I think I have a problem

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

mac_comp

Thread Starter
Joined
Aug 9, 2003
Messages
24
Hello,

I just came back from holidays and I turned on my computer and it said that there were downloads starting up. Once my computer fully booted up i saw in the bottom right corner an icon that says "System Intrusion Detected" and my browser has also been taken over. I noticed most people put a copy of a log from hijackthis so i decided to do the same. Any help would be greatly appreciated!!!

Logfile of HijackThis v1.99.1
Scan saved at 6:36:03 PM, on 1/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\TBONBin\tbon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\system32\nvctrl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\BRIAN'~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ca/0SEENCA/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://GLOBAL.ACER.COM/
O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hpC661.tmp
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,[email protected]
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
Click here to download smitRem.exe:

http://noahdfear.geekstogo.com/click counter/click.php?id=1

*Save the file to your desktop.
*It is a self extracting file.
*Doubleclick the smitRem.exe and it will extract the files to a smitRem folder on your desktop.
*Do not do anything with it yet. You will run the RunThis.bat file later in safe mode


Download the trial version of Ewido Security Suite:

http://www.ewido.net/en/download/

· Install Ewido.
· During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".

*Launch ewido
*It will prompt you to update click the OK button and it will go to
the main screen
*On the left side of the main screen click update
*Click on Start and let it update.

*DO NOT run a scan yet. You will do that later in safe mode.

* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.

* Restart your computer into safe mode now.

http://service1.symantec.com/SUPPOR...2001052409420406?OpenDocument&src=sec_doc_nam

Perform the following steps in safe mode:

* Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.

Wait for the tool to complete and disk cleanup to finish.

* Run Ewido:

*Click on scanner
*Click Complete System Scan and the scan will begin.
*During the scan it will prompt you to clean files, click OK
*When the scan is finished, look at the bottom of the screen and click the Save report button.
*Save the report to your desktop

* Go to Control Panel > Internet Options. Click on the Programs tab, then click the "Reset Web Settings" button. Click Apply then OK.

* Next go to Control Panel > Display. Click on the "Desktop" tab then click the "Customize Desktop" button. Click on the "Web" tab. Under "Web Pages" you should see an entry checked called something like "Security info" or similar. If it is there, select that entry and click the "Delete" button. Click OK then Apply and OK.

* Restart back into Windows normally now.

* Run ActiveScan online virus scan
http://www.pandasoftware.com/products/activescan.htm

When the scan is finished, anything that it cannot clean have it delete it. Make a note of the file location of anything that cannot be deleted so you can delete it yourself.

- Save the results from the scan to the desktop!

Post a new HijackThis log along with the results from
ActiveScan and Ewido.
 

mac_comp

Thread Starter
Joined
Aug 9, 2003
Messages
24
thank-you very much for your help. i think it worked at least somewhat. my screen doesn't say that it's infected now, but my browser is still highjacked.
here are the logs you asked for:

HIGHJACK THIS LOGLogfile of HijackThis v1.99.1
Scan saved at 11:45:21 PM, on 1/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\DOCUME~1\BRIAN'~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ca/0SEENCA/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://GLOBAL.ACER.COM/
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hpC661.tmp
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,[email protected]
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

ACTIVESCAN LOG

Incident Status Location

Adware:adware/spyaxe Not disinfected C:\WINDOWS\system32\hpC661.tmp
Spyware:spyware/altnet Not disinfected C:\Documents and Settings\Brian's Computer\Local Settings\Temp\asmfiles.cab
Adware:adware/securityerror Not disinfected C:\WINDOWS\SYSTEM32\ts.ico
Adware:adware/spyaxe Not disinfected C:\WINDOWS\SYSTEM32\hp5CAC.tmp
Spyware:application/bestoffer Not disinfected C:\WINDOWS\smdat32m.sys
Spyware:spyware/rxtoolbar Not disinfected Windows Registry
Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][2].txt
Spyware:Cookie/Twain-Tech Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][1].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][1].txt
Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][2].txt
Spyware:Cookie/Twain-Tech Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][2].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][4].txt
Spyware:Spyware/Altnet Not disinfected C:\Documents and Settings\Brian's Computer\Local Settings\Temp\asmfiles.cab
Spyware:Spyware/Altnet Not disinfected C:\Documents and Settings\Brian's Computer\Local Settings\Temp\asmfiles.cab[asm.exe]
Spyware:Spyware/Altnet Not disinfected C:\Documents and Settings\Brian's Computer\Local Settings\Temp\asmfiles.cab[asmps.dll]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Brian's Computer\Desktop\smitRem.exe[Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Brian's Computer\Desktop\smitRem\Process.exe
Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][2].txt
Spyware:Cookie/Twain-Tech Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][1].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][1].txt
Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][2].txt
Spyware:Cookie/Twain-Tech Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][2].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][4].txt
Adware:Adware/SpywareStrike Not disinfected C:\Program Files\SpywareStrike\uninst.exe

CONTINUED NEXT POST...
 

mac_comp

Thread Starter
Joined
Aug 9, 2003
Messages
24
EWIDO LOG
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 11:01:43 PM, 1/10/2006
+ Report-Checksum: DFC25DAE

+ Scan result:

HKLM\SOFTWARE\Classes\ADM25.ADM25 -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM25.ADM25\CurVer -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM25.ADM25.1 -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM4.ADM4 -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM4.ADM4\CurVer -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM4.ADM4.1 -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{00000000-6CB0-410C-8C3D-8FA8D2011D0A} -> Spyware.iMesh : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10} -> Spyware.MySearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{630D6140-04C5-4db0-B27A-020D766FF09B} -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Classes\instafink.INSTAFINK -> Spyware.InstaFinder : Cleaned with backup
HKLM\SOFTWARE\Classes\instafink.INSTAFINK\Clsid -> Spyware.InstaFinder : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{4D1C4E8C-A32A-416B-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Classes\Need2FindBar.SettingsPlugin -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Classes\Need2FindBar.SettingsPlugin\CLSID -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Classes\Need2FindBar.SettingsPlugin\CurVer -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Classes\Need2FindBar.SettingsPlugin.1 -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Classes\Need2FindBar.ToolbarPlugin -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Classes\Need2FindBar.ToolbarPlugin\CLSID -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Classes\Need2FindBar.ToolbarPlugin\CurVer -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Classes\Need2FindBar.ToolbarPlugin.1 -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Classes\TopSearch.TSLink -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\TopSearch.TSLink\CLSID -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\TopSearch.TSLink\CurVer -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\TopSearch.TSLink.1 -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Need2FindBar Uninstall -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Need2FindBar Uninstall -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Need2Find -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Need2Find\bar\Partner -> Spyware.Need2Find : Cleaned with backup
HKU\S-1-5-21-3562983710-972670786-3454122357-1005\Software\Need2Find -> Spyware.Need2Find : Cleaned with backup
HKU\S-1-5-21-3562983710-972670786-3454122357-1005\Software\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
HKU\S-1-5-21-3562983710-972670786-3454122357-1005\Software\RX Toolbar -> Spyware.RXToolbar : Cleaned with backup
[748] C:\WINDOWS\system32\netwrap.dll -> Not-A-Virus.Hoax.Win32.Renos.am : Cleaned with backup
C:\WINDOWS\system32\1024\ld6D66.tmp -> Not-A-Virus.Hoax.Win32.Renos.am : Cleaned with backup
C:\WINDOWS\system32\nvctrl.exe -> Hijacker.SpyAxe : Cleaned with backup
C:\WINDOWS\system32\netwrap.dll -> Not-A-Virus.Hoax.Win32.Renos.am : Cleaned with backup
C:\WINDOWS\system32\ld97EA.tmp -> Downloader.Zlob.ea : Cleaned with backup
C:\WINDOWS\system32\mssearchnet.exe -> Hijacker.SpyAxe : Cleaned with backup
C:\WINDOWS\Temp\Altnet -> Adware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\Setup.exe -> Adware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\adm4.dll -> Adware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\adm25.dll -> Adware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\adm.exe -> Adware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\admdata.dll -> Adware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\admdloader.dll -> Adware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\admfdi.dll -> Adware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\admprog.dll -> Adware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\Atl.dll -> Adware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\dmfiles.cab -> Adware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\DMinfo3.cab -> Adware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\dminstall7.cab -> Adware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\msvcirt.dll -> Adware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\mysearch.cab -> Adware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\pmexe.cab -> Adware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\pmfiles.cab -> Adware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\pminstall.cab -> Adware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\Setup.cab -> Adware.Altnet : Cleaned with backup
C:\Documents and Settings\Brian's Computer\Local Settings\Temp\p2psetup.exe -> Spyware.P2PNetworking : Cleaned with backup
C:\Documents and Settings\Brian's Computer\Local Settings\Temp\asmfiles.cab/asm.exe -> Spyware.Altnet : Error during cleaning
C:\Documents and Settings\Brian's Computer\Local Settings\Temp\asmfiles.cab/asmps.dll -> Spyware.Altnet : Error during cleaning
C:\Documents and Settings\Brian's Computer\Local Settings\Temp\__unin__.exe -> Spyware.Altnet : Cleaned with backup
C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][1].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][2].txt -> Spyware.Cookie.Realtracker : Cleaned with backup
C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][3].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Program Files\SpywareStrike\SpywareStrike.exe -> Adware.Spyaxe : Cleaned with backup
C:\Program Files\TBONBin -> Adware.BetterInternet : Cleaned with backup
C:\Program Files\TBONBin\tbon.exe -> Adware.BetterInternet : Cleaned with backup
C:\Program Files\TBONBin\Uninstall.exe -> Adware.BetterInternet : Cleaned with backup
C:\Program Files\TBONBin\tboninst.cfg -> Adware.BetterInternet : Cleaned with backup
C:\Program Files\TBONBin\TBONUnst.htm -> Adware.BetterInternet : Cleaned with backup
C:\Program Files\RXToolBar -> Spyware.RXToolbar : Cleaned with backup
C:\Program Files\RXToolBar\sfcont.bin -> Spyware.RXToolbar : Cleaned with backup
C:\Program Files\Need2Find -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\1.bin -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\1.bin\N2FFXTBR.JAR -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\1.bin\N2NTSTBR.JAR -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\1.bin\N2PLUGIN.DLL -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\1.bin\NPND2FN.DLL -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\1.bin\PARTNER.DAT -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\Cache -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\Cache\files.ini -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\Cache\0A291503 -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\Cache\0A291699 -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\Settings -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\Settings\prevcfg.htm -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\History -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\History\search -> Spyware.Need2Find : Cleaned with backup
C:\System Volume Information\_restore{09D97BCA-91E4-42DE-ADC2-BF2037DB4AE2}\RP46\A0001993.exe -> Spyware.404Search.h : Cleaned with backup
C:\System Volume Information\_restore{09D97BCA-91E4-42DE-ADC2-BF2037DB4AE2}\RP46\A0001994.DLL -> Spyware.MySearch : Cleaned with backup
C:\System Volume Information\_restore{09D97BCA-91E4-42DE-ADC2-BF2037DB4AE2}\RP46\A0001995.dll -> Spyware.Altnet : Cleaned with backup
C:\System Volume Information\_restore{09D97BCA-91E4-42DE-ADC2-BF2037DB4AE2}\RP78\A0004151.EXE -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{09D97BCA-91E4-42DE-ADC2-BF2037DB4AE2}\RP84\A0006088.dll -> Spyware.404Search : Cleaned with backup
C:\System Volume Information\_restore{09D97BCA-91E4-42DE-ADC2-BF2037DB4AE2}\RP84\A0006089.EXE -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{09D97BCA-91E4-42DE-ADC2-BF2037DB4AE2}\RP91\A0008144.EXE -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{09D97BCA-91E4-42DE-ADC2-BF2037DB4AE2}\RP97\A0009180.exe -> Spyware.Altnet : Cleaned with backup
C:\System Volume Information\_restore{09D97BCA-91E4-42DE-ADC2-BF2037DB4AE2}\RP97\A0009182.dll -> Adware.BrilliantDigital : Cleaned with backup
C:\System Volume Information\_restore{09D97BCA-91E4-42DE-ADC2-BF2037DB4AE2}\RP97\A0009208.exe -> Spyware.Altnet : Cleaned with backup
C:\System Volume Information\_restore{09D97BCA-91E4-42DE-ADC2-BF2037DB4AE2}\RP97\A0009212.dll -> Spyware.Altnet : Cleaned with backup
C:\System Volume Information\_restore{09D97BCA-91E4-42DE-ADC2-BF2037DB4AE2}\RP97\A0009213.dll -> Spyware.Altnet : Cleaned with backup
C:\System Volume Information\_restore{09D97BCA-91E4-42DE-ADC2-BF2037DB4AE2}\RP97\A0009215.dll -> Spyware.Altnet : Cleaned with backup
C:\System Volume Information\_restore{09D97BCA-91E4-42DE-ADC2-BF2037DB4AE2}\RP97\A0009216.dll -> Spyware.Altnet : Cleaned with backup
C:\System Volume Information\_restore{09D97BCA-91E4-42DE-ADC2-BF2037DB4AE2}\RP97\A0009217.exe -> Spyware.Altnet : Cleaned with backup
C:\System Volume Information\_restore{09D97BCA-91E4-42DE-ADC2-BF2037DB4AE2}\RP97\A0009218.dll -> Spyware.Altnet : Cleaned with backup
C:\System Volume Information\_restore{09D97BCA-91E4-42DE-ADC2-BF2037DB4AE2}\RP97\A0009219.dll -> Spyware.Altnet : Cleaned with backup
C:\System Volume Information\_restore{09D97BCA-91E4-42DE-ADC2-BF2037DB4AE2}\RP97\A0009220.exe -> Spyware.Altnet : Cleaned with backup
C:\System Volume Information\_restore{09D97BCA-91E4-42DE-ADC2-BF2037DB4AE2}\RP97\A0009221.exe -> Spyware.Altnet : Cleaned with backup
C:\System Volume Information\_restore{09D97BCA-91E4-42DE-ADC2-BF2037DB4AE2}\RP97\A0009222.DLL -> Spyware.P2PNetworking : Cleaned with backup
C:\System Volume Information\_restore{09D97BCA-91E4-42DE-ADC2-BF2037DB4AE2}\RP97\A0009224.exe -> Spyware.P2PNetworking : Cleaned with backup
C:\System Volume Information\_restore{09D97BCA-91E4-42DE-ADC2-BF2037DB4AE2}\RP98\A0009250.EXE -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{09D97BCA-91E4-42DE-ADC2-BF2037DB4AE2}\RP104\A0009339.EXE -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{09D97BCA-91E4-42DE-ADC2-BF2037DB4AE2}\RP108\A0009356.dll -> Spyware.RXBar : Cleaned with backup
C:\System Volume Information\_restore{09D97BCA-91E4-42DE-ADC2-BF2037DB4AE2}\RP126\A0014497.EXE -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{09D97BCA-91E4-42DE-ADC2-BF2037DB4AE2}\RP128\A0015521.exe -> Adware.Spyaxe : Cleaned with backup
C:\System Volume Information\_restore{09D97BCA-91E4-42DE-ADC2-BF2037DB4AE2}\RP128\A0015533.EXE -> Adware.BetterInternet : Cleaned with backup


::Report End


Hopefully this worked :)
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
Move Hijackthis to a permanent folder such as C:\Program Files\ Hijackthis. Or click here to download HJTsetup.exe:

http://www.thespykiller.co.uk/files/HJTSetup.exe

Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.

Download Cleanup from Here:

http://www.stevengould.org/downloads/cleanup/CleanUp40.exe


* A window will open and choose SAVE, then DESKTOP as the destination.
* On your Desktop, click on Cleanup40.exe icon.
* Then, click RUN and place a checkmark beside "I Agree"
* Then click NEXT followed by START and OK.
* A window will appear with many choices, keep all the defaults as set when the Slide Bar to the left is set to Standard Quality.
* Click OK
* DO NOT RUN IT YET

Download Killbox from any of the sites below, and have it ready to run later-on:

http://www.downloads.subratam.org/KillBox.exe

http://www.downloads.subratam.org/KillBox.zip

Boot the computer in Safe Mode

Delete the following folders:

C:\Program Files\SpywareStrike
C:\Program Files\Need2Find


Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the Full Path of File to Delete box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confirmation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the Paste Full Path of File to Delete box.

C:\WINDOWS\system32\hpC661.tmp
C:\WINDOWS\SYSTEM32\ts.ico
C:\WINDOWS\SYSTEM32\hp5CAC.tmp
C:\WINDOWS\smdat32m.sys


Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure not to miss any.

Exit the Killbox.

* Run Cleanup:

* Click on the "Cleanup" button and let it run.
* Once its done, close the program.

Restart the computer. Post a new log.
 

mac_comp

Thread Starter
Joined
Aug 9, 2003
Messages
24
here's my new hijack this log...but i wasn't able to get rid of these two files that you told me to...
C:\Program Files\SpywareStrike
C:\Program Files\Need2Find


NEW log
Logfile of HijackThis v1.99.1
Scan saved at 2:03:53 PM, on 1/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\system32\nvctrl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ca/0SEENCA/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hotmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://GLOBAL.ACER.COM/
O2 - BHO: RandomName - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hpE0F0.tmp
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,[email protected]
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

hopefully this works!!!(y)
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
No, the computer still infected. Lets try Smitrem again. You will need to download the file again as it was recently updated:

Download smitRem.exe:

http://noahdfear.geekstogo.com/click counter/click.php?id=1

*Save the file to your desktop.
*It is a self extracting file.
*Doubleclick the smitRem.exe and it will extract the files to a smitRem folder on your desktop.
*Do not do anything with it yet. You will run the RunThis.bat file later in safe mode


* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.

* Restart your computer into safe mode now.

http://service1.symantec.com/SUPPOR...2001052409420406?OpenDocument&src=sec_doc_nam

Perform the following steps in safe mode:

* Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.

Wait for the tool to complete and disk cleanup to finish.

* Go to Control Panel > Internet Options. Click on the Programs tab, then click the "Reset Web Settings" button. Click Apply then OK.

* Next go to Control Panel > Display. Click on the "Desktop" tab then click the "Customize Desktop" button. Click on the "Web" tab. Under "Web Pages" you should see an entry checked called something like "Security info" or similar. If it is there, select that entry and click the "Delete" button. Click OK then Apply and OK.

* Restart back into Windows normally now.

* Run ActiveScan online virus scan again:

http://www.pandasoftware.com/products/activescan.htm

When the scan is finished, anything that it cannot clean have it delete it. Make a note of the file location of anything that cannot be deleted so you can delete it yourself.

- Save the results from the scan to the desktop!

Post a new HijackThis log along with the results from ActiveScan.

There is another program you can use that can effectvely eliminate malware from your computer, Spysweeper.

Please download WebRoot SpySweeper (It's a 2 week trial):

http://www.webroot.com/consumer/products/spysweeper/index.html?acode=af1&rc=4129

Click the Free Trial link under "Downloads/SpySweeper" to download the program.

Install it. Once the program is installed, it will open.

It will prompt you to update to the latest definitions, click Yes.
Once the definitions are installed, click Options on the left side.
Click the Sweep Options tab.

Under What to Sweep please put a check next to the following:

* Sweep Memory
* Sweep Registry
* Sweep Cookies
* Sweep All User Accounts
* Enable Direct Disk Sweeping
* Sweep Contents of Compressed Files
* Sweep for Rootkits

Please UNCHECK Do not Sweep System Restore Folder.

Click Sweep Now on the left side.

Click the Start button.

When it's done scanning, click the Next button.

Make sure everything has a check next to it, then click the Next button.

It will remove all of the items found.

Click Session Log in the upper right corner, copy everything in that window.

Click the Summary tab and click Finish.

Paste the contents of the Spysweeper session log you copied into your next reply as well.
 

mac_comp

Thread Starter
Joined
Aug 9, 2003
Messages
24
hello,
well i did all the steps you told me to, and i think that progress is being made. my browswer is no longer hijacked, but i don't know about the rest of my computer. here's the logs...

HIJACK THIS LOG
Logfile of HijackThis v1.99.1
Scan saved at 7:44:52 PM, on 1/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\WINDOWS\system32\nvctrl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ca/0SEENCA/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://GLOBAL.ACER.COM/
O2 - BHO: RandomName - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hp84D6.tmp
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,[email protected]
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

ACTIVE SCAN LOG

Incident Status Location

Adware:adware/spyaxe Not disinfected C:\WINDOWS\system32\hpC661.tmp
Spyware:spyware/altnet Not disinfected C:\Documents and Settings\Brian's Computer\Local Settings\Temp\asmfiles.cab
Adware:adware/securityerror Not disinfected C:\WINDOWS\SYSTEM32\ts.ico
Adware:adware/spyaxe Not disinfected C:\WINDOWS\SYSTEM32\hp5CAC.tmp
Spyware:application/bestoffer Not disinfected C:\WINDOWS\smdat32m.sys
Spyware:spyware/rxtoolbar Not disinfected Windows Registry
Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][2].txt
Spyware:Cookie/Twain-Tech Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][1].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][1].txt
Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][2].txt
Spyware:Cookie/Twain-Tech Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][2].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][4].txt
Spyware:Spyware/Altnet Not disinfected C:\Documents and Settings\Brian's Computer\Local Settings\Temp\asmfiles.cab
Spyware:Spyware/Altnet Not disinfected C:\Documents and Settings\Brian's Computer\Local Settings\Temp\asmfiles.cab[asm.exe]
Spyware:Spyware/Altnet Not disinfected C:\Documents and Settings\Brian's Computer\Local Settings\Temp\asmfiles.cab[asmps.dll]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Brian's Computer\Desktop\smitRem.exe[Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Brian's Computer\Desktop\smitRem\Process.exe
Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][2].txt
Spyware:Cookie/Twain-Tech Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][1].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][1].txt
Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][2].txt
Spyware:Cookie/Twain-Tech Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][2].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][4].txt
Adware:Adware/SpywareStrike Not disinfected C:\Program Files\SpywareStrike\uninst.exe

SPY SWEEPER LOG ON NEXT POST...
 

mac_comp

Thread Starter
Joined
Aug 9, 2003
Messages
24
*******
8:43 PM: | Start of Session, Wednesday, January 11, 2006 |
8:43 PM: Spy Sweeper started
8:43 PM: Sweep initiated using definitions version 599
8:43 PM: Starting Memory Sweep
8:48 PM: Memory Sweep Complete, Elapsed Time: 00:04:26
8:48 PM: Starting Registry Sweep
8:49 PM: Registry Sweep Complete, Elapsed Time:00:00:52
8:49 PM: Starting Cookie Sweep
8:49 PM: Found Spy Cookie: atlas dmt cookie
8:49 PM: brian's [email protected][2].txt (ID = 2253)
8:49 PM: Found Spy Cookie: statcounter cookie
8:49 PM: brian's [email protected][1].txt (ID = 3447)
8:49 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
8:49 PM: Starting File Sweep
8:49 PM: Warning: Failed to open file "c:\pagefile.sys". Access is denied
8:49 PM: Warning: Failed to open file "c:\hiberfil.sys". Access is denied
8:51 PM: Warning: Failed to open file "c:\windows\system32\config\system.log". The process cannot access the file because it is being used by another process
8:51 PM: Warning: Failed to open file "c:\windows\system32\config\software.log". The process cannot access the file because it is being used by another process
8:51 PM: Warning: Failed to open file "c:\windows\system32\config\default.log". The process cannot access the file because it is being used by another process
8:51 PM: Warning: Failed to open file "c:\windows\system32\config\security". The process cannot access the file because it is being used by another process
8:51 PM: Warning: Failed to open file "c:\windows\system32\config\sam". The process cannot access the file because it is being used by another process
8:51 PM: Warning: Failed to open file "c:\windows\system32\config\sam.log". The process cannot access the file because it is being used by another process
8:51 PM: Warning: Failed to open file "c:\windows\system32\config\security.log". The process cannot access the file because it is being used by another process
8:51 PM: Warning: Failed to open file "c:\windows\system32\config\system". The process cannot access the file because it is being used by another process
8:51 PM: Warning: Failed to open file "c:\windows\system32\config\software". The process cannot access the file because it is being used by another process
8:51 PM: Warning: Failed to open file "c:\windows\system32\config\default". The process cannot access the file because it is being used by another process
8:54 PM: Warning: Failed to open file "c:\windows\softwaredistribution\eventcache\{3d35ed99-110b-4c51-9d73-8b7b98873faf}.bin". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs929d1dc4-67ed-498c-a96e-749923a5a374.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsbaeb3c2d-bf3d-4a94-9389-6eece6aeb15d.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs82fb0e49-c0eb-4b21-9b19-2ae1bb45f824.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs662487d9-44f9-4bcb-8d07-30e431cbc88e.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs27eaaaf8-2428-4862-91c6-c02159c85079.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs56e48d5d-6e17-4d68-b224-22c8d035b0ea.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs102bac48-2421-4137-830c-bf2cc256f16e.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa0a34045-37f5-49f5-b6f4-44ad68416d3e.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8e12afa2-dc93-4f24-b415-8da704fa82de.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3ec5779b-6c90-467b-b7f6-f21cafa53e10.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs967c21f0-3019-463a-aa3c-4f3f56259026.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsbfa8e4c6-593d-4e8d-ae7d-d41fcef7f2ba.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb520a929-abf2-4a6c-91ad-574e182bc8e7.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc01dd72b-cd06-4fb0-8a3d-aeda821eee55.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5dc6ff48-1ea5-4cf1-8766-28c995fcea5c.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsba47ec6d-3aed-4b22-9067-ef735e39960c.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsae2f795e-60d8-4c20-8fac-fde51bd9df22.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs358eac39-2fd5-426b-95fb-04e2b0e43df8.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf896e002-a317-4bb5-8491-5d15666035b2.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8cf82e4f-34ec-431b-80a1-82f49320abd5.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsba10a646-1aef-4c14-a1ff-a11cdc710ee9.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5694eb7d-7a7d-4cd4-adeb-a7fef48580d6.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9bd93f04-b38c-4900-92c8-d30e5e90f5c8.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5e461dee-abe9-469e-88a7-9dbc2c2f120e.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb0843ad4-7c61-42d5-8636-94b161b1347c.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa0347dcc-3e70-4e9f-9e93-f7c9b73598b6.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd61ef335-9ffd-44d4-bcc0-37bef2a07b94.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4ece897d-f279-43a5-b200-02fd31e64c54.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs066b3c03-c7fa-4b6a-a874-23177a30958b.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf4d573aa-009e-4ab1-b541-ded878978f4a.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse884f003-c580-4b33-8a64-22313a1be6c7.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2523f2bc-7426-4f18-8c80-8b0801f9051d.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse1361bf4-cb2d-4c12-b848-f2ac1e04aa28.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs1a62e8de-215b-4457-b495-2a5617436f79.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscscb4b7761-3133-4e2e-b5b8-286c50bac2bc.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2e8fbb9c-b943-4f08-b785-702bfa1934f8.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs03ffcbce-c05a-4221-9207-a1e5766d8afe.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6f5858d8-330d-4130-a2ef-0f8e8ffb7227.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf96ba911-5d3e-4533-8f23-6536a67bcf72.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsbfbbe431-945f-4726-802a-8a8def13ea1e.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs125ddb97-1d4d-43ac-9633-ebde7944f7d3.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscseceb213d-26a4-49f7-9267-b4e20042250e.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf6a3436a-a60b-4364-aad3-1883e5c157ba.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4163da1d-d454-40e4-ab8c-1f813f20f8d4.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd9460b52-7ae1-48c0-b404-e47489251244.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd096095b-c46f-489b-b5dd-4515af56f295.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs95e76d50-1b47-4e67-bda8-0f132f46cbc1.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs30766687-e774-4f01-ad85-d917469a5146.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8717849b-1254-4841-9f52-80318da2841b.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscscffa6d90-7552-4673-b62c-0788f550afbf.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2274e5d0-5256-463e-bdaf-9aa83e11dd21.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs21bd4f14-c8d7-4224-a7a8-c378faf88bf9.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsaf010883-1ff1-4c0c-bf8c-ee6274b31ed6.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb2b0d743-4f01-4e8f-a207-b80082005b86.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsda4e8cf1-1dbf-40ed-926c-0b594695e72e.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs06f5cbec-eba8-4b98-ab95-29dbc14266a3.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs074ef92a-67fd-48b4-82c6-a6b895a8423f.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsfd20411f-0802-4b03-87e7-b0cf34f57035.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8a7aeccd-141b-42bc-98c9-d1eea907dd43.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsbb9cd2bb-459c-476d-8cd8-5738043b7fbc.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse2e865fb-39ec-4b23-9b63-6c9ef532c377.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4d4ded6e-a736-46ea-86b7-debdad1e5dde.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs00a21542-c1d3-4cdc-b73a-bb5613fb4050.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4856081e-eba6-4658-b070-70535577a900.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9aee26a8-32a1-4ca7-ad32-005845906951.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2ee20bf1-f40d-4292-aeaf-d44359aec7bd.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4d9aa09d-ae2e-4b53-a34c-939aded99768.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf20b5813-e9c9-4be7-840f-319ea54d7aa8.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs31f72cc7-95f1-4753-84be-1e0ea8790d55.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9170de6c-c4fc-4ad4-83da-9f8bd4153892.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs44044873-6536-4e27-b99f-6bda2ec7d847.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs712e8563-cad0-4172-8953-1f21e8275b57.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs18a1d951-638b-4838-a5f5-33e81b0ff29d.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa6d408d8-a974-4571-9b73-61608e580bdf.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsbde5097f-28c4-49c1-b73f-777761409ab1.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs7b200742-6a4a-4877-88b8-c4efe9f983ef.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb1a7729d-233e-40e2-8580-5144fea26f60.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs50b4a0c7-659f-4063-bd41-e140cf23ba2e.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscscd49fbae-7483-4f83-a2f5-096d2d7133aa.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs0dd80326-fba7-4497-a6b4-39efd6c89391.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4f3e7e10-3d71-49d2-90bb-f78c16bfe27e.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs95869af6-6f38-496e-ba0e-9cd5145abe7a.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs7dc0e734-5001-4b53-b840-ec96babe27b1.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs614e5d4a-9aef-49fa-aada-bea703e9edd1.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs024a3a06-fb3e-4850-b73b-f8a317f8777e.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsdb5162c2-4dcc-47c7-a868-fd19540cd570.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs0dcbae52-941d-48b9-b207-1d847193ef72.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2853b532-b759-42af-a64e-69ca53125c57.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscscefeed1f-f4c4-404c-8b06-14838a78496b.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf904a42c-4b4b-4610-bee8-e370bc44ff6f.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs641037b8-e21d-4dc3-8be1-d4657df9d73f.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs68a96591-34e2-4c94-aa03-7e83cad4a937.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs75fa22ea-1cc9-4c18-ad01-a0f846531ee1.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3808aa9c-dcb2-4799-a7ea-7c1a0e805dbb.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs1dbfc6f5-f10c-4875-8937-6c08f348e085.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc756a119-e5e0-4d81-9221-ed01079992c6.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs88e6b94d-bd96-4a98-89f7-13f0cb9840d7.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf8fbd697-b1f1-4318-a17c-7491bc88d2cd.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs7b6edbfd-957c-489d-aa2a-f3abe1f23867.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8faff6f4-f6dd-4230-9556-a37c975ddb47.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs87ac222e-ff46-4173-bfc5-f435589fc0ea.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsdd8af31f-5a51-44fc-ab22-4c856494cb4e.tmp". The process cannot access the file because it is being used by another process
 

mac_comp

Thread Starter
Joined
Aug 9, 2003
Messages
24
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf0929128-2e15-4ca4-adee-f2bb795827ef.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8b1c4ef5-812b-422a-8d18-99f8d1e0a092.tmp". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\brian's computer\ntuser.dat". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\brian's computer\ntuser.dat.log". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\brian's computer\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
8:55 PM: Warning: Failed to open file "c:\documents and settings\brian's computer\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
8:59 PM: File Sweep Complete, Elapsed Time: 00:10:00
8:59 PM: Full Sweep has completed. Elapsed time 00:15:32
8:59 PM: Traces Found: 2
8:59 PM: Removal process initiated
8:59 PM: Quarantining All Traces: atlas dmt cookie
8:59 PM: Quarantining All Traces: statcounter cookie
8:59 PM: Removal process completed. Elapsed time 00:00:04
********

k, that's the last of it...hopefully we're gettin somewhere. i really appreciate all the help...obviously i'm no good with computers:eek:
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
Boot in Safe Mode.

* Double-click on Killbox.exe to run it.

Put a tick by Standard File Kill.
In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time:

C:\WINDOWS\system32\hp84D6.tmp
C:\WINDOWS\system32\hpC661.tmp
C:\WINDOWS\SYSTEM32\ts.ico
C:\WINDOWS\SYSTEM32\hp5CAC.tmp
C:\Program Files\SpywareStrike\uninst.exe
C:\WINDOWS\smdat32m.sys


Click on the button that has the red circle with the X in the middle after you enter each file.

It will ask for confirmation to delete the file.
Click Yes.

Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.

Killbox may tell you that one or more files do not exist.

If that happens, just continue on with all the files. Be sure you don't miss any.

Next in Killbox go to Tools > Delete Temp Files

In the window that pops up, put a check by ALL the options available there except these three:

XP Prefetch
Recent
History


Now click the Delete Selected Temp Files button.
Exit the Killbox.

Finally go to Control Panel > Internet Options.
On the General tab under "Temporary Internet Files" Click "Delete Files".

Put a check by "Delete Offline Content" and click OK.

Click on the Programs tab then click the "Reset Web Settings" button.

Click Apply then OK.

Empty the Recycle Bin.

Reboot, post a new log.
 

mac_comp

Thread Starter
Joined
Aug 9, 2003
Messages
24
hello again,

i did all the steps you told me...but in the Killbox program, i was unable to delete any of the files.

HIJACK THIS LOG
Logfile of HijackThis v1.99.1
Scan saved at 11:31:54 PM, on 1/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ca/0SEENCA/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://GLOBAL.ACER.COM/
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,[email protected]
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

ACTIVE SCAN LOG

Incident Status Location

Adware:adware/spyaxe Not disinfected C:\WINDOWS\system32\hpC661.tmp
Spyware:spyware/altnet Not disinfected C:\Documents and Settings\Brian's Computer\Local Settings\Temp\asmfiles.cab
Adware:adware/securityerror Not disinfected C:\WINDOWS\SYSTEM32\ts.ico
Adware:adware/spyaxe Not disinfected C:\WINDOWS\SYSTEM32\hp5CAC.tmp
Spyware:application/bestoffer Not disinfected C:\WINDOWS\smdat32m.sys
Spyware:spyware/rxtoolbar Not disinfected Windows Registry
Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][2].txt
Spyware:Cookie/Twain-Tech Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][1].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][1].txt
Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][2].txt
Spyware:Cookie/Twain-Tech Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][2].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][4].txt
Spyware:Spyware/Altnet Not disinfected C:\Documents and Settings\Brian's Computer\Local Settings\Temp\asmfiles.cab
Spyware:Spyware/Altnet Not disinfected C:\Documents and Settings\Brian's Computer\Local Settings\Temp\asmfiles.cab[asm.exe]
Spyware:Spyware/Altnet Not disinfected C:\Documents and Settings\Brian's Computer\Local Settings\Temp\asmfiles.cab[asmps.dll]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Brian's Computer\Desktop\smitRem.exe[Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Brian's Computer\Desktop\smitRem\Process.exe
Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][2].txt
Spyware:Cookie/Twain-Tech Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][1].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][1].txt
Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][2].txt
Spyware:Cookie/Twain-Tech Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][2].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Brian's Computer\Cookies\brian's [email protected][4].txt
Adware:Adware/SpywareStrike Not disinfected C:\Program Files\SpywareStrike\uninst.exe
 

mac_comp

Thread Starter
Joined
Aug 9, 2003
Messages
24
last log...

SPY SWEEPER LOG
********
11:48 PM: | Start of Session, Thursday, January 12, 2006 |
11:48 PM: Spy Sweeper started
11:48 PM: Sweep initiated using definitions version 599
11:49 PM: Starting Memory Sweep
11:53 PM: Memory Sweep Complete, Elapsed Time: 00:04:37
11:53 PM: Starting Registry Sweep
11:54 PM: Registry Sweep Complete, Elapsed Time:00:00:30
11:54 PM: Starting Cookie Sweep
11:54 PM: Found Spy Cookie: atlas dmt cookie
11:54 PM: brian's [email protected][2].txt (ID = 2253)
11:54 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
11:54 PM: Starting File Sweep
11:54 PM: Warning: Failed to open file "c:\pagefile.sys". Access is denied
11:54 PM: Warning: Failed to open file "c:\hiberfil.sys". Access is denied
11:56 PM: Warning: Failed to open file "c:\windows\system32\config\system.log". The process cannot access the file because it is being used by another process
11:56 PM: Warning: Failed to open file "c:\windows\system32\config\software.log". The process cannot access the file because it is being used by another process
11:56 PM: Warning: Failed to open file "c:\windows\system32\config\default.log". The process cannot access the file because it is being used by another process
11:56 PM: Warning: Failed to open file "c:\windows\system32\config\security". The process cannot access the file because it is being used by another process
11:56 PM: Warning: Failed to open file "c:\windows\system32\config\sam". The process cannot access the file because it is being used by another process
11:56 PM: Warning: Failed to open file "c:\windows\system32\config\sam.log". The process cannot access the file because it is being used by another process
11:56 PM: Warning: Failed to open file "c:\windows\system32\config\security.log". The process cannot access the file because it is being used by another process
11:56 PM: Warning: Failed to open file "c:\windows\system32\config\system". The process cannot access the file because it is being used by another process
11:56 PM: Warning: Failed to open file "c:\windows\system32\config\software". The process cannot access the file because it is being used by another process
11:56 PM: Warning: Failed to open file "c:\windows\system32\config\default". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs899b35c6-a253-44ba-bc6d-7d6089c709ba.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs81b68aba-4845-449d-9bfd-c94cb9494686.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsef63179f-702e-4141-ae07-d032e99fb4d5.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3344718c-edf5-48fa-9825-0f11fe2b1f2d.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd9191549-c412-4820-b575-15ddd5bc2c49.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs810611df-fab6-437f-83cb-4c78cb73e8fa.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs7f941fc3-9ec8-4375-87e9-0c1942d328de.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse3bb1df7-13da-4631-8788-da1c2b08e1af.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscscaf0bb97-77f0-477d-aa1e-bbcf348495f8.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs39c964c4-7b7e-4565-9f89-8b056f2df58f.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2c1d7d45-38d4-4147-a354-8267899f7a24.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa9a4294e-efb3-4544-9236-ed8d167e3419.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse1b0616b-4083-4be8-84d9-f996fb7212f9.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsee070ae8-9f0c-4ffd-96ec-ede7945319a8.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9ef27f63-acfb-490a-8c18-07f75774b8f1.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse30d291a-2985-4416-80c6-a86d6a2e2594.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3972be24-4c19-4421-bd52-0d2ebe35ef06.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc5c42a73-a3fb-4f41-9501-e98e0b17d5d8.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs77e299a5-aa54-4118-a89a-eca4a31d1bd8.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9fc17f11-5bb2-448f-b63f-2e7d600d15da.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs7adb4bd0-9024-4a49-9bb1-1afe277c9df1.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs88417c63-f6de-49ac-9244-fe40b9f3d1e6.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs774ea4de-eb3c-4ee4-a0d6-898973b5219d.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2cf1f97d-eb28-4c18-9d8e-61897f94393e.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd840aa7e-5ba7-499a-a452-3c99238b26bc.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8554c0a4-3658-43ac-9b82-9c6a0fd427e4.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsaa8b9016-916a-4e87-baeb-64c843ae9b61.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf3abed22-6f8e-412c-bfc5-8dc4afa977d5.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs098c68f0-f9d5-418c-ad66-d7cc0e2093f6.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs31886941-7794-44d3-b3cd-ecdf52d766c4.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs0d6efccd-71cd-4a97-8f6d-66a1df36755e.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs049d36d2-9be2-4ada-a89d-fffec055fa91.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb77ec0c7-8a40-426b-8972-e4d1b9ac99ce.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse20fa3db-ae85-4287-a4bf-42a5b14321cf.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs36c32565-1292-4980-9942-e93a4a452c56.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs924b3d21-c2a2-4bf7-82a8-61d695d294de.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs0dd85a4c-d61d-48b0-a983-206188810538.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscscf1a4a23-63ad-4c02-ba7e-094bb70e4ba6.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4dae1046-584a-44ed-a6fc-f5947bbda049.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6dc8bdec-df62-44f4-95db-4637f24e1ab3.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscscf08fbc9-6bf8-4096-8e7a-b9376d13e123.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb52dafce-840f-49c1-abb1-10bf094576d7.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs13f3c213-869a-4e5a-961a-5c6e0878e21d.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2bfdf765-1060-4408-8ecb-b50955ba418c.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs50e9a7f2-b2fd-4384-b42f-ff27625bd15d.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs85a2fb56-74eb-44c0-8191-f8e2bd413ad2.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5961f3b1-9dc6-454e-b107-3b19e19a9adc.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa9c503ff-18e3-4ec2-a2a0-a7fa7ca610e8.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs039096b7-7fcc-45f4-9901-be001d585f0d.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs92a44aa4-e4e7-46e0-8605-8a48c53c297b.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs7ebb9e5e-24a5-41aa-8473-ad37a395ed0c.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5127934a-53e7-4358-872c-96c7fd9292d8.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs31279e30-d644-4254-b0fa-e793ccf1554e.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs70f16499-a847-443d-8018-53aa67a8232d.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs929db405-45c7-4be5-97d3-9c76abea0506.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscseec6c76d-bd47-481e-a9c7-3686c0f277a1.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsca1436d0-17ca-4cec-963d-24bd4850d61d.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9262e993-2b40-474a-a771-a305227d0a55.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4080eaaa-6f80-4968-aec3-4ecf4cd8836d.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4a5f5709-7b01-478f-810b-08b848ec5c77.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6eb1250f-efd3-4068-8184-83c3699ac880.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs1dfa5123-c871-450a-9ac3-f563d062424b.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsfa84705f-2c1c-4256-a03e-dc381f1bbd8e.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4e4defa3-2b1c-4e6a-832a-a812085fd2f4.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse0e0a30f-c6ab-442e-ad85-658e9bd305ac.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs91d4ae7d-6205-4ec8-b40f-564437d3b452.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscscf55acf9-e1bf-49ad-870e-54e438539ee9.tmp". The process cannot access the file because it is being used by another process
 

mac_comp

Thread Starter
Joined
Aug 9, 2003
Messages
24
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs87764087-b7a8-4f69-ba14-4d420441433e.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5bf35df8-8e28-4814-97af-246f6cef9900.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6bd5896b-890e-47a5-8be2-b024b0e1034a.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs33537ed1-cf5e-4c23-96c7-9cd25f48c74b.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse4fcb7a5-5dba-4a20-8478-3802537b3e97.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa5259cde-a2ba-4aa0-9885-85f244ccd80e.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsfcc802e3-ce5b-4072-925e-b1b76c9dd18d.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa2919e32-0315-43d4-a896-58d1e463195e.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb5b22718-a838-410a-9b0c-690306031a82.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs97cfb5c0-c676-4a3e-905b-3f9b51453cc4.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs53e08c77-e661-4ec6-a7a9-328995f3c9b6.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs50384b92-6f09-46e6-8572-b94c1be6d632.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs52a527a3-5152-4d59-8d3b-b4c8af615052.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd09afa37-c7c0-4109-b916-2a39b4c28660.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs1b6bce33-1fc2-4de5-87d8-ec5f223c1bf5.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf9bb806c-4a8d-428d-b53f-dbf182d27fab.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8e7d3f05-f0e8-4f8f-bf88-240c181f330e.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6b8b301f-5824-4799-9f5d-d6a0574177cc.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs672120d5-2e6c-46fa-ba98-2e76a5cb3b66.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8e2e2e51-b98e-45d8-b294-963e6aa373b3.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs96fc4734-b013-4389-8f02-cc45ce6e5ddc.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsae675f58-caf1-4b87-bdd6-604e09e384d9.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9fadaae2-9e07-49dc-b444-ec54eabe6818.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2a31fd93-fcd9-40ff-b093-89febee9d3e7.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa94aa962-a6c9-4763-bcf2-238f0252e7ad.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2236c81e-7fa1-455d-a229-7f0e0612f5b1.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb2da51f8-710a-4c77-aba3-6f6b4f5a034a.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs19dee13f-0807-472f-804c-45110b6e6d0f.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5b9fce8c-0173-4f25-be0f-30f06dbc8285.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsbfc2b086-215c-4144-b502-fcdf08e5de13.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf6aa8dee-fa24-4404-9567-3184f4400817.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse2e0d015-2b4f-469e-9b76-caa9d1820648.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc62e56ac-3f45-4f75-99f2-d49652ad79c0.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs26bdba44-4e3a-4a4e-b373-0fb947a5687b.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs419dd1fb-82d5-4eed-8782-a9b7d4a046c0.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsee4aa5aa-0538-48ca-9150-e70039116a34.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs88946d71-1571-4749-9333-fa80d506e8d7.tmp". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\brian's computer\ntuser.dat". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\brian's computer\ntuser.dat.log". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\brian's computer\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
11:58 PM: Warning: Failed to open file "c:\documents and settings\brian's computer\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
12:01 AM: File Sweep Complete, Elapsed Time: 00:07:07
12:01 AM: Full Sweep has completed. Elapsed time 00:12:23
12:01 AM: Traces Found: 1
12:07 AM: Removal process initiated
12:07 AM: Quarantining All Traces: atlas dmt cookie
12:07 AM: Removal process completed. Elapsed time 00:00:04


that's the end of the logs...hope it's working!!! thanks again
 

JSntgRvr

José
Retired Moderator and Malware Specialist
Joined
Jul 1, 2003
Messages
18,552
I am concerned that you have been unabe to delete these fies. This is either due to lack of Administrative rights or restrictions in the computer. You will need to take measures to guarantee the deletion of these files. These could include:

1. Logon As an Administrator in Safe Mode
2. Take ownership of the file

You will have to do whatever is on your power to delete these files:

Please disable spysweeper for the time beng as it may interfere with the fix.

To disable SpySweeper:

Open it click >Options over to the left then >program options >Uncheck "load at windows startup".
Over to the left click "shields" and uncheck all there.
Uncheck "home page shield".
Uncheck "automatically restore default without notification".

Run Msconfig. Select the startup tab and deselect SpySweeper. Click Ok and restart the computer when prompted.
Logon as an Administrator in Safe Mode.

Run Cleanup while in Safe Mode as an Administrator.

Use Killbox to delete these files as follows while in Safe Mode as an Administrator:

Please double-click Killbox.exe to run it.
Select: Delete on Reboot
Then Click on the All Files button.
Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\WINDOWS\system32\hpC661.tmp
C:\WINDOWS\SYSTEM32\ts.ico
C:\WINDOWS\SYSTEM32\hp5CAC.tmp
C:\WINDOWS\smdat32m.sys
C:\Program Files\SpywareStrike\uninst.exe
C:\Program Files\SpywareStrike

Return to Killbox, go to the File menu, and choose Paste from Clipboard.

Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt .

Restart the computer.

Run Hijackthis. Place a checkmark on the following line and click on Fix checked:

O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL

Restat the computer. Post a fresh log and confirm if these files have been deleted.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top