Houston we have lift off!!
well so far so good. Ive been online opening webpages (safe webpages) for about 10 mins now and not a popup anywhere. Thanks heaps Autodad
Here are the reguested logs you asked for. If i have any other problems i know where to come.
Arohanui (many wonderful thanks)
Lynnie
********
9:20 a.m.: | Start of Session, Tuesday, 8 November 2005 |
9:20 a.m.: Spy Sweeper started
9:20 a.m.: Sweep initiated using definitions version 567
9:20 a.m.: Starting Memory Sweep
9:20 a.m.: Found Adware: icannnews
9:20 a.m.: Detected running threat: C:\WINDOWS\system32\o4480ehueh480.dll (ID = 83)
9:21 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:21 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:22 a.m.: Detected running threat: C:\WINDOWS\system32\nkobjapi.dll (ID = 83)
9:23 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:23 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:23 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:23 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:24 a.m.: Memory Sweep Complete, Elapsed Time: 00:04:36
9:24 a.m.: Starting Registry Sweep
9:24 a.m.: Found Adware: azsearch toolbar
9:24 a.m.: HKCR\azentretien.loader\ (5 subtraces) (ID = 103886)
9:24 a.m.: HKCR\clsid\{0d2def3a-f4f1-42ec-ac4f-132e7ba6e292}\ (11 subtraces) (ID = 103887)
9:24 a.m.: HKLM\software\azentretienco\ (3 subtraces) (ID = 103905)
9:24 a.m.: HKLM\software\classes\azentretien.loader.1\ (3 subtraces) (ID = 103909)
9:24 a.m.: HKLM\software\classes\azentretien.loader\ (5 subtraces) (ID = 103910)
9:24 a.m.: HKLM\software\classes\clsid\{0d2def3a-f4f1-42ec-ac4f-132e7ba6e292}\ (11 subtraces) (ID = 103911)
9:25 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:25 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:25 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:25 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:25 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:25 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:25 a.m.: Found Adware: winad
9:25 a.m.: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediaaccx.dll\ (2 subtraces) (ID = 147191)
9:25 a.m.: Found Adware: 7adpower
9:25 a.m.: HKCR\progetto1.int_ver32\ (3 subtraces) (ID = 831501)
9:25 a.m.: HKCR\clsid\{0d62a517-e7c6-4e1f-a577-07d4ac549a48}\ (27 subtraces) (ID = 831505)
9:25 a.m.: HKCR\typelib\{391f0ac2-2cfc-4d56-a0e5-c7beb14f26e6}\ (7 subtraces) (ID = 831589)
9:25 a.m.: HKLM\software\classes\progetto1.int_ver32\ (3 subtraces) (ID = 831690)
9:25 a.m.: HKLM\software\classes\clsid\{0d62a517-e7c6-4e1f-a577-07d4ac549a48}\ (27 subtraces) (ID = 831694)
9:25 a.m.: HKLM\software\classes\typelib\{391f0ac2-2cfc-4d56-a0e5-c7beb14f26e6}\ (7 subtraces) (ID = 831778)
9:25 a.m.: Found Adware: targetsaver
9:25 a.m.: HKU\S-1-5-21-220523388-920026266-725345543-1003\software\tsl2\ (1 subtraces) (ID = 143616)
9:25 a.m.: Registry Sweep Complete, Elapsed Time:00:00:33
9:25 a.m.: Starting Cookie Sweep
9:25 a.m.: Found Spy Cookie: adultfriendfinder cookie
9:25 a.m.: lynnie@adultfriendfinder[2].txt (ID = 2165)
9:25 a.m.: Found Spy Cookie: toplist cookie
9:25 a.m.: lynnie@toplist[1].txt (ID = 3557)
9:25 a.m.: Found Spy Cookie: about cookie
9:25 a.m.: lynnie@about[1].txt (ID = 2037)
9:25 a.m.: Found Spy Cookie: go.com cookie
9:25 a.m.: lynnie@hitchhikers.movies.go[1].txt (ID = 2729)
9:25 a.m.: lynnie@adultfriendfinder[1].txt (ID = 2165)
9:25 a.m.: Found Spy Cookie: bpath cookie
9:25 a.m.: lynnie@korea.bpath[1].txt (ID = 2321)
9:25 a.m.: lynnie@tattoo.about[1].txt (ID = 2038)
9:25 a.m.: lynnie@pregnancy.about[1].txt (ID = 2038)
9:25 a.m.: lynnie@christianity.about[1].txt (ID = 2038)
9:25 a.m.: Found Spy Cookie: 3 cookie
9:25 a.m.: lynnie@3[1].txt (ID = 1959)
9:25 a.m.: lynnie@abc.go[1].txt (ID = 2729)
9:25 a.m.: Found Spy Cookie: go2net.com cookie
9:25 a.m.: lynnie@go2net[1].txt (ID = 2730)
9:25 a.m.: Found Spy Cookie: mensniche cookie
9:25 a.m.: lynnie@mensniche[2].txt (ID = 2986)
9:25 a.m.: lynnie@3[3].txt (ID = 1959)
9:25 a.m.: Found Spy Cookie: adknowledge cookie
9:25 a.m.: lynnie@adknowledge[2].txt (ID = 2072)
9:25 a.m.: Found Spy Cookie: a cookie
9:25 a.m.: lynnie@a[1].txt (ID = 2027)
9:25 a.m.: lynnie@3[2].txt (ID = 1959)
9:25 a.m.: Found Spy Cookie: banner cookie
9:25 a.m.: lynnie@banner[1].txt (ID = 2276)
9:25 a.m.: Found Spy Cookie: xren_cj cookie
9:25 a.m.: lynnie@xren_cj[1].txt (ID = 3723)
9:25 a.m.: Found Spy Cookie: ask cookie
9:25 a.m.: lynnie@ask[2].txt (ID = 2245)
9:25 a.m.: Found Spy Cookie: adjuggler cookie
9:25 a.m.: lynnie@rotator.adjuggler[1].txt (ID = 2071)
9:25 a.m.: Found Spy Cookie: rednova cookie
9:25 a.m.: lynnie@rednova[2].txt (ID = 3245)
9:25 a.m.: Found Spy Cookie: ad-rotator cookie
9:25 a.m.: lynnie@ad-rotator[1].txt (ID = 2051)
9:25 a.m.: lynnie@rsi.abc.go[1].txt (ID = 2729)
9:25 a.m.: lynnie@about[3].txt (ID = 2037)
9:25 a.m.: lynnie@ads25.bpath[1].txt (ID = 2321)
9:25 a.m.: Found Spy Cookie: accoona cookie
9:25 a.m.: lynnie@accoona[1].txt (ID = 2041)
9:25 a.m.: lynnie@ads11.bpath[1].txt (ID = 2321)
9:25 a.m.: Found Spy Cookie: directtrack cookie
9:25 a.m.: lynnie@sideshow.directtrack[2].txt (ID = 2528)
9:25 a.m.: lynnie@go[2].txt (ID = 2728)
9:25 a.m.: lynnie@beauty.about[2].txt (ID = 2038)
9:25 a.m.: Found Spy Cookie: howstuffworks cookie
9:25 a.m.: lynnie@howstuffworks[1].txt (ID = 2805)
9:25 a.m.: Found Spy Cookie: aa cookie
9:25 a.m.: lynnie@aa[2].txt (ID = 2029)
9:25 a.m.: Found Spy Cookie: screensavers.com cookie
9:25 a.m.: lynnie@www.screensavers[2].txt (ID = 3298)
9:25 a.m.: lynnie@i.screensavers[2].txt (ID = 3298)
9:25 a.m.: Found Spy Cookie: reunion cookie
9:25 a.m.: lynnie@reunion[2].txt (ID = 3255)
9:25 a.m.: Found Spy Cookie: atwola cookie
9:25 a.m.: lynnie@atwola[1].txt (ID = 2255)
9:25 a.m.: Found Spy Cookie: hypertracker.com cookie
9:25 a.m.: lynnie@hypertracker[2].txt (ID = 2817)
9:25 a.m.: Found Spy Cookie: gostats cookie
9:25 a.m.: lynnie@gostats[2].txt (ID = 2747)
9:25 a.m.: Cookie Sweep Complete, Elapsed Time: 00:00:02
9:25 a.m.: Starting File Sweep
9:25 a.m.: Warning: Failed to open file "c:\pagefile.sys". Access is denied
9:25 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:25 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:25 a.m.: Found Adware: look2me
9:25 a.m.: installer.exe (ID = 168558)
9:25 a.m.: azentretien.dll (ID = 50320)
9:25 a.m.: ssf5.tmp (ID = 107194)
9:26 a.m.: Warning: Failed to open file "c:\windows\system32\m282lclo1fqc.dll". The process cannot access the file because it is being used by another process
9:26 a.m.: Warning: Failed to open file "c:\windows\system32\o4480ehueh480.dll". The process cannot access the file because it is being used by another process
9:27 a.m.: Warning: Failed to open file "c:\windows\system32\config\system.log". The process cannot access the file because it is being used by another process
9:27 a.m.: Warning: Failed to open file "c:\windows\system32\config\software.log". The process cannot access the file because it is being used by another process
9:27 a.m.: Warning: Failed to open file "c:\windows\system32\config\default.log". The process cannot access the file because it is being used by another process
9:27 a.m.: Warning: Failed to open file "c:\windows\system32\config\sam.log". The process cannot access the file because it is being used by another process
9:27 a.m.: Warning: Failed to open file "c:\windows\system32\config\security.log". The process cannot access the file because it is being used by another process
9:27 a.m.: Warning: Failed to open file "c:\windows\system32\config\default". The process cannot access the file because it is being used by another process
9:27 a.m.: Warning: Failed to open file "c:\windows\system32\config\security". The process cannot access the file because it is being used by another process
9:27 a.m.: Warning: Failed to open file "c:\windows\system32\config\software". The process cannot access the file because it is being used by another process
9:27 a.m.: Warning: Failed to open file "c:\windows\system32\config\system". The process cannot access the file because it is being used by another process
9:27 a.m.: Warning: Failed to open file "c:\windows\system32\config\sam". The process cannot access the file because it is being used by another process
9:29 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:29 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:29 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:29 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:29 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:29 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:31 a.m.: Warning: Failed to open file "c:\windows\softwaredistribution\eventcache\{8f91c5fe-a54c-41a3-a032-517a8fb40c9a}.bin". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb977fc5e-d55e-47d5-8141-6826739a3220.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs920ce7cb-fa88-4136-b502-4fb7d695fd18.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs39b47a79-affa-45d1-bc51-cebc1f4741f6.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs512eb283-9430-4a9e-b807-caeae92a1fa0.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6b21dfcc-747b-4e38-afab-66c40e03d6bb.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsdf9edfa5-8c6a-4a02-975f-b2fe771342c2.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3c485fd7-571a-4b6d-8e2d-5e9ce759e4da.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc719f757-995b-4aaa-88b0-5597de7899b8.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse901d442-9058-40bf-836f-de6f4cd603a6.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsfbe18d6b-9fda-4977-9a3f-2d9a24902775.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs11de0b9e-f40f-4577-936a-0dd8d6045434.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6cc7fbf7-233a-48b2-b799-5907cd849b42.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs645756ad-2997-4cbe-b2c6-32ca1f996eee.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa2d5dc63-3ce4-49c3-bae0-382eb438cd91.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3b6ffd9e-4d42-466f-a0de-21824d888b7f.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs63838f11-28e4-4c83-a68f-4ba354aeb98c.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3b564888-65d3-4ed3-9943-dae7074ee59b.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs40e1f71a-0cb1-4b51-9afe-ed5daec6a179.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2e81a58d-1218-466e-92c8-f21f837034a1.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa54df044-39ac-4032-9f57-01efb06c077c.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd85bd9b5-aa8c-47a4-9568-b29109e527e1.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3c9d1eff-e31d-4923-a775-c927fe949d3b.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse2e1df5c-3902-47e3-951b-d1e64c88d4cc.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5d363b41-e177-461d-928a-ae37608e8b30.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8fafbbfb-1cc1-4bf3-bfdb-2db79a050b7b.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscscf58998e-b658-4a1d-a397-bbc883041114.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc294f7b8-709b-4b45-8976-375e766736a6.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6e89a651-ac59-4a70-9081-a80336fedde8.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb1f6a2d4-9927-42ed-87c6-25126012645d.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd50f5498-819b-478e-8b29-87c877393374.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs7b561acd-85ff-4539-9ba4-b13a9b837610.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf0e45190-659c-4856-9b8a-43aa732e7c5d.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs0b2a8b1b-9985-4855-abab-3f99af185550.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8ac14ee4-4f3f-4953-a3fd-45c75b02aacc.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs57b277d5-76e1-4a8d-a7db-2d2f81a42709.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5372fa69-2006-4cd2-affd-3960b9bd1e92.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs92fcafd0-8a80-4b20-a86a-814c323a7648.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8cb8051f-f905-458f-92b3-96be0ad5cf95.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs578adf3f-7a6b-4381-9f77-1ae6aa0eb3a0.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs49bb287b-98af-43f5-b4d2-29d24c8aa811.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs34df5e58-a20f-4a91-b411-9c209b186d33.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs66df0a3f-744a-4231-a77e-8adc27fb83ca.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs7140390e-ffa3-48e0-b9c9-0af1376c3ffa.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc1fa5f9b-c7ee-448a-81bc-6a1cb32719c0.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc76f1e06-742b-44c6-ab04-a5428987558d.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5ccfadae-9b8c-4ece-8858-b2da65045fb2.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8d0d7be5-f90a-44bc-a86c-32f40264748d.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs275d58d4-80f9-46d4-a1f6-d165189c9d3a.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2a7ec8e9-1f93-4f7e-8f3c-9d1af6b9003e.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs23eb3fab-7509-4d4f-ae49-0e21f8e439d9.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs34f9347f-a1d5-4c42-928f-6f786312e37e.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsea9b6a28-a801-460a-a901-76a4fd056ee5.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6036a991-4804-45c6-a1e4-60dedb0ff6f0.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs1383a459-4eef-4788-afec-232645c18990.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa6502c47-f50d-405a-8020-82d5aff5667d.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4e56ff7c-1c8d-4ab0-9027-1bd398eb192b.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse5b9126f-a0f4-418d-872e-b2cf15b06d32.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs726ac95f-47d4-4c75-adb5-3d2ae208a5c2.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs03ce9d85-8585-4269-91e2-97b6b77fb20a.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa8567875-58b6-4bbc-afc6-63e247441c52.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs52466291-9550-4e42-bffe-443688fcdfe3.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa0fd0690-e129-4767-a19d-28358fd2509b.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsda2a551b-af9f-4f74-82e4-7221033df5f5.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs81fd558d-42c2-4491-a5f1-65e71052feb6.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2bab4545-f2a6-4931-8f54-62faff64b2ca.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs31235f42-fd4a-4d67-8d82-c543367eb13f.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs511ffa28-1747-4293-b263-c6e1c7be2427.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs174a1dd5-2640-40ad-bfd6-8156cb475f2f.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs261cb9b8-4fca-44cd-87c1-c403f04337c9.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsaa202e8b-4777-45e1-a645-734f1b0b729d.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs28699c9b-4233-4fed-972f-c4e6c3c6c8d8.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs304223f5-5451-42ee-80ba-21ec0573cc2b.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs0e816c83-e31f-4dc7-93a1-bfc404e7e2e1.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6b86f2a7-4a2e-4c06-88a8-d1c5ec89e709.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs11518dc1-726e-4d50-8988-722603352e20.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9a65fe05-c0b2-47f2-bba1-51e6d6d1b0c0.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3aa288ec-ff1a-4430-b335-30352c67b2bf.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs405aee3c-5585-4a95-ba44-c13ecb3d7cdb.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9f357074-1744-496a-9367-cdff8dc87f96.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs260552ee-3f00-4efc-bf0e-4b2b58cbe405.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa8de9771-3e93-49cf-862d-3006ca7ea638.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2c1c95a6-af4f-4a58-b4b6-b6a803e89d3a.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa428e928-3d96-4a67-a610-bf3dd84adcab.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5cf61586-abc1-433e-8967-347474473d69.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8695885e-b97c-417f-9605-ebac4369f37f.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd850b8fc-f26f-498b-a2ac-d7f3556db7ce.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc8a7174b-3ff6-4882-b405-26c9efc38123.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc80c6989-2f4c-47e2-a60b-076eec164f53.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf9fa992c-613d-4c0d-b7a7-d9e6844cf1ba.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs956f5cc0-8c2b-4767-9b91-249711611d90.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsef4dc47f-fe7b-42c7-b985-dcbc2e42d3a0.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsff5b96fc-8507-4407-a0d5-5cad23667eea.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf08126a5-753d-4014-85ad-bc8488a241de.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs315485d0-b4f0-4c62-ac71-8941ebb2d426.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs05edc221-3845-4497-9198-a3f659fa7fcb.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs75b323f7-1689-4cd0-b5bb-b9fb9c1c08e6.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9254db37-7100-4ce7-a5e6-24da117e0b56.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs0e60eb2a-bd53-48dd-a6c2-334bd15ee9e9.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4012c309-96cf-4b88-a8eb-48971999333a.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs1709cf17-b236-47d2-91a5-ded29ad558a3.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs473f1f73-8a90-4664-b1c2-036e723ad717.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9d7b1818-83bb-459b-b1ef-c615235cac5f.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf41f9d2c-243a-4bdf-afca-39bea0d21701.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs28abd404-d6fa-4f0e-9fa7-575648066f17.tmp". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\lynnie\ntuser.dat.log". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\lynnie\ntuser.dat". The process cannot access the file because it is being used by another process
9:32 a.m.: Warning: Failed to open file "c:\documents and settings\lynnie\local settings\temp\temporary internet files\content.ie5\41onoty1\;sz=728x90;ptile=1;dcopt=ist;channel=downloads;tab=internet;group=enterprise;var1=windows;var2=internet;var3=toolsandutilities;pagetype=story;pagename=downloads_windows_in[1]". The system cannot find the path specified
9:33 a.m.: Warning: Failed to open file "c:\documents and settings\lynnie\local settings\temp\temporary internet files\content.ie5\ope3g5uj\activity;src=790463;met=1;v=1;pid=11746060;aid=20100365;ko=0;cid=12196073;rid=12213969;rv=1;×tamp=1131359575375;eid1=2;ecn1=1;etm1=6;eid2=1028;ecn2=1;etm2=0;eid3=1032[1].gif". The system cannot find the path specified
9:33 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:33 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:34 a.m.: Warning: Failed to open file "c:\documents and settings\lynnie\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
9:34 a.m.: Warning: Failed to open file "c:\documents and settings\lynnie\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
9:34 a.m.: installer[1].exe (ID = 168558)
9:34 a.m.: Found Adware: sp2ms
9:34 a.m.: msresearch[1].exe (ID = 148760)
9:34 a.m.: appwrap[1].exe (ID = 65739)
9:34 a.m.: sp2update00[1].exe (ID = 148759)
9:34 a.m.: appwrap[1].exe (ID = 65722)
9:34 a.m.: drsmartload[1].exe (ID = 178567)
9:35 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:35 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:37 a.m.: c:\program files\windows adcontrol (ID = -2147480017)
9:37 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:37 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:38 a.m.: Found System Monitor: ufp 007 spy
9:38 a.m.: unins000.exe (ID = 48061)
9:38 a.m.: Found Adware: ist istbar
9:38 a.m.: dc78.exe (ID = 158789)
9:38 a.m.: dc161.tmp (ID = 50337)
9:41 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:41 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:45 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:45 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:49 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:49 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:53 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:53 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:57 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:57 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:01 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:01 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:05 a.m.: uninstall absoluteshield file shredder.lnk (ID = 48061)
10:05 a.m.: File Sweep Complete, Elapsed Time: 00:39:40
10:05 a.m.: Full Sweep has completed. Elapsed time 00:45:00
10:05 a.m.: Traces Found: 184
10:05 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:05 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:08 a.m.: Removal process initiated
10:09 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:09 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
10:11 a.m.: Quarantining All Traces: icannnews
10:11 a.m.: icannnews is in use. It will be removed on reboot.
10:11 a.m.: C:\WINDOWS\system32\o4480ehueh480.dll is in use. It will be removed on reboot.
10:11 a.m.: C:\WINDOWS\system32\nkobjapi.dll is in use. It will be removed on reboot.
10:11 a.m.: Quarantining All Traces: ist istbar
10:11 a.m.: Quarantining All Traces: look2me
10:11 a.m.: Quarantining All Traces: ufp 007 spy
10:11 a.m.: Quarantining All Traces: azsearch toolbar
10:11 a.m.: Quarantining All Traces: sp2ms
10:11 a.m.: Quarantining All Traces: 7adpower
10:11 a.m.: Quarantining All Traces: targetsaver
10:11 a.m.: Quarantining All Traces: winad
10:11 a.m.: Quarantining All Traces: 3 cookie
10:11 a.m.: Quarantining All Traces: a cookie
10:11 a.m.: Quarantining All Traces: aa cookie
10:11 a.m.: Quarantining All Traces: about cookie
10:11 a.m.: Quarantining All Traces: accoona cookie
10:11 a.m.: Quarantining All Traces: adjuggler cookie
10:11 a.m.: Quarantining All Traces: adknowledge cookie
10:11 a.m.: Quarantining All Traces: ad-rotator cookie
10:11 a.m.: Quarantining All Traces: adultfriendfinder cookie
10:11 a.m.: Quarantining All Traces: ask cookie
10:11 a.m.: Quarantining All Traces: atwola cookie
10:11 a.m.: Quarantining All Traces: banner cookie
10:11 a.m.: Quarantining All Traces: bpath cookie
10:11 a.m.: Quarantining All Traces: directtrack cookie
10:11 a.m.: Quarantining All Traces: go.com cookie
10:11 a.m.: Quarantining All Traces: go2net.com cookie
10:11 a.m.: Quarantining All Traces: gostats cookie
10:11 a.m.: Quarantining All Traces: howstuffworks cookie
10:11 a.m.: Quarantining All Traces: hypertracker.com cookie
10:11 a.m.: Quarantining All Traces: mensniche cookie
10:11 a.m.: Quarantining All Traces: rednova cookie
10:11 a.m.: Quarantining All Traces: reunion cookie
10:11 a.m.: Quarantining All Traces: screensavers.com cookie
10:11 a.m.: Quarantining All Traces: toplist cookie
10:11 a.m.: Quarantining All Traces: xren_cj cookie
10:12 a.m.: Removal process completed. Elapsed time 00:03:51
********
9:16 a.m.: | Start of Session, Tuesday, 8 November 2005 |
9:16 a.m.: Spy Sweeper started
9:17 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:17 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:17 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:17 a.m.: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
9:18 a.m.: Your spyware definitions have been updated.
9:20 a.m.: | End of Session, Tuesday, 8 November 2005 |
Hijack this log
Logfile of HijackThis v1.99.1
Scan saved at 10:18:24 a.m., on 8/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\NORTON~2\navapw32.exe
C:\Program Files\Norton Internet Security\IAMAPP.EXE
C:\Program Files\dvd43\dvd43_tray.exe
D:\AVSCHED32.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSGTAG\MSGTAG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
D:\AVWUPSRV.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Norton Internet Security\SymProxySvc.exe
C:\Program Files\Norton Internet Security\NISSERV.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton Internet Security\ATRACK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\hjt\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.stuff.co.nz/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - 3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~2\navapw32.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [AVSCHED32] D:\AVSCHED32.EXE /min
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSGTAG] "C:\Program Files\MSGTAG\MSGTAG.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} -
http://download.spyspotter.com/spyspotter/...rcabinstall.cabO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - D:\AVWUPSRV.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISSERV.EXE
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\SymProxySvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
