0

I am pretty new to this and apologize in advance for any mistakes as far as procedure. My computer is having problems with Spyaxe, and it started yesterday. I kept on getting a message on the bottom right of my computer "your computer is infected" and my home page keeps getting taken over by the spyaxe website. I ran adaware and ewido in safe mode, and it seems to have taken away the persistant message, but my homepage is still getting re-routed. I tried removing spyaxe several times, but upon restart it keeps being installed on its own. I have tried downloading smitRem but I don't think it is working :rolleyes: . Please review my HiJack log and advise:

Logfile of HijackThis v1.99.1
Scan saved at 3:07:57 PM, on 12/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PopUpStopperProfessional.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~3\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\MXDYRU1C\HijackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.cnn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.cnn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.cnn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hpCE82.tmp (file missing)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [cmd32] C:\cmd.exe
O4 - HKCU\..\Run: [PopUpStopperProfessional] C:\PROGRA~1\PANICW~1\POP-UP~1\PopUpStopperProfessional.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VAIO Action Setup (Server).lnk = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.LNK.disabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135730697622
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~3\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

4
Contributors
13
Replies
14
Views
11 Years
Discussion Span
Last Post by DMR
0

thanks Jayshankar, I downloaded CWshredder. How do I disable system restore? Is that while I'm in safe mode?

0

I still have a problem. My homepage keeps getting changed everytime I boot. Please advise.........

0

Ok, I went to safe mode again and did a HJT scan, then I opened the smitRem folder and clicked on RunThis.bat. I also did a full Ad-aware scan and Ewido scan. I checked Control Panel and there was no Security Info checked. I then rebooted and ran a Panda scan. Please review my Panda scan, HJT log, and Ewido log reports. I am still having my homepage changed upon rebooting. :sad: Thanks in advance.

(Panda Scan Report)

Incident                                    Status                        Location                                                                                                                                                             Spyware:Spyware/BetterInet    Not disinfected               C:\WINDOWS\INF\biini.inf                                                                                                                                     Adware:Adware/IPInsight         Not disinfected               C:\WINDOWS\INF\alchem.inf                                                                                                                         
Adware:adware/iedriver           Not disinfected               C:\WINDOWS\SYSTEM32\sub.dll                                                                                                                                                    
Adware:adware/virtualbouncer  Not disinfected               C:\WINDOWS\SYSTEM32\INNERVBINSTALL.LOG                                                                                                                                   
Adware:adware/sidesearch      Not disinfected               C:\WINDOWS\sepsd.bin                                                                                                                                         Dialer:dialer.b                        Not disinfected               C:\WINDOWS\tmlpcert2005                                                                                                                        
Adware:adware/ncase           Not disinfected               C:\WINDOWS\msbbi.exe                                                                                                                                        
Adware:adware/ieplugin        Not disinfected               C:\WINDOWS\kwv2.dat                                                                                                    
Adware:adware/securityerror   Not disinfected               C:\Documents and Settings\default\Favorites\Antivirus Test Online.url                                                                                                                                              
Virus:Exploit/ByteVerify      Not disinfected               C:\Documents and Settings\default\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-1b8b63a-1d7bddca.zip[Dummy.class]                                                                                                                      
Virus:Exploit/ByteVerify      Not disinfected               C:\Documents and Settings\default\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv677.jar-6c1a22b0-54ebc8a3.zip[Matrix.class]                                                                                                               
Virus:Exploit/ByteVerify      Not disinfected               C:\Documents and Settings\default\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv677.jar-6c1a22b0-54ebc8a3.zip[Dummy.class]                                                                                                                

(HiJackThis Log)

Logfile of HijackThis v1.99.1
Scan saved at 11:27:09 AM, on 12/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\DOCUME~1\default\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.yahoo.com/[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://www.yahoo.com/[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = [url]http://www.cnn.com[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://www.cnn.com[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.yahoo.com/[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [url]http://www.cnn.com[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - Default URLSearchHook is missing
O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hpCE82.tmp (file missing)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [cmd32] C:\cmd.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [PopUpStopperProfessional] C:\PROGRA~1\PANICW~1\POP-UP~1\PopUpStopperProfessional.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VAIO Action Setup (Server).lnk = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.LNK.disabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - [url]http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409[/url]
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - [url]http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab[/url]
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - [url]http://www.webshots.com/samplers/WSDownloader.ocx[/url]
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - [url]http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[/url]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [url]http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135730697622[/url]
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - [url]http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab[/url]
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~3\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

---------------------------------------------------------

ewido anti-malware - Scan report

 + Created on:          1:32:10 PM, 12/29/2005
 + Report-Checksum:     E0C175A9

 + Scan result:

    C:\Documents and Settings\default\Cookies\default@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
    C:\Documents and Settings\default\Cookies\default@www.myaffiliateprogram[2].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
    C:\Documents and Settings\default\Cookies\default@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup


::Report End

Edited by Nick Evan: Fixed formatting

0

Please help me through the steps to ensure that spyaxe is not in my system. I managed to get rid of the annoying message and the auto reload of spyaxe, but I feel that my system may still be infected. Please advise the steps I need to take and what reports to post for you (HJT, Ad-aware, ewido etc.). I appreciate your help. :-|

0

1. Have HJT fix:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hpCE82.tmp (file missing)
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O4 - HKLM\..\Run: [cmd32] C:\cmd.exe


2. Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".

- Search for the following files and delete them if found:

C:\WINDOWS\system32\hpCE82.tmp
C:\cmd.exe


3. Empty your Recycle Bin and reboot.

4. Run HJT again and post a fresh log, and let us know if the homepage hijack is still present.

0

Thanks DMR.

I deleted the files that you mentioned from HJT, except this one:

O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hpCE82.tmp (file missing)

as I could not find it.

I also adjusted windows explorer settings but could not find the two files that you referenced:

C:\WINDOWS\system32\hpCE82.tmp
C:\cmd.exe

This is my fresh HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 10:20:47 PM, on 1/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~3\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SYSTEM32\cmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PopUpStopperProfessional.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\default\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.cnn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.cnn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.cnn.com
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Documents and Settings\default\Desktop\NSW2005\NAV\External\NORTON\APP\NAVShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [cmd32] C:\WINDOWS\SYSTEM32\cmd.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [PopUpStopperProfessional] C:\PROGRA~1\PANICW~1\POP-UP~1\PopUpStopperProfessional.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VAIO Action Setup (Server).lnk = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.LNK.disabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135730697622
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~3\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

When I rebooted, my homepage hijack is not there, but the C:\ window opened (I think this would be MS DOS mode). The window was titled as:

C:\WINDOWS\SYSTEM32\cmd.exe

And inside the window it had the following:

C:\Documents and Settings\default>

Please advise. Also, should I reset the windows explorer settings to what they were?

Thanks again!

0

You HJT log looks clean, but as evidenced by the persisiting cmd.exe issue, the infection still seems to be (at least somewhat) active, .

You said you downloaded the smitrem utility, but that it didn't seem to work. Please run the utility again, as per the instructions from the utility's author. After doing so, post the contents of the "smitfiles.txt" file mentioned in those instructions.

0

I still have a problem it seems. When I downloaded smitRem again, and the rebooted in safe mode, I tried double clicking on RunThis.bat. However there was just a flash, as if the MS DOS window was about to open, but nothing was started. I could not find the smitfiles.txt log either.

AND, worst of all, when I rebooted again in normal mode, my homepage was hijacked by an obscene website. HELP!!! Here's my HJT log if you want:

Logfile of HijackThis v1.99.1
Scan saved at 7:25:52 PM, on 1/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PopUpStopperProfessional.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~3\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\default\LOCALS~1\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.cnn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.cnn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.cnn.com
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Documents and Settings\default\Desktop\NSW2005\NAV\External\NORTON\APP\NAVShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [cmd32] C:\cmd.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [PopUpStopperProfessional] C:\PROGRA~1\PANICW~1\POP-UP~1\PopUpStopperProfessional.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VAIO Action Setup (Server).lnk = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.LNK.disabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - DefaultPrefix: http://www.microsoit.com/direct.php?url=
O13 - WWW Prefix: http://www.microsoit.com/direct.php?url=
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135730697622
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~3\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

I think the problem may be when I re-start in safe mode......I don't know. Thanks again.

0

You will need to close/quit all web browser programs and disconnect from the Internet for much of the following, so you should print out these instructions or save them into a text file with Notepad.

1. C:\DOCUME~1\default\LOCALS~1\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

The log entry above indicates that you have been running HijackThis from within a Temp/Temporary folder. Please do the following:

Create a folder for HJT outside of any Temp/Temporary folders and move the HijackThis.exe file to that folder now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.

One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders. Given that, if HijackThis (and other data that you care about) is living in those Temp folders, it will be erased along with everything else!
Temp/Temporary folders are just that- Temporary. They are not meant for permanent storage, as their contents are often delete in the course of troubleshooting, by running disk clean-up utilities, etc.


2. Once you've fixed the above problem, download and install the following utilities:

CCleaner - www.ccleaner.com
Webroot Spy Sweeper (14 day free trial) - http://www.webroot.com/shoppingcart/tryme.php?bjpc=64011&vcode=DT02

- Open Spy Sweeper, click on "Options", and then click on "Update Definitions" under the Program Options tab. Do not run a scan yet; just close the program once the update completes.


3. Run HiajckThis and have it fix:

O4 - HKLM\..\Run: [cmd32] C:\cmd.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\System32\shdocvw.dll (HKCU)


4. Reboot into Safe Mode again.


5. Open CCleaner.

- Go to Options-> Advanced: Uncheck "Only delete files in Windows Temp folders older than 48 hours"

- Go to Options>CustomFolders>Add Folder>Navigate to these folders (click on bold file once and hit OK) :
* C:\Windows\Temp
* C:\Windows\Prefetch
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ (This will delete all your cached internet content including cookies.)
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp
* C:\Documents and Settings\<any other user's Profile>\Local Settings\Temporary Internet Files
* C:\Documents and Settings\<Any other user's Profile>\Local Settings\Temp
* C:\Documents and Settings\<Your Profile>\Cookies
* C:\Documents and Settings\<Any other users Profile>\Cookies
Hit OK
In left pane, scroll down to "Advanced, Custom Folders", put a check in Custom Folders

- Click on Run Cleaner

It may take a while for the program to perform its cleaning, so be patient. Close the program when it has finished.


6. Run Spy Sweeper.

- Under the Sweep Options tab, select ALL options under 'What to Sweep'.
-Click the "Sweep" icon and then "Start" to begin scanning.
- When the scan completes, click Next to automatically quarantine all detected items.
- Click the Results icon, select Session Log, and then click Save to File. Save the scan results to your desktop and close Spy Sweeper.


7. Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".

- Search for the following file and delete it if found:

C:\cmd.exe


8. Empty your Recycle Bin, reboot normally, run HijackThis again, and post the new log. Also post the log that Spy Sweeper generated.

0

Thanks DMR, I followed your instructions and I also disabled system restore, just in case, before I went into safe mode and ran CCleaner and Spy Sweeper. Here is the HiJack log:

Logfile of HijackThis v1.99.1
Scan saved at 8:01:54 PM, on 1/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~3\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PopUpStopperProfessional.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.cnn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.cnn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.cnn.com
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Documents and Settings\default\Desktop\NSW2005\NAV\External\NORTON\APP\NAVShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [PopUpStopperProfessional] C:\PROGRA~1\PANICW~1\POP-UP~1\PopUpStopperProfessional.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VAIO Action Setup (Server).lnk = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.LNK.disabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135730697622
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~3\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

And here is the Spy Sweeper log:

********
12:20 PM: | Start of Session, Sunday, January 08, 2006 |
12:20 PM: Spy Sweeper started
12:20 PM: Sweep initiated using definitions version 597
12:20 PM: Starting Memory Sweep
12:22 PM: Memory Sweep Complete, Elapsed Time: 00:01:11
12:22 PM: Starting Registry Sweep
12:22 PM: Found Adware: clipgenie
12:22 PM: HKLM\software\microsoft\windows\currentversion\app management\arpcache\clipgenie\ (2 subtraces) (ID = 105921)
12:22 PM: Found Adware: gsim
12:22 PM: HKLM\software\microsoft\windows\currentversion\uninstall\gsim\ (2 subtraces) (ID = 127019)
12:22 PM: Found Adware: ie driver
12:22 PM: HKU\.default\software\microsoft\internet explorer\extensions\cmdmapping\ || {120e090d-9136-4b78-8258-f0b44b4bd2ac} (ID = 127909)
12:22 PM: Found Adware: instant access
12:22 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/system32/p2ecom.dll\ (2 subtraces) (ID = 128807)
12:22 PM: Found Adware: wild media - minigolf
12:22 PM: HKLM\software\minigolf\ (ID = 135062)
12:22 PM: Found Adware: wildmedia
12:22 PM: HKCR\appid\winaffiliatebho.dll\ (1 subtraces) (ID = 146688)
12:22 PM: HKCR\interface\{851f86c9-d3cc-4574-93f5-40e2d65159e4}\ (8 subtraces) (ID = 146695)
12:22 PM: HKLM\software\classes\appid\winaffiliatebho.dll\ (1 subtraces) (ID = 146699)
12:22 PM: HKLM\software\classes\interface\{851f86c9-d3cc-4574-93f5-40e2d65159e4}\ (8 subtraces) (ID = 146709)
12:22 PM: Found Adware: security2k hijacker
12:22 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objecta\ (2 subtraces) (ID = 735573)
12:22 PM: Found Trojan Horse: trojan-downloader-zlob
12:22 PM: HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || kernel32.dll (ID = 796421)
12:22 PM: HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || wininet.dll (ID = 797671)
12:22 PM: HKLM\software\microsoft\windows\currentversion\policies\explorer\run\ || nvctrl.exe (ID = 797753)
12:22 PM: Found Adware: spyaxe fakealert
12:22 PM: HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler\ || {a2c8f6b1-7c2a-3d1c-a3c6-a1fda113b43f} (ID = 1099807)
12:22 PM: HKU\S-1-5-21-1957994488-1580818891-1060284298-1004\software\microsoft\windows\currentversion\wintrust\trust providers\software publishing\trust database\0\ || goicfboogidikkejccmclpieicihhlpo bgdjdn (ID = 128845)
12:22 PM: HKU\S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping\ || {120e090d-9136-4b78-8258-f0b44b4bd2ac} (ID = 127930)
12:22 PM: Registry Sweep Complete, Elapsed Time:00:00:24
12:22 PM: Starting Cookie Sweep
12:22 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
12:22 PM: Starting File Sweep
12:22 PM: Warning: Failed to open file "c:\pagefile.sys". Access is denied
12:22 PM: uninstaller.exe (ID = 88858)
12:23 PM: gsim.inf (ID = 61964)
12:23 PM: Found Adware: directrevenue-abetterinternet
12:23 PM: belt.inf (ID = 83154)
12:27 PM: Warning: Failed to open file "c:\windows\system32\config\system.log". The process cannot access the file because it is being used by another process
12:27 PM: Warning: Failed to open file "c:\windows\system32\config\software.log". The process cannot access the file because it is being used by another process
12:27 PM: Warning: Failed to open file "c:\windows\system32\config\default.log". The process cannot access the file because it is being used by another process
12:27 PM: Warning: Failed to open file "c:\windows\system32\config\security". The process cannot access the file because it is being used by another process
12:27 PM: Warning: Failed to open file "c:\windows\system32\config\sam". The process cannot access the file because it is being used by another process
12:27 PM: Warning: Failed to open file "c:\windows\system32\config\sam.log". The process cannot access the file because it is being used by another process
12:27 PM: Warning: Failed to open file "c:\windows\system32\config\security.log". The process cannot access the file because it is being used by another process
12:27 PM: Warning: Failed to open file "c:\windows\system32\config\system". The process cannot access the file because it is being used by another process
12:27 PM: Warning: Failed to open file "c:\windows\system32\config\software". The process cannot access the file because it is being used by another process
12:27 PM: Warning: Failed to open file "c:\windows\system32\config\default". The process cannot access the file because it is being used by another process
12:29 PM: Found Adware: cnsmin
12:29 PM: install.dll (ID = 53285)
12:29 PM: install.inf (ID = 53286)
12:46 PM: Warning: Failed to open file "c:\documents and settings\default\ntuser.dat". The process cannot access the file because it is being used by another process
12:46 PM: Warning: Failed to open file "c:\documents and settings\default\ntuser.dat.log". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\default\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\default\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsce292984-bfbc-4df0-a209-fe4e28114a7c.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs1a015f98-bbf4-4102-a749-1cef1a0666cb.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsb8fa6563-6aee-47dc-b9ba-855361fd2d6c.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs3046631e-ba11-48e4-80c3-051b6147666f.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs3d513a96-bc59-4516-89d3-a8a021b96c2d.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs15469634-bab1-478e-9f89-752a1cd3e2d8.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsbedaa10f-0541-4d25-a2af-aaf1b169a68d.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscse5d77e6b-a98e-4009-9d9a-27a88c005e43.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsd5676b74-7b95-43bd-a75f-5ca3f0321dbd.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs661ce08e-c87c-4a09-948d-61888253b5c4.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs9ea30379-9bf5-4c7b-8ce7-9339154a23b8.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsbf523c16-8542-45b3-a0ee-8b2dbb77b4e6.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs25fc5915-0bfe-4083-87b7-d001dc658fea.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs2344fb46-0fb4-4f3d-b2ab-14ab76029d6c.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsedc7aa9b-c9d7-4fd8-9b0d-56e137c4d5d0.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs055e83f0-170e-49a7-8d75-b9639a5d6c0c.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs4036781b-161b-49c5-b365-e5bfe78d5a5a.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs77fd8640-1be0-4b2e-9946-f6644fd2b9d0.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsafc000f1-b07d-4879-b9de-e401260ba010.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsd5ab988e-632e-4479-b4fb-18e1e8eaa396.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs932f63dd-f97a-4dcb-97ac-6b9cac8a6aa2.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsd3b14cdc-7d3f-4caf-b21e-5db2e9234939.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs0e07fb28-ad01-4f20-95e0-e0e59cd0874f.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs1a7d68b9-db58-4603-9c64-fefeb6d7744f.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs8f7ee0e5-172e-41af-9471-abd9fa297859.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsc6d606a1-792b-485f-baf2-a3e0ba692563.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs1a71d267-77a8-48a4-8d11-28e81d9ff96e.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsde92e63b-dbda-48e6-8cc4-a94351ee5488.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsdef2f140-74d2-461e-8443-a2fc3fa2e7c6.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs2df8b353-568a-42ca-a0aa-0be1522a5800.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs7e846daa-571c-4844-a92f-ddab86bb8f0b.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs2f6e4537-8e8c-4fe0-8e20-4ad8ff929a3a.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs251e601c-d7eb-472a-9ac8-60d2dd5c7ab0.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs09962d56-b1fd-4c4a-959d-e66b83614bd7.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsdab18d21-a781-4684-bbfb-08c25a3b24eb.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsd6630e5b-fc24-4592-87b6-deebc838d8d3.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs3d514502-c3b4-4d96-8dd9-b31503cc5df9.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsd011c26a-4ed3-4ddd-9cbc-372cd6d70a0f.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsdf7c8144-4464-4399-b659-a02d57746e58.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs022fd82a-9464-41e9-b61c-85abf3ee87f4.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscse020ea01-d606-4c07-9855-0516a39212f7.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscse0703b9b-d11a-4e38-bc05-1fbed9f722aa.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs62aa383e-71fb-46d2-a54a-ed057bd5e326.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs06fa15f1-cd94-48c6-9f76-5eded2e40c5f.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsa1a1ac5d-e04b-49ac-8df2-940df05157f3.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs67a43bfe-599d-491c-9728-8f2cf7086717.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs65bc1ede-ea03-4f1e-8a22-3501cd1a5fef.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs37bd73c6-e644-4903-8738-3c9529ff56ad.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsaab07576-d365-4d63-8d84-ec5cd459099a.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs48454544-f1dc-4d7b-8ab5-425b79df0fef.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsb1dfe452-47f4-4169-9389-dc0383569e7e.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsa61ad391-cc26-4215-bd3e-7b5209bbde26.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs6f8f25fb-571f-4bb1-99bb-7d30db565abb.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs2a97a0ef-cd91-49c4-ba67-34f5e0dfa9d5.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs5caf278b-b169-4d46-ab8c-a2456198fa76.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscscbe13b77-d8f0-4044-9cff-7056eea3dbdb.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs2ff6a3d2-ce0e-4536-b935-3794aa1f435b.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsc66d0e3e-f2e0-4a35-a3a7-921dc0864447.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs362e35c9-cdc7-4b00-b464-fad13d845ec9.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs77528068-b571-4356-b87f-d060c110a3fe.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs9ad363c5-1442-43e0-a326-e9c12fdcc34c.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsba92e208-ff30-437a-a387-d67c1cb1e748.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs96778586-7f64-40a6-90bf-5bc8e2e14cff.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsc49506a3-b91c-457b-8478-b4c11266e0d6.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs77713803-5c12-4170-96a2-931f981db566.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs60030c54-91de-460c-a0fe-4702d8afba7e.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsf807fb62-c85e-48a4-99b7-cfb5385ade49.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscse1549bff-2223-4725-87f9-47930ea65d40.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsbd9252e3-8658-45b0-a1cb-c3904d54e705.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs023136b0-b8c6-471c-8a64-43bde76b2dc0.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs11cf3bd3-594b-428c-ba36-b4b92c8106b7.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs3a180095-0361-4efe-a2d2-4b7d26564e97.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs660a5ec6-7694-44e0-a43c-3ee6d3a66ce9.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsc947aa65-3f0f-4fec-8777-f9c3e2214854.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs7d6ac74a-00c4-4e8c-9fb9-7b043779e578.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs6a43bdb5-9fde-4234-b0f2-2b2ee3d494c5.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs3bf56d78-5b3e-4fdf-9df6-94274d813994.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs9157c47f-c415-4a71-8efb-62fb31827d26.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscseb5a431d-bb1b-46df-b742-36f2f1499959.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs62c9fb88-5a14-47e1-9b14-68c9cc70b22f.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs8016ddf5-0915-4a63-9979-23c2c928bcdf.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsa9cb0502-31d9-4d71-aa4e-4d76b0e6a6d3.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs5681a42d-185c-4ba2-891a-98a146dd398f.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs031b77e5-c7a5-40f9-be2e-deef36f8b013.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs6a086ab7-14bf-49d9-a75f-8c5c33e8b49d.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsa228113e-b825-4889-9a82-ebd58e970abb.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsa4267852-aed6-4ae7-b592-7200dc930b99.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs76ffe09f-e237-4937-9ecc-bdd3238dea07.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsa9b5a364-744f-4a7d-bb07-2db61d79cafe.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs150de0fd-f434-4340-a8b4-99716ff44c23.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsc3637261-8eea-4643-adb1-6e3deb9fe5a2.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs0d439192-dd19-4470-b61a-6c2981057eff.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs891ce37d-4e6e-4b03-9ce8-cd247c3188b1.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs34e947fe-08c1-415d-8e46-9cf37d1c6ac3.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs876ef157-e3ba-4685-908d-97a2f343ef0f.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs7e673ada-95b6-4164-bb2c-c86365bf9374.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs8d1e6ced-e220-4ed7-b0b2-dd26ba0f4a60.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsc3ceb3c7-5637-4c39-9604-d2f898204f06.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs373c5672-7aa2-49aa-b4ba-0353aa3f7413.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs464a5626-8376-491f-a4db-47705cc34890.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscs9182d8d8-338c-4b95-a90c-401043cfc58e.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsc405bb88-db37-4bbe-bb94-2bae864f93ca.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsef7ace37-44e3-4b00-bd50-503fa673e341.tmp". The process cannot access the file because it is being used by another process
12:48 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\sscsa0203893-1b83-41f4-aa19-d1fca223596f.tmp". The process cannot access the file because it is being used by another process
12:48 PM: File Sweep Complete, Elapsed Time: 00:25:59
12:48 PM: Full Sweep has completed. Elapsed time 00:27:46
12:48 PM: Traces Found: 47
12:56 PM: Removal process initiated
12:56 PM: Quarantining All Traces: clipgenie
12:56 PM: Quarantining All Traces: gsim
12:56 PM: Quarantining All Traces: ie driver
12:56 PM: Quarantining All Traces: instant access
12:56 PM: Quarantining All Traces: wild media - minigolf
12:56 PM: Quarantining All Traces: wildmedia
12:56 PM: Quarantining All Traces: security2k hijacker
12:56 PM: Quarantining All Traces: trojan-downloader-zlob
12:56 PM: Quarantining All Traces: spyaxe fakealert
12:56 PM: Quarantining All Traces: directrevenue-abetterinternet
12:56 PM: Quarantining All Traces: cnsmin
12:56 PM: Removal process completed. Elapsed time 00:00:22
********
11:54 AM: | Start of Session, Sunday, January 08, 2006 |
11:54 AM: Spy Sweeper started
11:55 AM: Your spyware definitions have been updated.
12:19 PM: Program Version 4.5.8 (Build 683) Using Spyware Definitions 597
12:20 PM: | End of Session, Sunday, January 08, 2006 |


My homepage is not getting hijacked anymore, and the computer runs quicker. I think we may have gotten it! ;)
Should I restore the window explorer settings now to what they originally were, and should I enable system restore??

0

All looks good to me. :)

Yes- you can re-enable System Restore and reset your Explorere settings now.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.