Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Massive Infection


  • This topic is locked This topic is locked
5 replies to this topic

#1 limosforu

limosforu

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 15 November 2005 - 12:52 PM

I am getting a massive amount of popups and I am beginning to wonder if I just need to restore and/or format. Below are the logs that I have created using several utilities.

Logfile of HijackThis v1.99.1
Scan saved at 12:04:57 PM, on 11/14/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\ncslvgi\levxoecq.exe
C:\WINDOWS\System32\ncslvgi\levxoecq.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\trlnf\cjlgfynb.exe
C:\WINDOWS\System32\orlnyn\amucc.exe
C:\WINDOWS\System32\lfqimr\gvjmxune.exe
C:\WINDOWS\System32\uoecqr\fpgrqiw.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\MDM.EXE
C:\WINDOWS\Explorer.exe
C:\Documents and Settings\Owner\Desktop\Utilities\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O1 - Hosts: 216.39.69.102 view.atdmt.com
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [opr] C:\WINDOWS\System32\opr.exe
O4 - HKLM\..\Run: [hwmaf] C:\WINDOWS\System32\pnpoagm\hwmaf.exe
O4 - HKLM\..\Run: [nhfupleh] C:\WINDOWS\System32\bwrso\nhfupleh.exe
O4 - HKLM\..\Run: [ywgh] C:\WINDOWS\System32\kqgl\ywgh.exe
O4 - HKLM\..\Run: [jypd] C:\WINDOWS\System32\vuhej\jypd.exe
O4 - HKLM\..\Run: [vwjiqpkme] c:\windows\system32\vwjiqpkme.exe -start
O4 - HKLM\..\Run: [pdxffuqw] C:\WINDOWS\System32\dwlvsju\pdxffuqw.exe
O4 - HKLM\..\Run: [gvjmxune] C:\WINDOWS\System32\lfqimr\gvjmxune.exe
O4 - HKLM\..\Run: [cjlgfynb] C:\WINDOWS\System32\trlnf\cjlgfynb.exe
O4 - HKLM\..\Run: [fpgrqiw] C:\WINDOWS\System32\uoecqr\fpgrqiw.exe
O4 - HKLM\..\Run: [amucc] C:\WINDOWS\System32\orlnyn\amucc.exe
O4 - HKLM\..\Run: [levxoecq] C:\WINDOWS\System32\ncslvgi\levxoecq.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000079.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-110-12-0000079.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (WficaCtl Object) - http://www.sefl.com/ica/bin/wfica.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\dn4s01h7e.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\T3duZXIA\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: greenstdSystem32 - Unknown owner - C:\WINDOWS\System32\greenstd.exe (file missing)
O23 - Service: hwmafpnpoagm - Unknown owner - C:\WINDOWS\System32\pnpoagm\hwmaf.exe
O23 - Service: levxoecqncslvgi - Unknown owner - C:\WINDOWS\System32\ncslvgi\levxoecq.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\fictmrd.exe (file missing)

Ewido LOG:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 5:07:53 PM, 11/14/2005
+ Report-Checksum: A636B581

+ Scan result:

[1228] C:\WINDOWS\system32\mqrepl40.dll -> Spyware.Look2Me : Error during cleaning
[1920] C:\WINDOWS\system32\mqrepl40.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\system@as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\system@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\system@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\system@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\system@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Utilities\Look2MeRemoval\Lk2MeUnInstaller.exe -> Spyware.Zestyfind : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\GJWNC5MX\AppWrap[1].exe -> Spyware.AdURL : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\UJA3EHCD\InSearch[1].exe -> Trojan.VB.aeq : Cleaned with backup
C:\WINDOWS\icont.exe -> Spyware.AdURL : Cleaned with backup
C:\WINDOWS\SYSTEM32\kfdbene.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\mfacm.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\rhvpperf.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\Temp\bw2.com -> Spyware.AdURL : Cleaned with backup


::Report End

BC AdBot (Login to Remove)

 


#2 limosforu

limosforu
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 15 November 2005 - 12:54 PM

I am getting a massive amount of popups and I am beginning to wonder if I just need to restore and/or format. Below are the logs that I have created using several utilities.

Logfile of HijackThis v1.99.1
Scan saved at 12:04:57 PM, on 11/14/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\ncslvgi\levxoecq.exe
C:\WINDOWS\System32\ncslvgi\levxoecq.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\trlnf\cjlgfynb.exe
C:\WINDOWS\System32\orlnyn\amucc.exe
C:\WINDOWS\System32\lfqimr\gvjmxune.exe
C:\WINDOWS\System32\uoecqr\fpgrqiw.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\MDM.EXE
C:\WINDOWS\Explorer.exe
C:\Documents and Settings\Owner\Desktop\Utilities\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O1 - Hosts: 216.39.69.102 view.atdmt.com
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [opr] C:\WINDOWS\System32\opr.exe
O4 - HKLM\..\Run: [hwmaf] C:\WINDOWS\System32\pnpoagm\hwmaf.exe
O4 - HKLM\..\Run: [nhfupleh] C:\WINDOWS\System32\bwrso\nhfupleh.exe
O4 - HKLM\..\Run: [ywgh] C:\WINDOWS\System32\kqgl\ywgh.exe
O4 - HKLM\..\Run: [jypd] C:\WINDOWS\System32\vuhej\jypd.exe
O4 - HKLM\..\Run: [vwjiqpkme] c:\windows\system32\vwjiqpkme.exe -start
O4 - HKLM\..\Run: [pdxffuqw] C:\WINDOWS\System32\dwlvsju\pdxffuqw.exe
O4 - HKLM\..\Run: [gvjmxune] C:\WINDOWS\System32\lfqimr\gvjmxune.exe
O4 - HKLM\..\Run: [cjlgfynb] C:\WINDOWS\System32\trlnf\cjlgfynb.exe
O4 - HKLM\..\Run: [fpgrqiw] C:\WINDOWS\System32\uoecqr\fpgrqiw.exe
O4 - HKLM\..\Run: [amucc] C:\WINDOWS\System32\orlnyn\amucc.exe
O4 - HKLM\..\Run: [levxoecq] C:\WINDOWS\System32\ncslvgi\levxoecq.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000079.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-110-12-0000079.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (WficaCtl Object) - http://www.sefl.com/ica/bin/wfica.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ShellServiceObjectDelayLoad - C:\WINDOWS\system32\dn4s01h7e.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\T3duZXIA\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: greenstdSystem32 - Unknown owner - C:\WINDOWS\System32\greenstd.exe (file missing)
O23 - Service: hwmafpnpoagm - Unknown owner - C:\WINDOWS\System32\pnpoagm\hwmaf.exe
O23 - Service: levxoecqncslvgi - Unknown owner - C:\WINDOWS\System32\ncslvgi\levxoecq.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\fictmrd.exe (file missing)

Ewido LOG:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 5:07:53 PM, 11/14/2005
+ Report-Checksum: A636B581

+ Scan result:

[1228] C:\WINDOWS\system32\mqrepl40.dll -> Spyware.Look2Me : Error during cleaning
[1920] C:\WINDOWS\system32\mqrepl40.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\system@as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\system@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\system@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\system@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\system@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@msnportal.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\Utilities\Look2MeRemoval\Lk2MeUnInstaller.exe -> Spyware.Zestyfind : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\GJWNC5MX\AppWrap[1].exe -> Spyware.AdURL : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\UJA3EHCD\InSearch[1].exe -> Trojan.VB.aeq : Cleaned with backup
C:\WINDOWS\icont.exe -> Spyware.AdURL : Cleaned with backup
C:\WINDOWS\SYSTEM32\kfdbene.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\mfacm.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\rhvpperf.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\Temp\bw2.com -> Spyware.AdURL : Cleaned with backup


::Report End


I also tried to remove the Nail.exe in Hijackthis, but it kept coming back.

#3 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:12 PM

Posted 15 November 2005 - 12:56 PM

Hello and welcome!

Wow, you're log is definately not looking good :thumbsup:

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link under to "SpySweeper" to download the program.
  • Install it. Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Options on the left side.
  • Click the Sweep Options tab.
  • Under What to Sweep please put a check next to the following:
    • Sweep Memory
    • Sweep Registry
    • Sweep Cookies
    • Sweep All User Accounts
    • Enable Direct Disk Sweeping
    • Sweep Contents of Compressed Files
    • Sweep for Rootkits
    • Please UNCHECK Do not Sweep System Restore Folder.
  • Click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.

Hi there, stranger!

#4 limosforu

limosforu
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 15 November 2005 - 04:07 PM

Logfile of HijackThis v1.99.1
Scan saved at 2:46:04 PM, on 11/15/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Owner\Desktop\Utilities\HijackThis.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (WficaCtl Object) - http://www.sefl.com/ica/bin/wfica.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ModuleUsage - C:\WINDOWS\system32\l4r0le9m1h.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\aol\ACS\acsd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


NEW SPYSWEEPER LOG

********
2:17 PM: | Start of Session, Tuesday, November 15, 2005 |
2:17 PM: Spy Sweeper started
2:17 PM: Sweep initiated using definitions version 573
2:17 PM: Starting Memory Sweep
2:17 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\h60qlgd5160.dll". Cannot open file "C:\WINDOWS\SYSTEM32\h60qlgd5160.dll". The process cannot access the file because it is being used by another process
2:17 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\tSpiperf.dll". Cannot open file "C:\WINDOWS\SYSTEM32\tSpiperf.dll". The process cannot access the file because it is being used by another process
2:18 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\tSpiperf.dll". Cannot open file "C:\WINDOWS\SYSTEM32\tSpiperf.dll". The process cannot access the file because it is being used by another process
2:18 PM: Memory Sweep Complete, Elapsed Time: 00:01:11
2:18 PM: Starting Registry Sweep
2:18 PM: Found Adware: look2me
2:18 PM: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\setup\ (6 subtraces) (ID = 129941)
2:18 PM: Found Adware: directrevenue-abetterinternet
2:18 PM: HKU\WRSS_Profile_S-1-5-21-1343024091-436374069-682003330-500\software\aurora\ (18 subtraces) (ID = 360174)
2:18 PM: HKLM\software\microsoft\windows nt\currentversion\winlogon\ || shell (ID = 711393)
2:18 PM: Registry Sweep Complete, Elapsed Time:00:00:13
2:18 PM: Starting Cookie Sweep
2:18 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
2:18 PM: Starting File Sweep
2:20 PM: Warning: Failed to read file "c:\windows\system32\h60qlgd5160.dll". System Error. Code: 32.
The process cannot access the file because it is being used by another process
2:20 PM: Warning: Failed to read file "c:\windows\system32\l4r0le9m1h.dll". System Error. Code: 32.
The process cannot access the file because it is being used by another process
2:21 PM: nail.exe (ID = 185492)
2:21 PM: Warning: Failed to read file "c:\windows\system32\tspiperf.dll". System Error. Code: 32.
The process cannot access the file because it is being used by another process
2:23 PM: File Sweep Complete, Elapsed Time: 00:04:39
2:23 PM: Full Sweep has completed. Elapsed time 00:06:16
2:23 PM: Traces Found: 28
2:31 PM: Removal process initiated
2:31 PM: Quarantining All Traces: look2me
2:31 PM: Quarantining All Traces: directrevenue-abetterinternet
2:31 PM: Removal process completed. Elapsed time 00:00:26
********
1:18 PM: | Start of Session, Tuesday, November 15, 2005 |
1:18 PM: Spy Sweeper started
1:18 PM: Sweep initiated using definitions version 573
1:18 PM: Starting Memory Sweep
1:18 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\h60qlgd5160.dll". Cannot open file "C:\WINDOWS\SYSTEM32\h60qlgd5160.dll". The process cannot access the file because it is being used by another process
1:19 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\tSpiperf.dll". Cannot open file "C:\WINDOWS\SYSTEM32\tSpiperf.dll". The process cannot access the file because it is being used by another process
1:19 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\tSpiperf.dll". Cannot open file "C:\WINDOWS\SYSTEM32\tSpiperf.dll". The process cannot access the file because it is being used by another process
1:19 PM: Memory Sweep Complete, Elapsed Time: 00:01:27
1:19 PM: Starting Registry Sweep
1:19 PM: Found Adware: look2me
1:19 PM: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\setup\ (6 subtraces) (ID = 129941)
1:19 PM: Found Adware: directrevenue-abetterinternet
1:19 PM: HKU\WRSS_Profile_S-1-5-21-1343024091-436374069-682003330-500\software\aurora\ (18 subtraces) (ID = 360174)
1:19 PM: HKLM\software\microsoft\windows nt\currentversion\winlogon\ || shell (ID = 711393)
1:19 PM: Registry Sweep Complete, Elapsed Time:00:00:13
1:19 PM: Starting Cookie Sweep
1:19 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
1:19 PM: Starting File Sweep
1:21 PM: Warning: Failed to read file "c:\windows\system32\h60qlgd5160.dll". System Error. Code: 32.
The process cannot access the file because it is being used by another process
1:21 PM: Warning: Failed to read file "c:\windows\system32\l4r0le9m1h.dll". System Error. Code: 32.
The process cannot access the file because it is being used by another process
1:22 PM: nail.exe (ID = 185492)
1:22 PM: Warning: Failed to read file "c:\windows\system32\tspiperf.dll". System Error. Code: 32.
The process cannot access the file because it is being used by another process
1:24 PM: Found Trojan Horse: lzio
1:24 PM: amucc.exe (ID = 184726)
1:24 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || amucc (ID = 0)
1:24 PM: gvjmxune.exe (ID = 184729)
1:24 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || gvjmxune (ID = 0)
1:24 PM: File Sweep Complete, Elapsed Time: 00:04:39
1:24 PM: Full Sweep has completed. Elapsed time 00:06:32
1:24 PM: Traces Found: 32
2:14 PM: Removal process initiated
2:14 PM: Quarantining All Traces: look2me
2:14 PM: Quarantining All Traces: directrevenue-abetterinternet
2:14 PM: Quarantining All Traces: lzio
2:14 PM: Removal process completed. Elapsed time 00:00:28
2:15 PM: Deletion from quarantine initiated
2:15 PM: Processing: realmedia cookie
2:15 PM: Processing: 360i cookie
2:15 PM: Processing: go.com cookie
2:15 PM: Processing: 64.62.232 cookie
2:15 PM: Processing: comet cursor
2:15 PM: Processing: sc-keylog
2:15 PM: Processing: zquest
2:15 PM: Processing: dealtime cookie
2:15 PM: Processing: adecn cookie
2:15 PM: Processing: adultfriendfinder cookie
2:15 PM: Processing: alt cookie
2:15 PM: Processing: apropos
2:15 PM: Processing: adpowerzone
2:15 PM: Processing: ask cookie
2:15 PM: Processing: alwaysupdatednews
2:15 PM: Processing: atwola cookie
2:15 PM: Processing: bannerspace cookie
2:15 PM: Processing: btgrab cookie
2:15 PM: Processing: 10105 cookie
2:15 PM: Processing: a cookie
2:15 PM: Processing: hbmediapro cookie
2:15 PM: Processing: infospace cookie
2:15 PM: Processing: pub cookie
2:15 PM: Processing: rednova cookie
2:15 PM: Processing: reunion cookie
2:15 PM: Processing: websponsors cookie
2:15 PM: Processing: azjmp cookie
2:15 PM: Processing: 365 cookie
2:15 PM: Processing: 382 cookie
2:15 PM: Processing: 50881381 cookie
2:15 PM: Processing: cas
2:15 PM: Processing: belnk cookie
2:15 PM: Processing: cliks cookie
2:15 PM: Processing: domainsponsor cookie
2:15 PM: Processing: experclick cookie
2:15 PM: Processing: exitexchange cookie
2:15 PM: Processing: find-direct cookie
2:15 PM: Processing: clkoptimizer
2:15 PM: Processing: directrevenue-abetterinternet
2:15 PM: Processing: monica cookie
2:15 PM: Processing: clickandtrack cookie
2:15 PM: Processing: touchclarity cookie
2:15 PM: Processing: upspiral cookie
2:15 PM: Processing: videodome cookie
2:15 PM: Processing: adknowledge cookie
2:15 PM: Processing: go2net.com cookie
2:15 PM: Processing: delfinproject cookie
2:15 PM: Processing: trojan downloader matcash
2:15 PM: Processing: e2g
2:15 PM: Processing: elitebar
2:15 PM: Processing: enbrowser
2:15 PM: Processing: enhance cookie
2:15 PM: Processing: rn11 cookie
2:15 PM: Processing: bookedspace
2:15 PM: Processing: 2nd-thought
2:15 PM: Processing: shopathomeselect
2:15 PM: Processing: look2me
2:15 PM: Processing: delfin
2:15 PM: Processing: 180search assistant/zango
2:15 PM: Processing: adrevservice cookie
2:15 PM: Processing: hotbar cookie
2:15 PM: Processing: multipops cookie
2:15 PM: Processing: kount cookie
2:15 PM: Processing: nextag cookie
2:15 PM: Processing: bizrate cookie
2:15 PM: Processing: homestore cookie
2:15 PM: Processing: letitfind cookie
2:15 PM: Processing: lzio
2:15 PM: Processing: www.maxifiles cookie
2:15 PM: Processing: maxifiles
2:15 PM: Processing: gain-supported software
2:15 PM: Processing: trojan-downloader-mainstreamdollars
2:15 PM: Processing: mirar webband
2:15 PM: Processing: mygeek cookie
2:15 PM: Processing: one2one viewer
2:15 PM: Processing: offeroptimizer cookie
2:15 PM: Processing: partypoker cookie
2:15 PM: Processing: command
2:15 PM: Processing: rightmedia cookie
2:15 PM: Processing: elitemediagroup-mediamotor
2:15 PM: Processing: redzip cookie
2:15 PM: Processing: spywarestormer cookie
2:15 PM: Processing: screensavers.com cookie
2:15 PM: Processing: surfsidekick
2:15 PM: Processing: starware.com cookie
2:15 PM: Processing: spywarelabs install cookie
2:15 PM: Processing: top-banners cookie
2:15 PM: Processing: trojan downloader popuppers
2:15 PM: Processing: trojan-downloader-traf34
2:15 PM: Processing: trojan-downloader-pacisoft
2:15 PM: Processing: tickle cookie
2:15 PM: Processing: targetsaver
2:15 PM: Processing: webhancer
2:15 PM: Processing: virtualbouncer
2:15 PM: Processing: visfx
2:15 PM: Processing: zedo cookie
2:15 PM: Processing: l2m.net cookie
2:15 PM: Processing: metareward.com cookie
2:15 PM: Processing: ist yoursitebar
2:15 PM: Deletion from quarantine completed. Elapsed time 00:00:02
2:17 PM: | End of Session, Tuesday, November 15, 2005 |
********
11:22 AM: | Start of Session, Tuesday, November 15, 2005 |
11:22 AM: Spy Sweeper started
11:22 AM: Sweep initiated using definitions version 573
11:23 AM: Starting Memory Sweep
11:23 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\gp44l3hq1.dll". Cannot open file "C:\WINDOWS\SYSTEM32\gp44l3hq1.dll". The process cannot access the file because it is being used by another process
11:24 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\trlnf\cjlgfynb.exe". Cannot open file "C:\WINDOWS\SYSTEM32\trlnf\cjlgfynb.exe". The process cannot access the file because it is being used by another process
11:24 AM: Found Trojan Horse: lzio
11:24 AM: Detected running threat: C:\WINDOWS\SYSTEM32\trlnf\cjlgfynb.exe (ID = 48)
11:24 AM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || cjlgfynb (ID = 0)
11:24 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\orlnyn\amucc.exe". Cannot open file "C:\WINDOWS\SYSTEM32\orlnyn\amucc.exe". The process cannot access the file because it is being used by another process
11:24 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\lfqimr\gvjmxune.exe". Cannot open file "C:\WINDOWS\SYSTEM32\lfqimr\gvjmxune.exe". The process cannot access the file because it is being used by another process
11:24 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\uoecqr\fpgrqiw.exe". Cannot open file "C:\WINDOWS\SYSTEM32\uoecqr\fpgrqiw.exe". The process cannot access the file because it is being used by another process
11:25 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\snxcoins.dll". Cannot open file "C:\WINDOWS\SYSTEM32\snxcoins.dll". The process cannot access the file because it is being used by another process
11:25 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\ncslvgi\levxoecq.exe". Cannot open file "C:\WINDOWS\SYSTEM32\ncslvgi\levxoecq.exe". The process cannot access the file because it is being used by another process
11:25 AM: Detected running threat: C:\WINDOWS\SYSTEM32\ncslvgi\levxoecq.exe (ID = 48)
11:25 AM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || levxoecq (ID = 0)
11:25 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\ncslvgi\levxoecq.exe". Cannot open file "C:\WINDOWS\SYSTEM32\ncslvgi\levxoecq.exe". The process cannot access the file because it is being used by another process
11:26 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\snxcoins.dll". Cannot open file "C:\WINDOWS\SYSTEM32\snxcoins.dll". The process cannot access the file because it is being used by another process
11:26 AM: Memory Sweep Complete, Elapsed Time: 00:03:22
11:26 AM: Starting Registry Sweep
11:26 AM: Found Adware: clkoptimizer
11:26 AM: HKCR\clsid\{6ec11407-5b2e-4e25-8bdf-77445b52ab37}\ (6 subtraces) (ID = 105953)
11:26 AM: HKCR\folder\shellex\columnhandlers\{6ec11407-5b2e-4e25-8bdf-77445b52ab37}\ (1 subtraces) (ID = 106021)
11:26 AM: HKLM\software\classes\clsid\{6ec11407-5b2e-4e25-8bdf-77445b52ab37}\ (6 subtraces) (ID = 106049)
11:26 AM: HKLM\software\classes\folder\shellex\columnhandlers\{6ec11407-5b2e-4e25-8bdf-77445b52ab37}\ (1 subtraces) (ID = 106116)
11:26 AM: Found Trojan Horse: trojan-downloader-pacisoft
11:26 AM: HKU\S-1-5-21-1343024091-436374069-682003330-1003\software\psof1\ (26 subtraces) (ID = 136530)
11:26 AM: Found Trojan Horse: trojan downloader matcash
11:26 AM: HKU\S-1-5-21-1343024091-436374069-682003330-1003\software\microsoft\windows\currentversion\run\ || dns (ID = 144713)
11:26 AM: Found Adware: directrevenue-abetterinternet
11:26 AM: HKLM\system\currentcontrolset\services\svcproc\ (12 subtraces) (ID = 146140)
11:26 AM: HKU\WRSS_Profile_S-1-5-21-1343024091-436374069-682003330-500\software\aurora\ (18 subtraces) (ID = 360174)
11:26 AM: HKLM\software\microsoft\windows nt\currentversion\winlogon\ || shell (ID = 711393)
11:26 AM: Found Adware: visfx
11:26 AM: HKLM\system\currentcontrolset\services\windows overlay components\ (12 subtraces) (ID = 712954)
11:26 AM: HKLM\software\microsoft\windows\currentversion\uninstall\bsto-1\ (7 subtraces) (ID = 746835)
11:26 AM: Found Adware: maxifiles
11:26 AM: HKCR\iecatcher.iewebcatcher\ (5 subtraces) (ID = 829231)
11:26 AM: HKCR\iecatcher.iewebcatcher.1\ (3 subtraces) (ID = 829237)
11:26 AM: HKCR\clsid\{fff4e223-7019-4ce7-be03-d7d3c8cce884}\ (11 subtraces) (ID = 829241)
11:26 AM: HKCR\typelib\{fff24f28-3ae2-46cd-aebe-2f625133a1ca}\ (9 subtraces) (ID = 829253)
11:26 AM: HKLM\software\classes\typelib\{fff24f28-3ae2-46cd-aebe-2f625133a1ca}\ (9 subtraces) (ID = 829282)
11:26 AM: HKLM\software\classes\iecatcher.iewebcatcher\ (5 subtraces) (ID = 829292)
11:26 AM: HKLM\software\classes\iecatcher.iewebcatcher.1\ (3 subtraces) (ID = 829298)
11:26 AM: HKLM\software\classes\clsid\{fff4e223-7019-4ce7-be03-d7d3c8cce884}\ (11 subtraces) (ID = 829302)
11:26 AM: Found Adware: cas
11:26 AM: HKCR\clsid\{8253d547-38dd-4325-b35a-f1817edfa5f5}\ (4 subtraces) (ID = 862263)
11:26 AM: HKU\S-1-5-21-1343024091-436374069-682003330-1003\software\cas2\ (10 subtraces) (ID = 862278)
11:26 AM: HKLM\software\classes\clsid\{8253d547-38dd-4325-b35a-f1817edfa5f5}\ (4 subtraces) (ID = 862304)
11:26 AM: Found Adware: command
11:26 AM: HKLM\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}\ (7 subtraces) (ID = 892523)
11:26 AM: HKLM\system\currentcontrolset\services\cmdservice\ (12 subtraces) (ID = 958670)
11:26 AM: HKU\S-1-5-21-1343024091-436374069-682003330-1003\software\director\ || baseurl (ID = 980277)
11:26 AM: Registry Sweep Complete, Elapsed Time:00:00:20
11:26 AM: Starting Cookie Sweep
11:26 AM: Found Spy Cookie: nextag cookie
11:26 AM: owner@nextag[1].txt (ID = 5015)
11:26 AM: Found Spy Cookie: www.maxifiles cookie
11:26 AM: system@www.maxifiles[2].txt (ID = 3708)
11:26 AM: system@www.maxifiles[2].txt (ID = 3708)
11:26 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
11:27 AM: Starting File Sweep
11:27 AM: Found Adware: delfin
11:27 AM: c:\windows\system32\vidctrl (ID = -2147481117)
11:27 AM: c:\documents and settings\all users.windows\application data\vidctrl (1 subtraces) (ID = -2147477475)
11:27 AM: c:\program files\common files\inetget (1 subtraces) (ID = -2147477182)
11:27 AM: Found Adware: apropos
11:27 AM: c:\program files\aprps (13 subtraces) (ID = -2147481420)
11:27 AM: Found Adware: surfsidekick
11:27 AM: c:\program files\surfsidekick 3 (ID = -2147480186)
11:27 AM: Found Adware: bookedspace
11:27 AM: c:\windows\cfgmgr52 (76 subtraces) (ID = -2147479590)
11:27 AM: Found Adware: elitebar
11:27 AM: 120914310_3004_1008_3460_63.41.tmp1 (ID = 137430)
11:27 AM: 1048898_2764_3284_2152_63.41.tmp1 (ID = 137430)
11:27 AM: 197300_6492_1000_6544_63.41.tmp1 (ID = 137430)
11:27 AM: 4653998_2764_3284_3612_63.41.tmp1 (ID = 137430)
11:27 AM: 1573540_2028_924_3988_63.41.tmp1 (ID = 137430)
11:27 AM: Found Adware: targetsaver
11:27 AM: glf161glf161.exe (ID = 156520)
11:27 AM: 1245468_2764_3284_3304_63.41.tmp1 (ID = 137430)
11:27 AM: Found Trojan Horse: trojan downloader popuppers
11:27 AM: iemonitor.ocx (ID = 186211)
11:27 AM: 656370_2736_924_2744_63.41.tmp1 (ID = 137430)
11:27 AM: Found Trojan Horse: trojan-downloader-mainstreamdollars
11:27 AM: ventura-hot_246765.exe (ID = 107491)
11:27 AM: Found Adware: enbrowser
11:27 AM: uninst123.exe (ID = 185157)
11:27 AM: 197298_292_1116_1316_63.41.tmp1 (ID = 137430)
11:27 AM: offun.exe (ID = 180413)
11:27 AM: uninstall_wh.exe (ID = 185158)
11:27 AM: linun.exe (ID = 185152)
11:27 AM: 197498_4052_840_4084_63.41.tmp1 (ID = 137430)
11:27 AM: Found Adware: mirar webband
11:27 AM: nnbar_vcsetup_876029.exe (ID = 133198)
11:27 AM: 787448_3364_988_2388_63.41.tmp1 (ID = 137430)
11:27 AM: 459412_3280_972_3580_63.41.tmp1 (ID = 137430)
11:27 AM: 66476_3868_436_3912_63.41.tmp1 (ID = 137430)
11:27 AM: 197782_3868_436_808_63.41.tmp1 (ID = 137430)
11:27 AM: conres.cpl (ID = 137420)
11:27 AM: 524892_3492_980_2412_63.41.tmp1 (ID = 137430)
11:27 AM: Warning: Failed to read file "c:\windows\system32\m2julc191f.dll". System Error. Code: 32.
The process cannot access the file because it is being used by another process
11:27 AM: 12780042_6108_988_3468_63.41.tmp1 (ID = 137430)
11:27 AM: 262586_292_1116_2148_63.41.tmp1 (ID = 137430)
11:27 AM: 197144_3728_1160_2644_63.41.tmp1 (ID = 137430)
11:27 AM: 1311038_120_840_3048_63.41.tmp1 (ID = 137430)
11:27 AM: 459416_3040_1108_880_63.41.tmp1 (ID = 137430)
11:27 AM: 723416_6108_988_316_63.41.tmp1 (ID = 137430)
11:27 AM: 197532_2088_940_3304_63.41.tmp1 (ID = 137430)
11:27 AM: 197076_292_1116_1604_63.41.tmp1 (ID = 137430)
11:27 AM: mit36.tmp (ID = 133197)
11:28 AM: Found Trojan Horse: trojan-downloader-traf34
11:28 AM: gsm3-0511.exe (ID = 81005)
11:28 AM: 196916_3876_896_304_63.41.tmp1 (ID = 137430)
11:28 AM: 3342892_920_936_1500_63.41.tmp1 (ID = 137430)
11:28 AM: 196934_2000_1124_748_63.41.tmp1 (ID = 137430)
11:28 AM: 393870_3224_992_3576_63.41.tmp1 (ID = 137430)
11:28 AM: 131078_4456_840_4292_63.41.tmp1 (ID = 137430)
11:28 AM: 459038_292_1116_2984_63.41.tmp1 (ID = 137430)
11:28 AM: 1a.tmp (ID = 184726)
11:28 AM: 590442_3224_992_1476_63.41.tmp1 (ID = 137430)
11:28 AM: 328372_3224_992_2968_63.41.tmp1 (ID = 137430)
11:28 AM: 262728_292_1116_1664_63.41.tmp1 (ID = 137430)
11:28 AM: 4391206_3224_992_988_63.41.tmp1 (ID = 137430)
11:28 AM: 328538_292_1116_920_63.41.tmp1 (ID = 137430)
11:28 AM: 171.tmp (ID = 184729)
11:28 AM: 262414_292_1116_3456_63.41.tmp1 (ID = 137430)
11:28 AM: 13238896_4456_840_3648_63.41.tmp1 (ID = 137430)
11:28 AM: 262516_3512_1004_3580_63.41.tmp1 (ID = 137430)
11:28 AM: 525046_3512_1004_3192_63.41.tmp1 (ID = 137430)
11:28 AM: mit36.tmp.cab (ID = 133197)
11:28 AM: Found Adware: e2g
11:28 AM: cloudsim.exe (ID = 188122)
11:28 AM: Warning: Failed to read file "c:\windows\system32\snxcoins.dll". System Error. Code: 32.
The process cannot access the file because it is being used by another process
11:28 AM: 786870_3308_1000_3928_63.41.tmp1 (ID = 137430)
11:28 AM: 262340_948_1124_424_63.41.tmp1 (ID = 137430)
11:28 AM: nbeqfcjm.dll (ID = 184727)
11:28 AM: hvdgxlko.dll (ID = 184727)
11:28 AM: 590464_3504_940_3852_63.41.tmp1 (ID = 137430)
11:28 AM: 786656_3504_940_1668_63.41.tmp1 (ID = 137430)
11:28 AM: 65974_1948_800_2268_63.41.tmp1 (ID = 137430)
11:28 AM: 394518_3364_988_3624_63.41.tmp1 (ID = 137430)
11:28 AM: Found Adware: virtualbouncer
11:28 AM: vb2.exe (ID = 164842)
11:28 AM: Warning: Failed to read file "c:\windows\system32\gp44l3hq1.dll". System Error. Code: 32.
The process cannot access the file because it is being used by another process
11:29 AM: 918004_4040_856_1804_63.41.tmp1 (ID = 137430)
11:29 AM: 715719250_2884_908_2112_63.41.tmp1 (ID = 137430)
11:29 AM: Found Adware: 180search assistant/zango
11:29 AM: 18016.mht (ID = 156412)
11:29 AM: 459784_3364_988_2340_63.41.tmp1 (ID = 137430)
11:29 AM: 459944_3364_988_196_63.41.tmp1 (ID = 137430)
11:29 AM: 67092_3364_988_2264_63.41.tmp1 (ID = 137430)
11:29 AM: 393884_3280_972_3352_63.41.tmp1 (ID = 137430)
11:29 AM: win3207768868565.exe (ID = 185160)
11:29 AM: 3539392_160_904_5240_63.41.tmp1 (ID = 137430)
11:29 AM: wuafxt.exe (ID = 188122)
11:29 AM: 3998360_3160_932_2316_63.41.tmp1 (ID = 137430)
11:29 AM: 655956_3284_840_3136_63.41.tmp1 (ID = 137430)
11:29 AM: 263396_2084_940_2340_63.41.tmp1 (ID = 137430)
11:29 AM: 459766_3364_988_3440_63.41.tmp1 (ID = 137430)
11:29 AM: 13632134_3500_1120_4720_63.41.tmp1 (ID = 137430)
11:29 AM: 66896_2084_940_2716_63.41.tmp1 (ID = 137430)
11:29 AM: 66252_6200_1000_6228_63.41.tmp1 (ID = 137430)
11:29 AM: 132080_916_944_1928_63.41.tmp1 (ID = 137430)
11:29 AM: data.~ (ID = 188119)
11:29 AM: proxystub.dll (ID = 120164)
11:29 AM: proxystub.dll (ID = 50143)
11:29 AM: 66808_916_944_2532_63.41.tmp1 (ID = 137430)
11:29 AM: 66800_2388_1012_2324_63.41.tmp1 (ID = 137430)
11:29 AM: 262838_6200_1000_6272_63.41.tmp1 (ID = 137430)
11:29 AM: 132402_2388_1012_2472_63.41.tmp1 (ID = 137430)
11:29 AM: 132334_916_944_2744_63.41.tmp1 (ID = 137430)
11:29 AM: 132272_916_944_2504_63.41.tmp1 (ID = 137430)
11:29 AM: 132170_4052_840_392_63.41.tmp1 (ID = 137430)
11:29 AM: 787084_3492_980_3112_63.41.tmp1 (ID = 137430)
11:29 AM: 721390_3616_1096_3696_63.41.tmp1 (ID = 137430)
11:29 AM: 66726_4052_840_308_63.41.tmp1 (ID = 137430)
11:29 AM: 132334_2388_1012_2884_63.41.tmp1 (ID = 137430)
11:29 AM: 262542_2764_3284_3952_63.41.tmp1 (ID = 137430)
11:29 AM: 9502918_3492_980_3956_63.41.tmp1 (ID = 137430)
11:29 AM: 328188_1124_952_688_63.41.tmp1 (ID = 137430)
11:29 AM: 1377216_3492_980_3460_63.41.tmp1 (ID = 137430)
11:29 AM: tsupdate_4_0_3_9_b2.exe (ID = 78281)
11:29 AM: 13500662_3492_980_2728_63.41.tmp1 (ID = 137430)
11:29 AM: 328434_2000_1124_3216_63.41.tmp1 (ID = 137430)
11:29 AM: 394352_3164_980_1652_63.41.tmp1 (ID = 137430)
11:29 AM: 197138_3728_1160_3240_63.41.tmp1 (ID = 137430)
11:29 AM: cassetup.exe (ID = 133272)
11:29 AM: 984024_3164_980_3312_63.41.tmp1 (ID = 137430)
11:29 AM: bsva-egihsg52.exe (ID = 95082)
11:29 AM: mc-110-12-0000079.exe (ID = 114256)
11:29 AM: 66522_336_964_1364_63.41.tmp1 (ID = 137430)
11:29 AM: autoit3.exe (ID = 119348)
11:29 AM: plugin.dll (ID = 161775)
11:29 AM: x.bmp (ID = 69314)
11:29 AM: cwebpage.dll (ID = 69301)
11:29 AM: hwmaf.exe (ID = 155880)
11:29 AM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || hwmaf (ID = 0)
11:29 AM: nail.exe (ID = 185492)
11:29 AM: Warning: Failed to read file "c:\windows\system32\ncslvgi\levxoecq.exe". System Error. Code: 32.
The process cannot access the file because it is being used by another process
11:29 AM: Warning: Failed to read file "c:\windows\system32\orlnyn\amucc.exe". System Error. Code: 32.
The process cannot access the file because it is being used by another process
11:29 AM: ywgh.exe (ID = 156382)
11:29 AM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || ywgh (ID = 0)
11:30 AM: Warning: Failed to read file "c:\windows\system32\lfqimr\gvjmxune.exe". System Error. Code: 32.
The process cannot access the file because it is being used by another process
11:30 AM: jypd.exe (ID = 184729)
11:30 AM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || jypd (ID = 0)
11:30 AM: mc-110-12-0000079.exe (ID = 114256)
11:30 AM: HKU\S-1-5-21-1343024091-436374069-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run || services32 (ID = 0)
11:30 AM: searchb.exe (ID = 185155)
11:30 AM: Found Adware: zquest
11:30 AM: opr.exe (ID = 146514)
11:30 AM: atmtd.dll (ID = 166754)
11:30 AM: setup2-71.exe (ID = 185291)
11:30 AM: winnb57.dll (ID = 133227)
11:30 AM: Found Adware: adpowerzone
11:30 AM: sgenie.exe (ID = 156597)
11:30 AM: 72_blizzard_4_0_3_7.exe (ID = 156520)
11:30 AM: atmtd.dll._ (ID = 166754)
11:30 AM: 5cihhjyjrxsmiaesq2tro4cuym.vbs (ID = 185675)
11:30 AM: bzolmv4ogo2hgjfn53q.vbs (ID = 185675)
11:30 AM: searchb.lnk (ID = 185155)
11:30 AM: File Sweep Complete, Elapsed Time: 00:03:21
11:30 AM: Full Sweep has completed. Elapsed time 00:07:26
11:30 AM: Traces Found: 442
11:34 AM: Removal process initiated
11:35 AM: Quarantining All Traces: lzio
11:35 AM: lzio is in use. It will be removed on reboot.
11:35 AM: C:\WINDOWS\SYSTEM32\trlnf\cjlgfynb.exe is in use. It will be removed on reboot.
11:35 AM: C:\WINDOWS\SYSTEM32\ncslvgi\levxoecq.exe is in use. It will be removed on reboot.
11:35 AM: Quarantining All Traces: clkoptimizer
11:35 AM: Quarantining All Traces: trojan-downloader-pacisoft
11:35 AM: Quarantining All Traces: trojan downloader matcash
11:35 AM: Quarantining All Traces: directrevenue-abetterinternet
11:35 AM: Quarantining All Traces: visfx
11:35 AM: Quarantining All Traces: maxifiles
11:35 AM: Quarantining All Traces: cas
11:35 AM: Quarantining All Traces: command
11:35 AM: Quarantining All Traces: nextag cookie
11:35 AM: Quarantining All Traces: www.maxifiles cookie
11:35 AM: Quarantining All Traces: delfin
11:35 AM: Quarantining All Traces: apropos
11:35 AM: Quarantining All Traces: surfsidekick
11:35 AM: Quarantining All Traces: bookedspace
11:35 AM: Quarantining All Traces: elitebar
11:35 AM: Quarantining All Traces: targetsaver
11:35 AM: Quarantining All Traces: trojan downloader popuppers
11:35 AM: Quarantining All Traces: trojan-downloader-mainstreamdollars
11:35 AM: Quarantining All Traces: enbrowser
11:35 AM: Quarantining All Traces: mirar webband
11:35 AM: Quarantining All Traces: trojan-downloader-traf34
11:35 AM: Quarantining All Traces: e2g
11:35 AM: Quarantining All Traces: virtualbouncer
11:35 AM: Quarantining All Traces: 180search assistant/zango
11:35 AM: Quarantining All Traces: zquest
11:35 AM: Quarantining All Traces: adpowerzone
11:36 AM: Preparing to restart your computer. Please wait...
11:36 AM: Removal process completed. Elapsed time 00:01:48
11:44 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\m2julc191f.dll". Cannot open file "C:\WINDOWS\SYSTEM32\m2julc191f.dll". The process cannot access the file because it is being used by another process
11:44 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\lfqimr\gvjmxune.exe". Cannot open file "C:\WINDOWS\SYSTEM32\lfqimr\gvjmxune.exe". The process cannot access the file because it is being used by another process
11:44 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\orlnyn\amucc.exe". Cannot open file "C:\WINDOWS\SYSTEM32\orlnyn\amucc.exe". The process cannot access the file because it is being used by another process
11:44 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\trlnf\cjlgfynb.exe". Cannot open file "C:\WINDOWS\SYSTEM32\trlnf\cjlgfynb.exe". The process cannot access the file because it is being used by another process
11:44 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\MAJTER35.DLL". Cannot open file "C:\WINDOWS\SYSTEM32\MAJTER35.DLL". The process cannot access the file because it is being used by another process
11:44 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\MAJTER35.DLL". Cannot open file "C:\WINDOWS\SYSTEM32\MAJTER35.DLL". The process cannot access the file because it is being used by another process
11:50 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\m2julc191f.dll". Cannot open file "C:\WINDOWS\SYSTEM32\m2julc191f.dll". The process cannot access the file because it is being used by another process
11:50 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\lfqimr\gvjmxune.exe". Cannot open file "C:\WINDOWS\SYSTEM32\lfqimr\gvjmxune.exe". The process cannot access the file because it is being used by another process
11:50 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\orlnyn\amucc.exe". Cannot open file "C:\WINDOWS\SYSTEM32\orlnyn\amucc.exe". The process cannot access the file because it is being used by another process
11:50 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\trlnf\cjlgfynb.exe". Cannot open file "C:\WINDOWS\SYSTEM32\trlnf\cjlgfynb.exe". The process cannot access the file because it is being used by another process
11:50 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\MAJTER35.DLL". Cannot open file "C:\WINDOWS\SYSTEM32\MAJTER35.DLL". The process cannot access the file because it is being used by another process
11:50 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\MAJTER35.DLL". Cannot open file "C:\WINDOWS\SYSTEM32\MAJTER35.DLL". The process cannot access the file because it is being used by another process
11:55 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\m2julc191f.dll". Cannot open file "C:\WINDOWS\SYSTEM32\m2julc191f.dll". The process cannot access the file because it is being used by another process
11:55 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\lfqimr\gvjmxune.exe". Cannot open file "C:\WINDOWS\SYSTEM32\lfqimr\gvjmxune.exe". The process cannot access the file because it is being used by another process
11:55 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\orlnyn\amucc.exe". Cannot open file "C:\WINDOWS\SYSTEM32\orlnyn\amucc.exe". The process cannot access the file because it is being used by another process
11:55 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\trlnf\cjlgfynb.exe". Cannot open file "C:\WINDOWS\SYSTEM32\trlnf\cjlgfynb.exe". The process cannot access the file because it is being used by another process
11:55 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\MAJTER35.DLL". Cannot open file "C:\WINDOWS\SYSTEM32\MAJTER35.DLL". The process cannot access the file because it is being used by another process
11:55 AM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\MAJTER35.DLL". Cannot open file "C:\WINDOWS\SYSTEM32\MAJTER35.DLL". The process cannot access the file because it is being used by another process
12:01 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\m2julc191f.dll". Cannot open file "C:\WINDOWS\SYSTEM32\m2julc191f.dll". The process cannot access the file because it is being used by another process
12:01 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\lfqimr\gvjmxune.exe". Cannot open file "C:\WINDOWS\SYSTEM32\lfqimr\gvjmxune.exe". The process cannot access the file because it is being used by another process
12:01 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\orlnyn\amucc.exe". Cannot open file "C:\WINDOWS\SYSTEM32\orlnyn\amucc.exe". The process cannot access the file because it is being used by another process
12:01 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\trlnf\cjlgfynb.exe". Cannot open file "C:\WINDOWS\SYSTEM32\trlnf\cjlgfynb.exe". The process cannot access the file because it is being used by another process
12:01 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\MAJTER35.DLL". Cannot open file "C:\WINDOWS\SYSTEM32\MAJTER35.DLL". The process cannot access the file because it is being used by another process
12:01 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\MAJTER35.DLL". Cannot open file "C:\WINDOWS\SYSTEM32\MAJTER35.DLL". The process cannot access the file because it is being used by another process
12:06 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\m2julc191f.dll". Cannot open file "C:\WINDOWS\SYSTEM32\m2julc191f.dll". The process cannot access the file because it is being used by another process
12:06 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\lfqimr\gvjmxune.exe". Cannot open file "C:\WINDOWS\SYSTEM32\lfqimr\gvjmxune.exe". The process cannot access the file because it is being used by another process
12:06 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\orlnyn\amucc.exe". Cannot open file "C:\WINDOWS\SYSTEM32\orlnyn\amucc.exe". The process cannot access the file because it is being used by another process
12:06 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\trlnf\cjlgfynb.exe". Cannot open file "C:\WINDOWS\SYSTEM32\trlnf\cjlgfynb.exe". The process cannot access the file because it is being used by another process
12:06 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\MAJTER35.DLL". Cannot open file "C:\WINDOWS\SYSTEM32\MAJTER35.DLL". The process cannot access the file because it is being used by another process
12:06 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\MAJTER35.DLL". Cannot open file "C:\WINDOWS\SYSTEM32\MAJTER35.DLL". The process cannot access the file because it is being used by another process
12:11 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\m2julc191f.dll". Cannot open file "C:\WINDOWS\SYSTEM32\m2julc191f.dll". The process cannot access the file because it is being used by another process
12:11 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\lfqimr\gvjmxune.exe". Cannot open file "C:\WINDOWS\SYSTEM32\lfqimr\gvjmxune.exe". The process cannot access the file because it is being used by another process
12:11 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\orlnyn\amucc.exe". Cannot open file "C:\WINDOWS\SYSTEM32\orlnyn\amucc.exe". The process cannot access the file because it is being used by another process
12:11 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\trlnf\cjlgfynb.exe". Cannot open file "C:\WINDOWS\SYSTEM32\trlnf\cjlgfynb.exe". The process cannot access the file because it is being used by another process
12:11 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\MAJTER35.DLL". Cannot open file "C:\WINDOWS\SYSTEM32\MAJTER35.DLL". The process cannot access the file because it is being used by another process
12:11 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\MAJTER35.DLL". Cannot open file "C:\WINDOWS\SYSTEM32\MAJTER35.DLL". The process cannot access the file because it is being used by another process
12:16 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\m2julc191f.dll". Cannot open file "C:\WINDOWS\SYSTEM32\m2julc191f.dll". The process cannot access the file because it is being used by another process
12:16 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\lfqimr\gvjmxune.exe". Cannot open file "C:\WINDOWS\SYSTEM32\lfqimr\gvjmxune.exe". The process cannot access the file because it is being used by another process
12:16 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\orlnyn\amucc.exe". Cannot open file "C:\WINDOWS\SYSTEM32\orlnyn\amucc.exe". The process cannot access the file because it is being used by another process
12:16 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\trlnf\cjlgfynb.exe". Cannot open file "C:\WINDOWS\SYSTEM32\trlnf\cjlgfynb.exe". The process cannot access the file because it is being used by another process
12:16 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\MAJTER35.DLL". Cannot open file "C:\WINDOWS\SYSTEM32\MAJTER35.DLL". The process cannot access the file because it is being used by another process
12:16 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\MAJTER35.DLL". Cannot open file "C:\WINDOWS\SYSTEM32\MAJTER35.DLL". The process cannot access the file because it is being used by another process
12:21 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\m2julc191f.dll". Cannot open file "C:\WINDOWS\SYSTEM32\m2julc191f.dll". The process cannot access the file because it is being used by another process
12:21 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\lfqimr\gvjmxune.exe". Cannot open file "C:\WINDOWS\SYSTEM32\lfqimr\gvjmxune.exe". The process cannot access the file because it is being used by another process
12:21 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\orlnyn\amucc.exe". Cannot open file "C:\WINDOWS\SYSTEM32\orlnyn\amucc.exe". The process cannot access the file because it is being used by another process
12:21 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\trlnf\cjlgfynb.exe". Cannot open file "C:\WINDOWS\SYSTEM32\trlnf\cjlgfynb.exe". The process cannot access the file because it is being used by another process
12:21 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\MAJTER35.DLL". Cannot open file "C:\WINDOWS\SYSTEM32\MAJTER35.DLL". The process cannot access the file because it is being used by another process
12:21 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\MAJTER35.DLL". Cannot open file "C:\WINDOWS\SYSTEM32\MAJTER35.DLL". The process cannot access the file because it is being used by another process
12:26 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\m2julc191f.dll". Cannot open file "C:\WINDOWS\SYSTEM32\m2julc191f.dll". The process cannot access the file because it is being used by another process
12:26 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\lfqimr\gvjmxune.exe". Cannot open file "C:\WINDOWS\SYSTEM32\lfqimr\gvjmxune.exe". The process cannot access the file because it is being used by another process
12:26 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\orlnyn\amucc.exe". Cannot open file "C:\WINDOWS\SYSTEM32\orlnyn\amucc.exe". The process cannot access the file because it is being used by another process
12:27 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\trlnf\cjlgfynb.exe". Cannot open file "C:\WINDOWS\SYSTEM32\trlnf\cjlgfynb.exe". The process cannot access the file because it is being used by another process
12:27 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\MAJTER35.DLL". Cannot open file "C:\WINDOWS\SYSTEM32\MAJTER35.DLL". The process cannot access the file because it is being used by another process
12:27 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\MAJTER35.DLL". Cannot open file "C:\WINDOWS\SYSTEM32\MAJTER35.DLL". The process cannot access the file because it is being used by another process
12:32 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\m2julc191f.dll". Cannot open file "C:\WINDOWS\SYSTEM32\m2julc191f.dll". The process cannot access the file because it is being used by another process
12:32 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\lfqimr\gvjmxune.exe". Cannot open file "C:\WINDOWS\SYSTEM32\lfqimr\gvjmxune.exe". The process cannot access the file because it is being used by another process
12:32 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\orlnyn\amucc.exe". Cannot open file "C:\WINDOWS\SYSTEM32\orlnyn\amucc.exe". The process cannot access the file because it is being used by another process
12:32 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\trlnf\cjlgfynb.exe". Cannot open file "C:\WINDOWS\SYSTEM32\trlnf\cjlgfynb.exe". The process cannot access the file because it is being used by another process
12:32 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\MAJTER35.DLL". Cannot open file "C:\WINDOWS\SYSTEM32\MAJTER35.DLL". The process cannot access the file because it is being used by another process
12:32 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\MAJTER35.DLL". Cannot open file "C:\WINDOWS\SYSTEM32\MAJTER35.DLL". The process cannot access the file because it is being used by another process
12:37 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\m2julc191f.dll". Cannot open file "C:\WINDOWS\SYSTEM32\m2julc191f.dll". The process cannot access the file because it is being used by another process
12:37 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\lfqimr\gvjmxune.exe". Cannot open file "C:\WINDOWS\SYSTEM32\lfqimr\gvjmxune.exe". The process cannot access the file because it is being used by another process
12:37 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\orlnyn\amucc.exe". Cannot open file "C:\WINDOWS\SYSTEM32\orlnyn\amucc.exe". The process cannot access the file because it is being used by another process
12:37 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\trlnf\cjlgfynb.exe". Cannot open file "C:\WINDOWS\SYSTEM32\trlnf\cjlgfynb.exe". The process cannot access the file because it is being used by another process
12:37 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\MAJTER35.DLL". Cannot open file "C:\WINDOWS\SYSTEM32\MAJTER35.DLL". The process cannot access the file because it is being used by another process
12:37 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\MAJTER35.DLL". Cannot open file "C:\WINDOWS\SYSTEM32\MAJTER35.DLL". The process cannot access the file because it is being used by another process
12:42 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\m2julc191f.dll". Cannot open file "C:\WINDOWS\SYSTEM32\m2julc191f.dll". The process cannot access the file because it is being used by another process
12:42 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\lfqimr\gvjmxune.exe". Cannot open file "C:\WINDOWS\SYSTEM32\lfqimr\gvjmxune.exe". The process cannot access the file because it is being used by another process
12:42 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\orlnyn\amucc.exe". Cannot open file "C:\WINDOWS\SYSTEM32\orlnyn\amucc.exe". The process cannot access the file because it is being used by another process
12:42 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\trlnf\cjlgfynb.exe". Cannot open file "C:\WINDOWS\SYSTEM32\trlnf\cjlgfynb.exe". The process cannot access the file because it is being used by another process
12:42 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\MAJTER35.DLL". Cannot open file "C:\WINDOWS\SYSTEM32\MAJTER35.DLL". The process cannot access the file because it is being used by another process
12:42 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\MAJTER35.DLL". Cannot open file "C:\WINDOWS\SYSTEM32\MAJTER35.DLL". The process cannot access the file because it is being used by another process
12:47 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\m2julc191f.dll". Cannot open file "C:\WINDOWS\SYSTEM32\m2julc191f.dll". The process cannot access the file because it is being used by another process
12:47 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\lfqimr\gvjmxune.exe". Cannot open file "C:\WINDOWS\SYSTEM32\lfqimr\gvjmxune.exe". The process cannot access the file because it is being used by another process
12:47 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\orlnyn\amucc.exe". Cannot open file "C:\WINDOWS\SYSTEM32\orlnyn\amucc.exe". The process cannot access the file because it is being used by another process
12:47 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\trlnf\cjlgfynb.exe". Cannot open file "C:\WINDOWS\SYSTEM32\trlnf\cjlgfynb.exe". The process cannot access the file because it is being used by another process
12:47 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\MAJTER35.DLL". Cannot open file "C:\WINDOWS\SYSTEM32\MAJTER35.DLL". The process cannot access the file because it is being used by another process
12:47 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\MAJTER35.DLL". Cannot open file "C:\WINDOWS\SYSTEM32\MAJTER35.DLL". The process cannot access the file because it is being used by another process
1:17 PM: Program Version 4.0.3 (Build 363) Using Spyware Definitions 573
1:18 PM: | End of Session, Tuesday, November 15, 2005 |
********
5:34 PM: | Start of Session, Monday, November 14, 2005 |
5:34 PM: Spy Sweeper started
5:34 PM: Sweep initiated using definitions version 492
5:34 PM: Starting Memory Sweep
5:35 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\orlnyn\amucc.exe". Cannot open file "C:\WINDOWS\SYSTEM32\orlnyn\amucc.exe". The process cannot access the file because it is being used by another process
5:35 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\lfqimr\gvjmxune.exe". Cannot open file "C:\WINDOWS\SYSTEM32\lfqimr\gvjmxune.exe". The process cannot access the file because it is being used by another process
5:35 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\gpr6l39s1.dll". Cannot open file "C:\WINDOWS\SYSTEM32\gpr6l39s1.dll". The process cannot access the file because it is being used by another process
5:35 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\uoecqr\fpgrqiw.exe". Cannot open file "C:\WINDOWS\SYSTEM32\uoecqr\fpgrqiw.exe". The process cannot access the file because it is being used by another process
5:35 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\trlnf\cjlgfynb.exe". Cannot open file "C:\WINDOWS\SYSTEM32\trlnf\cjlgfynb.exe". The process cannot access the file because it is being used by another process
5:35 PM: Found Trojan Horse: lzio
5:35 PM: Detected running threat: C:\WINDOWS\SYSTEM32\trlnf\cjlgfynb.exe (ID = 203)
5:35 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || cjlgfynb (ID = 0)
5:36 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\mvpbde40.dll". Cannot open file "C:\WINDOWS\SYSTEM32\mvpbde40.dll". The process cannot access the file because it is being used by another process
5:36 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\mvpbde40.dll". Cannot open file "C:\WINDOWS\SYSTEM32\mvpbde40.dll". The process cannot access the file because it is being used by another process
5:36 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\ncslvgi\levxoecq.exe". Cannot open file "C:\WINDOWS\SYSTEM32\ncslvgi\levxoecq.exe". The process cannot access the file because it is being used by another process
5:36 PM: Detected running threat: C:\WINDOWS\SYSTEM32\ncslvgi\levxoecq.exe (ID = 203)
5:36 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || levxoecq (ID = 0)
5:36 PM: Memory Sweep Complete, Elapsed Time: 00:02:03
5:37 PM: Starting Registry Sweep
5:37 PM: Found Adware: abetterinternet
5:37 PM: HKU\WRSS_Profile_S-1-5-21-1343024091-436374069-682003330-500\software\aurora\ || au3n5a7tionscode (ID = 691235)
5:37 PM: HKU\WRSS_Profile_S-1-5-21-1343024091-436374069-682003330-500\software\aurora\ || auc1o3d5eofsfinalad (ID = 691237)
5:37 PM: HKU\WRSS_Profile_S-1-5-21-1343024091-436374069-682003330-500\software\aurora\ || auc3n5tfyl (ID = 691238)
5:37 PM: HKU\WRSS_Profile_S-1-5-21-1343024091-436374069-682003330-500\software\aurora\ || auc3n5trmsgsdisp (ID = 691239)
5:37 PM: HKU\WRSS_Profile_S-1-5-21-1343024091-436374069-682003330-500\software\aurora\ || aud3s5tssend (ID = 691241)
5:37 PM: HKU\WRSS_Profile_S-1-5-21-1343024091-436374069-682003330-500\software\aurora\ || aui3d5ofsinst (ID = 691243)
5:37 PM: HKU\WRSS_Profile_S-1-5-21-1343024091-436374069-682003330-500\software\aurora\ || aui3n5progscab (ID = 691245)
5:37 PM: HKU\WRSS_Profile_S-1-5-21-1343024091-436374069-682003330-500\software\aurora\ || aui3n5progsex (ID = 691246)
5:37 PM: HKU\WRSS_Profile_S-1-5-21-1343024091-436374069-682003330-500\software\aurora\ || aui3n5progslstest (ID = 691247)
5:37 PM: HKU\WRSS_Profile_S-1-5-21-1343024091-436374069-682003330-500\software\aurora\ || aum3o5dessync (ID = 691249)
5:37 PM: HKU\WRSS_Profile_S-1-5-21-1343024091-436374069-682003330-500\software\aurora\ || aup3d5om (ID = 691250)
5:37 PM: HKU\WRSS_Profile_S-1-5-21-1343024091-436374069-682003330-500\software\aurora\ || aus3t5icky1s (ID = 691252)
5:37 PM: HKU\WRSS_Profile_S-1-5-21-1343024091-436374069-682003330-500\software\aurora\ || aus3t5icky2s (ID = 691253)
5:37 PM: HKU\WRSS_Profile_S-1-5-21-1343024091-436374069-682003330-500\software\aurora\ || aus3t5icky3s (ID = 691254)
5:37 PM: HKU\WRSS_Profile_S-1-5-21-1343024091-436374069-682003330-500\software\aurora\ || aus3t5icky4s (ID = 691255)
5:37 PM: HKU\WRSS_Profile_S-1-5-21-1343024091-436374069-682003330-500\software\aurora\ || aut3h5rshschecksin (ID = 691257)
5:37 PM: HKU\WRSS_Profile_S-1-5-21-1343024091-436374069-682003330-500\software\aurora\ || aut3h5rshsmots (ID = 691258)
5:37 PM: HKU\WRSS_Profile_S-1-5-21-1343024091-436374069-682003330-500\software\aurora\ || aut3i5m7eofsfinalad (ID = 691260)
5:37 PM: Registry Sweep Complete, Elapsed Time:00:00:20
5:37 PM: Starting Cookie Sweep
5:37 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
5:37 PM: Starting File Sweep
5:40 PM: File Sweep Complete, Elapsed Time: 00:02:36
5:40 PM: Full Sweep has completed. Elapsed time 00:05:20
5:40 PM: Traces Found: 22
5:46 PM: Removal process initiated
5:46 PM: Quarantining All Traces: lzio
5:46 PM: Quarantining All Traces: abetterinternet
5:46 PM: Preparing to restart your computer. Please wait...
5:46 PM: Removal process completed. Elapsed time 00:00:36
5:54 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\ncslvgi\levxoecq.exe". Cannot open file "C:\WINDOWS\SYSTEM32\ncslvgi\levxoecq.exe". The process cannot access the file because it is being used by another process
5:54 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\orlnyn\amucc.exe". Cannot open file "C:\WINDOWS\SYSTEM32\orlnyn\amucc.exe". The process cannot access the file because it is being used by another process
5:54 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\dnps0177e.dll". Cannot open file "C:\WINDOWS\SYSTEM32\dnps0177e.dll". The process cannot access the file because it is being used by another process
5:54 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\lfqimr\gvjmxune.exe". Cannot open file "C:\WINDOWS\SYSTEM32\lfqimr\gvjmxune.exe". The process cannot access the file because it is being used by another process
5:54 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\uoecqr\fpgrqiw.exe". Cannot open file "C:\WINDOWS\SYSTEM32\uoecqr\fpgrqiw.exe". The process cannot access the file because it is being used by another process
5:54 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\trlnf\cjlgfynb.exe". Cannot open file "C:\WINDOWS\SYSTEM32\trlnf\cjlgfynb.exe". The process cannot access the file because it is being used by another process
5:59 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\ncslvgi\levxoecq.exe". Cannot open file "C:\WINDOWS\SYSTEM32\ncslvgi\levxoecq.exe". The process cannot access the file because it is being used by another process
5:59 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\orlnyn\amucc.exe". Cannot open file "C:\WINDOWS\SYSTEM32\orlnyn\amucc.exe". The process cannot access the file because it is being used by another process
6:00 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\dnps0177e.dll". Cannot open file "C:\WINDOWS\SYSTEM32\dnps0177e.dll". The process cannot access the file because it is being used by another process
6:00 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\lfqimr\gvjmxune.exe". Cannot open file "C:\WINDOWS\SYSTEM32\lfqimr\gvjmxune.exe". The process cannot access the file because it is being used by another process
6:00 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\uoecqr\fpgrqiw.exe". Cannot open file "C:\WINDOWS\SYSTEM32\uoecqr\fpgrqiw.exe". The process cannot access the file because it is being used by another process
6:00 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\trlnf\cjlgfynb.exe". Cannot open file "C:\WINDOWS\SYSTEM32\trlnf\cjlgfynb.exe". The process cannot access the file because it is being used by another process
6:05 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\ncslvgi\levxoecq.exe". Cannot open file "C:\WINDOWS\SYSTEM32\ncslvgi\levxoecq.exe". The process cannot access the file because it is being used by another process
6:05 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\orlnyn\amucc.exe". Cannot open file "C:\WINDOWS\SYSTEM32\orlnyn\amucc.exe". The process cannot access the file because it is being used by another process
6:05 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\dnps0177e.dll". Cannot open file "C:\WINDOWS\SYSTEM32\dnps0177e.dll". The process cannot access the file because it is being used by another process
6:05 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32\lfqimr\gvjmxune.exe". Cannot open file "C:\WINDOWS\SYSTEM32\lfqimr\gvjmxune.exe". The process cannot access the file because it is being used by another process
6:05 PM: Warning: Failed to check file "C:\WINDOWS\SYSTEM32&

#5 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:12 PM

Posted 16 November 2005 - 12:54 AM

Please download cureit:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Run drweb - cureit
Double-click the "drweb-cureit.exe" and click "ok" in the prompt window that will open, asking "start the express scan now".
It will first make a quick scan of your system, let it clean what it finds, and when it says "done" in the lower left corner click on all your drive's.
A red dot will mark the selected drive(s) . Then hit the pedestrian who now has turned green.
Click on the green man in the right corner, it will scan ALL your drive's, hit yes to all.

Reboot.

Post a fresh HiJackThis log once finished. :thumbsup:
Hi there, stranger!

#6 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:12 PM

Posted 04 December 2005 - 09:03 AM

Due to lack of feedback, this thread has been closed. If you're the original poster and need this Topic reopened, please PM a Staff member with the address of this thread.
Hi there, stranger!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users