: did-it cookie
10:36 AM: blayne@did-it[2].txt (ID = 2523)
10:36 AM: Found Spy Cookie: webtrendslive cookie
10:36 AM: [email protected][1].txt (ID = 3667)
10:36 AM: Found Spy Cookie: exitexchange cookie
10:36 AM: blayne@exitexchange[1].txt (ID = 2633)
10:36 AM: [email protected][1].txt (ID = 2038)
10:36 AM: blayne@adknowledge[3].txt (ID = 2072)
10:36 AM: [email protected][1].txt (ID = 2397)
10:36 AM: Found Spy Cookie: franklinsurveys cookie
10:36 AM: [email protected][1].txt (ID = 2689)
10:36 AM: Found Spy Cookie: partypoker cookie
10:36 AM: blayne@partypoker[2].txt (ID = 3111)
10:36 AM: Found Spy Cookie: enhance cookie
10:36 AM: [email protected][1].txt (ID = 2614)
10:36 AM: Found Spy Cookie: mygeek cookie
10:36 AM: blayne@mygeek[2].txt (ID = 3041)
10:36 AM: Found Spy Cookie: videodome cookie
10:36 AM: blayne@videodome[1].txt (ID = 3638)
10:36 AM: Found Spy Cookie: statcounter cookie
10:36 AM: blayne@statcounter[2].txt (ID = 3447)
10:36 AM: Found Spy Cookie: reliablestats cookie
10:36 AM: [email protected][2].txt (ID = 3254)
10:36 AM: Found Spy Cookie: delfinproject cookie
10:36 AM: blayne@delfinproject[2].txt (ID = 2509)
10:37 AM: Found Spy Cookie: aptimus cookie
10:37 AM: [email protected][2].txt (ID = 2235)
10:37 AM: blayne@paypopup[1].txt (ID = 3119)
10:37 AM: Found Spy Cookie: tickle cookie
10:37 AM: blayne@tickle[1].txt (ID = 3529)
10:37 AM: [email protected][2].txt (ID = 2335)
10:37 AM: Found Spy Cookie: overture cookie
10:37 AM: [email protected][2].txt (ID = 3106)
10:37 AM: Found Spy Cookie: ic-live cookie
10:37 AM: blayne@ic-live[2].txt (ID = 2821)
10:37 AM: Found Spy Cookie: 888 cookie
10:37 AM: blayne@888[2].txt (ID = 2019)
10:37 AM: [email protected][1].txt (ID = 2650)
10:37 AM: Found Spy Cookie: myaffiliateprogram.com cookie
10:37 AM: [email protected][2].txt (ID = 3032)
10:37 AM: [email protected][1].txt (ID = 1958)
10:37 AM: Found Spy Cookie: adrevolver cookie
10:37 AM: blayne@adrevolver[2].txt (ID = 2088)
10:37 AM: [email protected][1].txt (ID = 3106)
10:37 AM: Found Spy Cookie: tradedoubler cookie
10:37 AM: blayne@tradedoubler[1].txt (ID = 3575)
10:37 AM: [email protected][1].txt (ID = 1958)
10:37 AM: blayne@azjmp[3].txt (ID = 2270)
10:37 AM: blayne@adrevolver[3].txt (ID = 2088)
10:37 AM: blayne@2o7[2].txt (ID = 1957)
10:37 AM: blayne@nextag[1].txt (ID = 5014)
10:37 AM: Found Spy Cookie: advertising cookie
10:37 AM: blayne@advertising[2].txt (ID = 2175)
10:37 AM: [email protected][2].txt (ID = 2413)
10:37 AM: [email protected][1].txt (ID = 3298)
10:37 AM: [email protected][2].txt (ID = 3298)
10:37 AM: [email protected][2].txt (ID = 2650)
10:37 AM: [email protected][1].txt (ID = 2070)
10:37 AM: [email protected][1].txt (ID = 2070)
10:37 AM: Found Spy Cookie: apmebf cookie
10:37 AM: blayne@apmebf[2].txt (ID = 2229)
10:37 AM: [email protected][1].txt (ID = 1958)
10:37 AM: Found Spy Cookie: maxserving cookie
10:37 AM: blayne@maxserving[2].txt (ID = 2966)
10:37 AM: [email protected][3].txt (ID = 3665)
10:37 AM: [email protected][3].txt (ID = 2413)
10:37 AM: Found Spy Cookie: qksrv cookie
10:37 AM: blayne@qksrv[2].txt (ID = 3213)
10:37 AM: Found Spy Cookie: pointroll cookie
10:37 AM: [email protected][2].txt (ID = 3148)
10:37 AM: Found Spy Cookie: realmedia cookie
10:37 AM: blayne@realmedia[2].txt (ID = 3235)
10:37 AM: Found Spy Cookie: questionmarket cookie
10:37 AM: blayne@questionmarket[2].txt (ID = 3217)
10:37 AM: [email protected][1].txt (ID = 1958)
10:37 AM: [email protected][3].txt (ID = 3400)
10:37 AM: Found Spy Cookie: valuead cookie
10:37 AM: blayne@valuead[2].txt (ID = 3626)
10:37 AM: [email protected][3].txt (ID = 3751)
10:37 AM: Found Spy Cookie: addynamix cookie
10:37 AM: [email protected][2].txt (ID = 2062)
10:37 AM: Cookie Sweep Complete, Elapsed Time: 00:02:08
10:37 AM: Starting File Sweep
10:37 AM: Found Adware: spysheriff
10:37 AM: secure32.html (ID = 184319)
10:48 AM: Found Adware: commonname
10:48 AM: cnbabeie.exe (ID = 53748)
10:51 AM: Found Adware: sidesearch
10:51 AM: lycos.exe (ID = 94686)
10:57 AM: Found Adware: keenvalue/perfectnav
10:57 AM: setup_incred_1.exe (ID = 64972)
11:00 AM: Found Adware: ie driver
11:00 AM: sx.htm (ID = 63132)
11:00 AM: sx.htm (ID = 63132)
11:00 AM: Found Adware: directrevenue-abetterinternet
11:00 AM: biini.inf (ID = 83199)
11:00 AM: belt.inf (ID = 83154)
11:01 AM: Found Adware: netpal
11:01 AM: gamehouse games.url (ID = 70891)
11:01 AM: big fish games.url (ID = 70885)
11:01 AM: flyordie games.url (ID = 70890)
11:03 AM: Found Adware: websearch toolbar
11:03 AM: home.url (ID = 84894)
11:03 AM: frequently asked questions.url (ID = 84889)
11:03 AM: terms of use.url (ID = 86338)
11:03 AM: privacy policy.url (ID = 84923)
11:03 AM: Found Adware: blazefind
11:03 AM: zqonalph.inf (ID = 51544)
11:04 AM: home.url (ID = 84894)
11:04 AM: frequently asked questions.url (ID = 84889)
11:04 AM: terms of use.url (ID = 86338)
11:04 AM: privacy policy.url (ID = 84923)
11:05 AM: Found Adware: hotbar
11:05 AM: d_icons_buttons_1000.xip (ID = 62278)
11:05 AM: d_icons_buttons_2000.xip (ID = 62280)
11:05 AM: d_icons_buttons_3000.xip (ID = 62282)
11:05 AM: d_icons_buttons_logos.xip (ID = 62294)
11:05 AM: d_icons_buttons_other.xip (ID = 62294)
11:05 AM: tsd_bg.xip (ID = 62383)
11:05 AM: progress.xip (ID = 62368)
11:05 AM: d_icons_buttons_bar.xip (ID = 62294)
11:05 AM: business_promo.xip (ID = 121856)
11:05 AM: d_icons_buttons_1000.res (ID = 62277)
11:05 AM: d_icons_buttons_2000.res (ID = 62279)
11:05 AM: d_icons_buttons_3000.res (ID = 62281)
11:05 AM: d_icons_buttons_bar.res (ID = 62283)
11:05 AM: d_icons_buttons_logos.res (ID = 62283)
11:05 AM: d_icons_buttons_other.res (ID = 62283)
11:05 AM: lycos sidesearch.lnk (ID = 76058)
11:05 AM: Found Trojan Horse: 2nd-thought
11:05 AM: second thought.lnk (ID = 48334)
11:05 AM: hotbar-premium-hotbar-premium.mnu (ID = 121844)
11:05 AM: progress.res (ID = 62367)
11:05 AM: tsd_bg.res (ID = 62382)
11:05 AM: ss.dat (ID = 76073)
11:05 AM: home.url (ID = 84894)
11:05 AM: frequently asked questions.url (ID = 84889)
11:05 AM: terms of use.url (ID = 86338)
11:05 AM: privacy policy.url (ID = 84923)
11:05 AM: big fish games.url (ID = 70885)
11:05 AM: flyordie games.url (ID = 70890)
11:31 AM: Warning: Failed to open file "c:\windows\win386.swp". The process cannot access the file because
it is being used by another process
11:32 AM: Found Adware: diamond deal casino
11:32 AM: mblackjack.dll (ID = 59028)
11:32 AM: back.z (ID = 58992)
11:32 AM: card_1.3d (ID = 58994)
11:32 AM: card_1b.3d (ID = 58995)
11:32 AM: slots3reel_reel0.slt (ID = 59033)
11:32 AM: slots3reel_reel1.slt (ID = 59034)
11:32 AM: slots3reel_reel2.slt (ID = 59035)
11:32 AM: card_away_center.ani (ID = 58996)
11:32 AM: card_away_dealer.ani (ID = 58997)
11:32 AM: card_away_left.ani (ID = 58998)
11:32 AM: card_away_right.ani (ID = 58999)
11:32 AM: card_draw_center.ani (ID = 59000)
11:32 AM: card_draw_dealer.ani (ID = 59001)
11:32 AM: card_draw_dealer_face_down.ani (ID = 59002)
11:32 AM: card_draw_left.ani (ID = 59003)
11:32 AM: card_draw_right.ani (ID = 59004)
11:32 AM: card_flip.ani (ID = 59005)
11:32 AM: card_peek_dealer_down.ani (ID = 59006)
11:32 AM: card_peek_dealer_up.ani (ID = 59007)
11:32 AM: card_stand_center.ani (ID = 59008)
11:32 AM: card_stand_dealer.ani (ID = 59009)
11:32 AM: card_stand_left.ani (ID = 59010)
11:32 AM: card_stand_right.ani (ID = 59011)
11:33 AM: secure32.html (ID = 184319)
11:33 AM: drsmartload.dat (ID = 198788)
11:33 AM: nktapi.dll (ID = 163642)
11:33 AM: fdsrch.dll (ID = 163642)
11:33 AM: mwcuiw32.dll (ID = 163642)
11:33 AM: hvviol.dll (ID = 163642)
11:33 AM: scge.dll (ID = 163642)
11:33 AM: azifil32.dll (ID = 163642)
11:33 AM: mamci2.dll (ID = 163642)
11:34 AM: dnmsspxn.dll (ID = 163642)
11:34 AM: dudpmesh.dll (ID = 163642)
11:34 AM: obbcji32.dll (ID = 163642)
11:34 AM: sccur32.dll (ID = 163642)
11:34 AM: mb3216.dll (ID = 163642)
11:35 AM: ojbc32gt.dll (ID = 163642)
11:35 AM: ryanp.dll (ID = 163642)
11:36 AM: ntdd32.dll (ID = 163642)
11:37 AM: sfi.dll (ID = 163642)
11:37 AM: tqembed.dll (ID = 163642)
11:37 AM: navshext1.dll (ID = 161344)
11:37 AM: ustart.exe (ID = 161346)
11:37 AM: myihnd.dll (ID = 163642)
11:37 AM: ixctl.dll (ID = 163642)
11:37 AM: oeeaut32.dll (ID = 163642)
11:37 AM: wpp.dll (ID = 163642)
11:37 AM: mkrd2x40.dll (ID = 163642)
11:37 AM: Found Adware: targetsaver
11:37 AM: tsuninst.exe (ID = 193501)
11:37 AM: dvband.dll (ID = 163642)
11:37 AM: iynpstub.dll (ID = 163642)
11:37 AM: okbcbcp.dll (ID = 163642)
11:37 AM: qdap.dll (ID = 163642)
11:37 AM: ibs.dll (ID = 163642)
11:37 AM: wvp.dll (ID = 163642)
11:37 AM: mpstkprp.dll (ID = 163642)
11:37 AM: mtstkprp.dll (ID = 163642)
11:37 AM: wfv9vcm.dll (ID = 163642)
11:40 AM: Found Adware: whenu savenow
11:40 AM: vvsninst.exe (ID = 74460)
11:40 AM: tsinstall_4_0_4_0_b4.exe (ID = 193496)
11:40 AM: Found Adware: command
11:40 AM: cmdinst.exe (ID = 166756)
11:44 AM: install.dat (ID = 194435)
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065041-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065042-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065043-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065044-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065045-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065046-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065047-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065048-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065049-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706504a-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706504b-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706504c-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706504d-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706504e-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706504f-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065050-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065051-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065052-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065053-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065054-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065055-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065056-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065057-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065058-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065059-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706505a-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706505b-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706505c-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706505d-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706505e-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706505f-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065060-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065061-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065062-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065063-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065064-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065065-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065066-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065067-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065068-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065069-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706506a-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706506b-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706506c-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706506d-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706506e-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706506f-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065070-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065071-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065072-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065073-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065074-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065075-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065076-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065077-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065078-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065079-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706507a-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706507b-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706507c-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706507d-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706507e-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706507f-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065080-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065081-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065082-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065083-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065084-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065085-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065086-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065087-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065088-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065089-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706508a-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706508b-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706508c-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706508d-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706508e-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706508f-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065090-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065091-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065092-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065093-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065094-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065095-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065096-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065097-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065098-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse7065099-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706509a-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706509b-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706509c-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706509d-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706509e-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse706509f-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse70650a0-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse70650a1-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse70650a2-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse70650a3-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse70650a4-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse70650a5-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse70650a6-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse70650a7-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:45 AM: Warning: Failed to open file "c:\windows\profiles\blayne\application data\webroot\spy sweeper\temp\sscse70650a8-76c0-11da-ac55-004f4904cc3e.tmp". The process cannot access the file because
it is being used by another process
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:56 AM: Warning: Unhandled Archive Type
11:57 AM: Warning: Unhandled Archive Type
11:57 AM: Warning: Unhandled Archive Type
11:57 AM: Warning: Unhandled Archive Type
11:57 AM: Warning: Unhandled Archive Type
11:57 AM: Warning: Unhandled Archive Type
11:57 AM: Warning: Unhandled Archive Type
11:57 AM: Warning: Unhandled Archive Type
11:59 AM: Warning: Invalid Stream
12:00 PM: File Sweep Complete, Elapsed Time: 01:22:59
12:00 PM: Full Sweep has completed. Elapsed time 01:49:28
12:00 PM: Traces Found: 306
12:02 PM: Removal process initiated
12:04 PM: Quarantining All Traces: 2nd-thought
12:04 PM: Warning: Out of memory
12:04 PM: Failed to quarantine 2nd-thought
12:04 PM: Failed to quarantine second thought.lnk
12:04 PM: Quarantining All Traces: directrevenue-abetterinternet
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Failed to quarantine directrevenue-abetterinternet
12:04 PM: Failed to quarantine biini.inf
12:04 PM: Failed to quarantine belt.inf
12:04 PM: Quarantining All Traces: ie driver
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Failed to quarantine ie driver
12:04 PM: Failed to quarantine sx.htm
12:04 PM: Failed to quarantine sx.htm
12:04 PM: Quarantining All Traces: look2me
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:04 PM: Warning: Out of memory
12:05 PM: Warning: Out of memory
12:05 PM: Warning: Out of memory
12:05 PM: Failed to quarantine look2me
12:05 PM: Failed to quarantine nktapi.dll
12:05 PM: Failed to quarantine fdsrch.dll
12:05 PM: Failed to quarantine mwcuiw32.dll
12:05 PM: Failed to quarantine scge.dll
12:05 PM: Failed to quarantine azifil32.dll
12:05 PM: Failed to quarantine mamci2.dll
12:05 PM: Failed to quarantine dnmsspxn.dll
12:05 PM: Failed to quarantine dudpmesh.dll
12:05 PM: Failed to quarantine obbcji32.dll
12:05 PM: Failed to quarantine sccur32.dll
12:05 PM: Failed to quarantine mb3216.dll
12:05 PM: Failed to quarantine ojbc32gt.dll
12:05 PM: Failed to quarantine ryanp.dll
12:05 PM: Failed to quarantine ntdd32.dll
12:05 PM: Failed to quarantine sfi.dll
12:05 PM: Failed to quarantine tqembed.dll
12:05 PM: Failed to quarantine myihnd.dll
12:05 PM: Failed to quarantine ixctl.dll
12:05 PM: Failed to quarantine oeeaut32.dll
12:05 PM: Failed to quarantine wpp.dll
12:05 PM: Failed to quarantine mkrd2x40.dll
12:05 PM: Failed to quarantine dvband.dll
12:05 PM: Failed to quarantine iynpstub.dll
12:05 PM: Failed to quarantine okbcbcp.dll
12:05 PM: Failed to quarantine qdap.dll
12:05 PM: Failed to quarantine ibs.dll
12:05 PM: Failed to quarantine wvp.dll
12:05 PM: Failed to quarantine mpstkprp.dll
12:05 PM: Failed to quarantine wfv9vcm.dll
12:05 PM: Failed to quarantine C:\WINDOWS\SYSTEM\HVVIOL.DLL
12:05 PM: Failed to quarantine C:\WINDOWS\SYSTEM\MTSTKPRP.DLL
12:05 PM: Quarantining All Traces: spysheriff
12:05 PM: Warning: Out of memory
12:05 PM: Warning: Out of memory
12:05 PM: Warning: Out of memory
12:05 PM: Failed to quarantine spysheriff
12:05 PM: Failed to quarantine secure32.html
12:05 PM: Failed to quarantine secure32.html
12:05 PM: Failed to quarantine install.dat
12:05 PM: Quarantining All Traces: trojan-backdoor-zubox
12:05 PM: Warning: Out of memory
12:05 PM: Warning: Out of memory
12:05 PM: Failed to quarantine trojan-backdoor-zubox
12:05 PM: Failed to quarantine *\shellex\contextmenuhandlers\sysacpildap\
12:05 PM: Failed to quarantine HKLM: software\classes\*\shellex\contextmenuhandlers\sysacpildap\
12:05 PM: Quarantining All Traces: websearch toolbar
12:05 PM: Warning: Out of memory
12:05 PM: Warning: Out of memory
12:05 PM: Warning: Out of memory
12:05 PM: Warning: Out of memory
12:05 PM: Warning: Out of memory
12:05 PM: Warning: Out of memory
12:05 PM: Warning: Out of memory
12:05 PM: Warning: Out of memory
12:05 PM: Warning: lzma: LZMA_Init failed
12:05 PM: Warning: lzma: LZMA_Init failed
12:05 PM: Warning: lzma: LZMA_Init failed
12:05 PM: Warning: lzma: LZMA_Init failed
12:05 PM: Failed to quarantine websearch toolbar
12:05 PM: Failed to quarantine home.url
12:05 PM: Failed to quarantine frequently asked questions.url
12:05 PM: Failed to quarantine terms of use.url
12:05 PM: Failed to quarantine privacy policy.url
12:05 PM: Failed to quarantine home.url
12:05 PM: Failed to quarantine frequently asked questions.url
12:05 PM: Failed to quarantine terms of use.url
12:05 PM: Failed to quarantine privacy policy.url
12:05 PM: Failed to quarantine home.url
12:05 PM: Failed to quarantine freq
  • 0

#9
retrac
Posted 28 December 2005 - 04:57 AM

retrac

    Visiting Staff

  • Member
  • PipPipPip
  • 578 posts
Hey zipnalong :)

OK though the popups may have stopped we may not have got everything. It appears your computer had a little trouble running SpySweeper. Im not sure if it got everything :)

1. Open SpySweeper and check for updates.

2. Boot Into Safe Mode by Restarting your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

3. Open SpySweeper make sure it is the only thing open and Click SWEEP. (dont do anything on the computer while it is scanning and cleaning)

4. Fix everything it finds

5. Save this Session Log as a Text Document on your C drive named SSLog2.txt and Post it in your Next reply.


Reboot into Normal Mode



Make a NEW HijackThis Log



Here is what i need :

1. The New SpySweeper Log
2. The New HijackThis Log

Thanks :tazz:

Edited by retrac, 28 December 2005 - 04:58 AM.

  • 0

#10
retrac
Posted 12 January 2006 - 04:23 AM

retrac

    Visiting Staff

  • Member
  • PipPipPip
  • 578 posts
User is having trouble connecting to this thread :tazz:

Asking user to start a new thread :)
  • 0

#11
retrac
Posted 04 March 2006 - 04:43 PM

retrac

    Visiting Staff

  • Member
  • PipPipPip
  • 578 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP