1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Help please

Discussion in 'Virus & Other Malware Removal' started by RH049, Aug 4, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. RH049

    RH049 Thread Starter

    Joined:
    Jul 21, 2005
    Messages:
    81
    My friend asked me to help him with his computer. An elderly gentleman who uses it only for banking. He has an older system running Windows ME. No firewall, and Norton antivirus that expired over a year ago. Click on an icon and it took twenty minutes for a response. I got rid of his Norton, downloaded Avast Antivirus and CCleaner. Disconnected and ran scandisk, defrag, CCleaner, then did a virus scan. Found a wack of viruses and got rid of all but two. They were Trojans in cab files in his system restore. I put on armor2net firewall and told him he could surf the internet, but please don't do any banking.

    I am back a couple of days later. Yes he has done more banking. System is slow again. Active desktop is disabled. WindowsME is locking up. I do a virus scan in safe mode and find about 95 viruses, about half are identified as a trojan, most are in the _RESTORE, all seem to be in cab files. Now I cannot delete, or have permission to delete. And my friend still wants to do his banking.

    His system is currently offline. I installed HJT and am including the scan. Any help would be greatly appreciated
    RH049

    Logfile of HijackThis v1.99.1
    Scan saved at 9:43:27 AM, on 8/4/2006
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\SSDPSRV.EXE
    C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
    C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
    C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
    C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOHMR08.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOEVM08.EXE
    C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSTS08.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cibc.com/ca/personal.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.com
    R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O2 - BHO: (no name) - {ECBA6D42-EBDA-E05A-8E84-C73B68435C59} - (no file)
    O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000001} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: (no name) - {00000000-0000-0000-0000-000000000001} - (no file)
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
    O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
    O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O4 - Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    O4 - Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7b77298065d0b9/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/03af4897647e70611105/netzip/RdxIE601.cab
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://216.197.160.57/plugin/h263ctrl.cab
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Run HJT again and put a check in the following:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
    R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O1 - Hosts: 217.116.231.7 aimtoday.aol.com
    O2 - BHO: (no name) - {ECBA6D42-EBDA-E05A-8E84-C73B68435C59} - (no file)
    O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000001} - (no file)
    O3 - Toolbar: (no name) - {00000000-0000-0000-0000-000000000001} - (no file)
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/03af4897...p/RdxIE601.cab
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab

    Close all applications and browser windows before you click "fix checked".

    Reboot, post the HJT log again and let me know how things are working.
     
  3. RH049

    RH049 Thread Starter

    Joined:
    Jul 21, 2005
    Messages:
    81
    Thankyou Cybertech

    This seems to have got rid of about 20 virus entries in the virus scan. Still another 70 or so to go. The computer is definitely performing faster now.

    Here is the new HJT log.

    Logfile of HijackThis v1.99.1
    Scan saved at 2:14:01 PM, on 8/4/2006
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\SSDPSRV.EXE
    C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
    C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
    C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
    C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOHMR08.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOEVM08.EXE
    C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSTS08.EXE
    C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cibc.com/ca/personal.html
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
    O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
    O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O4 - Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    O4 - Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7b77298065d0b9/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://216.197.160.57/plugin/h263ctrl.cab

    And here is the Avast virus scan. (I understand the Avast entries are from its archive)

    c:\_RESTORE\ARCHIVE\FS8.CAB\A0000379.CPY
    c:\_RESTORE\ARCHIVE\FS8.CAB\A0000380.CPY\[PECompact]
    c:\_RESTORE\ARCHIVE\FS8.CAB\A0000381.CPY
    c:\_RESTORE\ARCHIVE\FS8.CAB\A0000382.CPY\[PECompact]
    c:\_RESTORE\ARCHIVE\FS8.CAB\A0000383.CPY
    c:\_RESTORE\ARCHIVE\FS8.CAB\A0000384.CPY
    c:\_RESTORE\ARCHIVE\FS8.CAB\A0000385.CPY
    c:\_RESTORE\ARCHIVE\FS18.CAB\A0000622.CPY
    c:\_RESTORE\ARCHIVE\FS18.CAB\A0000623.CPY
    c:\_RESTORE\ARCHIVE\FS59.CAB\A0004163.CPY\46265.BKll
    c:\_RESTORE\ARCHIVE\FS127.CAB\A0008770.CPY
    c:\_RESTORE\ARCHIVE\FS136.CAB\A0010296.CPY
    c:\_RESTORE\ARCHIVE\FS136.CAB\A0010297.CPY
    c:\_RESTORE\ARCHIVE\FS136.CAB\A0010298.CPY
    c:\_RESTORE\ARCHIVE\FS182.CAB\A0015744.CPY
    c:\_RESTORE\ARCHIVE\FS229.CAB\A0019366.CPY
    c:\_RESTORE\ARCHIVE\FS276.CAB\A0029372.CPY
    c:\_RESTORE\ARCHIVE\FS276.CAB\A0029374.CPY
    c:\_RESTORE\ARCHIVE\FS276.CAB\A0029378.CPY
    c:\_RESTORE\ARCHIVE\FS276.CAB\A0029382.CPY
    c:\_RESTORE\ARCHIVE\FS276.CAB\A0029386.CPY
    c:\_RESTORE\ARCHIVE\FS276.CAB\A0029392.CPY
    c:\_RESTORE\ARCHIVE\FS276.CAB\A0029394.CPY
    c:\_RESTORE\ARCHIVE\FS276.CAB\A0029398.CPY
    c:\_RESTORE\ARCHIVE\FS276.CAB\A0029402.CPY
    c:\_RESTORE\ARCHIVE\FS276.CAB\A0029406.CPY
    c:\_RESTORE\ARCHIVE\FS276.CAB\A0029410.CPY
    c:\_RESTORE\ARCHIVE\FS276.CAB\A0029412.CPY
    c:\_RESTORE\ARCHIVE\FS276.CAB\A0029416.CPY
    c:\_RESTORE\ARCHIVE\FS276.CAB\A0029420.CPY
    c:\_RESTORE\ARCHIVE\FS276.CAB\A0029424.CPY
    c:\_RESTORE\ARCHIVE\FS276.CAB\A0029426.CPY
    c:\_RESTORE\ARCHIVE\FS276.CAB\A0029430.CPY
    c:\_RESTORE\ARCHIVE\FS276.CAB\A0029434.CPY
    c:\_RESTORE\ARCHIVE\FS276.CAB\A0029438.CPY
    c:\_RESTORE\ARCHIVE\FS276.CAB\A0029442.CPY
    c:\_RESTORE\ARCHIVE\FS276.CAB\A0029446.CPY
    c:\_RESTORE\ARCHIVE\FS276.CAB\A0029446.CPY
    c:\_RESTORE\ARCHIVE\FS276.CAB\A0029462.CPY
    c:\_RESTORE\ARCHIVE\FS276.CAB\A0029466.CPY
    c:\_RESTORE\ARCHIVE\FS276.CAB\A0029470.CPY
    c:\_RESTORE\ARCHIVE\FS276.CAB\A0029474.CPY
    c:\_RESTORE\ARCHIVE\FS276.CAB\A0029478.CPY
    c:\_RESTORE\ARCHIVE\FS276.CAB\A0029480.CPY
    c:\_RESTORE\ARCHIVE\FS278.CAB\A0029713.CPY
    c:\_RESTORE\ARCHIVE\FS278.CAB\A0029718.CPY
    c:\_RESTORE\ARCHIVE\FS278.CAB\A0029722.CPY
    c:\_RESTORE\ARCHIVE\FS278.CAB\A0029723.CPY
    c:\_RESTORE\ARCHIVE\FS278.CAB\A0029725.CPY
    c:\_RESTORE\ARCHIVE\FS278.CAB\A0029728.CPY
    c:\_RESTORE\ARCHIVE\FS278.CAB\A0029729.CPY[UPX]
    c:\_RESTORE\ARCHIVE\FS521.CAB\A0038601.CPY
    c:\_RESTORE\ARCHIVE\FS564.CAB\A0043673.CPY
    c:\_RESTORE\ARCHIVE\FS800.CAB\A0056173.CPY
    c:\_RESTORE\ARCHIVE\FS806.CAB\A0056177.CPY
    c:\_RESTORE\ARCHIVE\FS806.CAB\A0056179.CPY
    c:\_RESTORE\ARCHIVE\FS806.CAB\A0056189.CPY
    c:\_RESTORE\ARCHIVE\FS806.CAB\A0056191.CPY
    c:\_RESTORE\ARCHIVE\FS806.CAB\A0056195.CPY
    c:\_RESTORE\ARCHIVE\FS806.CAB\A0056211.CPY
    c:\_RESTORE\ARCHIVE\FS806.CAB\A0056173.CPY
    c:\_RESTORE\ARCHIVE\FS806.CAB\A0056177.CPY
    c:\_RESTORE\ARCHIVE\FS806.CAB\A0056179.CPY
    c:\_RESTORE\ARCHIVE\FS806.CAB\A0056189.CPY
    c:\_RESTORE\ARCHIVE\FS806.CAB\A0056191.CPY
    c:\_RESTORE\ARCHIVE\FS806.CAB\A0056195.CPY
    c:\_RESTORE\ARCHIVE\FS806.CAB\A0056211.CPY
    c:\_RESTORE\ARCHIVE\FS806.CAB\A0056221.CPY
    c:\_RESTORE\ARCHIVE\FS806.CAB\A0056223.CPY
    c:\_RESTORE\ARCHIVE\FS806.CAB\A0056227.CPY
    c:\_RESTORE\ARCHIVE\FS806.CAB\A0056229.CPY
    c:\_RESTORE\ARCHIVE\FS1050.CAB\A0060807.CPY
    c:\_RESTORE\ARCHIVE\FS1527.CAB\A0074201.CPY
    c:\_RESTORE\ARCHIVE\FS1527.CAB\A0074205.CPY
    c:\_RESTORE\ARCHIVE\FS1527.CAB\A0074209.CPY
    c:\_RESTORE\ARCHIVE\FS1527.CAB\A0074213.CPY
    c:\_RESTORE\ARCHIVE\FS1543.CAB\A0074860.CPY
    c:\_RESTORE\ARCHIVE\FS1543.CAB\A0074862.CPY
    c:\_RESTORE\ARCHIVE\FS1543.CAB\A0074863.CPY
    c:\_RESTORE\ARCHIVE\FS1543.CAB\A0074864.CPY
    c:\_RESTORE\ARCHIVE\FS1543.CAB\A0074865.CPY
    c:\Program Files\WindowsUpdate\wuaudnld.tmp\cabs\...\wmp.dll
    c:\Program Files\Alwil Software\Avast4\...\A0000379.cpy.vir
    c:\Program Files\Alwil Software\Avast4\...\A0000383.cpy.vir
    c:\Program Files\Alwil Software\Avast4\...\A0010298.cpy.vir

    Thanks again Cybertech!!
     
  4. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    I think those will clear if you turn off system restore and then create a new restore point.

    Might want to try Webroot SpySweeper http://www.webroot.com/consumer/products/spysweeper/index.html?acode=af1&rc=4129

    (It's a 2 week trial.)

    * Click the Try Spy Sweeper for FreeDownload the trial link.
    * Install it. Once the program is installed, it will open.
    * It will prompt you to update to the latest definitions, click Yes.
    * Once the definitions are installed, click Options on the left side.
    * Click the Sweep Options tab.
    * Under What to Sweep please put a check next to the following:
    o Sweep Memory
    o Sweep Registry
    o Sweep Cookies
    o Sweep All User Accounts
    o Enable Direct Disk Sweeping
    o Sweep Contents of Compressed Files
    o Sweep for Rootkits

    o Please UNCHECK Do not Sweep System Restore Folder.

    * Click Sweep Now on the left side.
    * Click the Start button.
    * When it's done scanning, click the Next button.
    * Make sure everything has a check next to it, then click the Next button.
    * It will remove all of the items found.
    * Click Session Log in the upper right corner, copy everything in that window.
    * Click the Summary tab and click Finish.
    * Paste the contents of the session log you copied into your next reply.

    Also post a new Hijack This log.
     
  5. RH049

    RH049 Thread Starter

    Joined:
    Jul 21, 2005
    Messages:
    81
    I have downloaded Webroot Spysweeper V4.5 (Windows ME). I have been having a nightmare running it. The first time it ran, it hung on winipcfg.exe. I tried to get it going again, ... nope. Then Active Desktop hung. Ctrl+Alt+Del , ... hung. Reboot, ... hung. Got to a point to get WS going again but again, it hung. It is now running in safe mode. Slowly. About 4000 files scanned in 30 minutes. Bear with me. I will get a log posted. I cannot get Active Desktop initiated again and I just noticed the CD drive is disabled. At this point, I am confident the system will hang again if I try enabling the CD drive. (Get this, my friend saw I was back on the internet, and wanted to check his bank account again. He is in his 80's and doesn't understand,)

    RH049
     
  6. RH049

    RH049 Thread Starter

    Joined:
    Jul 21, 2005
    Messages:
    81
    Thankyou for your patience
    I had to go back this morning and have now brought the computer to my place to work on. Here is the Webroot Spysweeper report that was requested. It is broken into two postings because it is too long (over 35000 characters). I will do the HJT report on a third posting.:

    ********
    6:37 PM: | Start of Session, Friday, August 04, 2006 |
    6:37 PM: Spy Sweeper started
    6:37 PM: Sweep initiated using definitions version 734
    6:37 PM: Starting Memory Sweep
    6:40 PM: Memory Sweep Complete, Elapsed Time: 00:02:21
    6:40 PM: Starting Registry Sweep
    6:40 PM: Found Adware: altnet
    6:40 PM: HKCR\adm4.adm4\ (3 subtraces) (ID = 103444)
    6:40 PM: HKCR\adm25.adm25\ (3 subtraces) (ID = 103446)
    6:40 PM: HKLM\altnet\ (2 subtraces) (ID = 103447)
    6:40 PM: HKCR\appid\adm.exe\ (1 subtraces) (ID = 103448)
    6:40 PM: HKCR\appid\altnet signing module.exe\ (1 subtraces) (ID = 103449)
    6:40 PM: HKLM\software\classes\adm4.adm4\ (3 subtraces) (ID = 103485)
    6:40 PM: HKLM\software\classes\adm25.adm25\ (3 subtraces) (ID = 103487)
    6:40 PM: HKLM\software\classes\appid\adm.exe\ (1 subtraces) (ID = 103488)
    6:40 PM: HKLM\software\classes\appid\altnet signing module.exe\ (1 subtraces) (ID = 103489)
    6:40 PM: Found Adware: apropos
    6:40 PM: HKLM\software\autoloader\ (4 subtraces) (ID = 103742)
    6:40 PM: HKLM\software\classes\interface\{a1558b18-f76c-40fe-b358-9e47449f3cfe}\ (5 subtraces) (ID = 103770)
    6:40 PM: HKLM\software\classes\interface\{a2872b10-39f2-42df-9335-7dd38cf75255}\ (5 subtraces) (ID = 103771)
    6:40 PM: Found Adware: findwhatevernow toolbar
    6:40 PM: HKCR\clsid\{3d156636-3f7e-46c9-9ac1-5e4d8202aa23}\ (10 subtraces) (ID = 126459)
    6:40 PM: HKCR\fwn.isubclass\ (3 subtraces) (ID = 126463)
    6:40 PM: HKCR\interface\{3dbbf8b7-a97c-4a92-8d27-d29222e6b60f}\ (8 subtraces) (ID = 126464)
    6:40 PM: HKLM\software\classes\clsid\{3d156636-3f7e-46c9-9ac1-5e4d8202aa23}\ (10 subtraces) (ID = 126469)
    6:40 PM: HKLM\software\classes\fwn.isubclass\ (3 subtraces) (ID = 126473)
    6:40 PM: HKLM\software\classes\interface\{3dbbf8b7-a97c-4a92-8d27-d29222e6b60f}\ (8 subtraces) (ID = 126474)
    6:40 PM: HKLM\software\classes\typelib\{0e9db3ab-d16a-47cf-b59a-f74d649bea5b}\ (9 subtraces) (ID = 126477)
    6:40 PM: HKCR\typelib\{0e9db3ab-d16a-47cf-b59a-f74d649bea5b}\ (9 subtraces) (ID = 126486)
    6:40 PM: Found Adware: keenvalue/perfectnav
    6:40 PM: HKLM\software\perfectnav\ (1 subtraces) (ID = 129516)
    6:40 PM: Found Adware: networkessentials
    6:40 PM: HKCR\appid\hp.exe\ (1 subtraces) (ID = 136001)
    6:40 PM: HKCR\interface\{4438a5dc-e00b-41a0-b0e6-b63fd3b86eee}\ (8 subtraces) (ID = 136074)
    6:40 PM: HKLM\software\classes\appid\hp.exe\ (1 subtraces) (ID = 136082)
    6:40 PM: HKLM\software\classes\interface\{4438a5dc-e00b-41a0-b0e6-b63fd3b86eee}\ (8 subtraces) (ID = 136147)
    6:40 PM: HKLM\software\classes\typelib\{4767c447-ef15-42f2-8809-68adb7fa76f1}\ (9 subtraces) (ID = 136154)
    6:40 PM: HKCR\typelib\{4767c447-ef15-42f2-8809-68adb7fa76f1}\ (9 subtraces) (ID = 136181)
    6:40 PM: Found Adware: safesearch
    6:40 PM: HKCR\interface\{82e9de01-d860-40e4-b9c1-91f0e8272962}\ (8 subtraces) (ID = 140329)
    6:40 PM: Found Adware: topsearch
    6:40 PM: HKLM\software\classes\typelib\{edd3b3e9-3ffd-4836-a6de-d4a9c473a971}\ (9 subtraces) (ID = 143928)
    6:40 PM: HKCR\typelib\{edd3b3e9-3ffd-4836-a6de-d4a9c473a971}\ (9 subtraces) (ID = 143930)
    6:40 PM: Found Adware: webrebates
    6:40 PM: HKCR\clsid\{01fc5803-8644-45d7-877b-5a3924d8ecc4}\ (13 subtraces) (ID = 146292)
    6:40 PM: HKCR\imgconv.clsimgconv\ (3 subtraces) (ID = 146293)
    6:40 PM: HKLM\software\classes\clsid\{01fc5803-8644-45d7-877b-5a3924d8ecc4}\ (13 subtraces) (ID = 146294)
    6:40 PM: HKLM\software\classes\imgconv.clsimgconv\ (3 subtraces) (ID = 146295)
    6:40 PM: HKLM\software\classes\typelib\{15e7d23b-736e-46fa-bffd-cbec4126befd}\ (9 subtraces) (ID = 146296)
    6:40 PM: HKCR\typelib\{15e7d23b-736e-46fa-bffd-cbec4126befd}\ (9 subtraces) (ID = 146304)
    6:40 PM: Found Adware: hotbar
    6:40 PM: HKU\.DEFAULT\software\microsoft\internet explorer\toolbar\shellbrowser\ || {b195b3b3-8a05-11d3-97a4-0004aca6948e} (ID = 127585)
    6:40 PM: HKU\.DEFAULT\software\support software\ (11 subtraces) (ID = 136177)
    6:40 PM: HKU\.DEFAULT\software\updater\ (2 subtraces) (ID = 136178)
    6:40 PM: HKU\.DEFAULT\software\safesearch\ (1 subtraces) (ID = 140361)
    6:40 PM: Found Trojan Horse: sncntr
    6:40 PM: HKU\.DEFAULT\software\sncntr\ (3 subtraces) (ID = 141880)
    6:40 PM: Found Adware: sidesearch
    6:40 PM: HKU\.DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping\ || {000007c6-17df-4438-92a4-de5537471ba3} (ID = 530423)
    6:40 PM: Registry Sweep Complete, Elapsed Time:00:00:44
    6:40 PM: Starting Cookie Sweep
    6:40 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
    6:40 PM: Starting File Sweep
    6:40 PM: Warning: Failed to open file "c:\windows\win386.swp". The process cannot access the file because it is being used by another process
    6:42 PM: Found Adware: lopdotcom
    6:42 PM: xunstjdrssss.gif (ID = 66436)
    6:42 PM: junstjdrssss.gif (ID = 68762)
    6:42 PM: ssunstjdrssss.gif (ID = 66660)
    6:42 PM: munstjdrssss.gif (ID = 66753)
    6:44 PM: Found Trojan Horse: all-in-one telcom
    6:44 PM: nsupd9x.inf (ID = 49699)
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs697485d4-4d49-4aa7-9497-4e7d091c29d1.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs22811f3a-70ad-47da-9dfb-dc2eda843198.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf64c53e6-ba6a-423f-b111-7b3956dfbe95.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscse88b903b-0844-4a4c-a8c8-640885e4218a.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsdc3ea336-9927-4e70-b230-9107498a51de.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs0d90830c-00f4-4317-a473-cd5f9fb47d24.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs972df29c-ecc4-4654-9498-37564e4f1ed4.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs8b9b361b-aa39-4ae1-8fc0-d8feeb0ff7c0.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4d6b506f-d098-457c-9000-6068f9ea5581.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbcf6870d-2ab8-46c1-8da8-6e345dc88aa6.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs1348eb7e-32b8-489a-a274-230d43c1f8fc.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsc0c100aa-1349-4f89-8799-af38ddaa23b8.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs265301a1-5bbc-4fa0-8a21-0080f97c16fe.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsa736ae74-7b9f-416c-8f3f-691cb606c11c.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs58291a1a-85c4-4c63-846b-a663796cdcb0.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscseb370644-2e40-4daf-a794-44bf29c564c0.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs2ea983ca-5be1-4752-b3d5-df92e5b66a74.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbdc9c453-c6a1-47ca-a1b9-8de529acf7b9.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4bede4a1-4a5c-4803-815c-5c0ab5659384.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs9edbeda2-778b-490c-a708-722e63bca56b.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs0fc2d21e-fc82-46ab-b066-d20a4a365951.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs27fe24f9-a243-4880-9191-335a549ddf25.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs0bd62731-da94-4d72-af19-60417751598e.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs7a9ec9d8-9d9e-4376-ae90-be110888eac6.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf7239cec-02df-4597-a78f-6de98367ac65.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs833c0534-0769-42de-b882-d0093b6870dc.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf5bfa1ca-33a0-415e-936f-b4eaed115023.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscse8a0affd-4cb1-4a1a-b71a-afa1a88b21d3.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbccb4c4d-4d19-4f83-97cc-91b987448509.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs631d8128-9d9c-4dbb-845d-774ade895a6a.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaf7594ca-3a2d-4aaa-982c-0b543efd7f67.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs077b5a71-4738-4ef9-81c3-94e040947a76.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs284125ae-603e-491b-8908-83ea67218a23.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsad58c495-9abb-478c-babd-c695e103f81a.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs56789f11-a159-4aa7-b795-1a8c081e0d81.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb240c97-c156-44e8-add4-c4131d185430.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf861df75-e6bb-4bbe-9188-c180f20e771b.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsfa0cbb68-29e6-468b-b43d-0f42364ae5df.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsfa34207a-92b1-4223-a5bf-712c239f5945.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs14dcb929-aa6a-4e21-ad23-09ee00a6424c.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs76d90b19-905a-48d1-b56d-1033602ef285.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs99cc5ce9-3237-496a-a4a5-e0af921faec8.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf384a7b8-adec-41af-af7c-e0ff0b525fbb.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs31ce3f66-ec7c-41c6-a50f-f2674fb60624.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs41832d8a-0340-4447-ad4f-64ac5ea42292.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs1b709d61-644c-467c-9991-a036b295f09d.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs85905eb5-ed66-4bc8-a90d-5f2f27d4f278.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs11458a2c-70b8-425a-8ab4-c5518967b946.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs78e4ce89-9c97-4859-9ac8-b4824faa9ab0.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs67f6a7f4-064e-4430-95c2-6aeb9dceb364.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs5d152441-dbba-46e3-8f50-73ce6c23b52f.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs35d29a7b-0171-4cf4-946c-9c510f8807db.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs7a6201a4-fd5e-4050-bb19-2b431d327788.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs098c2c2d-0537-425b-b76d-b302149698c3.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs6d74849f-6be9-4a4d-8ec9-c2ded8054840.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4ffb8868-b37e-413f-a7d7-b9a853b13afc.tmp". The process cannot access the file because it is being used by another process

    (continued on next post)
     
  7. RH049

    RH049 Thread Starter

    Joined:
    Jul 21, 2005
    Messages:
    81
    Here is the rest of the WS scan:

    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs18d2eb88-7847-4007-8734-8edd0deddace.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb083774d-3496-46b3-9ca3-a86ef575eb03.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs8a7700dc-b699-4a8a-a1a3-4e0f4acd3d77.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscse29c55ba-378f-48a7-b0d2-c72bd5dc9dca.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf9859aab-b1ed-401e-96d7-2f57cb7845fc.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbacf39e9-2013-4a46-9451-8e9f0ebd43c9.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsa5cffb7e-00d0-4128-b263-5482bd55c651.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsea1246d1-9b00-4dcd-8bb5-56e6bd34ca62.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsde9e0555-5dcb-41a9-8af5-c7856a84427c.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs2ac4d6b1-3dae-40bb-818d-005555c6d972.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs91d035f6-738c-4541-a7ba-e2b800234ef1.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs5e85772c-df73-4094-bfff-c4da4cd42eb4.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb626f6b9-953c-4ce5-8ef2-fbf4800704b5.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs3071ce05-dd8d-48ea-a4b6-07e183941603.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsec913ef2-d513-4830-8eef-c77df27603e7.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs5d164759-1ab7-45a5-9326-3427c27161bb.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsfe97096a-f7ca-4e16-8aa4-6c509a31a2d6.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs544b0ef2-c188-46d8-90a0-9e9638db6bc4.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs31ddf13e-4d98-4dc8-b7b6-9506a054ba3f.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs30532f19-4e65-4d84-b55f-b8f6e2425737.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs163cb2d7-1187-442d-8a4c-eef29de698e6.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs95c4806c-d883-40bf-aa9f-e19ff6ebdf3e.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs3bec7be4-27b4-49f3-9706-861d11d7873c.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsfa30326f-d14d-4c3e-9551-62da505eb838.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4155f5ba-2885-4b5d-820b-38490ecdea8c.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs337ea14e-8f25-4e65-871a-782430a4d030.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscse26e50a4-862d-4f75-80f3-4a11361aad87.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs220ad8e3-e3f2-4cc4-b820-413da8e0176e.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs9ffa851d-033e-4cb1-9c39-d5d25ead586d.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs5a0e2ff2-6542-40c8-a338-2566f564faeb.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsded59a55-3457-4bf3-a9a1-ab8bd8532d01.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs58f5f0f2-2811-4729-91e1-5c9bc4d19ba2.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs8323b735-ccad-49ff-9b4e-e2dc9bd2df2f.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs11e7abe8-8d55-4fc3-b096-f4fbdcdc312e.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs6357dc2e-f0de-4b29-8907-544213a03248.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs5f11c1a8-9e0c-42c4-b250-c3d749ad408c.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsa6181ecb-9bab-4802-963c-ea2d20be865f.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs96e78c09-16f6-4e16-aa05-f2c271671b15.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs5c79f0a4-5ae0-4d04-9ca8-fa1f4a8b350a.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs98509db2-bf09-46ea-bc57-79ea1068453d.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs1641b060-5e2d-48cd-9a50-11b60dda6cbb.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsa5f5f8fe-727b-4ee6-a99d-d646522723ff.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs60eca8b8-070d-4858-a8ab-434e52897203.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsc86d14c6-ed6a-48e1-b3a5-a2e0f3791ce3.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs17b9b5be-31dc-4ec2-9291-899467d8b33e.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsd676d98d-dde7-405f-b216-315028ca85f5.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs0bca8728-f9ec-4319-bb05-535de4c3b29b.tmp". The process cannot access the file because it is being used by another process
    6:47 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsd3ced03e-e181-477f-a545-f08191516bea.tmp". The process cannot access the file because it is being used by another process
    6:51 PM: Found Adware: searchbar toolbar
    6:51 PM: acsproxy.lib (ID = 74858)
    6:51 PM: imgconv.dll (ID = 83909)
    6:51 PM: fwntoolbar.dll.manifest (ID = 61039)
    6:53 PM: hotbar.inf (ID = 62344)
    6:53 PM: xfstnkodr.lib (ID = 66989)
    6:53 PM: Found Adware: bookedspace
    6:53 PM: c:\windows\bsx32 (70 subtraces) (ID = -2147481346)
    6:55 PM: c:\program files\altnet (25 subtraces) (ID = -2147481441)
    6:55 PM: c:\program files\altnet\my altnet shares (24 subtraces) (ID = -2147481439)
    7:05 PM: c:\program files\incredifind (2 subtraces) (ID = -2147480783)
    7:05 PM: c:\program files\network essentials (2 subtraces) (ID = -2147480534)
    7:05 PM: c:\program files\c2media (ID = -2147480676)
    7:05 PM: c:\program files\recommended hotfix - 421701d (1 subtraces) (ID = -2147480533)
    7:05 PM: Found Adware: exact cashback/bargain buddy
    7:05 PM: c:\program files\bargain buddy (2 subtraces) (ID = -2147481395)
    7:05 PM: c:\program files\sysai (ID = -2147481417)
    7:05 PM: c:\program files\support software (ID = -2147480532)
    7:05 PM: File Sweep Complete, Elapsed Time: 00:24:50
    7:05 PM: Full Sweep has completed. Elapsed time 00:27:32
    7:05 PM: Traces Found: 410
    9:46 AM: Removal process initiated
    9:46 AM: Quarantining All Traces: altnet
    9:46 AM: Quarantining All Traces: apropos
    9:46 AM: Quarantining All Traces: findwhatevernow toolbar
    9:46 AM: Quarantining All Traces: keenvalue/perfectnav
    9:46 AM: Quarantining All Traces: networkessentials
    9:47 AM: Quarantining All Traces: safesearch
    9:47 AM: Quarantining All Traces: topsearch
    9:47 AM: Quarantining All Traces: webrebates
    9:47 AM: Quarantining All Traces: hotbar
    9:47 AM: Quarantining All Traces: sncntr
    9:47 AM: Quarantining All Traces: sidesearch
    9:47 AM: Quarantining All Traces: lopdotcom
    9:47 AM: Quarantining All Traces: all-in-one telcom
    9:47 AM: Quarantining All Traces: searchbar toolbar
    9:47 AM: Quarantining All Traces: bookedspace
    9:47 AM: Quarantining All Traces: exact cashback/bargain buddy
    9:48 AM: Removal process completed. Elapsed time 00:02:16
    ********
    6:25 PM: | Start of Session, Friday, August 04, 2006 |
    6:25 PM: Spy Sweeper started
    6:25 PM: Sweep initiated using definitions version 734
    6:25 PM: Starting Memory Sweep
    6:26 PM: Sweep Canceled
    6:26 PM: Memory Sweep Complete, Elapsed Time: 00:01:22
    6:26 PM: Traces Found: 0
    6:36 PM: Program Version 4.5.10 (Build 731) Using Spyware Definitions 734
    6:37 PM: | End of Session, Friday, August 04, 2006 |
    ********
    5:09 PM: | Start of Session, Friday, August 04, 2006 |
    5:09 PM: Spy Sweeper started
    5:09 PM: Sweep initiated using definitions version 734
    5:09 PM: Starting Memory Sweep
    5:15 PM: Memory Sweep Complete, Elapsed Time: 00:06:29
    5:15 PM: Starting Registry Sweep
    5:15 PM: Found Adware: altnet
    5:15 PM: HKCR\adm4.adm4\ (3 subtraces) (ID = 103444)
    5:15 PM: HKCR\adm25.adm25\ (3 subtraces) (ID = 103446)
    5:15 PM: HKLM\altnet\ (2 subtraces) (ID = 103447)
    5:15 PM: HKCR\appid\adm.exe\ (1 subtraces) (ID = 103448)
    5:15 PM: HKCR\appid\altnet signing module.exe\ (1 subtraces) (ID = 103449)
    5:15 PM: HKLM\software\classes\adm4.adm4\ (3 subtraces) (ID = 103485)
    5:15 PM: HKLM\software\classes\adm25.adm25\ (3 subtraces) (ID = 103487)
    5:15 PM: HKLM\software\classes\appid\adm.exe\ (1 subtraces) (ID = 103488)
    5:15 PM: HKLM\software\classes\appid\altnet signing module.exe\ (1 subtraces) (ID = 103489)
    5:15 PM: Found Adware: apropos
    5:15 PM: HKLM\software\autoloader\ (4 subtraces) (ID = 103742)
    5:15 PM: HKLM\software\classes\interface\{a1558b18-f76c-40fe-b358-9e47449f3cfe}\ (5 subtraces) (ID = 103770)
    5:15 PM: HKLM\software\classes\interface\{a2872b10-39f2-42df-9335-7dd38cf75255}\ (5 subtraces) (ID = 103771)
    5:16 PM: Found Adware: findwhatevernow toolbar
    5:16 PM: HKCR\clsid\{3d156636-3f7e-46c9-9ac1-5e4d8202aa23}\ (10 subtraces) (ID = 126459)
    5:16 PM: HKCR\fwn.isubclass\ (3 subtraces) (ID = 126463)
    5:16 PM: HKCR\interface\{3dbbf8b7-a97c-4a92-8d27-d29222e6b60f}\ (8 subtraces) (ID = 126464)
    5:16 PM: HKLM\software\classes\clsid\{3d156636-3f7e-46c9-9ac1-5e4d8202aa23}\ (10 subtraces) (ID = 126469)
    5:16 PM: HKLM\software\classes\fwn.isubclass\ (3 subtraces) (ID = 126473)
    5:16 PM: HKLM\software\classes\interface\{3dbbf8b7-a97c-4a92-8d27-d29222e6b60f}\ (8 subtraces) (ID = 126474)
    5:16 PM: HKLM\software\classes\typelib\{0e9db3ab-d16a-47cf-b59a-f74d649bea5b}\ (9 subtraces) (ID = 126477)
    5:16 PM: HKCR\typelib\{0e9db3ab-d16a-47cf-b59a-f74d649bea5b}\ (9 subtraces) (ID = 126486)
    5:16 PM: Found Adware: keenvalue/perfectnav
    5:16 PM: HKLM\software\perfectnav\ (1 subtraces) (ID = 129516)
    5:16 PM: Found Adware: networkessentials
    5:16 PM: HKCR\appid\hp.exe\ (1 subtraces) (ID = 136001)
    5:16 PM: HKCR\interface\{4438a5dc-e00b-41a0-b0e6-b63fd3b86eee}\ (8 subtraces) (ID = 136074)
    5:16 PM: HKLM\software\classes\appid\hp.exe\ (1 subtraces) (ID = 136082)
    5:16 PM: HKLM\software\classes\interface\{4438a5dc-e00b-41a0-b0e6-b63fd3b86eee}\ (8 subtraces) (ID = 136147)
    5:16 PM: HKLM\software\classes\typelib\{4767c447-ef15-42f2-8809-68adb7fa76f1}\ (9 subtraces) (ID = 136154)
    5:16 PM: HKCR\typelib\{4767c447-ef15-42f2-8809-68adb7fa76f1}\ (9 subtraces) (ID = 136181)
    5:16 PM: Found Adware: safesearch
    5:16 PM: HKCR\interface\{82e9de01-d860-40e4-b9c1-91f0e8272962}\ (8 subtraces) (ID = 140329)
    5:16 PM: Found Adware: topsearch
    5:16 PM: HKLM\software\classes\typelib\{edd3b3e9-3ffd-4836-a6de-d4a9c473a971}\ (9 subtraces) (ID = 143928)
    5:16 PM: HKCR\typelib\{edd3b3e9-3ffd-4836-a6de-d4a9c473a971}\ (9 subtraces) (ID = 143930)
    5:16 PM: Found Adware: webrebates
    5:16 PM: HKCR\clsid\{01fc5803-8644-45d7-877b-5a3924d8ecc4}\ (13 subtraces) (ID = 146292)
    5:16 PM: HKCR\imgconv.clsimgconv\ (3 subtraces) (ID = 146293)
    5:16 PM: HKLM\software\classes\clsid\{01fc5803-8644-45d7-877b-5a3924d8ecc4}\ (13 subtraces) (ID = 146294)
    5:16 PM: HKLM\software\classes\imgconv.clsimgconv\ (3 subtraces) (ID = 146295)
    5:16 PM: HKLM\software\classes\typelib\{15e7d23b-736e-46fa-bffd-cbec4126befd}\ (9 subtraces) (ID = 146296)
    5:16 PM: HKCR\typelib\{15e7d23b-736e-46fa-bffd-cbec4126befd}\ (9 subtraces) (ID = 146304)
    5:16 PM: Found Adware: hotbar
    5:16 PM: HKU\.DEFAULT\software\microsoft\internet explorer\toolbar\shellbrowser\ || {b195b3b3-8a05-11d3-97a4-0004aca6948e} (ID = 127585)
    5:16 PM: HKU\.DEFAULT\software\support software\ (11 subtraces) (ID = 136177)
    5:16 PM: HKU\.DEFAULT\software\updater\ (2 subtraces) (ID = 136178)
    5:16 PM: HKU\.DEFAULT\software\safesearch\ (1 subtraces) (ID = 140361)
    5:16 PM: Found Trojan Horse: sncntr
    5:16 PM: HKU\.DEFAULT\software\sncntr\ (3 subtraces) (ID = 141880)
    5:16 PM: Found Adware: sidesearch
    5:16 PM: HKU\.DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping\ || {000007c6-17df-4438-92a4-de5537471ba3} (ID = 530423)
    5:16 PM: Registry Sweep Complete, Elapsed Time:00:00:53
    5:16 PM: Starting Cookie Sweep
    5:16 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
    5:16 PM: Starting File Sweep
    ********
    5:05 PM: | Start of Session, Friday, August 04, 2006 |
    5:05 PM: Spy Sweeper started
    5:06 PM: Your spyware definitions have been updated.
    5:09 PM: | End of Session, Friday, August 04, 2006 |

    I will have to do another post to include the HJT log.
     
  8. RH049

    RH049 Thread Starter

    Joined:
    Jul 21, 2005
    Messages:
    81
    Here is the HJT report

    Logfile of HijackThis v1.99.1
    Scan saved at 9:49:35 AM, on 8/5/2006
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cibc.com/ca/personal.html
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
    O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
    O4 - HKLM\..\Run: [SpySweeper] "C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SpySweeper.exe" /startintray
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
    O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O4 - Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    O4 - Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7b77298065d0b9/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://216.197.160.57/plugin/h263ctrl.cab

    The computer is still very difficult to work with. It is still hanging, I have to do ctrl+alt+del an awful lot to keep it moving. Often twice (and no it is not rebooting this way unless I just ctrl+alt+del x2 without clicking anything else). All scans were done in safe mode.

    RH049
     
  9. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Have you run check disk to see if the drive is having problems?
     
  10. RH049

    RH049 Thread Starter

    Joined:
    Jul 21, 2005
    Messages:
    81
    Yes. Thorough scan. Everything ok.
     
  11. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Does this person have data that you would need to save and a way to do that?

    Perhaps at this point in time a format and reload is the best option.
     
  12. RH049

    RH049 Thread Starter

    Joined:
    Jul 21, 2005
    Messages:
    81
    I am inclined to agree, however, i'm not sure he has the original disk. And the cd drive and the dvd drive are not being recognised. They have power, but no drive associated to them. I have been trying to get them going but I'm not having much luck. I was thinking of offering him a Linux Ubuntu system but I'm not sure if he would find that too confusing. Someone here had mentioned a while back about using Linux to get into the Windows system to repair it. Have you ever heard of this and do you know how to do it?
     
  13. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Sorry, I'm not aware of how to repair Windows using Linux.
     
  14. RH049

    RH049 Thread Starter

    Joined:
    Jul 21, 2005
    Messages:
    81
    Hi Cybertech

    I started looking through the registry and found entries for Kazaa. I'd had some luck using MooSoft The Cleaner with Kazaa before. It found multiple entries of MySearchBar, so it got rid of those. I then went through the registry and got rid of all Kazaa entries. I then downloaded Cleaner 4.5.1 and it found one MyPlace file which it deleted. I then went into IE and reset My Home Page, and in Programs, Reset Web Settings. I then used CCleaner, and cleaned all I could there. I then booted into Safe Mode and ran your Webroot Spysweeper. The scan said "Congratulations, nothing found!". The WS log however shows WS temp files that were unavailable. I couldn't find much on there web page on this and I am assuming everything is ok. Anyway, I am including a HJT log and WS log. I am hoping you can give a once over and see if I got everything.

    Thankyou for everything Cybertech. I really appreciated your direction.
    RH049
    _________________________

    HJT Log:

    Logfile of HijackThis v1.99.1
    Scan saved at 12:40:27 PM, on 8/8/2006
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\SSDPSRV.EXE
    C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
    C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
    C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
    C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
    C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOHMR08.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOEVM08.EXE
    C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\WRSSSDK.EXE
    C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSTS08.EXE
    C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cibc.com/ca/personal.html
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
    O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
    O4 - HKLM\..\Run: [SpySweeper] "C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE" /startintray
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
    O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O4 - Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    O4 - Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7b77298065d0b9/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
    O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
    O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} (VaPgCtrl Class) - http://216.197.160.57/plugin/h263ctrl.cab

    WS Log:

    ********
    11:52 AM: | Start of Session, Tuesday, August 08, 2006 |
    11:52 AM: Spy Sweeper started
    11:52 AM: Sweep initiated using definitions version 734
    11:52 AM: Starting Memory Sweep
    11:54 AM: Starting Registry Sweep
    11:54 AM: Memory Sweep Complete, Elapsed Time: 00:00:00
    11:55 AM: Registry Sweep Complete, Elapsed Time:00:03:20
    11:55 AM: Starting Cookie Sweep
    11:55 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
    11:55 AM: Starting File Sweep
    11:55 AM: Warning: Failed to open file "c:\windows\win386.swp". The process cannot access the file because it is being used by another process
    12:01 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb71a9d9f-b5f0-4758-a16f-a2db6d1938c7.tmp". The process cannot access the file because it is being used by another process
    12:01 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs58be8f7a-5384-4d27-a722-62cf9ac9cb18.tmp". The process cannot access the file because it is being used by another process
    12:01 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs763a9c2c-07bc-4dd0-9ba9-a13dc173f811.tmp". The process cannot access the file because it is being used by another process
    12:01 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb7fd5dfe-5453-47d1-b3eb-cc21909435ee.tmp". The process cannot access the file because it is being used by another process
    12:01 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsab324e91-3d8c-4a78-9733-6d8c09912b27.tmp". The process cannot access the file because it is being used by another process
    12:01 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs3d3733d7-888d-4bf1-a616-d229c4f906cb.tmp". The process cannot access the file because it is being used by another process
    12:01 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsa66d99d0-1139-40df-aed1-15579b9db8cc.tmp". The process cannot access the file because it is being used by another process
    12:01 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs589089e4-56e8-4473-8147-d950c4a83af1.tmp". The process cannot access the file because it is being used by another process
    12:01 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs226bc71f-12e7-4d40-9976-633152c2bc91.tmp". The process cannot access the file because it is being used by another process
    12:01 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsd299e6a0-09e2-4d17-951b-d40222005aa1.tmp". The process cannot access the file because it is being used by another process
    12:01 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs93d0f983-87a0-428b-89b8-581d57dc4e3b.tmp". The process cannot access the file because it is being used by another process
    12:01 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs50556cda-a170-403b-9e49-d1c3daa170d3.tmp". The process cannot access the file because it is being used by another process
    12:01 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsfc2809eb-b52a-4a0e-80a4-2812c03d7597.tmp". The process cannot access the file because it is being used by another process
    12:01 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs54109a35-3590-4376-829a-4375ac3b8fda.tmp". The process cannot access the file because it is being used by another process
    12:01 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs509d2191-56cb-4040-8fb2-546befc04f0c.tmp". The process cannot access the file because it is being used by another process
    12:01 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsda75d9a4-82f1-4ef4-b48e-8e7068640533.tmp". The process cannot access the file because it is being used by another process
    12:01 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs7ec9d368-5f7c-46c5-9f88-1571d86d7c99.tmp". The process cannot access the file because it is being used by another process
    12:01 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs777522ff-4ff3-4981-b25e-c6f49d49ef59.tmp". The process cannot access the file because it is being used by another process
    12:01 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscscf8f7404-c459-4173-8134-f6d1bc3e3b82.tmp". The process cannot access the file because it is being used by another process
    12:01 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4ee66e59-fffc-4cfe-af2b-274523e49186.tmp". The process cannot access the file because it is being used by another process
    12:01 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsa9792350-dab2-4901-8797-6df5099d846b.tmp". The process cannot access the file because it is being used by another process
    12:01 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs6db4b099-12f0-4249-a649-972d4e1235be.tmp". The process cannot access the file because it is being used by another process
    12:01 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscse48c1fe9-0326-4ca4-a030-54f625f76bcb.tmp". The process cannot access the file because it is being used by another process
    12:01 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbf5b9566-9c96-4a53-ab6b-a6d27afbaa03.tmp". The process cannot access the file because it is being used by another process
    12:01 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs36bd436f-39c8-4d96-813f-be83579f1b53.tmp". The process cannot access the file because it is being used by another process
    12:01 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs743affbb-d628-4385-b34f-45f769da03ef.tmp". The process cannot access the file because it is being used by another process
    12:01 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs91338f4f-0fca-4485-8163-dcdd3c6e7b97.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4b2882d0-d5da-4080-b728-7e3bc886374e.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs04c7b468-219f-41a1-acfd-cead06b0aadb.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaff2e867-57f6-436e-b182-2811480409da.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs73be6e36-b3cf-4378-9516-47682f2ecebc.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4b875de0-010c-4dbe-8636-69a92a3f0306.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs14b5a08e-6139-408e-a901-f4ff4e887c3b.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs7838197f-2611-4655-bfd1-22287913f711.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs3db757f5-41cc-4ba8-b07f-9cba5ece654e.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsa8e6dece-5e51-4e41-82d0-9153a342c4e7.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbb6d0330-d8e6-446d-9304-e8c924686930.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs11b8ae4f-dfa9-478f-92fc-51369454b869.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs1c8df204-e993-41f2-a96a-47d34e606542.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs915bd55c-3fe8-44ea-92b8-8ecfaf539536.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsacc47f45-b803-4985-bfa3-92acd4eb07f1.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf5218878-e1a7-4cce-99be-fbc5dd1aa747.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsa4292665-c2d0-4b28-8ab2-c22e2c156f54.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs05fe583b-876e-4db9-98e4-5725a83b80fd.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscse490c179-cd44-4141-a607-5ad8ba1d5d8f.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs0f6c7752-68a5-4fe6-b6c7-a8f49d602fde.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs10ed8125-c435-446e-8d9d-66087cd7e6a7.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsecffabb9-7469-45f3-8b0e-4344decf2fe1.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs5f970e1b-1355-4958-898d-66af798ddbac.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs7bc4e81d-2e5b-47bc-9248-97a07d4b5123.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb248f0cb-9ae9-4364-95c8-8524e5eca836.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb27dcf15-f5b2-4432-b7df-83bbe790d676.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsd47e1a1e-7e3f-47e4-b459-f9d6a96ec1ec.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsd34bf909-ed7b-4c73-bfc6-eec6ede04552.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsd60967bb-432d-4115-8ae5-1652c19d3559.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsfbcc9309-c834-4b6c-aa4a-2603d033627b.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscse4630a7a-b59c-4e63-9b05-f0b4442b6e2c.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsa52de9ae-03e9-4971-9db0-333b5fe54538.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsc5fd4eb3-4672-4159-aa8c-3216cbb5d493.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4454ebca-fb95-45d7-884d-9d00b021bd97.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs675e33e2-c090-4004-a8e2-edd1100bc1d7.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs913e2d70-a43c-4657-bf77-9da167b27a8e.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscseb06f840-3800-41f5-a9db-8c6c78a4227d.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscse2143b9d-58a4-457d-a6a7-b66f6068c3d5.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs1929ddda-c756-496c-ab32-b26d983b6dc5.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs5fd862b5-818d-4c3f-9390-f034ee3d74e7.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsa38e0334-db34-45d0-9847-234527d958ba.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsa6f86058-140f-45a1-aa18-f4e4441b10b0.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs587cdfa0-d5e3-46c2-ba2e-2dda3e102bb9.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs755b52cf-8ee7-48b1-b641-cf365a5fe753.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs6cbecb6b-f03d-41db-bdd5-e4661c441b4b.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbc760837-9eae-4228-95e6-4093e6763683.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf8a7671f-5ee6-49c2-aa57-93bb7e343f77.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs962ead5d-1151-4c7d-8d3f-e22969b60072.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs65a7f0a6-ed8d-4ce4-bbb9-309bfc88804d.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs8ba599ac-3263-406b-bd86-a1b23d837925.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs9e91665f-a868-4946-8ac4-de087f1f3ed1.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e08314a-5af2-43e9-a9ab-f73cc8201fdd.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs3d00dcb6-b559-4baa-ad83-aec5dda575b9.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs22d699da-5b18-48d0-aa02-f85b89e6ea09.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs76e7a879-9d8e-47d9-ad35-6efefec8c05e.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs80be69dc-62db-4c5a-a6be-44e69fd30299.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs6f619472-af8f-405e-8166-a1fe711630cc.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscscf1d41a8-db8d-4a8b-8928-fada48bbf4c4.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs9ff36fe7-efd1-4a2e-ba24-58ecc596b066.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4ab86387-7602-4458-b6d8-b64652d8fd35.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs07fc561a-f22b-410c-af9f-74f8ad0b8ac5.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsea2599f6-ef2b-4da4-a9bf-b25ecd7672ae.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs2f228454-2262-4e0d-a480-f32c9b4a6465.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs1d8a5396-e27d-495a-a8a0-1b2ed5901efc.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs90c7538e-ba2b-4865-8ed4-e58d0c8bc332.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsc6d27d43-2545-493f-a960-e33b9862ed5a.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs7bb604cc-5b0f-4a91-a15b-f79e27ca8259.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsdf5f65d9-c15c-4d7c-bc84-6a13bd10e115.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs0bc3af33-88fd-4467-9367-8e406ca09b3a.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs60c983e0-0128-4c5c-bf89-490964c744e8.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs074a717c-360e-4a68-badc-8dbaa6ab42fd.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs480cf20a-f3e2-4400-b34c-370e9e1c7c78.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs1a22da30-b60e-4072-bf5a-5a52c35ac836.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsca972aec-2f39-42cf-a9be-b6ac46540204.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4c779ee7-6d88-4e23-9eb0-7de9c3bf63d1.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs46ec0413-fdd3-4e42-b528-2fc058fc631c.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsfbc2cd7a-0aa6-4dca-a625-b31e7fd4531b.tmp". The process cannot access the file because it is being used by another process
    12:02 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb158aaab-5183-4e24-bbaa-dece8c1c4700.tmp". The process cannot access the file because it is being used by another process
    12:19 PM: File Sweep Complete, Elapsed Time: 00:23:59
    12:19 PM: Full Sweep has completed. Elapsed time 00:27:27
    12:19 PM: Traces Found: 0
     
  15. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Nice job, looks fine!

    Happy I could help.

    :)
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/489390

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice