Help - Search - Members - Calendar
Full Version: Laptop Slow, Windows ME
Gladiator Security Forum > Malware Help Forum > HELP! Think you are Infected?
mjr
Nov 26 2005, 04:45 AM
Laptop has become slower and slower, wireless connection slow to non-existent. Ran several scans with various programs, removed some threats. Cannot get rid of Haxdoor virus and other items. Please help.

Logfile of HijackThis v1.99.1
Scan saved at 11:31:46 PM, on 11/25/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\THOTKEY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\SYSTEM\PROMON.EXE
C:\WINDOWS\SYSTEM\TFNCKY.EXE
C:\WINDOWS\SYSTEM\TPWRTRAY.EXE
C:\WINDOWS\SYSTEM\TWARNMSG.EXE
C:\TOSHIBA\IVP\ISM\PINGER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\D-LINK\AIRPLUS G WIRELESS ADAPTER UTILITY\AIRPLUS.EXE
C:\WINDOWS\SYSTEM\ACS.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_1_6_0.DLL
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD.DLL
O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} - C:\WINDOWS\CERBMOD.DLL (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_1_6_0.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TWarnMsg] TWarnMsg.exe
O4 - HKLM\..\Run: [mgavrtclexe] C:\WINDOWS\MCBin\AV\Rt\mgavrtcl.exe
O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [NVidia QuickTweak] C:\WINDOWS\RUNDLL32.EXE NVQTWK.DLL,NvTaskbarInit
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [Winreg.exe] C:\WINDOWS\WINREG.EXE run
O4 - HKLM\..\Run: [Symantec Core LC] "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [THotkey] C:\WINDOWS\SYSTEM\THotkey.exe
O4 - HKLM\..\RunServices: [Encompass_ENCMONTR] C:\Program Files\Easy Internet\ENCMONTR.EXE
O4 - HKLM\..\RunServices: [Winreg.exe] C:\WINDOWS\WINREG.EXE run
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [Winreg.exe] C:\WINDOWS\WINREG.EXE run
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\REALDOWNLOAD.EXE
O4 - Startup: ACS.pif = C:\WINDOWS\SYSTEM\ACS.BAT
O4 - Startup: D-Link AirPlus G Wireless Utility.lnk = C:\Program Files\D-Link\AirPlus G Wireless Adapter Utility\AirPlus.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/24b07dfe403816...ip/RdxIE601.cab
O21 - SSODL: DDE Module - {DABB03E9-AC0D-3740-E3E5-4B37C80837E5} - C:\WINDOWS\SYSTEM\mtwirl.dll (file missing)
Autodad
Nov 26 2005, 02:12 PM
Hi mjr,

Please download and run a Free Trial of Trojan Hunter
If any infected files are found, delete them.

Next, take a free Online Virus scan at HouseCall and Panda ActiveScan
If any infected files are found, delete them.
Then please post the log from them.

After that reboot.

Open Hijackthis, click Scan, then put a check next to the following entries:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm

O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} - C:\WINDOWS\CERBMOD.DLL (file missing)

O4 - HKLM\..\Run: [Winreg.exe] C:\WINDOWS\WINREG.EXE run
O4 - HKLM\..\RunServices: [Winreg.exe] C:\WINDOWS\WINREG.EXE run
O4 - HKCU\..\Run: [Winreg.exe] C:\WINDOWS\WINREG.EXE run

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/24b07dfe403816...ip/RdxIE601.cab

O21 - SSODL: DDE Module - {DABB03E9-AC0D-3740-E3E5-4B37C80837E5} - C:\WINDOWS\SYSTEM\mtwirl.dll (file missing)


Now Close all open Windows and browsers (have only HJT open) and click "Fix Checked".


Then reboot and please post a new HJT log, and the other logs.
mjr
Dec 2 2005, 02:40 AM
Autodad,

Thanks for the reply. Did the scans. Here are the results. Cannot delete files from Housecall scan. Cannot download Panda Activescan because it conflicts with an old McAfee virus program that I can't seem to uninstall. I did get the files in Hijackthis file checked and fixed. What can I do now?

Results:
We have detected 65 infected file(s) with 65 virus(es) on your computer. Only 0 out of 0 infected files are displayed: - 0 virus(es) passed, 0 virus(es) no action available
- 0 virus(es) cleaned, 0 virus(es) uncleanable
- 0 virus(es) deleted, 65 virus(es) undeletable
- 0 virus(es) not found, 0 virus(es) unaccessible
Detected File Associated Virus Name Action Taken
C:\_RESTORE\TEMP\A0041784.CPY TROJ_REALTENS.F Undeletable
C:\_RESTORE\TEMP\A0078853.CPY TROJ_HAXDOOR.AY Undeletable
C:\_RESTORE\TEMP\A0078856.CPY TROJ_HAXDOOR.AY Undeletable
C:\_RESTORE\TEMP\A0078884.CPY TROJ_SMALL.RT Undeletable
C:\_RESTORE\TEMP\A0084308.CPY TROJ_SMALL.AGR Undeletable
C:\_RESTORE\TEMP\A0084595.CPY TROJ_SMALL.QO Undeletable
C:\_RESTORE\TEMP\A0084699.CPY TROJ_SMALL.QO Undeletable
C:\_RESTORE\TEMP\A0084873.CPY TROJ_SMALL.QO Undeletable
C:\_RESTORE\TEMP\A0085085.CPY TROJ_SMALL.QO Undeletable
C:\_RESTORE\TEMP\A0085267.CPY TROJ_SMALL.QO Undeletable
C:\_RESTORE\TEMP\A0085279.CPY TROJ_SMALL.QO Undeletable
C:\_RESTORE\TEMP\A0085492.CPY TROJ_SMALL.QO Undeletable
C:\_RESTORE\TEMP\A0085760.CPY TROJ_SMALL.QO Undeletable
C:\_RESTORE\TEMP\A0087749.CPY TROJ_SMALL.QO Undeletable
C:\_RESTORE\TEMP\A0087791.CPY TROJ_SMALL.QO Undeletable
C:\_RESTORE\TEMP\A0088203.CPY TROJ_SMALL.QO Undeletable
C:\_RESTORE\TEMP\A0088377.CPY TROJ_SMALL.QO Undeletable
C:\_RESTORE\TEMP\A0089373.CPY TROJ_SMALL.QO Undeletable
C:\_RESTORE\TEMP\A0090364.CPY TROJ_SMALL.QO Undeletable
C:\_RESTORE\TEMP\A0090414.CPY TROJ_SMALL.QO Undeletable
C:\_RESTORE\TEMP\A0090506.CPY TROJ_SMALL.QO Undeletable
C:\_RESTORE\TEMP\A0090541.CPY TROJ_SMALL.QO Undeletable
C:\_RESTORE\TEMP\A0090643.CPY TROJ_SMALL.QO Undeletable
C:\_RESTORE\TEMP\A0091643.CPY TROJ_SMALL.QO Undeletable
C:\_RESTORE\TEMP\A0091684.CPY TROJ_SMALL.QO Undeletable
C:\_RESTORE\TEMP\A0091724.CPY TROJ_SMALL.QO Undeletable
C:\_RESTORE\TEMP\A0091742.CPY TROJ_SMALL.QO Undeletable
C:\_RESTORE\TEMP\A0091772.CPY TROJ_SMALL.QO Undeletable
C:\_RESTORE\TEMP\A0091816.CPY TROJ_SMALL.QO Undeletable
C:\_RESTORE\TEMP\A0091859.CPY TROJ_SMALL.QO Undeletable
C:\_RESTORE\TEMP\A0092001.CPY TROJ_SMALL.QO Undeletable
C:\_RESTORE\TEMP\A0092013.CPY TROJ_SMALL.QO Undeletable
C:\_RESTORE\TEMP\A0092026.CPY TROJ_SMALL.QO Undeletable
C:\_RESTORE\TEMP\A0092494.CPY TROJ_SMALL.QO Undeletable
C:\_RESTORE\TEMP\A0092497.CPY TROJ_STARTPAG.D Undeletable
C:\_RESTORE\TEMP\A0092705.CPY TROJ_SMALL.QO Undeletable
C:\_RESTORE\TEMP\A0093773.CPY TROJ_SMALL.QO Undeletable
C:\_RESTORE\TEMP\A0093848.CPY TROJ_SMALL.QO Undeletable
C:\_RESTORE\TEMP\A0093868.CPY TROJ_SMALL.QO Undeletable
C:\_RESTORE\TEMP\A0093887.CPY TROJ_SMALL.QO Undeletable
C:\_RESTORE\TEMP\A0094888.CPY TROJ_SMALL.QO Undeletable
C:\_RESTORE\TEMP\A0095887.CPY TROJ_SMALL.QO Undeletable
C:\_RESTORE\TEMP\A0095910.CPY TROJ_SMALL.QO Undeletable
C:\_RESTORE\TEMP\A0095951.CPY TROJ_SMALL.QO Undeletable
C:\_RESTORE\TEMP\A0095974.CPY TROJ_SMALL.QO Undeletable
C:\_RESTORE\TEMP\A0096045.CPY TROJ_SMALL.QO Undeletable
C:\_RESTORE\TEMP\A0096066.CPY TROJ_SMALL.QO Undeletable
C:\_RESTORE\TEMP\A0096115.CPY TROJ_SMALL.QO Undeletable
C:\_RESTORE\TEMP\A0096132.CPY TROJ_SMALL.QO Undeletable
C:\_RESTORE\TEMP\A0096155.CPY TROJ_SMALL.QO Undeletable
C:\_RESTORE\TEMP\A0096180.CPY TROJ_SMALL.QO Undeletable
C:\_RESTORE\TEMP\A0096232.CPY TROJ_SMALL.QO Undeletable
C:\_RESTORE\TEMP\A0097796.CPY TROJ_STARTPAG.D Undeletable
C:\_RESTORE\TEMP\A0097792.CPY TROJ_HAXDOOR.AY Undeletable
C:\_RESTORE\TEMP\A0097810.CPY TROJ_HAXDOOR.AY Undeletable
C:\_RESTORE\TEMP\A0097821.CPY TROJ_STARTPAG.D Undeletable
C:\_RESTORE\TEMP\A0097847.CPY TROJ_HAXDOOR.AY Undeletable
C:\_RESTORE\TEMP\A0097851.CPY TROJ_HAXDOOR.AY Undeletable
C:\_RESTORE\TEMP\A0097858.CPY TROJ_SMALL.QO Undeletable
C:\_RESTORE\TEMP\A0097862.CPY TROJ_SMALL.QO Undeletable
C:\_RESTORE\TEMP\A0097904.CPY TROJ_DIALER.BI Undeletable
C:\_RESTORE\TEMP\A0097908.CPY TROJ_DIALER.BI Undeletable
C:\_RESTORE\TEMP\A0097950.CPY TROJ_REALTENS.H Undeletable
C:\_RESTORE\TEMP\A0097954.CPY TROJ_REALTENS.H Undeletable
C:\_RESTORE\TEMP\A0102274.CPY TROJ_REALTENS.H Undeletable



Incident Status Location

Adware:adware/gator Not disinfected C:\WINDOWS\TEMP\bundle.inf
Adware:adware/downloadware Not disinfected Windows Registry



Logfile of HijackThis v1.99.1
Scan saved at 9:27:57 PM, on 12/1/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\THOTKEY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\SYSTEM\PROMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\TFNCKY.EXE
C:\WINDOWS\SYSTEM\TPWRTRAY.EXE
C:\WINDOWS\SYSTEM\TWARNMSG.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\D-LINK\AIRPLUS G WIRELESS ADAPTER UTILITY\AIRPLUS.EXE
C:\WINDOWS\SYSTEM\ACS.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\TOSHIBA\IVP\ISM\IVPSVMGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_1_6_0.DLL
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_1_6_0.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TWarnMsg] TWarnMsg.exe
O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [NVidia QuickTweak] C:\WINDOWS\RUNDLL32.EXE NVQTWK.DLL,NvTaskbarInit
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [Symantec Core LC] "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [THotkey] C:\WINDOWS\SYSTEM\THotkey.exe
O4 - HKLM\..\RunServices: [Encompass_ENCMONTR] C:\Program Files\Easy Internet\ENCMONTR.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\REALDOWNLOAD.EXE
O4 - Startup: ACS.pif = C:\WINDOWS\SYSTEM\ACS.BAT
O4 - Startup: D-Link AirPlus G Wireless Utility.lnk = C:\Program Files\D-Link\AirPlus G Wireless Adapter Utility\AirPlus.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
Autodad
Dec 2 2005, 05:51 AM
Hi mjr,

Those undeletable files are in your System Restore , so let's try cleaning that.
[Doing this will remove all your restore points].

Click Start > Settings > Control Panel.
Double-click the System icon.
On the Performance tab click File System.
Click the Troubleshooting tab
Then check Disable System Restore
Click OK.
Click Yes, when you are prompted to restart Windows.

After you have restarted, turn System Restore back on:
Click Start > Settings > Control Panel.
Double-click System.
On the Performance tab click File System.
On the Troubleshooting tab, uncheck Disable System Restore.
Click OK. Click Yes, when you are prompted to restart Windows.

Then create a new restore point once you have System Restore back on.
To create a new System Restore Point, click Start -> All Programs -> Accessories -> System Tools -> System Restore.
When the System Restore Utility opens, click "Create a Restore Point" then click Next.
Enter a name for this Restore Point, and click Create.
_ _ _ _


Then you need to clean your Temp files.

To clean your temp folder, recycle bin, etc..please download this free tool:
CCleaner
It will put a shortcut on your Desktop.
Click on CCleaner to start it. Then click "Run Cleaner".
Then Reboot (Exit).

Then click Start | Run | (type) cleanmgr | then "OK"
Let it scan your system for files to remove.
Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
Click "OK" to remove them.
Click "Yes" to confirm the deletion.

_ _ _

Then please post a new HJT log.
And let us know if you have any problems.
mjr
Dec 8 2005, 03:30 AM
Autodad,

Thanks again for your help. I have done what you've asked. Here is my new HJT scan. Please let me know what to do next.

Logfile of HijackThis v1.99.1
Scan saved at 10:26:56 PM, on 12/7/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\THOTKEY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\IWP\NPFMNTOR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\SYSTEM\PROMON.EXE
C:\WINDOWS\SYSTEM\TFNCKY.EXE
C:\WINDOWS\SYSTEM\TPWRTRAY.EXE
C:\WINDOWS\SYSTEM\TWARNMSG.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\TOSHIBA\IVP\ISM\PINGER.EXE
C:\PROGRAM FILES\ADAPTEC\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\D-LINK\AIRPLUS G WIRELESS ADAPTER UTILITY\AIRPLUS.EXE
C:\WINDOWS\SYSTEM\ACS.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_1_6_0.DLL
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\SYSTEM\NZDD.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_1_6_0.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TWarnMsg] TWarnMsg.exe
O4 - HKLM\..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [NVidia QuickTweak] C:\WINDOWS\RUNDLL32.EXE NVQTWK.DLL,NvTaskbarInit
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [Symantec Core LC] "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [THGuard] "C:\PROGRAM FILES\TROJANHUNTER 4.2\THGUARD.EXE"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [THotkey] C:\WINDOWS\SYSTEM\THotkey.exe
O4 - HKLM\..\RunServices: [Encompass_ENCMONTR] C:\Program Files\Easy Internet\ENCMONTR.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [NPFMonitor] C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\REALDOWNLOAD.EXE
O4 - Startup: ACS.pif = C:\WINDOWS\SYSTEM\ACS.BAT
O4 - Startup: D-Link AirPlus G Wireless Utility.lnk = C:\Program Files\D-Link\AirPlus G Wireless Adapter Utility\AirPlus.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab
Autodad
Dec 8 2005, 07:19 AM
Hi mjr,

See if these help to remove McAfee.

https://hdc.tamu.edu/reference/documentation/?section_id=550

http://support.microsoft.com/kb/q189264/


Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

And let us know what problems you have.
mjr
Dec 16 2005, 09:56 PM
Autodad,

I am on another laptop b/c I cannot load webpages on mine. I have internet service through my cable company. I have a wireless setup with a router and a card adapter for my laptop. (For some reason, I cannot directly connect to the cable modem, it only works with wireless system). I am receiving a signal from the router, but I am unable to load any webpages in Explorer. The browser is acting as if there is no connection. I will do what you asked on your previous post, but I will not be able to send you the HJT log. What do you think is causing this problem? It began happening last week.

Thanks,

mjr
mjr
Dec 22 2005, 06:13 PM
Autodad,

Back online. Here is the file you requested. Laptop still slow and will not load icons on desktop during some boots.

Adaptec DirectCD
Adaptec Easy CD Creator 4
Adobe Acrobat 4.0
Backgrounds
DivX 5.0.2 Pro Bundle
D-Link AirPlus G Wireless Adapter
Enhanced MediaLoads
Google Toolbar for Internet Explorer
HijackThis 1.99.1
Intel® PRO Ethernet Adapter and Software
InterVideo WinDVD
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Lotus SmartSuite Release 9.5
Macromedia Flash Player 8
Microsoft Clipart Extra
Microsoft Internet Explorer 6 and Internet Tools
Microsoft Office 97, Professional Edition
Microsoft Outlook Express 6
MouseWare 9.11
My Yahoo! for Toshiba
Norton AntiVirus 2005 (Symantec Corporation)
NVIDIA Windows 95/98/ME Display Drivers
PC Show and Tell Player
PCFriendly
Quicken 2001 New User Edition
QuickTime
RealDownload
RealPlayer
Rhapsody
Rhapsody Player Engine
RichFX Player
RingCentral
Support.com
Toshiba Active Menu v1.2
Toshiba Easy Internet
Toshiba Power Saver
Toshiba Services
Toshiba SmartMedia Utility
TOSHIBA Software Modem
Toshiba Software Upgrades
Toshiba Tbiosdrv Driver
Toshiba Utilities
Toshiba Utilities(System Warning Function)
Toshiba VirtualTech
WebEx Client Install
WinMX
Yahoo! Companion
Yahoo! Messenger
YAMAHA DS-XG WDM
Autodad
Dec 22 2005, 10:47 PM
Hi mjr,

Let's run some more scans to see if any infections show up. But also give your Internet Service Provider (ISP) and/or your router manufacture a call, just to make sure all settings are correct...



Please download the trial version of Spy Sweeper from Here
Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)
You will be prompted to check for updated definitions, please do so.
(This may take several minutes)

Click on "Options > Sweep Options" and check "Sweep all Folders on Selected drives". Check "Local Disc C".
Under "What to Sweep", check every box.

Click on Sweep and allow it to fully scan your system.

When the sweep has finished, click "Remove". Click "Select All" and then "Next".

From 'Results', select the "Session Log" tab.
Click Save to File and save the log somewhere convenient.

Exit Spy Sweeper.

Copy and paste the log into this thread.

Then reboot.
__________

Download 'Autoruns' from here:
http://www.sysinternals.com/Utilities/Autoruns.html

Unzip to a folder and the double click on autoruns.exe

Wait until the program has finished running (the status line will show 'Ready')
Under the 'Options' menu, make sure that 'Include Empty Sections' is checked.
Wait again until ready.

Be sure the 'Everything' tab is selected.
Select 'File -> Save' and save the output file.

Copy the contents of the Autoruns text file and post its contents in this thread.


Then reboot.
__________


Please download: eScans mwav (freeware) from here:

http://www.mwti.net/antivirus/free_utilities.asp

Double-click it to run it, select all local drives.
Scan all files, press scan.
When it is completed, anything found will be displayed in the lower pane.

Highlight it, CTRL C (copy) and paste it in your next reply.
mjr
Jan 5 2006, 04:02 AM
Hi Autodad,

Here is the requested logs.

********
8:17 PM: | Start of Session, Tuesday, December 27, 2005 |
8:17 PM: Spy Sweeper started
8:17 PM: Sweep initiated using definitions version 591
8:17 PM: Starting Memory Sweep
8:33 PM: Memory Sweep Complete, Elapsed Time: 00:15:43
8:33 PM: Starting Registry Sweep
8:59 PM: Found Adware: cws iesprt
8:59 PM: HKLM\system\currentcontrolset\control\ || impersonate (ID = 117366)
9:13 PM: Found Adware: great net downloadware
9:13 PM: HKLM\software\microsoft\windows\currentversion\uninstall\medialoads enhanced\ (2 subtraces) (ID = 125363)
9:17 PM: HKU\.DEFAULT\software\medialoads\ (4 subtraces) (ID = 125355)
9:17 PM: Registry Sweep Complete, Elapsed Time:00:44:01
9:17 PM: Starting Cookie Sweep
9:17 PM: Found Spy Cookie: advertising cookie
9:17 PM: default@advertising[1].txt (ID = 2175)
9:17 PM: Found Spy Cookie: overture cookie
9:17 PM: default@overture[2].txt (ID = 3105)
9:17 PM: Found Spy Cookie: serving-sys cookie
9:17 PM: default@serving-sys[1].txt (ID = 3343)
9:17 PM: Found Spy Cookie: falkag cookie
9:17 PM: default@as1.falkag[2].txt (ID = 2650)
9:17 PM: Found Spy Cookie: ru4 cookie
9:17 PM: default@edge.ru4[2].txt (ID = 3269)
9:17 PM: Found Spy Cookie: bs.serving-sys cookie
9:17 PM: default@bs.serving-sys[1].txt (ID = 2330)
9:17 PM: Found Spy Cookie: websponsors cookie
9:17 PM: default@a.websponsors[2].txt (ID = 3665)
9:17 PM: Found Spy Cookie: yieldmanager cookie
9:17 PM: default@ad.yieldmanager[1].txt (ID = 3751)
9:17 PM: Found Spy Cookie: atwola cookie
9:17 PM: default@atwola[1].txt (ID = 2255)
9:17 PM: Found Spy Cookie: zedo cookie
9:17 PM: default@zedo[1].txt (ID = 3762)
9:17 PM: Found Spy Cookie: pointroll cookie
9:17 PM: default@ads.pointroll[1].txt (ID = 3148)
9:17 PM: Found Spy Cookie: atlas dmt cookie
9:17 PM: default@atdmt[2].txt (ID = 2253)
9:17 PM: Found Spy Cookie: questionmarket cookie
9:17 PM: default@questionmarket[2].txt (ID = 3217)
9:17 PM: Cookie Sweep Complete, Elapsed Time: 00:00:15
9:17 PM: Starting File Sweep
9:18 PM: Warning: Failed to open file "c:\windows\win386.swp". The process cannot access the file because it is being used by another process
9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb481b3da-5ff7-4289-9deb-7765f3435a3c.tmp". The process cannot access the file because it is being used by another process
9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb50718d2-3e44-405e-82f5-58212b49999a.tmp". The process cannot access the file because it is being used by another process
9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf920dfcd-ffe7-49f9-abf8-9e9d7dce34c5.tmp". The process cannot access the file because it is being used by another process
9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsc4d813d0-0f65-4bcf-a420-5c7bb74ca200.tmp". The process cannot access the file because it is being used by another process
9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs8d983337-e5ad-48d4-99cf-06817f671052.tmp". The process cannot access the file because it is being used by another process
9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsfc36ba39-4735-4629-809b-a5eb367f65d1.tmp". The process cannot access the file because it is being used by another process
9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs44a47a50-7c3f-4d03-ad5d-bdf78f27a9c7.tmp". The process cannot access the file because it is being used by another process
9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf6f6eef0-553d-449a-9c32-91456e327fc1.tmp". The process cannot access the file because it is being used by another process
9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs8bad90b8-70b2-449e-92c5-7fd9a342536b.tmp". The process cannot access the file because it is being used by another process
9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs90d78a12-de3d-4c3a-9a15-26403fc0aff8.tmp". The process cannot access the file because it is being used by another process
9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscscd2a91d5-9b02-4b3b-a289-67a4735525ef.tmp". The process cannot access the file because it is being used by another process
9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb678b42b-18ec-4476-825e-f31d7721bb77.tmp". The process cannot access the file because it is being used by another process
9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs9c9caac7-df90-4e29-93ea-e280511f5155.tmp". The process cannot access the file because it is being used by another process
9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb9b02e8c-dbce-4b03-97f1-29d094bbfca3.tmp". The process cannot access the file because it is being used by another process
9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaa3db998-08db-4cd0-8e1e-7eca0d9da771.tmp". The process cannot access the file because it is being used by another process
9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs5b86a702-e01c-4f4b-a539-6e161e9ace72.tmp". The process cannot access the file because it is being used by another process
9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs2a08e09e-e691-41f6-bd6d-b18434363850.tmp". The process cannot access the file because it is being used by another process
9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsabf8454a-ed3c-4e46-bdbc-0b469853aa50.tmp". The process cannot access the file because it is being used by another process
9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs767dcc14-5198-4d7d-8f32-758c447ed99e.tmp". The process cannot access the file because it is being used by another process
9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs5f6071e0-ad95-407c-b787-e167c1be5652.tmp". The process cannot access the file because it is being used by another process
9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscscf1f9c72-dd8b-4ac4-82c7-d169585f62a8.tmp". The process cannot access the file because it is being used by another process
9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs3c087cc7-a2ad-4e9e-a0a9-0e886f14bc67.tmp". The process cannot access the file because it is being used by another process
9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf4a3b3b7-07e3-47f6-8f48-b833cb6675d5.tmp". The process cannot access the file because it is being used by another process
9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs0f415574-ab12-4f24-9bec-c89cab32b3a4.tmp". The process cannot access the file because it is being used by another process
9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb74e8dce-2ef1-4dfd-aac2-9f889016fb1b.tmp". The process cannot access the file because it is being used by another process
9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs2cec444d-8a4d-4e64-af24-bb6b302f9082.tmp". The process cannot access the file because it is being used by another process
9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs0b471343-7f85-4ff7-9ce3-b8791bb7f670.tmp". The process cannot access the file because it is being used by another process
9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs5b2bdd03-fe45-49db-80c2-dbdbd9c0a158.tmp". The process cannot access the file because it is being used by another process
9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs527cc6f8-7e7b-4e80-b0ca-821069ef4b69.tmp". The process cannot access the file because it is being used by another process
9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs91740493-3963-40f3-a7d8-be72a1947022.tmp". The process cannot access the file because it is being used by another process
9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs0b4ff4b9-46b9-45b0-936f-23ca7ee27e31.tmp". The process cannot access the file because it is being used by another process
9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsc49f0917-ca08-4e11-9464-2c07ee93d0b0.tmp". The process cannot access the file because it is being used by another process
9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs082ac0a3-0aa8-45db-8cf0-859847ef2686.tmp". The process cannot access the file because it is being used by another process
9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6b96171-e0fb-45c7-bec5-77d9d2714251.tmp". The process cannot access the file because it is being used by another process
9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs52ab6ecc-9716-4391-8e9b-d3dcfed221f0.tmp". The process cannot access the file because it is being used by another process
9:32 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs0989cba1-9423-41ca-82f8-b1c2d2a2e0ae.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs278f2e71-407f-45c7-ac05-e9a6d9c25ccb.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs61531dc8-8bd0-48db-a672-e4693494f082.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4b1faea2-f05f-48ed-9e4f-e642b817e707.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs54ddf970-ebd8-4619-bd90-d5adc0429304.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs78acb612-c2ed-432b-ae61-bd6617fb5a3a.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs0cbe8481-5781-41af-8bb4-771af46b34f4.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsee2edf1a-d820-4ab0-a8b2-44ab7e4bfded.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs21a4ba68-df0c-4347-a942-dcf5e30b2fff.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs2f313fd6-f2db-4aea-b791-58b192d9ff36.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs173192c9-d25a-4f3a-ac46-89a5e4b63d0f.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs6499d6b2-3a42-45e6-803e-309aea9a1afc.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsd35c1202-215f-4a33-8088-a19c7beac218.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs05e44949-a145-4ae4-9cf2-fad057a194cc.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsd676fe18-7f15-4b2f-af18-8ab42d1613f4.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb6122444-a598-4541-b8ca-3086d3ba593b.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs510926e2-06aa-4e1d-8ac5-d1840a71e65f.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs0ad47678-1a93-4242-a5f0-c039ee9c1207.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs50b6cecd-e519-4671-ab48-6bb8a463a0cc.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsfa5d5e29-fe75-4f09-962c-707f36259816.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs6a4f9e39-e4c0-4486-a08c-81fea35f1d5e.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbc4253f4-d52c-43d2-bd15-6e092315647f.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs9be61f02-7cf0-4188-a58f-994bde0ee233.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs951dbd77-c345-44c0-9643-d23d49799d23.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb9de750c-df84-42ae-a7a8-7e4df56e4380.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs231498bc-c808-4c39-a425-277d31d0f8f8.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf5fd1931-67cb-4919-94cb-e4563e2f8b97.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4ac98593-f020-4981-a00b-7ef1a06c13f1.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsa57e6a14-e8fd-44f4-87a1-fb4c8db71a55.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs8f56803d-8f69-4fb5-ba16-6bd10213079e.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs5a4b7b13-7770-4373-a4af-365a5ee3c900.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs28931960-c468-49d4-be32-55b01bb7ecbf.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbdc00c24-a3d4-4e87-b014-4bd7db179e80.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf4b94f68-916a-4e9d-9ee5-7de5f22a79dc.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs9731e94a-982b-4bf2-aa33-4525313a2afd.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs8c939941-fb42-4ef1-9d82-4afb62b8e67c.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs16b4d202-a763-4072-8734-74e47fe1752f.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf5b4f8ba-bd73-4dcb-bb07-0c9630d7ff46.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs00097ce4-ed2b-469e-a52b-0373001dd66f.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs0d24c36a-d604-4b05-b665-66d373c2a54c.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs8e4c9576-a781-480e-bcca-464b43c888f3.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf670bf6e-82cf-4cdf-bffd-bb2d67ca94b9.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs7b6a40ba-7e6f-46b1-a778-53207b8f25b4.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsd1720213-d6fc-488b-b70c-9651bda67de9.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs77ce323b-130d-4017-a408-c1e20e75ea4a.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4b3d0db7-74f5-49d7-a2aa-702e6d5a428c.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs80e6404f-ac09-4423-aab5-b6846fe2bac3.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs33473752-ea8b-4f9a-8118-49e5096f105c.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs20c2dc6f-f6f6-4b75-bd8a-c9e6d2539f0b.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsc4ea96ad-53ff-4f7e-8d6b-0cc712666314.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs03d8f138-5b2d-4288-abf2-25cb1ef8a819.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs1af893b3-e282-4e7f-b06f-c2a555ea780c.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs20534ec7-bc4c-4d7a-9400-b43281e069df.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs27bb02cd-e3c9-40ce-8893-0907fdb5f9c3.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaf8e11c4-b1be-45d1-afe4-e9fc80c2d9a3.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs207aba4b-80aa-4878-a945-9bb3b70c038f.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb7b7bcd3-fec1-45de-865f-4e90263fabed.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscse1862b49-aae8-48b5-b313-de892675226b.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsfa0a0142-a485-47b6-84c9-fdbe1c2ccba0.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsfee69997-f027-4afa-b11d-cdeffcd64964.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs6fe1af5c-2f03-49a6-b541-33d92402aa7f.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsc4c676e8-761d-48ea-81fb-3a832c0ff31f.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs0bcdc0c2-bced-4224-99a4-9a4f9b339cd5.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs1b3d3d85-b3cc-4f6f-8192-7cd8f6bba66f.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsc20fd221-e9e6-429a-a07f-e5cbbcb3f8d6.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs5ff8fb38-4608-408a-8ec3-0070279e2278.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscse47c8568-6faa-4b50-9221-5da784a6d98f.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsea90045b-18e8-43a2-a416-685b5cc801fa.tmp". The process cannot access the file because it is being used by another process
9:33 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs408cb132-b3e4-49a5-9297-68d197b78827.tmp". The process cannot access the file because it is being used by another process
9:37 PM: Warning: Failed to open file "c:\program files\common files\symantec shared\ccpd-lc\symlcrst.dll". The process cannot access the file because it is being used by another process
9:53 PM: Found Adware: coolwebsearch (cws)
9:53 PM: mtwcnl32.dll (ID = 54330)
10:15 PM: Found Adware: tibs dialer
10:15 PM: xxx.lnk (ID = 79520)
10:18 PM: Found Adware: bonzi buddy
10:18 PM: favicon.ico (ID = 51620)
10:33 PM: File Sweep Complete, Elapsed Time: 01:16:04
10:34 PM: Full Sweep has completed. Elapsed time 02:16:11
10:34 PM: Traces Found: 25
10:45 PM: Removal process initiated
10:45 PM: Quarantining All Traces: bonzi buddy
10:45 PM: Warning: Out of memory
10:45 PM: Failed to quarantine bonzi buddy
10:45 PM: Failed to quarantine favicon.ico
10:45 PM: Quarantining All Traces: coolwebsearch (cws)
10:45 PM: Warning: Out of memory
10:45 PM: Failed to quarantine coolwebsearch (cws)
10:45 PM: Failed to quarantine mtwcnl32.dll
10:45 PM: Quarantining All Traces: tibs dialer
10:45 PM: Warning: Out of memory
10:45 PM: Failed to quarantine tibs dialer
10:45 PM: Failed to quarantine xxx.lnk
10:45 PM: Quarantining All Traces: cws iesprt
10:45 PM: Quarantining All Traces: great net downloadware
10:46 PM: Warning: Out of memory
10:46 PM: Failed to quarantine great net downloadware
10:46 PM: Failed to quarantine HKLM: software\microsoft\windows\currentversion\uninstall\medialoads enhanced\
10:46 PM: Quarantining All Traces: advertising cookie
10:46 PM: Warning: Out of memory
10:46 PM: Failed to quarantine advertising cookie
10:46 PM: Failed to quarantine default@advertising[1].txt
10:46 PM: Quarantining All Traces: atlas dmt cookie
10:46 PM: Warning: Out of memory
10:46 PM: Failed to quarantine atlas dmt cookie
10:46 PM: Failed to quarantine default@atdmt[2].txt
10:46 PM: Quarantining All Traces: atwola cookie
10:46 PM: Warning: Out of memory
10:46 PM: Failed to quarantine atwola cookie
10:46 PM: Failed to quarantine default@atwola[1].txt
10:46 PM: Quarantining All Traces: bs.serving-sys cookie
10:46 PM: Warning: Out of memory
10:46 PM: Failed to quarantine bs.serving-sys cookie
10:46 PM: Failed to quarantine default@bs.serving-sys[1].txt
10:46 PM: Quarantining All Traces: falkag cookie
10:46 PM: Warning: Out of memory
10:46 PM: Failed to quarantine falkag cookie
10:46 PM: Failed to quarantine default@as1.falkag[2].txt
10:46 PM: Quarantining All Traces: overture cookie
10:46 PM: Warning: Out of memory
10:46 PM: Failed to quarantine overture cookie
10:46 PM: Failed to quarantine default@overture[2].txt
10:46 PM: Quarantining All Traces: pointroll cookie
10:46 PM: Warning: Out of memory
10:46 PM: Failed to quarantine pointroll cookie
10:46 PM: Failed to quarantine default@ads.pointroll[1].txt
10:46 PM: Quarantining All Traces: questionmarket cookie
10:46 PM: Warning: Out of memory
10:46 PM: Failed to quarantine questionmarket cookie
10:46 PM: Failed to quarantine default@questionmarket[2].txt
10:46 PM: Quarantining All Traces: ru4 cookie
10:46 PM: Warning: Out of memory
10:46 PM: Failed to quarantine ru4 cookie
10:46 PM: Failed to quarantine default@edge.ru4[2].txt
10:46 PM: Quarantining All Traces: serving-sys cookie
10:46 PM: Warning: Out of memory
10:46 PM: Failed to quarantine serving-sys cookie
10:46 PM: Failed to quarantine default@serving-sys[1].txt
10:46 PM: Quarantining All Traces: websponsors cookie
10:46 PM: Warning: Out of memory
10:46 PM: Failed to quarantine websponsors cookie
10:46 PM: Failed to quarantine default@a.websponsors[2].txt
10:46 PM: Quarantining All Traces: yieldmanager cookie
10:46 PM: Warning: Out of memory
10:46 PM: Failed to quarantine yieldmanager cookie
10:46 PM: Failed to quarantine default@ad.yieldmanager[1].txt
10:46 PM: Quarantining All Traces: zedo cookie
10:46 PM: Warning: Out of memory
10:46 PM: Failed to quarantine zedo cookie
10:46 PM: Failed to quarantine default@zedo[1].txt
10:46 PM: Warning: Out of memory
10:46 PM: Removal process completed. Elapsed time 00:01:03
********
8:12 PM: | Start of Session, Tuesday, December 27, 2005 |
8:12 PM: Spy Sweeper started
8:15 PM: Your spyware definitions have been updated.
8:15 PM: Your definitions are up to date.
8:17 PM: | End of Session, Tuesday, December 27, 2005 |


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ Adaptec DirectCD DirectCD Application Adaptec c:\program files\adaptec\directcd\directcd.exe

+ ccApp Symantec User Session Symantec Corporation c:\program files\common files\symantec shared\ccapp.exe

+ EM_EXEC Control Center Logitech Inc. c:\program files\mouseware\system\em_exec.exe

+ LoadPowerProfile Power Profile Helper DLL Microsoft Corporation c:\windows\system\powrprof.dll

+ NVidia QuickTweak Run a DLL as an App Microsoft Corporation c:\windows\rundll32.exe

+ PCHealth PC Health Client Scheduling Application Microsoft Corporation c:\windows\pchealth\support\pchschd.exe

+ Pinger Toshiba Pinger Toshiba Corporation c:\toshiba\ivp\ism\pinger.exe

+ Promon.exe Intel® PROSet Tray Icon Intel Corporation c:\windows\system\promon.exe

+ ScanRegistry Registry Checker Microsoft Corporation c:\windows\scanregw.exe

+ SpySweeper Spy Sweeper Client Executable Webroot Software, Inc. c:\program files\webroot\spy sweeper\spysweeper.exe

+ Symantec Core LC Symantec Core Component Symantec Corporation c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe

+ SystemTray System Tray Applet Microsoft Corporation c:\windows\system\systray.exe

+ TaskMonitor Task Monitor Microsoft Corporation c:\windows\taskmon.exe

+ TFncKy C:\Program Files\TOSHIBA\Toshiba Services\TFncKy.exe

+ TkBellExe RealNetworks Scheduler RealNetworks, Inc. c:\program files\common files\real\update_ob\realsched.exe

+ Tpwrtray Toshiba Power Saver TOSHIBA Corporation c:\windows\system\tpwrtray.exe

+ TWarnMsg C:\Program Files\Toshiba Corporation\TwarnMsg\TWarnMsg.exe

C:\WINDOWS\Start Menu\Programs\StartUp

+ ACS.pif c:\windows\start menu\programs\startup\acs.pif

+ D-Link AirPlus G Wireless Utility.lnk WLAN Adapter Utility D-Link c:\program files\d-link\airplus g wireless adapter utility\airplus.exe

+ Microsoft Find Fast.lnk Microsoft Office Find Fast Microsoft Corporation c:\program files\microsoft office\office\findfast.exe

+ Office Startup.lnk c:\program files\microsoft office\office\osa.exe

+ RealDownload.lnk RealDownload RealNetworks, Inc. c:\program files\real\realdownload\realdownload.exe

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components

+ Address Book 6 ADVPACK Microsoft Corporation c:\windows\system\advpack.dll

+ Browser Customizations Microsoft Internet Explorer Customization DLL Microsoft Corporation c:\windows\system\iedkcs32.dll

+ CDSAMPLE Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ CRLUpdate UPDCRL Microsoft Corporation c:\windows\system\updcrl.exe

+ Internet Explorer 6 IE 5.0 Per-User Install Utility Microsoft Corporation c:\windows\system\ie4uinit.exe

+ Microsoft Outlook Express 6 ADVPACK Microsoft Corporation c:\windows\system\advpack.dll

+ Microsoft Windows Media Player ADVPACK Microsoft Corporation c:\windows\system\advpack.dll

+ MSN Messenger Service 2.2 ADVPACK Microsoft Corporation c:\windows\system\advpack.dll

+ MSN-Migration Microsoft MSN Setup Microsoft Corporation c:\windows\msnmgsr1.exe

+ NetMeeting 3.01 ADVPACK Microsoft Corporation c:\windows\system\advpack.dll

+ Power Policy Settings Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ System Restore Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Desktop Update Microsoft© Register Server Microsoft Corporation c:\windows\system\regsvr32.exe

+ Windows Movie Maker Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Accessibility Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - America Online Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Applets Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - AT&T WorldNet Service Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Calculator Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - CD Player Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Character Map Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Classic Games Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Clipboard Viewer Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Color Schemes Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Dial-Up Networking Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Earthlink Internet Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - FAT32 Converter Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Fonts Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Home Networking Wizard Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - HyperTerminal Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Internet Games Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Links Bar c:\windows\command\sulfnbk.exe

+ Windows Setup - Messaging Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - More Applets Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Multimedia Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Multimedia Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Multimedia Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Multimedia Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Netwatch Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Online Services Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Paint Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Phone Dialer Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Plus! Games Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Prodigy Internet Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Setup Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Shell Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Shell Cursors Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Sound Schemes Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Sound Schemes Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Sound Schemes Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Sound Schemes Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Sound Schemes Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Start Menu Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Start Menu Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - System Information Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - System Information Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - System Meter Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - System Monitor Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Telephony Support Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - The Microsoft Network Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Volume Control Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup - Wordpad Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

+ Windows Setup -- Themes Windows Setup Functions Microsoft Corporation c:\windows\system\setupx.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler

+ Browseui preloader Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ Component Categories cache daemon Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

+ AUHook Microsoft AutoUpdate Microsoft Corporation c:\windows\system\auhook.dll

+ UPnPMonitor UPNP Tray Monitor and Folder Microsoft Corporation c:\windows\system\upnpui.dll

+ WebCheck Web Site Monitor Microsoft Corporation c:\windows\system\webcheck.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

+ shell32.dll Windows Shell Common Dll Microsoft Corporation c:\windows\system\shell32.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ &Address Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ &Links Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ .CAB file viewer Cabinet File Viewer Shell Extension Microsoft Corporation c:\windows\system\cabview.dll

+ Accessible Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ ActiveDesktop Windows Shell Common Dll Microsoft Corporation c:\windows\system\shell32.dll

+ ActiveX Cache Folder Object Control Viewer Microsoft Corporation c:\windows\system\occache.dll

+ Adaptec Directcd Shell Extension DirectCD Shell Extention DLL Adaptec c:\program files\adaptec\directcd\shellex.dll

+ Address Bar Parser Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ Address EditBox Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ Augmented Shell Folder Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ Augmented Shell Folder 2 Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ BandProxy Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ Briefcase Folder Windows Shell Common Dll Microsoft Corporation c:\windows\system\shell32.dll

+ CDF Extension Copy Hook Shell Doc Object and Control Library Microsoft Corporation c:\windows\system\shdocvw.dll

+ Channel File Channel Definition File Viewer Microsoft Corporation c:\windows\system\cdfview.dll

+ Channel Handler Object Channel Definition File Viewer Microsoft Corporation c:\windows\system\cdfview.dll

+ Channel Menu Channel Definition File Viewer Microsoft Corporation c:\windows\system\cdfview.dll

+ Channel Properties Channel Definition File Viewer Microsoft Corporation c:\windows\system\cdfview.dll

+ Channel Shortcut Channel Definition File Viewer Microsoft Corporation c:\windows\system\cdfview.dll

+ CmdFileIcon Windows Shell Common Dll Microsoft Corporation c:\windows\system\shell32.dll

+ Code Download Agent Web Site Monitor Microsoft Corporation c:\windows\system\webcheck.dll

+ ConnectionAgent Web Site Monitor Microsoft Corporation c:\windows\system\webcheck.dll

+ Crypto PKO Extension Crypto Shell Extensions Microsoft Corporation c:\windows\system\cryptext.dll

+ Crypto Sign Extension Crypto Shell Extensions Microsoft Corporation c:\windows\system\cryptext.dll

+ Custom MRU AutoCompleted List Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ Default Image Extrator for Properties Thumbnail View Extension Microsoft Corporation c:\windows\system\thumbvw.dll

+ Dial-Up Networking Dial-Up Networking User Interface Microsoft Corporation c:\windows\system\rnaui.dll

+ Display Control Panel HTML Extensions Windows Shell Common Dll Microsoft Corporation c:\windows\system\shell32.dll

+ Download Status Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ Explorer Band Shell Doc Object and Control Library Microsoft Corporation c:\windows\system\shdocvw.dll

+ Favorites Band Shell Doc Object and Control Library Microsoft Corporation c:\windows\system\shdocvw.dll

+ File Property Page Extension Windows Shell Common Dll Microsoft Corporation c:\windows\system\shell32.dll

+ File Types Page Windows Shell Common Dll Microsoft Corporation c:\windows\system\shell32.dll

+ Folder Options Property Page Extension Windows Shell Common Dll Microsoft Corporation c:\windows\system\shell32.dll

+ Folder Shortcut Windows Shell Common Dll Microsoft Corporation c:\windows\system\shell32.dll

+ GDI+ file thumbnail extractor Thumbnail View Extension Microsoft Corporation c:\windows\system\thumbvw.dll

+ Global Folder Settings Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ History Shell Doc Object and Control Library Microsoft Corporation c:\windows\system\shdocvw.dll

+ HTML Thumbnail Extractor Thumbnail View Extension Microsoft Corporation c:\windows\system\thumbvw.dll

+ ICC Profile Microsoft Color Matching System User Interface DLL Microsoft Corporation c:\windows\system\icmui.dll

+ ICM Monitor Management Microsoft Color Matching System User Interface DLL Microsoft Corporation c:\windows\system\icmui.dll

+ ICM Printer Management Microsoft Color Matching System User Interface DLL Microsoft Corporation c:\windows\system\icmui.dll

+ ICM Scanner Management Microsoft Color Matching System User Interface DLL Microsoft Corporation c:\windows\system\icmui.dll

+ IE4 Suite Splash Screen Shell Doc Object and Control Library Microsoft Corporation c:\windows\system\shdocvw.dll

+ In-pane search Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ Internet Name Space Shell Doc Object and Control Library Microsoft Corporation c:\windows\system\shdocvw.dll

+ InternetShortcut Shell Doc Object and Control Library Microsoft Corporation c:\windows\system\shdocvw.dll

+ ISFBand OC Shell Doc Object and Control Library Microsoft Corporation c:\windows\system\shdocvw.dll

+ IShellFolderBand Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ LNK file thumbnail interface delegator Thumbnail View Extension Microsoft Corporation c:\windows\system\thumbvw.dll

+ Media Band Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ Menu Band Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ Menu Desk Bar Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ Menu Shell Folder Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ Menu Site Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ Microsoft Access Custom Icon Handler MSAPP Export Support for Microsoft Access Microsoft Corporation c:\program files\microsoft office\office\soa800.dll

+ Microsoft AutoComplete Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ Microsoft Browser Architecture Shell Doc Object and Control Library Microsoft Corporation c:\windows\system\shdocvw.dll

+ Microsoft BrowserBand Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ Microsoft CopyTo Service Windows Shell Common Dll Microsoft Corporation c:\windows\system\shell32.dll

+ Microsoft Exchange Microsoft Shell Extension Library Microsoft Corporation c:\program files\windows messaging\mlshext.dll

+ Microsoft History AutoComplete List Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ Microsoft Internet Toolbar Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ Microsoft MoveTo Service Windows Shell Common Dll Microsoft Corporation c:\windows\system\shell32.dll

+ Microsoft Multiple AutoComplete List Container Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ Microsoft New Object Service Windows Shell Common Dll Microsoft Corporation c:\windows\system\shell32.dll

+ Microsoft Office Binder Explode Microsoft Office Binder Document Unbinder Microsoft Corporation c:\program files\microsoft office\office\unbind.dll

+ Microsoft Outlook Custom Icon Handler Microsoft Outlook Shell Hook for Start/Find Microsoft Corporation c:\program files\microsoft office\office\olkfstub.dll

+ Microsoft SendTo Service Windows Shell Common Dll Microsoft Corporation c:\windows\system\shell32.dll

+ Microsoft Shell Folder AutoComplete List Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ Microsoft Url History Service Shell Doc Object and Control Library Microsoft Corporation c:\windows\system\shdocvw.dll

+ Microsoft Url Search Hook Shell Doc Object and Control Library Microsoft Corporation c:\windows\system\shdocvw.dll

+ MIME File Types Hook Windows Shell Common Dll Microsoft Corporation c:\windows\system\shell32.dll

+ Mounted Volume Windows Shell Common Dll Microsoft Corporation c:\windows\system\shell32.dll

+ MRU AutoComplete List Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ My Computer Windows Shell Common Dll Microsoft Corporation c:\windows\system\shell32.dll

+ MyDocs Copy Hook My Documents Folder UI Microsoft Corporation c:\windows\system\mydocs.dll

+ MyDocs Drop Target My Documents Folder UI Microsoft Corporation c:\windows\system\mydocs.dll

+ MyDocs Folder My Documents Folder UI Microsoft Corporation c:\windows\system\mydocs.dll

+ MyDocs Properties My Documents Folder UI Microsoft Corporation c:\windows\system\mydocs.dll

+ Office Graphics Filters Thumbnail Extractor Thumbnail View Extension Microsoft Corporation c:\windows\system\thumbvw.dll

+ Open With Context Menu Handler Windows Shell Common Dll Microsoft Corporation c:\windows\system\shell32.dll

+ PostAgent Web Site Monitor Microsoft Corporation c:\windows\system\webcheck.dll

+ Registry Tree Options Utility Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ Search Assistant OC Shell Doc Object and Control Library Microsoft Corporation c:\windows\system\shdocvw.dll

+ Search Band Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ Sendmail service Send Mail Microsoft Corporation c:\windows\system\sendmail.dll

+ Sendmail service Send Mail Microsoft Corporation c:\windows\system\sendmail.dll

+ Shell Automation Folder View Windows Shell Common Dll Microsoft Corporation c:\windows\system\shell32.dll

+ Shell Automation Inproc Service Shell Doc Object and Control Library Microsoft Corporation c:\windows\system\shdocvw.dll

+ Shell Automation Service Windows Shell Common Dll Microsoft Corporation c:\windows\system\shell32.dll

+ Shell Band Site Menu Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ Shell DeskBar Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ Shell DeskBarApp Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ Shell DocObject Viewer Shell Doc Object and Control Library Microsoft Corporation c:\windows\system\shdocvw.dll

+ Shell Drag and Drop helper Windows Shell Common Dll Microsoft Corporation c:\windows\system\shell32.dll

+ Shell Extensions for RealOne Player RealPlayer Shell Extensions RealNetworks, Inc. c:\program files\real\realplayer\rpshell.dll

+ Shell extensions for Windows Script Host Microsoft ® Shell Extension for Windows Script Host Microsoft Corporation c:\windows\system\wshext.dll

+ Shell Favorite Folder Windows Shell Common Dll Microsoft Corporation c:\windows\system\shell32.dll

+ Shell Rebar BandSite Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ shell32.dll Windows Shell Common Dll Microsoft Corporation c:\windows\system\shell32.dll

+ shell32.dll Windows Shell Common Dll Microsoft Corporation c:\windows\system\shell32.dll

+ Start Menu Windows Shell Common Dll Microsoft Corporation c:\windows\system\shell32.dll

+ Subscription Folder Web Site Monitor Microsoft Corporation c:\windows\system\webcheck.dll

+ Subscription Mgr Web Site Monitor Microsoft Corporation c:\windows\system\webcheck.dll

+ Summary Info Thumbnail handler (DOCFILES) Thumbnail View Extension Microsoft Corporation c:\windows\system\thumbvw.dll

+ Tasks Folder Shell Extension Task Scheduler interface DLL Microsoft Corporation c:\windows\system\mstask.dll

+ Temporary Internet Files Shell Doc Object and Control Library Microsoft Corporation c:\windows\system\shdocvw.dll

+ Temporary Internet Files Shell Doc Object and Control Library Microsoft Corporation c:\windows\system\shdocvw.dll

+ The Internet Shell Doc Object and Control Library Microsoft Corporation c:\windows\system\shdocvw.dll

+ Thumbnail Image Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ Thumbnails Thumbnail View Extension Microsoft Corporation c:\windows\system\thumbvw.dll

+ Track Popup Bar Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ Tracking Shell Menu Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ TrayAgent Web Site Monitor Microsoft Corporation c:\windows\system\webcheck.dll

+ TridentImageExtractor Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ Universal Plug and Play Devices UPNP Tray Monitor and Folder Microsoft Corporation c:\windows\system\upnpui.dll

+ User Assist Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ Web Folders c:\program files\common files\microsoft shared\web folders\mson-- The nicest hobby on Earth ;) --t.dll

+ Web Search Shell Browser UI Library Microsoft Corporation c:\windows\system\browseui.dll

+ WebCheck Web Site Monitor Microsoft Corporation c:\windows\system\webcheck.dll

+ WebCheck SyncMgr Handler Web Site Monitor Microsoft Corporation c:\windows\system\webcheck.dll

+ WebCheckChannelAgent Web Site Monitor Microsoft Corporation c:\windows\system\webcheck.dll

+ WebCheckWebCrawler Web Site Monitor Microsoft Corporation c:\windows\system\webcheck.dll

+ zipfldr.dll Microsoft Compressed Folders Shell Extension Microsoft Corporation c:\windows\system\zipfldr.dll

+ zipfldr.dll Microsoft Compressed Folders Shell Extension Microsoft Corporation c:\windows\system\zipfldr.dll

+ zipfldr.dll Microsoft Compressed Folders Shell Extension Microsoft Corporation c:\windows\system\zipfldr.dll

HKLM\Software\Classes\Folder\Shellex\ColumnHandlers

+ Image Property Extractor Windows Shell Common Dll Microsoft Corporation c:\windows\system\shell32.dll

+ ShAVColumnProvider class DocProp2 Microsoft Corporation c:\windows\system\docprop2.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ BrowserHelper Class RealDownload RealNetworks, Inc. c:\windows\system\nzdd.dll

+ CNavExtBho Class Norton AntiVirusNAVShellExt Module Symantec Corporation c:\program files\norton antivirus\navshext.dll

+ Google Toolbar Helper Google IE Client Toolbar Google Inc. c:\program files\google\googletoolbar1.dll

+ Yahoo! Companion BHO Yahoo! Companion 5.1 for Internet Explorer Yahoo! Inc. c:\program files\yahoo!\companion\ycomp5_1_6_0.dll

HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks

+ shdocvw.dll Shell Doc Object and Control Library Microsoft Corporation c:\windows\system\shdocvw.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar

+ Norton AntiVirus Norton AntiVirusNAVShellExt Module Symantec Corporation c:\program files\norton antivirus\navshext.dll

Object "netzip Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "minibug Adware" fou
Autodad
Jan 5 2006, 11:14 AM
Hi,

Did you run the eScans mwav? Please post that log too.
mjr
Jan 18 2006, 01:38 AM
Hi Autodad,

I installed and began to run the eScan. It somehow totally screwed up my computer. It wouldn't boot up when I tried to restart. I would just get a blue screen. What could be causing this and what should I do?
Autodad
Jan 18 2006, 07:50 AM
Hi mjr,

Can you boot into Safe mode (As the computer restarts, press and hold down the F8 key until the Windows 98 startup menu appears)?
Try that, then see if you can get to the earlier System Restore point that you made:

Click the Start button.
Point to Programs, point to Accessories, point to System Tools, and then click System Restore.
Choose Restore my computer to an earlier time, and then click Next.
Click a day on the calendar, click the restore point description, and then click Next.
Make sure you have closed all your files and open programs, and then click OK to close the dialog box.
Click Next.

http://www.microsoft.com/windowsME/using/c...stemrestore.asp



I don't think it was eScan that "totally screwed" your computer. You have a few nasty infections on your system.

Do you have the Operating system / recovery cd for that computer?
mjr
Jan 24 2006, 04:11 AM
Hi Autodad,

Since my last post I had no communications capabilities at all to respond. I had a professional disinfect my computer and clean it up. Thanks for trying to help me. I appreciate your time and effort.
Autodad
Jan 24 2006, 06:36 AM
OK mjr.

Stay safe!
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.