computer slow (RESOLVED)

VopThis · #11 (**permalink**) 09-03-2006, 04:50 PM

Uninstall MessengerPlus3 (Control Panel>Add/Remove Programs) - this is often the responsible agent for the LOP infection. You appear to have at least three users on this PC. It may be wise to run lopremover on each separate user profile.

Clean out your Recycle Bin.

1) Please download the Killbox.
Unzip it to the desktop and run it.

2) Select "Delete on Reboot".
3) Then Click the "All Files" button.

4) Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\Documents and Settings\ADAM GOODALL\Local Settings\Temp\bisC71.exe C:\Documents and Settings\ADAM GOODALL\Application Data\default global each\Bike Style.exe
C:\Documents and Settings\ADAM GOODALL\Application Data\default global each\tcnyfrqk.exe
C:\Documents and Settings\ADAM GOODALL\Application Data\default global each\32 Ante Balm Platform.exe
C:\Documents and Settings\ADAM GOODALL\Application Data\default global each\cornthetrust.exe
C:\Documents and Settings\ADAM GOODALL\Application Data\default global each
C:\Documents and Settings\LEA DOLLERY\Desktop\lopremover.zip
C:\Documents and Settings\LEA DOLLERY\Desktop\lopremover
C:\Documents and Settings\MARK BAILEY\Local Settings\Temporary Internet Files\Content.IE5\SSEBROTQ\indexa[1].htm

5) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

6) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "Yes" to reboot next.

Re-run Kaspersky to document what items may still be left over.

dollibird · #12 (**permalink**) 10-03-2006, 10:41 PM

Hi there, here is my latest kaspersky report.

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Friday, March 10, 2006 9:35:28 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 10/03/2006
Kaspersky Anti-Virus database records: 181265
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 103213
Number of viruses found: 4
Number of infected objects: 16
Number of suspicious objects: 0
Duration of the scan process: 01:47:00

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\ADAM GOODALL\Local Settings\Temp\bisC71.exe Infected: not-a-virus:AdWare.Win32.Lop.ag skipped
C:\Documents and Settings\ADAM GOODALL\Application Data\default global each\Bike Style.exe Infected: not-a-virus:AdWare.Win32.Lop.ag skipped
C:\Documents and Settings\LEA DOLLERY\Desktop\lopremover.zip/lopremover.exe Infected: not-a-virus:AdWare.Win32.Lop skipped
C:\Documents and Settings\LEA DOLLERY\Desktop\lopremover.zip ZIP: infected - 1 skipped
C:\Documents and Settings\LEA DOLLERY\Desktop\lopremover\lopremover.exe Infected: not-a-virus:AdWare.Win32.Lop skipped
C:\Program Files\ESET\cache\FND4C.NFI Infected: not-a-virus

ialer.Win32.gen skipped
C:\Program Files\ESET\cache\FND4D.NFI Infected: not-a-virus

ialer.Win32.gen skipped
C:\System Volume Information\_restore{8D7469A4-B487-48B9-8782-B05185F76186}\RP54\A0010862.exe Infected: not-a-virus:AdWare.Win32.Lop.ag skipped
C:\System Volume Information\_restore{8D7469A4-B487-48B9-8782-B05185F76186}\RP62\A0012297.exe Infected: not-a-virus:AdWare.Win32.Lop.ag skipped
C:\System Volume Information\_restore{8D7469A4-B487-48B9-8782-B05185F76186}\RP67\A0014376.exe Infected: not-a-virus:AdWare.Win32.Lop.ag skipped
C:\System Volume Information\_restore{8D7469A4-B487-48B9-8782-B05185F76186}\RP67\A0014377.exe Infected: not-a-virus:AdWare.Win32.Lop.ag skipped
C:\System Volume Information\_restore{8D7469A4-B487-48B9-8782-B05185F76186}\RP67\A0014378.exe Infected: not-a-virus:AdWare.Win32.Lop.ag skipped
C:\!KillBox\indexa[1].htm Infected: Exploit.HTML.Mht skipped
C:\!KillBox\cornthetrust.exe Infected: not-a-virus:AdWare.Win32.Lop.ag skipped
C:\!KillBox\32 Ante Balm Platform.exe Infected: not-a-virus:AdWare.Win32.Lop.ag skipped
C:\!KillBox\tcnyfrqk.exe Infected: not-a-virus:AdWare.Win32.Lop.ag skipped

Scan process completed.

VopThis · #13 (**permalink**) 11-03-2006, 04:23 AM

There are two (2) resistant remaining LOP items of concern:
C:\Documents and Settings\ADAM GOODALL\Local Settings\Temp\bisC71.exe Infected: not-a-virus:AdWare.Win32.Lop.ag skipped
C:\Documents and Settings\ADAM GOODALL\Application Data\default global each\Bike Style.exe Infected: not-a-virus:AdWare.Win32.Lop.ag skipped

Lets see what the following tool may do for the above items:

Please download WebRoot SpySweeper from HERE (It's a 14 day trial) that appears to come and go:
http://www.webroot.com/shoppingcart/...php?bjpc=64011

Click the Free Trial link to download the program.
Double-click the file to install it as follows:
- Click "Next", read the agreement, Click "Next"
- Choose "Custom" click "Next".
- Leave the default installation directory as it is, then click "Next".
- UNcheck "Run SpySweeper at Windows Startup" and "Add Sweep for Spyware to Windows Explorer Context Menu". Click "Next".
- On the following screen you can leave the e-mail address field blank, if you wish. Click "Next".
- Finally, click "Install"
Once the program is installed, it will open.
It will prompt you to update to the latest definitions, click Yes.

Once the definitions are installed, click Options on the left side.
Click the Sweep Options tab.
Under What to Sweep please put a check next to the following:
- Sweep Memory
- Sweep Registry
- Sweep Cookies
- Sweep All User Accounts
- Enable Direct Disk Sweeping
- Sweep Contents of Compressed Files
- Sweep for Rootkits
- Please UNCHECK Do not Sweep System Restore Folder.
Disable SpySweeper Shields
- Click Shields on the left.
- Click Internet Explorer and uncheck all items.
- Click Windows System and uncheck all items.
- Click Startup Programs and uncheck all items.
Once the definitions are installed and shields disabled, click Sweep Now on the left side.
Click the Start button.
When it's done scanning, click the Next button.
Make sure everything has a check next to it, then click the Next button.
It will remove all of the items found.
Click Session Log in the upper right corner, copy everything in that window.
Click the Summary tab and click Finish.
Paste the contents of the session log you copied into your next reply.

Post the SpySweeper session log here along with a fresh HiJackThis log.

dollibird · #14 (**permalink**) 15-03-2006, 06:46 PM

Hi there, here is my session log and my Hijack This log.

16:40: | Start of Session, 15 March 2006 |
16:40: Spy Sweeper started
16:40: Sweep initiated using definitions version 633
16:41: Starting Memory Sweep
16:48: Memory Sweep Complete, Elapsed Time: 00:07:29
16:48: Starting Registry Sweep
16:48: Found Adware: energy plugin
16:48: HKCR\dial\ (8 subtraces) (ID = 125805)
16:48: HKLM\software\classes\dial\ (8 subtraces) (ID = 125806)
16:48: HKLM\software\microsoft\code store database\distribution units\{ffff0001-0001-101a-a3c9-08002b2f49fc}\ (8 subtraces) (ID = 125807)
16:48: Found Adware: screensavers
16:48: HKLM\software\screensavers.com\ (14 subtraces) (ID = 140569)
16:49: Found Trojan Horse: trojan-downloader-domcom
16:49: HKLM\software\microsoft\windows\currentversion\mod uleusage\c:/windows/downloaded program files/ipreg32.dll\ (ID = 144519)
16:49: HKLM\software\microsoft\windows\currentversion\sha reddlls\ || c:\windows\downloaded program files\ipreg32.dll (ID = 144520)
16:49: HKLM\software\microsoft\windows\currentversion\int ernet settings\user agent\post platform\ || energyplugin (ID = 169280)
16:49: HKLM\software\microsoft\windows\currentversion\int ernet settings\user agent\post platform\ || dial (ID = 169281)
16:49: Found System Monitor: ultraview plus
16:49: HKLM\software\classes\appid\director.exe\ (1 subtraces) (ID = 1191157)
16:49: HKLM\software\classes\appid\director.exe\ || appid (ID = 1191158)
16:49: Found Trojan Horse: phisher-sars
16:49: HKU\WRSS_Profile_S-1-5-21-3962057300-3591555781-2092097361-1008\software\sars\ (1 subtraces) (ID = 136733)
16:49: Found Adware: starware toolbar
16:49: HKU\WRSS_Profile_S-1-5-21-3962057300-3591555781-2092097361-1008\software\microsoft\internet explorer\toolbar\webbrowser\ || {2d51d869-c36b-42bd-ae68-0a81bc771fa5} (ID = 142860)
16:49: HKU\WRSS_Profile_S-1-5-21-3962057300-3591555781-2092097361-1008\software\microsoft\internet explorer\toolbar\webbrowser\ || {d49e9d35-254c-4c6a-9d17-95018d228ff5} (ID = 142862)
16:49: HKU\WRSS_Profile_S-1-5-21-3962057300-3591555781-2092097361-1008\software\starware\ (10 subtraces) (ID = 142866)
16:49: Found Adware: 180search assistant/zango
16:49: HKU\WRSS_Profile_S-1-5-21-3962057300-3591555781-2092097361-1008\software\zango\ (11 subtraces) (ID = 147919)
16:49: HKU\WRSS_Profile_S-1-5-21-3962057300-3591555781-2092097361-1006\software\sars\ (1 subtraces) (ID = 136733)
16:49: HKU\WRSS_Profile_S-1-5-21-3962057300-3591555781-2092097361-1006\software\microsoft\internet explorer\explorer bars\{2d51d869-c36b-42bd-ae68-0a81bc771fa5}\ (ID = 142855)
16:49: HKU\WRSS_Profile_S-1-5-21-3962057300-3591555781-2092097361-1006\software\microsoft\internet explorer\explorer bars\{7bed0340-176b-44bc-915e-c21c1dd6f617}\ (1 subtraces) (ID = 142856)
16:49: HKU\WRSS_Profile_S-1-5-21-3962057300-3591555781-2092097361-1006\software\microsoft\internet explorer\toolbar\webbrowser\ || {2d51d869-c36b-42bd-ae68-0a81bc771fa5} (ID = 142860)
16:49: HKU\WRSS_Profile_S-1-5-21-3962057300-3591555781-2092097361-1006\software\microsoft\internet explorer\toolbar\webbrowser\ || {d49e9d35-254c-4c6a-9d17-95018d228ff5} (ID = 142862)
16:49: HKU\WRSS_Profile_S-1-5-21-3962057300-3591555781-2092097361-1006\software\starware\ (12 subtraces) (ID = 142866)
16:49: Registry Sweep Complete, Elapsed Time:00:01:19
16:50: Starting Cookie Sweep
16:50: Found Spy Cookie: 888 cookie
16:50: mark bailey@www.888[2].txt (ID = 2020)
16:50: Found Spy Cookie: xmatch cookie
16:50: mark bailey@xmatch[1].txt (ID = 3719)
16:50: Found Spy Cookie: webpower cookie
16:50: mark bailey@webpower[1].txt (ID = 3660)
16:50: Found Spy Cookie: toplist cookie
16:50: mark bailey@toplist[1].txt (ID = 3557)
16:50: Found Spy Cookie: touchclarity cookie
16:50: mark bailey@firstdirect.touchclarity[1].txt (ID = 3566)
16:50: Found Spy Cookie: xiti cookie
16:50: mark bailey@xiti[1].txt (ID = 3717)
16:50: Found Spy Cookie: a cookie
16:50: mark bailey@a[1].txt (ID = 2027)
16:50: mark bailey@888[1].txt (ID = 2019)
16:50: Found Spy Cookie: atlas dmt cookie
16:50: mark bailey@atdmt[1].txt (ID = 2253)
16:50: Found Spy Cookie: webtrendslive cookie
16:50: mark bailey@statse.webtrendslive[1].txt (ID = 3667)
16:50: Found Spy Cookie: 64.62.232 cookie
16:50: mark bailey@64.62.232[1].txt (ID = 1987)
16:50: Found Spy Cookie: nextag cookie
16:50: mark bailey@nextag[1].txt (ID = 5014)
16:50: mark bailey@uk.nextag[1].txt (ID = 5015)
16:50: Found Spy Cookie: ccbill cookie
16:50: mark bailey@ccbill[2].txt (ID = 2369)
16:50: mark bailey@64.62.232[2].txt (ID = 1987)
16:50: mark bailey@64.62.232[3].txt (ID = 1987)
16:50: mark bailey@ccbill[1].txt (ID = 2369)
16:50: Found Spy Cookie: hotmatch cookie
16:50: mark bailey@hotmatch[2].txt (ID = 3854)
16:50: Found Spy Cookie: gostats cookie
16:50: mark bailey@c3.gostats[2].txt (ID = 2748)
16:50: mark bailey@gostats[2].txt (ID = 2747)
16:50: mark bailey@888[2].txt (ID = 2019)
16:50: Found Spy Cookie: cassava cookie
16:50: mark bailey@cassava[1].txt (ID = 2362)
16:50: Found Spy Cookie: adultfriendfinder cookie
16:50: mark bailey@adultfriendfinder[2].txt (ID = 2165)
16:50: Found Spy Cookie: www.mature-post cookie
16:50: mark bailey@www.mature-post[2].txt (ID = 3703)
16:50: Found Spy Cookie: partypoker cookie
16:50: mark bailey@partypoker[2].txt (ID = 3111)
16:50: Found Spy Cookie: dealtime cookie
16:50: mark bailey@stat.dealtime[2].txt (ID = 2506)
16:50: lea dollery@888[4].txt (ID = 2019)
16:50: Found Spy Cookie: banners cookie
16:50: lea dollery@banners[1].txt (ID = 2282)
16:50: lea dollery@dealtime[1].txt (ID = 2505)
16:50: lea dollery@theaa.touchclarity[1].txt (ID = 3566)
16:50: lea dollery@nextag[1].txt (ID = 5014)
16:50: Found Spy Cookie: co cookie
16:50: lea dollery@www.firstchoice.co[2].txt (ID = 2428)
16:50: lea dollery@msn.touchclarity[1].txt (ID = 3566)
16:50: lea dollery@webpower[2].txt (ID = 3660)
16:50: lea dollery@partypoker[2].txt (ID = 3111)
16:50: Found Spy Cookie: belnk cookie
16:50: lea dollery@dist.belnk[4].txt (ID = 2293)
16:50: lea dollery@toplist[1].txt (ID = 3557)
16:50: lea dollery@nextag[2].txt (ID = 5014)
16:50: Found Spy Cookie: 66.220.17 cookie
16:50: lea dollery@66.220.17[1].txt (ID = 1991)
16:50: Found Spy Cookie: directtrack cookie
16:50: lea dollery@directtrack[1].txt (ID = 2527)
16:50: lea dollery@ocean.directtrack[2].txt (ID = 2528)
16:50: Found Spy Cookie: firstchoice cookie
16:50: lea dollery@firstchoice[1].txt (ID = 2678)
16:50: lea dollery@firstchoice[2].txt (ID = 2678)
16:50: lea dollery@rs0.co[2].txt (ID = 2430)
16:50: lea dollery@888[1].txt (ID = 2019)
16:50: Found Spy Cookie: servlet cookie
16:50: lea dollery@servlet[1].txt (ID = 3345)
16:50: lea dollery@dist.belnk[2].txt (ID = 2293)
16:50: lea dollery@stat.dealtime[2].txt (ID = 2506)
16:50: Found Spy Cookie: azjmp cookie
16:50: lea dollery@azjmp[2].txt (ID = 2270)
16:50: Found Spy Cookie: ask cookie
16:50: lea dollery@ask[2].txt (ID = 2245)
16:50: lea dollery@a[1].txt (ID = 2027)
16:50: lea dollery@xiti[1].txt (ID = 3717)
16:50: lea dollery@888[2].txt (ID = 2019)
16:50: lea dollery@www.ask[1].txt (ID = 2246)
16:50: lea dollery@web.ask[2].txt (ID = 2246)
16:50: lea dollery@belnk[1].txt (ID = 2292)
16:50: Found Spy Cookie: tracking cookie
16:50: lea dollery@tracking[1].txt (ID = 3571)
16:50: lea dollery@uk.nextag[1].txt (ID = 5015)
16:50: lea dollery@cassava[1].txt (ID = 2362)
16:50: Found Spy Cookie: atwola cookie
16:50: lea dollery@atwola[1].txt (ID = 2255)
16:50: Found Spy Cookie: ic-live cookie
16:50: lea dollery@ic-live[1].txt (ID = 2821)
16:50: lea dollery@atwola[2].txt (ID = 2255)
16:50: lea dollery@www.888[2].txt (ID = 2020)
16:50: lea dollery@uk.nextag[2].txt (ID = 5015)
16:50: lea dollery@www.firstchoice.co[1].txt (ID = 2428)
16:50: Found Spy Cookie: kount cookie
16:50: lea dollery@kount[2].txt (ID = 2911)
16:50: lea dollery@www.firstchoice.co[3].txt (ID = 2428)
16:50: Found Spy Cookie: nuker cookie
16:50: lea dollery@nuker[2].txt (ID = 3085)
16:50: Found Spy Cookie: pricegrabber cookie
16:50: lea dollery@pricegrabber[1].txt (ID = 3185)
16:50: lea dollery@tracking[2].txt (ID = 3571)
16:50: Found Spy Cookie: associated new media cookie
16:50: lea dollery@anm.co[2].txt (ID = 2223)
16:50: lea dollery@affiliatemarketing.directtrack[2].txt (ID = 2528)
16:50: lea dollery@rs0.co[3].txt (ID = 2430)
16:50: Found Spy Cookie: bizrate cookie
16:50: lea dollery@bizrate[2].txt (ID = 2308)
16:50: Found Spy Cookie: hbmediapro cookie
16:50: lea dollery@adopt.hbmediapro[2].txt (ID = 2768)
16:50: Found Spy Cookie: screensavers.com cookie
16:50: lea dollery@www.screensavers[1].txt (ID = 3298)
16:50: lea dollery@i.screensavers[2].txt (ID = 3298)
16:50: Found Spy Cookie: offeroptimizer cookie
16:50: lea dollery@offeroptimizer[2].txt (ID = 3087)
16:50: lea dollery@dist.belnk[3].txt (ID = 2293)
16:50: lea dollery@rs0.co[1].txt (ID = 2430)
16:50: lea dollery@uswitch.touchclarity[1].txt (ID = 3566)
16:50: Found Spy Cookie: customer cookie
16:50: lea dollery@customer[1].txt (ID = 2481)
16:50: lea dollery@customer[2].txt (ID = 2481)
16:50: adam goodall@a[1].txt (ID = 2027)
16:50: Found Spy Cookie: rightmedia cookie
16:50: adam goodall@rightmedia[1].txt (ID = 3259)
16:50: Found Spy Cookie: affiliatefuel.com cookie
16:50: adam goodall@www.affiliatefuel[1].txt (ID = 2202)
16:50: adam goodall@atdmt[2].txt (ID = 2253)
16:50: Found Spy Cookie: columbiahouse cookie
16:50: adam goodall@columbiahouse[1].txt (ID = 2443)
16:50: Found Spy Cookie: mp3downloading cookie
16:50: adam goodall@mp3downloading[1].txt (ID = 3016)
16:50: adam goodall@www.mp3downloading[1].txt (ID = 3017)
16:50: adam goodall@rs0.co[1].txt (ID = 2430)
16:50: adam goodall@ask[2].txt (ID = 2245)
16:50: adam goodall@atwola[4].txt (ID = 2255)
16:50: adam goodall@toplist[3].txt (ID = 3557)
16:50: Found Spy Cookie: ugo cookie
16:50: adam goodall@www.ugo[1].txt (ID = 3609)
16:50: Found Spy Cookie: go.com cookie
16:50: adam goodall@go[1].txt (ID = 2728)
16:50: Found Spy Cookie: adviva cookie
16:50: adam goodall@adviva[2].txt (ID = 2177)
16:50: adam goodall@www.screensavers[2].txt (ID = 3298)
16:50: adam goodall@rsi.espn.go[1].txt (ID = 2729)
16:50: adam goodall@espn.go[1].txt (ID = 2729)
16:50: adam goodall@proxy.espn.go[2].txt (ID = 2729)
16:50: Found Spy Cookie: yadro cookie
16:50: adam goodall@yadro[2].txt (ID = 3743)
16:50: Found Spy Cookie: spywarestormer cookie
16:50: adam goodall@spywarestormer[2].txt (ID = 3417)
16:50: adam goodall@kount[1].txt (ID = 2911)
16:50: adam goodall@atwola[2].txt (ID = 2255)
16:50: adam goodall@dist.belnk[2].txt (ID = 2293)
16:50: adam goodall@888[1].txt (ID = 2019)
16:50: Found Spy Cookie: adecn cookie
16:50: adam goodall@adecn[2].txt (ID = 2063)
16:50: Found Spy Cookie: aa cookie
16:50: adam goodall@aa[1].txt (ID = 2029)
16:50: adam goodall@www.ask[1].txt (ID = 2246)
16:50: Found Spy Cookie: mediaplex cookie
16:50: adam goodall@mediaplex[1].txt (ID = 6442)
16:50: adam goodall@www.888[2].txt (ID = 2020)
16:50: Found Spy Cookie: advertising cookie
16:50: adam goodall@advertising[2].txt (ID = 2175)
16:50: Found Spy Cookie: did-it cookie
16:50: adam goodall@did-it[1].txt (ID = 2523)
16:50: adam goodall@servlet[2].txt (ID = 3345)
16:50: Found Spy Cookie: adtech cookie
16:50: adam goodall@adtech[2].txt (ID = 2155)
16:50: adam goodall@web.ask[1].txt (ID = 2246)
16:50: adam goodall@azjmp[4].txt (ID = 2270)
16:50: adam goodall@gostats[1].txt (ID = 2747)
16:50: Found Spy Cookie: hotlog cookie
16:50: adam goodall@hotlog[1].txt (ID = 2801)
16:50: Found Spy Cookie: about cookie
16:50: adam goodall@about[2].txt (ID = 2037)
16:50: adam goodall@888[2].txt (ID = 2019)
16:50: adam goodall@c2.gostats[1].txt (ID = 2748)
16:50: adam goodall@nextag[2].txt (ID = 5014)
16:50: Found Spy Cookie: onestat.com cookie
16:50: adam goodall@stat.onestat[2].txt (ID = 3098)
16:50: adam goodall@ask[1].txt (ID = 2245)
16:50: adam goodall@888[4].txt (ID = 2019)
16:50: adam goodall@mediamgr.ugo[2].txt (ID = 3609)
16:50: Found Spy Cookie: statcounter cookie
16:50: adam goodall@statcounter[1].txt (ID = 3447)
16:50: adam goodall@azjmp[2].txt (ID = 2270)
16:50: Found Spy Cookie: freestats.net cookie
16:50: adam goodall@hatland.freestats[3].txt (ID = 2705)
16:50: Found Spy Cookie: 247realmedia cookie
16:50: adam goodall@247realmedia[2].txt (ID = 1953)
16:50: Found Spy Cookie: rn11 cookie
16:50: adam goodall@rn11[1].txt (ID = 3261)
16:50: adam goodall@ccbill[2].txt (ID = 2369)
16:50: Found Spy Cookie: moviemonster cookie
16:50: adam goodall@moviemonster[1].txt (ID = 3010)
16:50: adam goodall@dist.belnk[4].txt (ID = 2293)
16:50: Found Spy Cookie: precisead cookie
16:50: adam goodall@adopt.precisead[2].txt (ID = 3182)
16:50: adam goodall@belnk[1].txt (ID = 2292)
16:50: Found Spy Cookie: barelylegal cookie
16:50: adam goodall@c.fsx[1].txt (ID = 2286)
16:50: adam goodall@hatland.freestats[2].txt (ID = 2705)
16:50: Found Spy Cookie: infospace cookie
16:50: adam goodall@infospace[2].txt (ID = 2865)
16:50: Found Spy Cookie: gamespy cookie
16:50: adam goodall@ps2.gamespy[1].txt (ID = 2719)
16:50: adam goodall@cassava[1].txt (ID = 2362)
16:50: adam goodall@888[3].txt (ID = 2019)
16:50: adam goodall@anm.co[1].txt (ID = 2223)
16:50: Found Spy Cookie: falkag cookie
16:50: adam goodall@sel.as-us.falkag[2].txt (ID = 2650)
16:50: adam goodall@go[2].txt (ID = 2728)
16:50: adam goodall@azjmp[3].txt (ID = 2270)
16:50: adam goodall@ask[3].txt (ID = 2245)
16:50: adam goodall@gosouthamerica.about[2].txt (ID = 2038)
16:50: adam goodall@rightmedia[2].txt (ID = 3259)
16:50: adam goodall@teenadvice.about[1].txt (ID = 2038)
16:50: adam goodall@shoes.about[2].txt (ID = 2038)
16:50: adam goodall@worldsoccer.about[1].txt (ID = 2038)
16:50: Found Spy Cookie: fe.lea.lycos.com cookie
16:50: adam goodall@fe.lea.lycos[1].txt (ID = 2660)
16:50: adam goodall@stat.dealtime[1].txt (ID = 2506)
16:50: adam goodall@tracking[1].txt (ID = 3571)
16:50: Found Spy Cookie: mrskin cookie
16:50: adam goodall@mrskin[2].txt (ID = 3020)
16:50: adam goodall@adopt.hbmediapro[3].txt (ID = 2768)
16:50: adam goodall@nextag[3].txt (ID = 5014)
16:50: adam goodall@xiti[1].txt (ID = 3717)
16:50: adam goodall@offeroptimizer[1].txt (ID = 3087)
16:50: Found Spy Cookie: go2net.com cookie
16:50: adam goodall@go2net[1].txt (ID = 2730)
16:50: adam goodall@as-us.falkag[2].txt (ID = 2650)
16:50: adam goodall@spywarestormer[1].txt (ID = 3417)
16:50: Found Spy Cookie: 3 cookie
16:50: adam goodall@3[2].txt (ID = 1959)
16:50: adam goodall@affiliatemarketing.directtrack[2].txt (ID = 2528)
16:50: adam goodall@msn.touchclarity[2].txt (ID = 3566)
16:50: adam goodall@servlet[3].txt (ID = 3345)
16:50: adam goodall@64.62.232[1].txt (ID = 1987)
16:50: Found Spy Cookie: realmedia cookie
16:50: adam goodall@realmedia[1].txt (ID = 3235)
16:50: adam goodall@atwola[3].txt (ID = 2255)
16:50: Found Spy Cookie: wegcash cookie
16:50: adam goodall@free.wegcash[1].txt (ID = 3682)
16:50: adam goodall@dealtime[1].txt (ID = 2505)
16:50: Found Spy Cookie: paycounter cookie
16:50: adam goodall@paycounter[1].txt (ID = 3115)
16:50: adam goodall@web.ask[3].txt (ID = 2246)
16:50: adam goodall@www.ask[3].txt (ID = 2246)
16:50: adam goodall@servlet[1].txt (ID = 3345)
16:50: adam goodall@ccbill[1].txt (ID = 2369)
16:50: Found Spy Cookie: 5 cookie
16:50: adam goodall@67.15.5[2].txt (ID = 1980)
16:50: Found Spy Cookie: redzip cookie
16:50: adam goodall@www.redzip[1].txt (ID = 3250)
16:50: Found Spy Cookie: upspiral cookie
16:50: adam goodall@www.upspiral[1].txt (ID = 3615)
16:50: adam goodall@64.62.232[2].txt (ID = 1987)
16:50: adam goodall@dist.belnk[3].txt (ID = 2293)
16:50: adam goodall@adopt.hbmediapro[2].txt (ID = 2768)
16:50: adam goodall@video.movies.go[1].txt (ID = 2729)
16:50: Found Spy Cookie: casalemedia cookie
16:50: adam goodall@casalemedia[2].txt (ID = 2354)
16:50: Found Spy Cookie: qsrch cookie
16:50: adam goodall@newnet.qsrch[2].txt (ID = 3216)
16:50: Found Spy Cookie: serving-sys cookie
16:50: adam goodall@serving-sys[2].txt (ID = 3343)
16:50: adam goodall@i.screensavers[1].txt (ID = 3298)
16:50: Found Spy Cookie: monstermarketplace cookie
16:50: adam goodall@monstermarketplace[1].txt (ID = 3006)
16:50: adam goodall@www.screensavers[1].txt (ID = 3298)
16:50: Found Spy Cookie: pointroll cookie
16:50: adam goodall@ads.pointroll[2].txt (ID = 3148)
16:50: Found Spy Cookie: fastclick cookie
16:50: adam goodall@fastclick[2].txt (ID = 2651)
16:50: adam goodall@collectibles.about[2].txt (ID = 2038)
16:50: adam goodall@ath.belnk[2].txt (ID = 2293)
16:50: adam goodall@rs0.co[3].txt (ID = 2430)
16:50: Found Spy Cookie: clixgalore cookie
16:50: adam goodall@www.clixgalore[1].txt (ID = 2417)
16:50: Found Spy Cookie: herfirstlesbiansex cookie
16:50: adam goodall@herfirstlesbiansex[1].txt (ID = 2771)
16:50: Found Spy Cookie: askmen cookie
16:50: adam goodall@askmen[2].txt (ID = 2247)
16:50: adam goodall@toplist[2].txt (ID = 3557)
16:50: Found Spy Cookie: yieldmanager cookie
16:50: adam goodall@ad.yieldmanager[2].txt (ID = 3751)
16:50: Found Spy Cookie: bluestreak cookie
16:50: adam goodall@bluestreak[1].txt (ID = 2314)
16:50: Found Spy Cookie: tribalfusion cookie
16:50: adam goodall@tribalfusion[2].txt (ID = 3589)
16:50: adam goodall@statse.webtrendslive[1].txt (ID = 3667)
16:50: adam goodall@media.fastclick[2].txt (ID = 2652)
16:50: Found Spy Cookie: nastypix cookie
16:50: adam goodall@nastypix[2].txt (ID = 3055)
16:50: adam goodall@toplist[4].txt (ID = 3557)
16:50: adam goodall@stat.dealtime[3].txt (ID = 2506)
16:50: Found Spy Cookie: frenchcum cookie
16:50: adam goodall@www.frenchcum[2].txt (ID = 2707)
16:50: adam goodall@customer[1].txt (ID = 2481)
16:50: adam goodall@fe.lea.lycos[2].txt (ID = 2660)
16:50: adam goodall@sideshow.directtrack[1].txt (ID = 2528)
16:50: adam goodall@fe.lea.lycos[3].txt (ID = 2660)
16:50: Found Spy Cookie: hotbar cookie
16:50: adam goodall@adopt.hotbar[2].txt (ID = 4207)
16:50: adam goodall@tracking[2].txt (ID = 3571)
16:50: adam goodall@i.screensavers[2].txt (ID = 3298)
16:50: adam goodall@64.62.232[4].txt (ID = 1987)
16:50: Found Spy Cookie: socalcoeds.com cookie
16:50: adam goodall@socalcoeds[2].txt (ID = 3393)
16:50: Found Spy Cookie: adultrevenueservice cookie
16:50: adam goodall@adultrevenueservice[2].txt (ID = 2167)
16:50: adam goodall@promo.moviemonster[1].txt (ID = 3011)
16:50: adam goodall@hsbc.touchclarity[1].txt (ID = 3566)
16:50: adam goodall@partypoker[2].txt (ID = 3111)
16:50: Found Spy Cookie: mysearchnow cookie
16:50: adam goodall@mysearchnow[1].txt (ID = 3047)
16:50: adam goodall@tracking[3].txt (ID = 3571)
16:50: adam goodall@adultfriendfinder[1].txt (ID = 2165)
16:50: adam goodall@66.220.17[1].txt (ID = 1991)
16:50: Cookie Sweep Complete, Elapsed Time: 00:00:12
16:50: Starting File Sweep
16:50: Warning: Failed to open file "c:\hiberfil.sys". Access is denied
16:50: Warning: Failed to open file "c:\pagefile.sys". Access is denied
16:55: Warning: Failed to open file "c:\windows\system32\config\system.log". The process cannot access the file because it is being used by another process
16:55: Warning: Failed to open file "c:\windows\system32\config\software.log". The process cannot access the file because it is being used by another process
16:55: Warning: Failed to open file "c:\windows\system32\config\default.log". The process cannot access the file because it is being used by another process
16:55: Warning: Failed to open file "c:\windows\system32\config\sam.log". The process cannot access the file because it is being used by another process
16:55: Warning: Failed to open file "c:\windows\system32\config\security.log". The process cannot access the file because it is being used by another process
16:55: Warning: Failed to open file "c:\windows\system32\config\default". The process cannot access the file because it is being used by another process
16:55: Warning: Failed to open file "c:\windows\system32\config\security". The process cannot access the file because it is being used by another process
16:55: Warning: Failed to open file "c:\windows\system32\config\software". The process cannot access the file because it is being used by another process
16:55: Warning: Failed to open file "c:\windows\system32\config\system". The process cannot access the file because it is being used by another process
16:55: Warning: Failed to open file "c:\windows\system32\config\sam". The process cannot access the file because it is being used by another process
16:58: Warning: Failed to open file "c:\windows\temp\jetb46b.tmp". The process cannot access the file because it is being used by another process
16:58: Warning: Failed to open file "c:\windows\temp\perflib_perfdata_798.dat". The process cannot access the file because it is being used by another process
16:59: Warning: Failed to open file "c:\windows\temp\_avast4_\webshlock.txt". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa145e8ff-7be5-4471-b6fa-2ef1d3aca416.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs50bcffc1-fb5d-4394-b264-cfe97f65adb1.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8018c8c5-fb8c-48d6-bc11-66da97b64341.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs11b19d77-b0e6-413e-a355-28a9a942474b.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs404f15e1-781e-45e4-afb8-d536f1ccbd7c.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc3f7f302-025f-4ed4-b821-48182ce856fc.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs65120e10-e55b-4461-aa59-01f27ac03bba.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs679eaf53-53a3-4293-b657-290bb66b3884.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs69d3d80d-097c-4b23-ad38-c325c33f5867.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd005e4c3-d2dc-42ee-bc54-c5f3b2874052.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3b780322-092c-4418-8ac2-598df1603cbc.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsde002548-b9e6-4e40-bac0-8880f7573308.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8947a96f-06d0-4b88-a831-e0a40be12b2b.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsada5609d-eed2-4e46-bb73-65ebf2aebbad.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa8500934-a010-411d-a49d-a4bfc8102e2a.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa9dcb442-4e5f-4395-8a30-e2ead0a5ceb6.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs25287365-d87d-4082-b994-46dc208109f4.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf52a9a7f-77e5-47b8-9844-c5732132773c.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsacfe2f16-56c1-4195-80cd-d6eaea684dd6.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs20d8962d-a8d7-4555-8cc5-f5a5004dc375.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9b59944f-2516-4c26-9689-f7a939f23b29.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs84065356-1a73-44ae-a6fa-e4131008c806.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb320a053-f3da-480d-bbc2-faf7b6a4844c.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs62c92db9-9565-41cc-a57c-72b90bc84068.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs1c07ae4c-8aef-48b7-8c6d-a9cd0886e7c4.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse02cdcc2-1b35-4fa5-a202-99d66846b102.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3d0df439-f59d-479c-84fe-ae3ace816b4c.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsfbc1431d-9324-4aa7-81dd-27ef5ff63089.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6ca5f453-8d01-41a2-b331-913ead471248.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc2809f0f-ab72-45c1-b10e-833c91074b2d.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs93d2ce4e-8702-4ebf-9134-4647b1402a87.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsece5c413-72b6-4bd1-9dfe-e1ed7a7b2a21.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5cecd0ed-9516-4d03-bf62-167eea40dae1.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8c2fa5d3-304d-44cb-8cff-699ba54e0579.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs05e6b50e-2d6c-47c9-8e23-c9daa9d47138.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb4863d6f-b84d-49e3-a377-920d4f8578f0.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsea28ab57-4b6f-477f-8b29-4d815429a843.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs08a0184e-fb28-486a-bff6-e163ebdcdb39.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc0982ca6-dcaa-4daf-9fe2-a113b0cc3343.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs0cb7a272-e935-42d0-af48-559dc35ebef9.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs745ba380-3372-4612-8b8a-176c3648644f.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9ca2c73b-f5f4-4d50-8078-10678c7336ea.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs7eb7847c-c037-4dcb-b25c-e8ae134f8d59.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs397b2933-c751-4d4b-ad59-1c42cd85f98f.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs735768a9-d476-4c40-ac9e-5d8e25d7a641.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd7598188-e10e-4a5a-b0ea-079cab2fa70c.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs77bf819f-b094-4fc1-8ea5-f87f88e5b383.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs71208dcf-928e-4e50-9f7e-dafde3a4edc5.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs79a962c9-41c3-4102-8cf2-547600585885.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsfb3b75bc-b7f6-452b-890f-63f7db1dbf97.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4ffbae4a-f7d1-4d01-9754-e2bf185138d6.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs68a7efb1-27be-483d-aa1a-4afb609aaec3.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsced44878-6bb8-43d3-80c9-808becfc741e.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsde13a4dd-86eb-4454-858d-45145acc6ff9.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6f0368e9-6e80-463e-a317-deef7f6226f4.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3d53cb1d-7525-461c-bd0d-eb5b23d5536b.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf88ebe92-5ed5-43cd-8d53-3b528086bae6.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsfc0f2d60-fa6c-4d05-9a9b-18d95582ad59.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9b613713-d0ac-47b9-867b-c6674ba46448.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3bdd282b-83d9-4bcc-b51c-b25407c78325.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2c996c6b-fd2f-4e5c-93ad-d95d399f1b5b.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs02bb0ca3-3d60-46da-8305-8c6ddc4536cd.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa8e0ed33-dc4c-4784-b81f-a4e5565d11d3.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd1862d78-6582-4a87-9f38-704ed62b68f2.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs07e8fa7f-93a7-4aa5-b802-09f61cb698da.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs49c89915-606c-408c-9592-5dd44ac0cdde.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsaae27d18-5083-46ca-932c-62adead323ba.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs7317f82d-c6fc-4f5c-b78d-0db124b6af2f.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs013573b2-40cd-48d6-b55b-d1f6e5e0ebf5.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse5188e35-b4d4-47f4-af97-d68881e6e507.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs0c8b263b-f5a5-4bfd-9c8c-320b3f17a878.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc58db10d-c31c-4180-9938-888c663b51a2.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs249b00c1-9448-4ef0-bef8-1718db4711ed.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsfdb0b872-315e-4362-87d8-9157cceba79e.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4ff904fa-2a1b-4588-8dfc-7f12b6cefef4.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse8089332-e7c2-4e7a-bc9e-4fa25313c12f.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc8d465d5-d709-46a9-8660-a5065c25bbe6.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd3a78a4f-aa75-4af0-9f65-6efff7500746.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs845210a8-ab67-421f-877b-4eac22c1b667.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs82b26d58-1882-4d99-aac3-299e7f681e43.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse9632b9d-42f3-4c3b-bb85-56d1ecc09321.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3ea28875-7731-483c-8f25-5db9dfc0b4ea.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsaf24da38-cc56-4c05-9def-8edef030d783.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3f78f1cc-8163-4cce-877a-7bdb139e6f30.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs07779375-cd09-4a33-87b1-27b56969eb9a.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs606559f9-dc33-4bf0-94cc-62a9507a366f.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3d227c11-6144-441a-9ad0-7ea28d4eee37.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb96e6b7c-5510-45d3-ae32-7a92689c8c87.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc6e00f56-238b-4a91-9d28-fb81fa0ae30b.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2b31c2c1-9b9b-41d3-9291-a31c54720de1.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs0ee224fd-cd43-42f2-94db-247ee6194fae.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse0e1ff75-1947-4b5b-a5dd-6b801542ab8f.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4615c910-0401-4384-8017-54f98e5f43cb.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6b57403e-ebaa-4b0c-be56-dc917aa76838.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3678d5c4-5e3b-4d11-ba1f-76a5ff6a03a4.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8125c341-bc3c-48a6-9ea3-3e5f4c2b93a2.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf6065a53-4ad5-4809-b6c2-41edce519af8.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5628f923-39b3-4fc4-b59b-cab90417c07e.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6ca22886-c2b1-4245-9cc6-52bd4052c5c9.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs33b13fc9-e2bb-4e28-a497-ddff81f8e1e9.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf2c92acc-090f-4277-891f-5a170469eea9.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse03c31cb-afac-4bea-a0dd-31bc60870e29.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs28beaf5a-d4b6-42ac-a491-61c1d6777dd9.tmp". The process cannot access the file because it is being used by another process
17:09: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsed3a5f22-2f03-45eb-a28e-fdea7f16c143.tmp". The process cannot access the file because it is being used by another process
17:10: Found Adware: lopdotcom
17:10: bisc71.exe (ID = 304)
17:14: Warning: Failed to open file "c:\documents and settings\lea dollery\ntuser.dat.log". The process cannot access the file because it is being used by another process
17:14: Warning: Failed to open file "c:\documents and settings\lea dollery\ntuser.dat". The process cannot access the file because it is being used by another process
17:15: Warning: Failed to open file "c:\documents and settings\lea dollery\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
17:15: Warning: Failed to open file "c:\documents and settings\lea dollery\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
17:15: bike style.exe (ID = 304)
17:15: HKU\WRSS_Profile_S-1-5-21-3962057300-3591555781-2092097361-1006\Software\Microsoft\Windows\CurrentVersion\Run || HtmSecond (ID = 0)
17:16: caw1uz01.htm (ID = 110396)
17:16: ca6ngxuj.htm (ID = 110396)
17:16: ca49ev8d.htm (ID = 110396)
17:16: caqjyril.htm (ID = 110396)
17:16: ca320njt.htm (ID = 110396)
17:16: ca2vmfu9.htm (ID = 110396)
17:16: ca5gsztx.htm (ID = 110396)
17:16: ca7ukf71.htm (ID = 110396)
17:16: ca892r49.htm (ID = 110396)
17:16: cam34pyj.htm (ID = 110396)
17:16: cagl29xu.htm (ID = 110396)
17:16: ca3a4nnh.htm (ID = 110396)
17:16: caebaz6h.htm (ID = 110396)
17:16: ca1s8359.htm (ID = 110396)
17:16: cach6tzs.htm (ID = 110396)
17:16: calo0j1d.htm (ID = 110396)
17:16: calo0f1d.htm (ID = 110396)
17:16: caebav6h.htm (ID = 110396)
17:16: cax0o3d1.htm (ID = 110396)
17:16: cahwgj95.htm (ID = 110396)
17:16: ca2zm7ut.htm (ID = 110396)
17:16: ca5ksvxh.htm (ID = 110396)
17:16: cad4wnhx.htm (ID = 110396)
17:16: capgkbtl.htm (ID = 110396)
17:16: cat847lt.htm (ID = 110396)
17:16: caivkxo5.htm (ID = 110396)
17:16: ca9ccrpl.htm (ID = 110396)
17:16: calo0fx9.htm (ID = 110396)
17:16: ca7esnz1.htm (ID = 110396)
17:16: caj6onnl.htm (ID = 110396)
17:16: cat4kvl5.htm (ID = 110396)
17:16: capcwztt.htm (ID = 110396)
17:16: ca81a70d.htm (ID = 110396)
17:16: caqja7id.htm (ID = 110396)
17:16: cay3kpkp.htm (ID = 110396)
17:16: ca5g4fxp.htm (ID = 110396)
17:16: cakdyrc1.htm (ID = 110396)
17:16: cakdmfc9.htm (ID = 110396)
17:16: cazagnnl.htm (ID = 110396)
17:16: cay32fy1.htm (ID = 110396)
17:16: cauz4hib.htm (ID = 110396)
17:16: ca6zwpw1.htm (ID = 110396)
17:16: ca85yjw1.htm (ID = 110396)
17:16: caivshub.htm (ID = 110396)
17:16: ca852jkt.htm (ID = 110396)
17:16: calk0fx9.htm (ID = 110396)
17:16: caoduxvw.htm (ID = 110396)
17:16: cag52v4l.htm (ID = 110396)
17:16: caracbrp.htm (ID = 110396)
17:16: cayn2vml.htm (ID = 110396)
17:17: cai30tsh.htm (ID = 110396)
17:17: ca3m0z3d.htm (ID = 110396)
17:17: caurizud.htm (ID = 110396)
17:17: cao5mr4d.htm (ID = 110396)
17:17: cay3iz2x.htm (ID = 110396)
17:17: cam7wl63.htm (ID = 110396)
17:17: cat4kvl5.htm (ID = 110396)
17:17: canys3fx.htm (ID = 110396)
17:17: capckjt1.htm (ID = 110396)
17:17: cazagrrl.htm (ID = 110396)
17:17: ca49ev8d.htm (ID = 110396)
17:17: cae7a36x.htm (ID = 110396)
17:17: caubinat.htm (ID = 110396)
17:17: cay76f2l.htm (ID = 110396)
17:17: cax0s7d1.htm (ID = 110396)
17:17: ca5ksvxd.htm (ID = 110396)
17:17: cao9634x.htm (ID = 110396)
17:17: cad4wndt.htm (ID = 110396)
17:17: ca9ccrll.htm (ID = 110396)
17:17: cavmwnvt.htm (ID = 110396)
17:17: cal8wfp1.htm (ID = 110396)
17:18: canu4bbl.htm (ID = 110396)
17:18: calgcvxh.htm (ID = 110396)
17:18: caiv67ut.htm (ID = 110396)
17:18: caxs0j95.htm (ID = 110396)
17:18: camnq3m1.htm (ID = 110396)
17:18: cajykfjd.htm (ID = 110396)
17:18: cau3uv2h.htm (ID = 110396)
17:18: cads8391.htm (ID = 110396)
17:18: caa72b6d.htm (ID = 110396)
17:18: caezm7yl.htm (ID = 110396)
17:18: ca09638t.htm (ID = 110396)
17:18: ca5847pl.htm (ID = 110396)
17:18: cagdencp.htm (ID = 110396)
17:18: cayvenup.htm (ID = 110396)
17:18: ca90o3ht.htm (ID = 110396)
17:18: casp2bod.htm (ID = 110396)
17:18: cair63qt.htm (ID = 110396)
17:18: calccrth.htm (ID = 110396)
17:18: camjqzi1.htm (ID = 110396)
17:18: caf60fn5.htm (ID = 110396)
17:18: canys3fx.htm (ID = 110396)
17:18: ca6n6bmh.htm (ID = 110396)
17:18: ca2vmfu9.htm (ID = 110396)
17:18: cadosn5l.htm (ID = 110396)
17:18: cavm0rzx.htm (ID = 110396)
17:18: ca5kwzxh.htm (ID = 110396)
17:18: cao96741.htm (ID = 110396)
17:18: calo0j1d.htm (ID = 110396)
17:18: cat84blt.htm (ID = 110396)
17:18: ca9ccvpp.htm (ID = 110396)
17:18: cafaczr1.htm (ID = 110396)
17:18: cac5q745.htm (ID = 110396)
17:18: casl27k9.htm (ID = 110396)
17:18: catsgf9t.htm (ID = 110396)
17:19: cafmsj3l.htm (ID = 110396)
17:19: cat0obxl.htm (ID = 110396)
17:19: cayzmfed.htm (ID = 110396)
17:19: caw5mbgt.htm (ID = 110396)
17:19: carygnjx.htm (ID = 110396)
17:19: ca6vavy5.htm (ID = 110396)
17:19: caa3aj21.htm (ID = 110396)
17:19: cafy8njt.htm (ID = 110396)
17:19: carugjft.htm (ID = 110396)
17:19: cayfabit.htm (ID = 110396)
17:19: ca3a4bvl.htm (ID = 110396)
17:19: cak5mf8l.htm (ID = 110396)
17:19: ca67ebah.htm (ID = 110396)
17:19: cap0sfhl.htm (ID = 110396)
17:19: cauzqjyd.htm (ID = 110396)
17:19: cag5an81.htm (ID = 110396)
17:19: cacdqrgt.htm (ID = 110396)
17:20: ca14g7pp.htm (ID = 110396)
17:20: caw9i7cx.htm (ID = 110396)
17:20: cal08jlp.htm (ID = 110396)
17:20: cakh6dvo.htm (ID = 110396)
17:20: cah8onth.htm (ID = 110396)
17:20: cavu4rf9.htm (ID = 110396)
17:20: cahcovxl.htm (ID = 110396)
17:20: caxc0j5d.htm (ID = 110396)
17:20: cakxuj09.htm (ID = 110396)
17:22: cafeo7rh.htm (ID = 110396)
17:22: caqfarat.htm (ID = 110396)
17:22: caktufw9.htm (ID = 110396)
17:22: ca0huvc1.htm (ID = 110396)
17:22: cahwwzdd.htm (ID = 110396)
17:22: casdazgt.htm (ID = 110396)
17:22: caizef6t.htm (ID = 110396)
17:22: caujabel.htm (ID = 110396)
17:22: cac1abwl.htm (ID = 110396)
17:22: cazi8fvd.htm (ID = 110396)
17:22: cag56hdu.htm (ID = 110396)
17:22: ca3u0f3d.htm (ID = 110396)
17:27: c:\program files\screensavers.com (10 subtraces) (ID = -2147480365)
17:27: siuninst.exe (ID = 74757)
17:27: swpstart.exe (ID = 74759)
17:28: Warning: Failed to open file "c:\program files\kodak\kodak software updater\7288971\users\default\data\chandir.idx". The process cannot access the file because it is being used by another process
17:28: Warning: Failed to open file "c:\program files\kodak\kodak software updater\7288971\users\default\data\d0000000.fcs". The process cannot access the file because it is being used by another process
17:28: Warning: Failed to open file "c:\program files\kodak\kodak software updater\7288971\users\default\data\l0000006.fcs". The process cannot access the file because it is being used by another process
17:28: Warning: Failed to open file "c:\program files\kodak\kodak software updater\7288971\users\default\data\chandir.dat". The process cannot access the file because it is being used by another process
17:28: Warning: Failed to open file "c:\program files\kodak\kodak software updater\7288971\users\default\data\storydb.dat". The process cannot access the file because it is being used by another process
17:28: Warning: Failed to open file "c:\program files\kodak\kodak software updater\7288971\users\default\data\storydb.idx". The process cannot access the file because it is being used by another process
17:28: Warning: Failed to open file "c:\program files\kodak\kodak software updater\7288971\users\default\data\chn.dat". The process cannot access the file because it is being used by another process
17:28: Warning: Failed to open file "c:\program files\kodak\kodak software updater\7288971\users\default\data\chn.idx". The process cannot access the file because it is being used by another process
17:28: Warning: Failed to open file "c:\program files\kodak\kodak software updater\7288971\users\default\data\prs_die.dat". The process cannot access the file because it is being used by another process
17:28: Warning: Failed to open file "c:\program files\kodak\kodak software updater\7288971\users\default\data\prs_die.idx". The process cannot access the file because it is being used by another process
17:28: Warning: Failed to open file "c:\program files\kodak\kodak software updater\7288971\users\default\data\prs_dnd.dat". The process cannot access the file because it is being used by another process
17:28: Warning: Failed to open file "c:\program files\kodak\kodak software updater\7288971\users\default\data\prs_dnd.idx". The process cannot access the file because it is being used by another process
17:28: Warning: Failed to open file "c:\program files\kodak\kodak software updater\7288971\users\default\data\prs_ext.dat". The process cannot access the file because it is being used by another process
17:28: Warning: Failed to open file "c:\program files\kodak\kodak software updater\7288971\users\default\data\prs_ext.idx". The process cannot access the file because it is being used by another process
17:28: Warning: Failed to open file "c:\program files\kodak\kodak software updater\7288971\users\default\data\prs_rcv.dat". The process cannot access the file because it is being used by another process
17:28: Warning: Failed to open file "c:\program files\kodak\kodak software updater\7288971\users\default\data\prs_rcv.idx". The process cannot access the file because it is being used by another process
17:28: Warning: Failed to open file "c:\program files\kodak\kodak software updater\7288971\users\default\data\prs.dat". The process cannot access the file because it is being used by another process
17:28: Warning: Failed to open file "c:\program files\kodak\kodak software updater\7288971\users\default\data\prs.idx". The process cannot access the file because it is being used by another process
17:33: a0010862.exe (ID = 91)
17:33: a0012297.exe (ID = 308)
17:33: Found Adware: winantispyware 2005
17:33: a0013375.sys (ID = 238540)
17:33: a0014376.exe (ID = 308)
17:33: a0014377.exe (ID = 121)
17:33: a0014378.exe (ID = 90)
17:33: backup-20051102-224356-861.inf (ID = 80471)
17:33: backup-20051102-224357-194.inf (ID = 74756)
17:33: cornthetrust.exe (ID = 90)
17:33: 32 ante balm platform.exe (ID = 121)
17:33: tcnyfrqk.exe (ID = 308)
17:34: Warning: Invalid file - not a PKZip file
17:34: Warning: Invalid file - not a PKZip file
17:34: File Sweep Complete, Elapsed Time: 00:43:49
17:34: Full Sweep has completed. Elapsed time 00:54:02
17:34: Traces Found: 493
17:35: Removal process initiated
17:35: Quarantining All Traces: 180search assistant/zango
17:35: Quarantining All Traces: lopdotcom
17:35: Quarantining All Traces: phisher-sars
17:36: Quarantining All Traces: ultraview plus
17:36: Quarantining All Traces: energy plugin
17:36: Quarantining All Traces: starware toolbar
17:36: Quarantining All Traces: trojan-downloader-domcom
17:36: Quarantining All Traces: screensavers
17:36: Quarantining All Traces: 247realmedia cookie
17:36: Quarantining All Traces: 3 cookie
17:36: Quarantining All Traces: 5 cookie
17:36: Quarantining All Traces: 64.62.232 cookie
17:36: Quarantining All Traces: 66.220.17 cookie
17:36: Quarantining All Traces: 888 cookie
17:36: Quarantining All Traces: a cookie
17:36: Quarantining All Traces: aa cookie
17:36: Quarantining All Traces: about cookie
17:36: Quarantining All Traces: adecn cookie
17:36: Quarantining All Traces: adtech cookie
17:36: Quarantining All Traces: adultfriendfinder cookie
17:36: Quarantining All Traces: adultrevenueservice cookie
17:36: Quarantining All Traces: advertising cookie
17:36: Quarantining All Traces: adviva cookie
17:36: Quarantining All Traces: affiliatefuel.com cookie
17:36: Quarantining All Traces: ask cookie
17:36: Quarantining All Traces: askmen cookie
17:36: Quarantining All Traces: associated new media cookie
17:36: Quarantining All Traces: atlas dmt cookie
17:36: Quarantining All Traces: atwola cookie
17:36: Quarantining All Traces: azjmp cookie
17:36: Quarantining All Traces: banners cookie
17:36: Quarantining All Traces: barelylegal cookie
17:36: Quarantining All Traces: belnk cookie
17:36: Quarantining All Traces: bizrate cookie
17:36: Quarantining All Traces: bluestreak cookie
17:36: Quarantining All Traces: casalemedia cookie
17:36: Quarantining All Traces: cassava cookie
17:36: Quarantining All Traces: ccbill cookie
17:36: Quarantining All Traces: clixgalore cookie
17:36: Quarantining All Traces: co cookie
17:36: Quarantining All Traces: columbiahouse cookie
17:36: Quarantining All Traces: customer cookie
17:36: Quarantining All Traces: dealtime cookie
17:36: Quarantining All Traces: did-it cookie
17:36: Quarantining All Traces: directtrack cookie
17:36: Quarantining All Traces: falkag cookie
17:36: Quarantining All Traces: fastclick cookie
17:36: Quarantining All Traces: fe.lea.lycos.com cookie
17:36: Quarantining All Traces: firstchoice cookie
17:36: Quarantining All Traces: freestats.net cookie
17:36: Quarantining All Traces: frenchcum cookie
17:36: Quarantining All Traces: gamespy cookie
17:36: Quarantining All Traces: go.com cookie
17:36: Quarantining All Traces: go2net.com cookie
17:36: Quarantining All Traces: gostats cookie
17:36: Quarantining All Traces: hbmediapro cookie
17:36: Quarantining All Traces: herfirstlesbiansex cookie
17:36: Quarantining All Traces: hotbar cookie
17:36: Quarantining All Traces: hotlog cookie
17:36: Quarantining All Traces: hotmatch cookie
17:36: Quarantining All Traces: ic-live cookie
17:36: Quarantining All Traces: infospace cookie
17:36: Quarantining All Traces: kount cookie
17:36: Quarantining All Traces: mediaplex cookie
17:36: Quarantining All Traces: monstermarketplace cookie
17:36: Quarantining All Traces: moviemonster cookie
17:36: Quarantining All Traces: mp3downloading cookie
17:36: Quarantining All Traces: mrskin cookie
17:36: Quarantining All Traces: mysearchnow cookie
17:36: Quarantining All Traces: nastypix cookie
17:36: Quarantining All Traces: nextag cookie
17:36: Quarantining All Traces: nuker cookie
17:36: Quarantining All Traces: offeroptimizer cookie
17:36: Quarantining All Traces: onestat.com cookie
17:36: Quarantining All Traces: partypoker cookie
17:36: Quarantining All Traces: paycounter cookie
17:36: Quarantining All Traces: pointroll cookie
17:36: Quarantining All Traces: precisead cookie
17:36: Quarantining All Traces: pricegrabber cookie
17:36: Quarantining All Traces: qsrch cookie
17:36: Quarantining All Traces: realmedia cookie
17:36: Quarantining All Traces: redzip cookie
17:36: Quarantining All Traces: rightmedia cookie
17:36: Quarantining All Traces: rn11 cookie
17:36: Quarantining All Traces: screensavers.com cookie
17:36: Quarantining All Traces: serving-sys cookie
17:36: Quarantining All Traces: servlet cookie
17:36: Quarantining All Traces: socalcoeds.com cookie
17:36: Quarantining All Traces: spywarestormer cookie
17:36: Quarantining All Traces: statcounter cookie
17:36: Quarantining All Traces: toplist cookie
17:36: Quarantining All Traces: touchclarity cookie
17:36: Quarantining All Traces: tracking cookie
17:36: Quarantining All Traces: tribalfusion cookie
17:36: Quarantining All Traces: ugo cookie
17:36: Quarantining All Traces: upspiral cookie
17:36: Quarantining All Traces: webpower cookie
17:36: Quarantining All Traces: webtrendslive cookie
17:36: Quarantining All Traces: wegcash cookie
17:36: Quarantining All Traces: winantispyware 2005
17:36: Quarantining All Traces: www.mature-post cookie
17:36: Quarantining All Traces: xiti cookie
17:36: Quarantining All Traces: xmatch cookie
17:36: Quarantining All Traces: yadro cookie
17:36: Quarantining All Traces: yieldmanager cookie
17:37: Warning: TAllUserItem.Unmap().FlushChanges.LoadKey
17:37: Warning: Failed to quarantine registry items for: S-1-5-21-3962057300-3591555781-2092097361-500
17:37: Warning: TAllUserItem.Unmap().FlushChanges.LoadKey
17:37: Warning: Failed to quarantine registry items for: S-1-5-21-3962057300-3591555781-2092097361-1008
17:37: Removal process completed. Elapsed time 00:02:15
********
16:35: | Start of Session, 15 March 2006 |
16:35: Spy Sweeper started
16:37: Your spyware definitions have been updated.
16:40: | End of Session, 15 March 2006 |

Logfile of HijackThis v1.99.1
Scan saved at 17:42:40, on 15/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.blueyonder.co.uk/welcome
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by blueyonder
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.d ll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O2 - BHO: (no name) - {F479BB77-FECA-0D88-018F-68104C907E5E} - C:\DOCUME~1\ADAMGO~1\APPLIC~1\ONLINE~1\skip axis.exe (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.d ll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SupaDial] C:\Program Files\SupaDial\SupaDial.exe /A
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Workflow] D:\Workflow.exe
O4 - HKLM\..\Run: [Freedom] C:\Program Files\blueyonder\PCguard\RPS.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Control Kids] C:\Program Files\Control Kids\Control kids.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tiny.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?Link...04&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st_current.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.snapfish.co.uk/SnapfishUKUpload.cab
O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.pixdiscount.co.uk/clients/ImageUploader3.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/upload...reUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.blueyonder.co.uk/assets/t...ivePreQual.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {C6F62B7A-5450-4A2F-8687-6CEEC3AEB055} - C:\WINDOWS\system32\controlkids2.dll
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AntiVir Update (AVWUpSrv) - Unknown owner - C:\Program Files\AVPersonal\AVWUPSRV.EXE (file missing)
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

Thanks

Lea

VopThis · #15 (**permalink**) 15-03-2006, 08:08 PM

The EWIDO guard may have interfered with SpySweeper. For future similar scans you should temporarily disable all such real time (guard) agents:

Disable Ewido:

From the system tray, Right-click the system tray icon and Uncheck real time protection.
or From within Ewido -
Under 'Your security status', if the real time protection is active, deactivate it by clicking 'real time protection' until the status says 'inactive'.

MESSENGERPLUS3 is often the source of the LOP infection. Please consider uninstalling it.

Does Kaspersky now run clean?

Suggest you do the following in SAFE MODE:

Fix the following item in HijackThis:

O2 - BHO: (no name) - {F479BB77-FECA-0D88-018F-68104C907E5E} - C:\DOCUME~1\ADAMGO~1\APPLIC~1\ONLINE~1\skip axis.exe (file missing)
(let us know if it is now gone when you check in NORMAL MODE or try removing it in Adam's profile.)

Re-run SpySweeper in SAFE MODE to see if anything has remained unresolved.

dollibird · #16 (**permalink**) 16-03-2006, 09:08 PM

Hi there, here are my latest reports.

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Thursday, March 16, 2006 8:00:56 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 16/03/2006
Kaspersky Anti-Virus database records: 182792
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 105779
Number of viruses found: 7
Number of infected objects: 24
Number of suspicious objects: 0
Duration of the scan process: 01:24:26

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\ADAM GOODALL\Desktop\lopremover.zip/lopremover.exe Infected: not-a-virus:AdWare.Win32.Lop skipped
C:\Documents and Settings\ADAM GOODALL\Desktop\lopremover.zip ZIP: infected - 1 skipped
C:\Documents and Settings\ADAM GOODALL\Desktop\lopremover\lopremover.exe Infected: not-a-virus:AdWare.Win32.Lop skipped
C:\Documents and Settings\LEA DOLLERY\Desktop\lopremover.zip/lopremover.exe Infected: not-a-virus:AdWare.Win32.Lop skipped
C:\Documents and Settings\LEA DOLLERY\Desktop\lopremover.zip ZIP: infected - 1 skipped
C:\Documents and Settings\LEA DOLLERY\Desktop\lopremover\lopremover.exe Infected: not-a-virus:AdWare.Win32.Lop skipped
C:\Documents and Settings\MARK BAILEY\Desktop\lopremover.zip/lopremover.exe Infected: not-a-virus:AdWare.Win32.Lop skipped
C:\Documents and Settings\MARK BAILEY\Desktop\lopremover.zip ZIP: infected - 1 skipped
C:\Documents and Settings\MARK BAILEY\Desktop\lopremover\lopremover.exe Infected: not-a-virus:AdWare.Win32.Lop skipped
C:\Program Files\ESET\cache\FND4C.NFI Infected: not-a-virus

ialer.Win32.gen skipped
C:\Program Files\ESET\cache\FND4D.NFI Infected: not-a-virus

ialer.Win32.gen skipped
C:\Program Files\ESET\infected\DAWJQHDA.NQF/stream/data0001 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Program Files\ESET\infected\DAWJQHDA.NQF/stream/data0002/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
C:\Program Files\ESET\infected\DAWJQHDA.NQF/stream/data0002/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Program Files\ESET\infected\DAWJQHDA.NQF/stream/data0002/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Program Files\ESET\infected\DAWJQHDA.NQF/stream/data0002/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Program Files\ESET\infected\DAWJQHDA.NQF/stream/data0002/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Program Files\ESET\infected\DAWJQHDA.NQF/stream/data0002/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Program Files\ESET\infected\DAWJQHDA.NQF/stream/data0002 Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Program Files\ESET\infected\DAWJQHDA.NQF/stream/data0003 Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped
C:\Program Files\ESET\infected\DAWJQHDA.NQF/stream Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped
C:\Program Files\ESET\infected\DAWJQHDA.NQF NSIS: infected - 10 skipped
C:\Program Files\ESET\infected\DAWJQHDA.NQF PE-Crypt.XorPE: infected - 10 skipped
C:\!KillBox\indexa[1].htm Infected: Exploit.HTML.Mht skipped

Scan process completed.

Logfile of HijackThis v1.99.1
Scan saved at 20:04:09, on 16/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.blueyonder.co.uk/welcome
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by blueyonder
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.d ll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.d ll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SupaDial] C:\Program Files\SupaDial\SupaDial.exe /A
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Workflow] D:\Workflow.exe
O4 - HKLM\..\Run: [Freedom] C:\Program Files\blueyonder\PCguard\RPS.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Control Kids] C:\Program Files\Control Kids\Control kids.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: AudioDeck.lnk = C:\Program Files\VIA Technologies, Inc\VIA Audio Driver Setup Program\AudioDeck\AudioDeck.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tiny.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?Link...04&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st_current.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.co.uk/SnapfishUKActivia.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.snapfish.co.uk/SnapfishUKUpload.cab
O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.pixdiscount.co.uk/clients/ImageUploader3.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/upload...reUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.blueyonder.co.uk/assets/t...ivePreQual.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {C6F62B7A-5450-4A2F-8687-6CEEC3AEB055} - C:\WINDOWS\system32\controlkids2.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AntiVir Update (AVWUpSrv) - Unknown owner - C:\Program Files\AVPersonal\AVWUPSRV.EXE (file missing)
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

Spysweeper was completely clean.

Regards

Lea

VopThis · #17 (**permalink**) 16-03-2006, 10:51 PM

Your HJT log now looks clean. Let us know if there are any known remaining issues.

The items found by Kaspersky are accumulated clutter items:

Delete all existing EXE and ZIP file occurances of lopremover (search for lopremover).
Clean out the NOD32 quarantine area from time to time. These are the items listed in C:\Program Files\ESET\
Delete FOLDER C:\!KillBox