Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ad-w-a-r-e.com Infection, A Couple Trojans Horses, A Buddy Trojan And More!


  • This topic is locked This topic is locked
13 replies to this topic

#1 monkeybutt

monkeybutt

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 10 August 2006 - 02:16 PM

Any help would be greatly appreciated. I know some of the probelm is an infection from ad-w-a-r-e.com, it has infected firefox.exe and explorer.exe.

Logfile of HijackThis v1.99.1
Scan saved at 2:07:27 PM, on 10/08/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\LXCGPPLS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPLAYER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
F1 - win.ini: run=lxcgppls.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\PROGRAM FILES\TOOLBAR888\MYTOOLBAR.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\SYSTEM\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] WINLOG.EXE
O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\V1201.exe
O4 - HKLM\..\Run: [ms055379510811] C:\WINDOWS\ms055379510811.exe
O4 - HKLM\..\Run: [win32095108115379] C:\WINDOWS\win32095108115379.exe
O4 - HKLM\..\Run: [Command] C:\WINDOWS\QW5naWUgQnJhdW4A\command.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [ms063795108115] C:\WINDOWS\ms063795108115.exe
O4 - HKLM\..\Run: [keyboard] C:\\KYBRDFF_8.exe
O4 - HKLM\..\Run: [defender] C:\\DFNDRFF_8.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [ms031153795108] C:\WINDOWS\ms031153795108.exe
O4 - HKLM\..\Run: [sys010811537951] C:\WINDOWS\sys010811537951.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [newname] C:\\NWNMFF_8.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [winlog] WINLOG.EXE
O4 - HKLM\..\RunServices: [SDService] C:\Program Files\SpywareDetector\SDService.exe
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - HKCU\..\Run: [kimo] C:\STUB_113_4_0_4_0NEWER.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZPxdm182YYCA
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O16 - DPF: {261EE805-4893-45A3-8E9E-AD90914CB39A} - http://www9.advnt01.com/dialer/internazionale_98_ver11n.CAB
O16 - DPF: {00000000-0000-0000-0000-000320050660} - http://207.234.185.217/aboxinst_int16.exe

MonkeyButt :thumbsup:

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:21 PM

Posted 15 August 2006 - 08:39 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:
I apologize for the delay getting to your log, the helpers here are very busy.

Please download L2m9xfix from one of these two locations:
GeeksToGo
Noidea.us

Save it to the desktop and run it. Extract the files, and then open the l2m9xfix folder you just created and run RunThis.bat.

A window will open, and your desktop will disappear, then reappear. Please be patient until the batch says it is completed.

Then please restart your computer, and post a new HijackThis log as well as the entire text of the log.txt file which should be in the same folder as RunThis.bat.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 monkeybutt

monkeybutt
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 16 August 2006 - 10:43 PM

Thanks for helping out on this awesome site, Sam. I'm quite grateful to you for helping me fix my own problem, rather than making me take it into the shop where all these problems seem to have come from. :-)

Alright, I downloaded the program, but when I try to run it it says that it cannot find the file C:\WINDOWS\COMMAND.COM

MonkeyButt

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:21 PM

Posted 17 August 2006 - 05:23 PM

Do you have your Windows ME disc? Let me know because it sounds like we may have to restore some files.

In the meantime, let's go down a different path and see where it gets us.


Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Double-click sspsetup1.exe to install it.
  • Before installation it may ask you to check for program updates. Click YES.
    Then finish installation leaving all the default options.
  • Once the program is installed, it will ask if you wish to reboot now choose YES.
  • After reboot, open SpySweeper, by double-clicking the icon on your desktop.
  • Click Options on the left side.
  • Click the Sweep tab.
  • Under Items to Sweep make sure the following are checked:
    • Windows registry
    • Memory objects
    • Cookies
    • Compressed Files
    • System Restore Folder
  • Under Other Options make sure the following are checked:
    • Sweep all user accounts
    • Enable Direct Disk Sweeping
    • Sweep for rootkits
  • Click the Sweep button on the left side.
  • Click the Start Sweep button.
  • When it's done scanning, make sure everything has a check next to it, then click the Quarantine Selected button.
  • It will quarantine all of the items found.
  • Click View Session Log in the right corner above the box where the items are listed.
  • Click Save to File and save it on your desktop.
  • Exit SpySweeper.
  • Paste the contents of the session log you saved into your next reply (Spy Sweeper Session Log.txt).
  • NOTE: you can get to the log by clicking Options on the left. Then, View Session Log will be listed under Other Options.
Post the log from Spysweeper and a new hijackthis log in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 monkeybutt

monkeybutt
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 18 August 2006 - 04:24 PM

Alright, as far as our Windows ME disc goes, I'm not entirely sure if it works. The computer came with ME on it and they didn't send a disc with it. We have a burned copy, but are not sure if it works, worth a shot though.

Here is the Spy Sweeper Log:
********
2:41 PM: | Start of Session, August 18, 2006 |
2:41 PM: Spy Sweeper started
2:41 PM: Sweep initiated using definitions version 743
2:41 PM: Starting Memory Sweep
2:47 PM: Memory Sweep Complete, Elapsed Time: 00:06:09
2:47 PM: Starting Registry Sweep
2:49 PM: Registry Sweep Complete, Elapsed Time:00:01:56
2:49 PM: Starting Cookie Sweep
2:49 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
2:49 PM: Starting File Sweep
2:50 PM: Warning: Failed to open file "c:\windows\win386.swp". The process cannot access the file because it is being used by another process
3:04 PM: Found Adware: dollarrevenue
3:04 PM: nsprocess.dll (ID = 301977)
3:04 PM: nsprocess.dll (ID = 301977)
3:04 PM: nsprocess.dll (ID = 301977)
3:04 PM: nsprocess.dll (ID = 301977)
3:04 PM: nsprocess.dll (ID = 301977)
3:04 PM: nsprocess.dll (ID = 301977)
3:04 PM: nsprocess.dll (ID = 301977)
3:04 PM: nsprocess.dll (ID = 301977)
3:04 PM: nsprocess.dll (ID = 301977)
3:04 PM: nsprocess.dll (ID = 301977)
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs77e718a0-de7a-44f0-ba01-2783b675fcb5.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4e13f5d9-c856-4c28-829c-673c518acade.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscse755cb81-4dc9-44d4-a977-c29efbc9ad47.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs634da688-3fb6-4be2-afb4-a517fc0d467e.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs2771448a-993b-4580-97fd-2bc5de6f276e.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsef7d6ddd-9289-47ae-a647-153df2f663ec.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsc31f8444-8b5f-4d9e-9cc0-8dc88af250e4.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs105b69ac-5ac8-4daa-b5dc-6cbaea051eff.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb4753098-2f52-454a-9483-e2d14596d59c.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs44f31b52-7f29-4c21-8628-5d868cce5620.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs9c4c94b8-670d-4270-b685-f4da87eabdeb.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbba2260f-afa4-421b-9b77-fcabd2bd13eb.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs51dd7e0d-a8df-411a-902b-66e66a8faff3.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs6437effa-96bb-4088-b97f-4f44d1318dcd.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf9391e03-49cd-49e8-b45c-1d191f36708d.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf53b607f-e52c-42fc-89a2-5c0124623674.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsff4a5c5b-e3af-4e5c-8220-e60abea961a0.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs03ffc000-a927-4add-bbc7-b2612ecb783b.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb738d280-43e2-4096-804f-8f5b063c2fc1.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs9458e1e3-d3f1-4587-b8e1-88dfa13822b3.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsccb5df01-cec1-410c-8bf4-568bcd21060d.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscscb1364d5-a63a-4a70-ac19-a4cf77289a9e.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsc991aaaa-6f73-429a-8227-c8f1bb36134f.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf1a78c32-9c60-499a-b1c4-8f7c2da30562.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs74dc1767-f4a3-4c19-8588-95cdd2e9f7d4.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs6dae44a7-9341-432a-a6bf-e6327e66ed9f.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb09102dd-7748-41d5-9bd6-5ff8d4cf7b07.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs7070f747-e594-41c2-a30d-dec641f03d55.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs02ccbc68-40a2-47a9-8420-e53b5b234c40.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs491ff105-b244-45a7-814d-4fa400d305b0.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs32127f9d-2d4a-4ef8-9816-3a167e783907.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs8db839f2-8030-4ce6-8ddc-a2b74ff1b483.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscse967ac98-37e0-4975-9cc8-099b6f558402.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs14eac7aa-77c2-4fc2-b3e1-d3879648ca41.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs5aa635b7-f8da-4101-8477-cc80c334f828.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs68100b2b-865b-4e8f-ae83-50b4113c5988.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs97ccb07f-a847-4756-aaa6-e1fc22c3baa0.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsd38b5d70-fd65-4e57-ba09-e6e616ed0cf9.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs7f638ea2-c0a8-4d0c-8c43-ac7cbd09fa8e.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsa75c099f-c264-41b0-bdaf-e3f2501c6b7f.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs24ffb9bd-d29a-4f68-a9a4-8e0e757a33d7.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbf25c541-9e95-4ce1-8e24-2962ce34cd7a.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb51eddd7-b493-4f29-9a57-d4857a8b2a81.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs7da6576c-186f-4a26-9ab3-59fdb85ddcdd.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf3d83464-d575-4ef4-ab34-ca3f04e31932.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs05f88bb0-40b8-41ed-b85f-ebcd1c007cef.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs9f44f5c9-b304-4e00-a37e-51d1ad63718a.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs483d7fdd-e5b1-4456-8f87-6142a88ea3b9.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs831615c2-f2f6-46a6-abd0-904336ea863a.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbe1650bf-cf5a-4ccf-88b5-38d6866db31d.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs26a3cd0c-81ec-413c-ae2f-bc739ac910ab.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscse12195b0-fb69-4f50-ba31-7ced48889af0.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs1f4058a6-bc2e-4dbd-9e84-cb4a5c95f538.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs87839479-efc4-416c-b1c6-52e366b25268.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs100d3dda-f795-4bd4-8427-49e25b53d8bc.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs6f74db13-3eb2-4ea7-8a65-4e0c464a77b0.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs277350bc-d607-40cc-86a4-2ecb2156396b.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs40017aae-79e0-4acd-b509-992cf8380efc.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs63e96cb6-d115-4191-b446-f8674ba8e53a.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs9edc6595-6307-4682-9a1b-9eb54360cf01.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs43291310-f4f9-4483-9a79-2ff6454f2f1f.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaaaf55c6-46e3-4283-9d13-33f3582250f5.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs3c0ef1f7-e760-44b8-8c59-ebe5e1631ff6.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsfdc43dfa-4da0-48ff-b753-66db3204281e.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscscb486620-fc43-4abe-a8f5-199ecd43f127.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs08b34c3f-97cc-42ac-a6dd-4d37ad2e8e93.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbd382656-dd9a-43fe-a3de-89a778254226.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs15ebb951-8f90-495c-a551-192584422f73.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs88dca767-644c-4186-b761-333e1bd49742.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs99afc712-e65e-4c28-b09e-00676b479da9.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4fe2bd30-8eb5-481f-805d-f8bbdf73f3bd.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscse82f40bc-2e71-4559-929e-29b07b97afb0.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf23fbcfc-4895-4681-bf7a-78deb8b4c46e.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsa74919ed-f3b8-449a-8083-6cdb4a5a1454.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs249b99cd-11f8-4c18-b376-75b75b918003.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs46c08b8e-e059-4bb1-b881-c850f25b61a9.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs5bcce114-7656-465b-ad13-9f9de05c15ec.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs58174e7b-5e35-44bc-a7d9-78d86d4ff054.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs5a0c0bf2-b9d1-4568-ad6f-0f6648aa5798.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs99be0be0-2940-4368-b56c-0853fd2e8e86.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs70746f76-6bf5-4d8c-81d1-36b5039a0399.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs84e01cbd-1af9-4fd7-82dc-980805e802ff.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs9d8cc8d5-2688-46a8-a03d-b7c44f00876c.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs97acf588-633b-4906-93bc-f095b008bfed.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs54a2901d-3921-4327-b7a0-43da856f0f31.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsffa19517-486a-42a3-a827-d311cc522b32.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs3ed6a097-26ed-4000-8405-a000c7a30ae2.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4f806173-c010-4620-bb2d-4c6227ada52c.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs6ccdeaa7-2a95-48b5-8333-9da0d9756663.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs2bbbe1cc-cfc9-47d5-819f-62e118b2e114.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs1f5a86bf-f298-446c-becc-435d507da737.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs56445e01-4850-4449-8d3b-cbf73261357b.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsc4275fc3-6ada-4d52-9148-3dd7cd82a8a3.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsad1d3ba6-08ce-43fc-8f92-618b0fbf61ba.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb23017b2-3c34-459f-a92d-22276eacc0ed.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf2bc75ae-5777-4a73-aaf5-b63ba6f0c735.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsa2c17600-f53d-41e7-8233-129fce1ff396.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs00588431-0964-4894-869d-61b31f75c58c.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4af82909-5f32-4722-81d4-c4794e000f43.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs7f5db522-8992-4d1b-a1f5-fdeb2f98f56a.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs9d9c90ea-ab3c-4ffc-bf01-c3f4ea61c813.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs1849ed6f-d9bf-4e08-9d58-5d3f7e8f58b8.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs8d593cbe-7b24-4426-af8c-79c143cc0c24.tmp". The process cannot access the file because it is being used by another process
3:05 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs34df8567-34cb-4c97-be0d-72af20f3e339.tmp". The process cannot access the file because it is being used by another process
3:05 PM: loader[1].exe (ID = 336854)
3:05 PM: Found Adware: targetsaver
3:05 PM: stub_113_4_0_4_0[1].exe (ID = 193995)
3:06 PM: Found Adware: command
3:06 PM: command.exe (ID = 166753)
3:06 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || Command (ID = 0)
3:06 PM: qhsic0tr32l4hccu.vbs (ID = 185675)
3:06 PM: 6o9yno56oamt.vbs (ID = 185675)
3:06 PM: pke4k4erwxsw2xctxxv9apmgxd2d.vbs (ID = 185675)
3:06 PM: fvtiee4kdsc6wp6friubtcwrdoqb.vbs (ID = 185675)
3:06 PM: gjxlr5nk4kxohmgbrjwta.vbs (ID = 185675)
3:07 PM: Found Adware: deskwizz
3:07 PM: html1.htm (ID = 310472)
3:07 PM: html2.htm (ID = 323861)
3:13 PM: Found Adware: maxifiles
3:13 PM: c:\program files\toolbar888 (2 subtraces) (ID = -2147456311)
3:13 PM: activate.exe (ID = 322316)
3:26 PM: Found Trojan Horse: trojan downloader matcash
3:26 PM: outlook.exe (ID = 255142)
3:26 PM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || outlook (ID = 0)
3:26 PM: v.tmp (ID = 255142)
3:27 PM: dc5.exe (ID = 193995)
3:30 PM: p.zip (ID = 255142)
3:30 PM: File Sweep Complete, Elapsed Time: 00:41:04
3:30 PM: Full Sweep has completed. Elapsed time 00:49:30
3:30 PM: Traces Found: 30
4:02 PM: Removal process initiated
4:02 PM: Quarantining All Traces: trojan downloader matcash
4:02 PM: Quarantining All Traces: dollarrevenue
4:02 PM: Quarantining All Traces: maxifiles
4:02 PM: Quarantining All Traces: targetsaver
4:02 PM: Quarantining All Traces: command
4:02 PM: Quarantining All Traces: deskwizz
4:02 PM: Removal process completed. Elapsed time 00:00:15
********
2:15 PM: | Start of Session, August 18, 2006 |
2:15 PM: Spy Sweeper started
2:15 PM: Sweep initiated using definitions version 743
2:15 PM: Starting Memory Sweep
2:21 PM: Memory Sweep Complete, Elapsed Time: 00:06:05
2:21 PM: Starting Registry Sweep
2:23 PM: Registry Sweep Complete, Elapsed Time:00:01:57
2:23 PM: Starting Cookie Sweep
2:23 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
2:23 PM: Starting File Sweep
2:25 PM: Warning: Failed to open file "c:\windows\win386.swp". The process cannot access the file because it is being used by another process
2:35 PM: Found Trojan Horse: trojan-downloader-ac2
2:35 PM: jxba4623.dll (ID = 336612)
2:35 PM: Found Adware: look2me
2:35 PM: vkodec32.dll (ID = 163642)
2:35 PM: azvpack.dll (ID = 163642)
2:35 PM: rfcltc1.dll (ID = 163642)
2:35 PM: oje32.dll (ID = 163642)
2:35 PM: mzr2cenu.dll (ID = 163642)
2:35 PM: axvpack.dll (ID = 163642)
2:35 PM: dpeml.dll (ID = 163642)
2:35 PM: aaa00000.dll (ID = 336612)
2:35 PM: pxapi.dll (ID = 163642)
2:35 PM: comnew.dll (ID = 163642)
2:35 PM: lrcglpa.dll (ID = 163642)
2:35 PM: abferror.dll (ID = 163642)
2:35 PM: cgmmdlg.dll (ID = 163642)
2:35 PM: jbeg2x32.dll (ID = 163642)
2:35 PM: sccur32.dll (ID = 163642)
2:35 PM: mlxdm.dll (ID = 163642)
2:35 PM: nsnds.dll (ID = 163642)
2:35 PM: Found Adware: targetsaver
2:35 PM: tsuninst.exe (ID = 193501)
2:35 PM: wrsdmod.dll (ID = 163642)
2:35 PM: uel.dll (ID = 163642)
2:35 PM: ujbui.dll (ID = 163642)
2:35 PM: lmpcx11n.dll (ID = 163642)
2:35 PM: dhspex.dll (ID = 163642)
2:35 PM: decprop.dll (ID = 163642)
2:35 PM: rkfrate.dll (ID = 163642)
2:35 PM: ebpsrv.dll (ID = 163642)
2:35 PM: eocapi.dll (ID = 163642)
2:35 PM: mkjet35.dll (ID = 163642)
2:35 PM: pyustab.dll (ID = 163642)
2:35 PM: sfrapi.dll (ID = 163642)
2:35 PM: mximsg.dll (ID = 163642)
2:35 PM: ejpsrv.dll (ID = 163642)
2:35 PM: lfcgflib.dll (ID = 163642)
2:35 PM: mbpi32.dll (ID = 163642)
2:35 PM: sotaid.dll (ID = 163642)
2:35 PM: tzolhelp.dll (ID = 163642)
2:35 PM: wzninet.dll (ID = 163642)
2:35 PM: lecgpswr.dll (ID = 163642)
2:35 PM: lwfil11n.dll (ID = 163642)
2:37 PM: Found Adware: command
2:37 PM: atmtd.dll (ID = 166754)
2:37 PM: atmtd.dll._ (ID = 166754)
2:39 PM: cmdinst.exe (ID = 166756)
2:39 PM: tsinstall_4_0_4_0_b4.exe (ID = 193496)
2:39 PM: tsupdate_4_0_4_1_b3.exe (ID = 330712)
2:39 PM: bw2.com (ID = 65721)
2:39 PM: Found Adware: surfsidekick
2:39 PM: i8253.tmp (ID = 253411)
2:39 PM: Found Adware: dollarrevenue
2:39 PM: nsprocess.dll (ID = 301977)
2:39 PM: Sweep Canceled
2:39 PM: File Sweep Complete, Elapsed Time: 00:15:49
2:39 PM: Traces Found: 48
2:39 PM: Removal process initiated
2:39 PM: Quarantining All Traces: look2me
2:40 PM: Quarantining All Traces: trojan-downloader-ac2
2:40 PM: Quarantining All Traces: dollarrevenue
2:40 PM: Quarantining All Traces: surfsidekick
2:40 PM: Quarantining All Traces: targetsaver
2:40 PM: Quarantining All Traces: command
2:41 PM: Removal process completed. Elapsed time 00:01:11
2:41 PM: | End of Session, August 18, 2006 |
********
2:05 PM: | Start of Session, August 18, 2006 |
2:05 PM: Spy Sweeper started
2:05 PM: Sweep initiated using definitions version 743
2:05 PM: Starting Memory Sweep
2:11 PM: Memory Sweep Complete, Elapsed Time: 00:05:59
2:11 PM: Starting Registry Sweep
2:12 PM: Registry Sweep Complete, Elapsed Time:00:01:41
2:12 PM: Starting Cookie Sweep
2:12 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
2:13 PM: Starting File Sweep
2:13 PM: Warning: Failed to open file "c:\windows\win386.swp". The process cannot access the file because it is being used by another process
2:13 PM: Found Adware: zquest
2:13 PM: vsl.dl_ (ID = 290652)
2:13 PM: Found Adware: look2me
2:13 PM: installer3.exe (ID = 168558)
2:13 PM: Found Adware: dollarrevenue
2:13 PM: drsmartload.exe (ID = 336854)
2:13 PM: Found Adware: command
2:13 PM: mte3ndi6odoxng.exe (ID = 185985)
2:13 PM: mte3ndi6odoxngnew.exe (ID = 185985)
2:13 PM: Found Adware: visfx
2:13 PM: visfx500new.exe (ID = 244295)
2:13 PM: warebundlenewer.exe (ID = 168558)
2:13 PM: Found Adware: surfsidekick
2:13 PM: ss1001newer.exe (ID = 215896)
2:13 PM: Found Adware: targetsaver
2:13 PM: stub_113_4_0_4_0newer.exe (ID = 193995)
2:13 PM: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run || kimo (ID = 0)
2:14 PM: Found Adware: enbrowser
2:14 PM: pf78.exe (ID = 244430)
2:14 PM: pms111x.exe (ID = 244278)
2:14 PM: uni_eh.exe (ID = 245110)
2:14 PM: unin101.exe (ID = 245111)
2:14 PM: offun.exe (ID = 215807)
2:14 PM: iconu.exe (ID = 65721)
2:14 PM: Sweep Canceled
2:14 PM: File Sweep Complete, Elapsed Time: 00:01:59
2:15 PM: Traces Found: 16
2:15 PM: Removal process initiated
2:15 PM: Quarantining All Traces: look2me
2:15 PM: Quarantining All Traces: visfx
2:15 PM: Quarantining All Traces: dollarrevenue
2:15 PM: Quarantining All Traces: enbrowser
2:15 PM: Quarantining All Traces: surfsidekick
2:15 PM: Quarantining All Traces: targetsaver
2:15 PM: Quarantining All Traces: zquest
2:15 PM: Quarantining All Traces: command
2:15 PM: Removal process completed. Elapsed time 00:00:28
2:15 PM: | End of Session, August 18, 2006 |
********
1:56 PM: | Start of Session, August 18, 2006 |
1:56 PM: Spy Sweeper started
1:56 PM: Sweep initiated using definitions version 743
1:56 PM: Starting Memory Sweep
2:01 PM: Memory Sweep Complete, Elapsed Time: 00:05:38
2:01 PM: Starting Registry Sweep
2:03 PM: Found Adware: findthewebsiteyouneed hijack
2:03 PM: HKLM\software\microsoft\internet explorer\main\ || search page (ID = 125241)
2:03 PM: HKLM\software\microsoft\internet explorer\search\ || searchassistant (ID = 125242)
2:03 PM: Found Adware: targetsaver
2:03 PM: HKLM\software\microsoft\windows\currentversion\uninstall\tsa\ (2 subtraces) (ID = 143607)
2:04 PM: HKU\.default\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555438)
2:04 PM: Found Adware: zquest
2:04 PM: HKLM\software\microsoft\windows\currentversion\uninstall\{80404d0c-6d24-e87f-650f-f7d1985cd762}\ (4 subtraces) (ID = 775881)
2:04 PM: Found Adware: visfx
2:04 PM: HKLM\ovmon\ (ID = 826847)
2:04 PM: Found Adware: enbrowser
2:04 PM: HKLM\software\system\sysold\ (1 subtraces) (ID = 926808)
2:04 PM: HKLM\software\microsoft\windows\currentversion\run\ || actx1 (ID = 957560)
2:04 PM: HKLM\software\microsoft\windows\currentversion\run\ || themonitor (ID = 1028873)
2:04 PM: Found Adware: maxifiles
2:04 PM: HKCR\mytoolbar.mytoolbarobj\ (5 subtraces) (ID = 1497797)
2:04 PM: HKCR\mytoolbar.mytoolbarobj.1\ (3 subtraces) (ID = 1497803)
2:04 PM: HKLM\software\classes\mytoolbar.mytoolbarobj\ (5 subtraces) (ID = 1498205)
2:04 PM: HKLM\software\classes\mytoolbar.mytoolbarobj.1\ (3 subtraces) (ID = 1498211)
2:04 PM: HKLM\software\microsoft\windows\currentversion\uninstall\toolbar888\ (2 subtraces) (ID = 1498367)
2:04 PM: HKCR\typelib\{569304ba-83ed-4cff-ac26-be3e482f7208}\ (9 subtraces) (ID = 1530936)
2:04 PM: HKLM\software\classes\typelib\{569304ba-83ed-4cff-ac26-be3e482f7208}\ (9 subtraces) (ID = 1530980)
2:04 PM: HKLM\software\microsoft\internet explorer\toolbar\ || {cbcc61fa-0221-4ccc-b409-cee865caca3a} (ID = 1530992)
2:04 PM: Found Adware: dollarrevenue
2:04 PM: HKLM\software\microsoft\windows\currentversion\run\ || defender (ID = 1558788)
2:04 PM: HKLM\software\microsoft\windows\currentversion\run\ || keyboard (ID = 1558789)
2:04 PM: HKU\.DEFAULT\software\microsoft\internet explorer\main\ || default_search_url (ID = 125236)
2:04 PM: HKU\.DEFAULT\software\microsoft\internet explorer\main\ || search bar (ID = 125237)
2:04 PM: HKU\.DEFAULT\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437)
2:04 PM: HKU\.DEFAULT\software\system\sysuid\ (1 subtraces) (ID = 731748)
2:04 PM: HKU\.DEFAULT\software\microsoft\internet explorer\search\searchassistant explorer\main\ || Default_Search_URL (ID = 1554015)
2:04 PM: Registry Sweep Complete, Elapsed Time:00:02:39
2:04 PM: Starting Cookie Sweep
2:04 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
2:04 PM: Starting File Sweep
2:04 PM: Warning: Failed to open file "c:\windows\win386.swp". The process cannot access the file because it is being used by another process
2:04 PM: Sweep Canceled
2:04 PM: File Sweep Complete, Elapsed Time: 00:00:05
2:04 PM: Traces Found: 68
2:04 PM: Removal process initiated
2:04 PM: Quarantining All Traces: visfx
2:04 PM: Quarantining All Traces: dollarrevenue
2:04 PM: Quarantining All Traces: enbrowser
2:04 PM: Quarantining All Traces: maxifiles
2:04 PM: Quarantining All Traces: targetsaver
2:04 PM: Quarantining All Traces: zquest
2:04 PM: Quarantining All Traces: findthewebsiteyouneed hijack
2:04 PM: Removal process completed. Elapsed time 00:00:07
2:05 PM: | End of Session, August 18, 2006 |
********
1:46 PM: | Start of Session, August 18, 2006 |
1:46 PM: Spy Sweeper started
1:46 PM: Sweep initiated using definitions version 743
1:47 PM: Starting Memory Sweep
1:51 PM: Found Adware: look2me
1:51 PM: Detected running threat: C:\WINDOWS\SYSTEM\WGNALIGN.DLL (ID = 163642)
1:52 PM: Detected running threat: C:\WINDOWS\SYSTEM\NUSWAN32.DLL (ID = 163642)
1:53 PM: Memory Sweep Complete, Elapsed Time: 00:06:17
1:53 PM: Starting Registry Sweep
1:53 PM: Sweep Canceled
1:53 PM: Registry Sweep Complete, Elapsed Time:00:00:06
1:53 PM: Traces Found: 2
1:53 PM: Removal process initiated
1:53 PM: Quarantining All Traces: look2me
1:53 PM: Warning: Launched explorer.exe
1:53 PM: Warning: Quarantine process could not restart Explorer.
1:54 PM: Removal process completed. Elapsed time 00:00:33
1:54 PM: Your Internet Explorer home page default is now:
1:54 PM: "http://www.google.com"
1:54 PM: Your search page default is now:
1:54 PM: "http://searchbar.google.com"
1:55 PM: Your search page default is now:
1:55 PM: "http://www.google.com"
1:55 PM: Search URL (User)
1:55 PM: "http://www.google.com"
1:55 PM: Default Page (System)
1:55 PM: "http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
1:56 PM: IE Tracking Cookies Shield: Removed searchingbooth cookie
1:56 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
1:56 PM: IE Tracking Cookies Shield: Removed wizzle cookie
1:56 PM: IE Tracking Cookies Shield: Removed 888 cookie
1:56 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
1:56 PM: IE Tracking Cookies Shield: Removed cassava cookie
1:56 PM: IE Tracking Cookies Shield: Removed 10103 cookie
1:56 PM: IE Tracking Cookies Shield: Removed atlas dmt cookie
1:56 PM: | End of Session, August 18, 2006 |
********
1:37 PM: | Start of Session, August 18, 2006 |
1:37 PM: Spy Sweeper started
1:37 PM: Sweep initiated using definitions version 743
1:37 PM: Starting Memory Sweep
1:45 PM: Found Trojan Horse: trojan downloader matcash
1:45 PM: Detected running threat: C:\WINDOWS\SYSTEM\winlog.exe (ID = 255143)
1:45 PM: Sweep Canceled
1:45 PM: Memory Sweep Complete, Elapsed Time: 00:08:06
1:45 PM: Traces Found: 1
1:46 PM: Removal process initiated
1:46 PM: Quarantining All Traces: trojan downloader matcash
1:46 PM: Removal process completed. Elapsed time 00:00:21
1:46 PM: | End of Session, August 18, 2006 |
********
1:16 PM: | Start of Session, August 18, 2006 |
1:16 PM: Spy Sweeper started
1:16 PM: Sweep initiated using definitions version 743
1:16 PM: Starting Memory Sweep
1:21 PM: Found Trojan Horse: trojan downloader matcash
1:21 PM: Detected running threat: C:\WINDOWS\SYSTEM\winlog.exe (ID = 255143)
1:23 PM: Found Adware: look2me
1:23 PM: Detected running threat: C:\WINDOWS\SYSTEM\WGNALIGN.DLL (ID = 163642)
1:24 PM: Detected running threat: C:\WINDOWS\SYSTEM\NUSWAN32.DLL (ID = 163642)
1:24 PM: Memory Sweep Complete, Elapsed Time: 00:08:24
1:24 PM: Starting Registry Sweep
1:25 PM: Found Adware: findthewebsiteyouneed hijack
1:25 PM: HKLM\software\microsoft\internet explorer\main\ || search page (ID = 125241)
1:25 PM: HKLM\software\microsoft\internet explorer\search\ || searchassistant (ID = 125242)
1:26 PM: Found Adware: targetsaver
1:26 PM: HKLM\software\microsoft\windows\currentversion\uninstall\tsa\ (2 subtraces) (ID = 143607)
1:26 PM: HKU\.default\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555438)
1:26 PM: Found Adware: zquest
1:26 PM: HKLM\software\microsoft\windows\currentversion\uninstall\{80404d0c-6d24-e87f-650f-f7d1985cd762}\ (4 subtraces) (ID = 775881)
1:26 PM: Found Adware: visfx
1:26 PM: HKLM\ovmon\ (ID = 826847)
1:26 PM: Found Adware: enbrowser
1:26 PM: HKLM\software\system\sysold\ (1 subtraces) (ID = 926808)
1:26 PM: HKLM\software\microsoft\windows\currentversion\run\ || actx1 (ID = 957560)
1:26 PM: HKLM\software\microsoft\windows\currentversion\run\ || themonitor (ID = 1028873)
1:26 PM: Found Adware: maxifiles
1:26 PM: HKCR\mytoolbar.mytoolbarobj\ (5 subtraces) (ID = 1497797)
1:26 PM: HKCR\mytoolbar.mytoolbarobj.1\ (3 subtraces) (ID = 1497803)
1:26 PM: HKLM\software\classes\mytoolbar.mytoolbarobj\ (5 subtraces) (ID = 1498205)
1:26 PM: HKLM\software\classes\mytoolbar.mytoolbarobj.1\ (3 subtraces) (ID = 1498211)
1:26 PM: HKLM\software\microsoft\windows\currentversion\uninstall\toolbar888\ (2 subtraces) (ID = 1498367)
1:26 PM: HKCR\typelib\{569304ba-83ed-4cff-ac26-be3e482f7208}\ (9 subtraces) (ID = 1530936)
1:26 PM: HKLM\software\classes\typelib\{569304ba-83ed-4cff-ac26-be3e482f7208}\ (9 subtraces) (ID = 1530980)
1:26 PM: HKLM\software\microsoft\internet explorer\toolbar\ || {cbcc61fa-0221-4ccc-b409-cee865caca3a} (ID = 1530992)
1:26 PM: Found Adware: dollarrevenue
1:26 PM: HKLM\software\microsoft\windows\currentversion\run\ || defender (ID = 1558788)
1:26 PM: HKLM\software\microsoft\windows\currentversion\run\ || keyboard (ID = 1558789)
1:26 PM: HKU\.DEFAULT\software\microsoft\internet explorer\main\ || default_search_url (ID = 125236)
1:26 PM: HKU\.DEFAULT\software\microsoft\internet explorer\main\ || search bar (ID = 125237)
1:26 PM: HKU\.DEFAULT\software\microsoft\internet explorer\main\ || search page (ID = 125238)
1:26 PM: HKU\.DEFAULT\software\microsoft\internet explorer\main\ || start page (ID = 125239)
1:26 PM: HKU\.DEFAULT\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437)
1:26 PM: HKU\.DEFAULT\software\system\sysuid\ (1 subtraces) (ID = 731748)
1:26 PM: HKU\.DEFAULT\software\microsoft\internet explorer\search\searchassistant explorer\main\ || Default_Search_URL (ID = 1554015)
1:26 PM: Registry Sweep Complete, Elapsed Time:00:01:58
1:26 PM: Starting Cookie Sweep
1:26 PM: Found Spy Cookie: searchingbooth cookie
1:26 PM: angie braun@banners.searchingbooth[1].txt (ID = 3322)
1:26 PM: Found Spy Cookie: 2o7.net cookie
1:26 PM: angie braun@2o7[1].txt (ID = 1957)
1:26 PM: Found Spy Cookie: wizzle cookie
1:26 PM: angie braun@wizzle[1].txt (ID = 3695)
1:26 PM: Found Spy Cookie: 888 cookie
1:26 PM: angie braun@888[1].txt (ID = 2019)
1:26 PM: angie braun@partygaming.122.2o7[1].txt (ID = 1958)
1:26 PM: Found Spy Cookie: cassava cookie
1:26 PM: angie braun@cassava[1].txt (ID = 2362)
1:26 PM: Found Spy Cookie: 10103 cookie
1:26 PM: angie braun@10103[1].txt (ID = 1921)
1:26 PM: Found Spy Cookie: atlas dmt cookie
1:26 PM: angie braun@atdmt[2].txt (ID = 2253)
1:26 PM: Cookie Sweep Complete, Elapsed Time: 00:00:05
1:26 PM: Starting File Sweep
1:26 PM: Warning: Failed to open file "c:\windows\win386.swp". The process cannot access the file because it is being used by another process
1:27 PM: vsl.dl_ (ID = 290652)
1:27 PM: installer3.exe (ID = 168558)
1:27 PM: drsmartload.exe (ID = 336854)
1:27 PM: Found Adware: command
1:27 PM: mte3ndi6odoxng.exe (ID = 185985)
1:27 PM: mte3ndi6odoxngnew.exe (ID = 185985)
1:27 PM: visfx500new.exe (ID = 244295)
1:27 PM: warebundlenewer.exe (ID = 168558)
1:27 PM: Found Adware: surfsidekick
1:27 PM: ss1001newer.exe (ID = 215896)
1:27 PM: stub_113_4_0_4_0newer.exe (ID = 193995)
1:27 PM: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run || kimo (ID = 0)
1:28 PM: pf78.exe (ID = 244430)
1:28 PM: pms111x.exe (ID = 244278)
1:28 PM: uni_eh.exe (ID = 245110)
1:28 PM: unin101.exe (ID = 245111)
1:28 PM: offun.exe (ID = 215807)
1:28 PM: iconu.exe (ID = 65721)
********
1:06 PM: | Start of Session, August 18, 2006 |
1:06 PM: Spy Sweeper started
1:06 PM: Sweep initiated using definitions version 743
1:06 PM: Found Adware: maxifiles
1:06 PM: HKCR\clsid\{cbcc61fa-0221-4ccc-b409-cee865caca3a}\inprocserver32\ (2 subtraces) (ID = 1537866)
1:06 PM: MYTOOLBAR.DLL (ID = 1537866)
1:07 PM: Starting Memory Sweep
1:08 PM: Found Adware: command
1:08 PM: Detected running threat: C:\WINDOWS\QW5naWUgQnJhdW4A\asappsrv.dll (ID = 144945)
1:10 PM: Sweep Canceled
1:10 PM: Memory Sweep Complete, Elapsed Time: 00:02:52
1:10 PM: Traces Found: 5
1:10 PM: Removal process initiated
1:10 PM: Quarantining All Traces: maxifiles
1:10 PM: Quarantining All Traces: command
1:10 PM: command is in use. It will be removed on reboot.
1:10 PM: C:\WINDOWS\QW5naWUgQnJhdW4A\asappsrv.dll is in use. It will be removed on reboot.
1:10 PM: Warning: Launched explorer.exe
1:10 PM: Warning: Quarantine process could not restart Explorer.
1:10 PM: Preparing to restart your computer. Please wait...
1:10 PM: Removal process completed. Elapsed time 00:00:28
********
10:10 AM: | Start of Session, August 18, 2006 |
10:10 AM: Spy Sweeper started
10:10 AM: Sweep initiated using definitions version 743
10:10 AM: Found Adware: maxifiles
10:10 AM: HKCR\clsid\{cbcc61fa-0221-4ccc-b409-cee865caca3a}\inprocserver32\ (2 subtraces) (ID = 1537866)
10:10 AM: MYTOOLBAR.DLL (ID = 1537866)
10:10 AM: Starting Memory Sweep
10:11 AM: Found Adware: command
10:11 AM: Detected running threat: C:\WINDOWS\QW5naWUgQnJhdW4A\asappsrv.dll (ID = 144945)
10:19 AM: Found Adware: look2me
10:19 AM: Detected running threat: C:\WINDOWS\SYSTEM\WGNALIGN.DLL (ID = 163642)
10:25 AM: Detected running threat: C:\WINDOWS\SYSTEM\JEMD400.DLL (ID = 163642)
10:27 AM: Memory Sweep Complete, Elapsed Time: 00:16:06
10:27 AM: Starting Registry Sweep
10:28 AM: Found Adware: findthewebsiteyouneed hijack
10:28 AM: HKLM\software\microsoft\internet explorer\main\ || search page (ID = 125241)
10:28 AM: HKLM\software\microsoft\internet explorer\search\ || searchassistant (ID = 125242)
10:28 AM: Found Adware: targetsaver
10:28 AM: HKLM\software\microsoft\windows\currentversion\uninstall\tsa\ (2 subtraces) (ID = 143607)
10:29 AM: HKU\.default\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555438)
10:29 AM: Found Adware: zquest
10:29 AM: HKLM\software\microsoft\windows\currentversion\uninstall\{80404d0c-6d24-e87f-650f-f7d1985cd762}\ (4 subtraces) (ID = 775881)
10:29 AM: Found Adware: visfx
10:29 AM: HKLM\ovmon\ (ID = 826847)
10:29 AM: Found Adware: enbrowser
10:29 AM: HKLM\software\system\sysold\ (1 subtraces) (ID = 926808)
10:29 AM: HKLM\software\microsoft\windows\currentversion\run\ || actx1 (ID = 957560)
10:29 AM: HKLM\software\microsoft\windows\currentversion\run\ || themonitor (ID = 1028873)
10:29 AM: HKCR\mytoolbar.mytoolbarobj\ (5 subtraces) (ID = 1497797)
10:29 AM: HKCR\mytoolbar.mytoolbarobj.1\ (3 subtraces) (ID = 1497803)
10:29 AM: HKLM\software\classes\mytoolbar.mytoolbarobj\ (5 subtraces) (ID = 1498205)
10:29 AM: HKLM\software\classes\mytoolbar.mytoolbarobj.1\ (3 subtraces) (ID = 1498211)
10:29 AM: HKLM\software\microsoft\windows\currentversion\uninstall\toolbar888\ (2 subtraces) (ID = 1498367)
10:29 AM: HKCR\clsid\{cbcc61fa-0221-4ccc-b409-cee865caca3a}\ (11 subtraces) (ID = 1530906)
10:29 AM: HKCR\typelib\{569304ba-83ed-4cff-ac26-be3e482f7208}\ (9 subtraces) (ID = 1530936)
10:29 AM: HKLM\software\classes\clsid\{cbcc61fa-0221-4ccc-b409-cee865caca3a}\ (11 subtraces) (ID = 1530968)
10:29 AM: HKLM\software\classes\typelib\{569304ba-83ed-4cff-ac26-be3e482f7208}\ (9 subtraces) (ID = 1530980)
10:29 AM: HKLM\software\microsoft\internet explorer\toolbar\ || {cbcc61fa-0221-4ccc-b409-cee865caca3a} (ID = 1530992)
10:29 AM: Found Adware: dollarrevenue
10:29 AM: HKLM\software\microsoft\windows\currentversion\run\ || defender (ID = 1558788)
10:29 AM: HKLM\software\microsoft\windows\currentversion\run\ || keyboard (ID = 1558789)
10:29 AM: HKU\.DEFAULT\software\microsoft\internet explorer\main\ || default_search_url (ID = 125236)
10:29 AM: HKU\.DEFAULT\software\microsoft\internet explorer\main\ || search bar (ID = 125237)
10:29 AM: HKU\.DEFAULT\software\microsoft\internet explorer\main\ || search page (ID = 125238)
10:29 AM: HKU\.DEFAULT\software\microsoft\internet explorer\main\ || start page (ID = 125239)
10:29 AM: HKU\.DEFAULT\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437)
10:29 AM: HKU\.DEFAULT\software\system\sysuid\ (1 subtraces) (ID = 731748)
10:29 AM: HKU\.DEFAULT\software\microsoft\internet explorer\search\searchassistant explorer\main\ || Default_Search_URL (ID = 1554015)
10:29 AM: Registry Sweep Complete, Elapsed Time:00:02:32
10:29 AM: Starting Cookie Sweep
10:29 AM: Found Spy Cookie: searchingbooth cookie
10:29 AM: angie braun@banners.searchingbooth[1].txt (ID = 3322)
10:29 AM: Found Spy Cookie: 2o7.net cookie
10:29 AM: angie braun@2o7[1].txt (ID = 1957)
10:29 AM: Found Spy Cookie: wizzle cookie
10:29 AM: angie braun@wizzle[1].txt (ID = 3695)
10:29 AM: Found Spy Cookie: 888 cookie
10:29 AM: angie braun@888[1].txt (ID = 2019)
10:29 AM: angie braun@partygaming.122.2o7[1].txt (ID = 1958)
10:29 AM: Found Spy Cookie: cassava cookie
10:29 AM: angie braun@cassava[1].txt (ID = 2362)
10:29 AM: Found Spy Cookie: 10103 cookie
10:29 AM: angie braun@10103[1].txt (ID = 1921)
10:29 AM: Found Spy Cookie: atlas dmt cookie
10:29 AM: angie braun@atdmt[2].txt (ID = 2253)
10:29 AM: Cookie Sweep Complete, Elapsed Time: 00:00:06
10:29 AM: Starting File Sweep
10:30 AM: vsl.dl_ (ID = 290652)
10:30 AM: installer3.exe (ID = 168558)
10:30 AM: drsmartload.exe (ID = 336854)
10:30 AM: mte3ndi6odoxng.exe (ID = 185985)
10:30 AM: mte3ndi6odoxngnew.exe (ID = 185985)
10:30 AM: visfx500new.exe (ID = 244295)
10:30 AM: warebundlenewer.exe (ID = 168558)
10:30 AM: Found Adware: surfsidekick
10:30 AM: ss1001newer.exe (ID = 215896)
10:30 AM: stub_113_4_0_4_0newer.exe (ID = 193995)
10:30 AM: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run || kimo (ID = 0)
10:31 AM: Warning: Failed to open file "c:\windows\win386.swp". The process cannot access the file because it is being used by another process
10:32 AM: pf78.exe (ID = 244430)
10:32 AM: pms111x.exe (ID = 244278)
10:32 AM: uni_eh.exe (ID = 245110)
10:32 AM: unin101.exe (ID = 245111)
10:32 AM: offun.exe (ID = 215807)
10:32 AM: iconu.exe (ID = 65721)
10:47 AM: Found Trojan Horse: trojan downloader matcash
10:47 AM: winlog.exe (ID = 255143)
10:47 AM: Found Trojan Horse: trojan-downloader-ac2
10:47 AM: jxba4623.dll (ID = 336612)
10:47 AM: vkodec32.dll (ID = 163642)
10:47 AM: azvpack.dll (ID = 163642)
10:47 AM: rfcltc1.dll (ID = 163642)
10:47 AM: oje32.dll (ID = 163642)
10:47 AM: mzr2cenu.dll (ID = 163642)
10:47 AM: axvpack.dll (ID = 163642)
10:47 AM: dpeml.dll (ID = 163642)
10:47 AM: aaa00000.dll (ID = 336612)
10:47 AM: pxapi.dll (ID = 163642)
10:47 AM: comnew.dll (ID = 163642)
10:47 AM: lrcglpa.dll (ID = 163642)
10:47 AM: abferror.dll (ID = 163642)
10:47 AM: wgnalign.dll (ID = 163642)
10:47 AM: cgmmdlg.dll (ID = 163642)
10:47 AM: jbeg2x32.dll (ID = 163642)
10:48 AM: sccur32.dll (ID = 163642)
10:48 AM: mlxdm.dll (ID = 163642)
10:48 AM: nsnds.dll (ID = 163642)
10:48 AM: tsuninst.exe (ID = 193501)
10:48 AM: wrsdmod.dll (ID = 163642)
10:48 AM: uel.dll (ID = 163642)
10:48 AM: ujbui.dll (ID = 163642)
10:48 AM: lmpcx11n.dll (ID = 163642)
10:48 AM: dhspex.dll (ID = 163642)
10:48 AM: decprop.dll (ID = 163642)
10:48 AM: rkfrate.dll (ID = 163642)
10:48 AM: ebpsrv.dll (ID = 163642)
10:48 AM: eocapi.dll (ID = 163642)
10:48 AM: mkjet35.dll (ID = 163642)
10:48 AM: pyustab.dll (ID = 163642)
10:48 AM: sfrapi.dll (ID = 163642)
10:48 AM: mximsg.dll (ID = 163642)
10:48 AM: jemd400.dll (ID = 163642)
10:48 AM: lfcgflib.dll (ID = 163642)
10:48 AM: mbpi32.dll (ID = 163642)
10:48 AM: sotaid.dll (ID = 163642)
10:51 AM: atmtd.dll (ID = 166754)
10:51 AM: atmtd.dll._ (ID = 166754)
10:53 AM: cmdinst.exe (ID = 166756)
10:53 AM: tsinstall_4_0_4_0_b4.exe (ID = 193496)
10:53 AM: tsupdate_4_0_4_1_b3.exe (ID = 330712)
10:53 AM: bw2.com (ID = 65721)
10:53 AM: i8253.tmp (ID = 253411)
10:54 AM: nsprocess.dll (ID = 301977)
10:54 AM: nsprocess.dll (ID = 301977)
10:54 AM: nsprocess.dll (ID = 301977)
10:54 AM: nsprocess.dll (ID = 301977)
10:54 AM: nsprocess.dll (ID = 301977)
10:54 AM: nsprocess.dll (ID = 301977)
10:54 AM: nsprocess.dll (ID = 301977)
10:54 AM: nsprocess.dll (ID = 301977)
10:54 AM: nsprocess.dll (ID = 301977)
10:54 AM: nsprocess.dll (ID = 301977)
10:54 AM: nsprocess.dll (ID = 301977)
10:54 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs33cfcd48-8e5a-462a-a412-2700d565d9ee.tmp". The process cannot access the file because it is being used by another process
10:54 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4f622101-7370-4bc8-b1ce-b9c372bced3f.tmp". The process cannot access the file because it is being used by another process
10:54 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs927eca3a-39ce-491a-89ad-b6e72b69fc99.tmp". The process cannot access the file because it is being used by another process
10:54 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs94b1bb7a-e20d-4fab-8962-6caf059de31b.tmp". The process cannot access the file because it is being used by another process
10:54 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs474a69c1-8d5e-4c42-9820-352278e475ff.tmp". The process cannot access the file because it is being used by another process
10:54 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs708543af-e364-41a3-a7cb-21017c3ec19a.tmp". The process cannot access the file because it is being used by another process
10:54 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs573934d1-a9ee-4f5d-887d-95ffed64ab65.tmp". The process cannot access the file because it is being used by another process
10:54 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs5d1bf9b9-7eae-4520-bf10-919d4e57468e.tmp". The process cannot access the file because it is being used by another process
10:54 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsece7ce3d-7a00-40e4-8af2-402bedb672ef.tmp". The process cannot access the file because it is being used by another process
10:54 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsc8c9bccc-002b-45d5-a3cf-b05b791a73c5.tmp". The process cannot access the file because it is being used by another process
10:54 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs9856add3-e682-42fb-96c5-5728d43873d0.tmp". The process cannot access the file because it is being used by another process
10:54 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs5d264c60-69fb-4b6d-a4c0-9b8a7583820e.tmp". The process cannot access the file because it is being used by another process
10:54 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs23e031bb-406e-459b-a2b9-212c8dbaec79.tmp". The process cannot access the file because it is being used by another process
10:54 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsc4e45f95-25ab-42d8-bb56-f90b3c20e7c7.tmp". The process cannot access the file because it is being used by another process
10:54 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs927d598c-0589-4679-9be7-daf1aea280ea.tmp". The process cannot access the file because it is being used by another process
10:54 AM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs50e04acc-f261-4bd8-899d-9d5f51eeeb18.tmp". The process cannot access the file because it is being us

#6 monkeybutt

monkeybutt
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 18 August 2006 - 04:35 PM

Where it cuts off is actually the end of the Spy Sweeper Log, just goes on to say that the program cannot be accessed, its may be in use by another process.

And here is the hijack this log.

Logfile of HijackThis v1.99.1
Scan saved at 4:08:22 PM, on 18/08/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LXCGPPLS.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
C:\WINDOWS\DFODCFAA.EXE
C:\WINDOWS\SYSTEM\ICSMGR.EXE
C:\PROGRAM FILES\PROXYWAY\PROXYWAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

F1 - win.ini: run=lxcgppls.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\SYSTEM\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [winlog] WINLOG.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [newname] C:\\NWNMFF_11.exe
O4 - HKLM\..\Run: [DFODCFAA] C:\WINDOWS\DFODCFAA.exe
O4 - HKLM\..\Run: [sys031153795108] C:\WINDOWS\sys031153795108.exe
O4 - HKLM\..\Run: [ICSMGR] ICSMGR.EXE
O4 - HKLM\..\Run: [SpySweeper] "C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE" /startintray
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [winlog] WINLOG.EXE
O4 - HKLM\..\RunServices: [SDService] C:\Program Files\SpywareDetector\SDService.exe
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe
O4 - HKCU\..\Run: [OMIK] C:\PROGRAM FILES\COMMON FILES\OMIK\OMIKM.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZPxdm182YYCA
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O16 - DPF: {261EE805-4893-45A3-8E9E-AD90914CB39A} - http://www9.advnt01.com/dialer/internazionale_98_ver11n.CAB
O16 - DPF: {00000000-0000-0000-0000-000320050660} - http://207.234.185.217/aboxinst_int16.exe


Thanks,
MonkeyButt :thumbsup:

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:21 PM

Posted 18 August 2006 - 08:14 PM

Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

F1 - win.ini: run=lxcgppls.exe
O4 - HKLM\..\Run: [winlog] WINLOG.EXE
O4 - HKLM\..\Run: [newname] C:\\NWNMFF_11.exe
O4 - HKLM\..\Run: [DFODCFAA] C:\WINDOWS\DFODCFAA.exe
O4 - HKLM\..\Run: [sys031153795108] C:\WINDOWS\sys031153795108.exe
O4 - HKLM\..\Run: [ICSMGR] ICSMGR.EXE
O4 - HKLM\..\RunServices: [winlog] WINLOG.EXE
O4 - HKCU\..\Run: [OMIK] C:\PROGRAM FILES\COMMON FILES\OMIK\OMIKM.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZPxdm182YYCA
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {261EE805-4893-45A3-8E9E-AD90914CB39A} - http://www9.advnt01.com/dialer/internazionale_98_ver11n.CAB
O16 - DPF: {00000000-0000-0000-0000-000320050660} - http://207.234.185.217/aboxinst_int16.exe





Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report along with a new hijackthis log.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#8 monkeybutt

monkeybutt
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 19 August 2006 - 01:52 AM

Incident Status Location

Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS\NPMYWEBS.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\PROGRAM FILES\MSN MESSENGER\RICHED20.DLL
Potentially unwanted tool:Application/FunWeb Not disinfected C:\PROGRAM FILES\MSN MESSENGER\MSIMG32.DLL
Spyware:spyware/surfsidekick Not disinfected C:\WINDOWS\TEMP\SskUpdater3.exe
Potentially unwanted tool:application/funweb Not disinfected c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf
Adware:adware/ucmore Not disinfected c:\ucmoreiex.exe
Adware:adware/dollarrevenue Not disinfected c:\drsmartload45a8b9abc.exe
Potentially unwanted tool:application/mywebsearch Not disinfected hkey_classes_root\clsid\{9AFB8248-617F-460d-9366-D71CDEDA3179}
Virus:Bck/Service9x.C Not disinfected C:\WINDOWS\OPTIONS\CABS\lxcgsr9x.ex_[C:\WINDOWS\OPTIONS\CABS\lxcgsr9x.exe]
Virus:Bck/Service9x.C Disinfected C:\WINDOWS\SYSTEM\lxcgsr9x.exe
Spyware:Cookie/Zedo Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\6yatjsrm.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Statcounter Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\6yatjsrm.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/bravenetA Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\6yatjsrm.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/RealMedia Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\6yatjsrm.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\6yatjsrm.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/2o7 Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\6yatjsrm.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\6yatjsrm.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\6yatjsrm.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/YieldManager Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\6yatjsrm.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Advnt Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\6yatjsrm.default\cookies.txt[www.advnt01.com/]
Spyware:Cookie/GoClick Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\6yatjsrm.default\cookies.txt[c.goclick.com/]
Spyware:Cookie/888 Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\6yatjsrm.default\cookies.txt[.888.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\6yatjsrm.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Hitslink Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\6yatjsrm.default\cookies.txt[counter.hitslink.com/]
Spyware:Cookie/Findwhat Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\6yatjsrm.default\cookies.txt[.findwhat.com/]
Spyware:Cookie/PointRoll Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\6yatjsrm.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\6yatjsrm.default\cookies.txt[.drivecleaner.com/]
Spyware:Cookie/Com.com Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\6yatjsrm.default\cookies.txt[.com.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\6yatjsrm.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Advertising Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\6yatjsrm.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\6yatjsrm.default\cookies.txt[.trafficmp.com/]
Adware:Adware/Ucmore Not disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\01E3G56V\ucmoreiex[1].exe
Adware:Adware/DollarRevenue Not disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\2JM5EBGR\drsmartload849a[1].exe
Adware:Adware/Ucmore Not disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\U9F85ONM\ucmoreiex[1].exe
Adware:Adware/DollarRevenue Not disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\U9F85ONM\drsmartload45a[1].exe
Adware:Adware/ISearch Not disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\U9F85ONM\installer_9x[1].exe
Adware:Adware/DollarRevenue Not disinfected C:\WINDOWS\Temporary Internet Files\Content.IE5\KR3VEG9H\drsmartload46a[1].exe
Spyware:Cookie/DriveCleaner Not disinfected C:\WINDOWS\Cookies\angie braun@stats.drivecleaner[2].txt
Adware:Adware/2Z0o Not disinfected C:\WINDOWS\dfodcfa.exe
Virus:Trj/Clicker.RF Disinfected C:\WINDOWS\DFODCFAA.exe
Adware:Adware/SecurityError Not disinfected C:\Program Files\Common Files\{40711903-0000-4105--0002}\services.dll
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\Angies folder\e-mail junk\ZwinkyFFSetup2.2.50.1.exe
Adware:Adware/DollarRevenue Not disinfected C:\install.exe[\nsProcess.dll]
Adware:Adware/SecurityError Not disinfected C:\install.exe[++\\services.dll]
Adware:Adware/Mytoolbar Not disinfected C:\install.exe[MyToolBar.dll]
Adware:Adware/Mytoolbar Not disinfected C:\install.exe[Activate.exe]
Adware:Adware/DollarRevenue Not disinfected C:\ac3_0010.exe
Adware:Adware/DollarRevenue Not disinfected C:\drsmartload46a8b9abc.exe
Adware:Adware/DollarRevenue Not disinfected C:\drsmartload849a8b9abc.exe
Adware:Adware/DollarRevenue Not disinfected C:\drsmartload45a2002.exe
Adware:Adware/DollarRevenue Not disinfected C:\drsmartload45a99.exe
Adware:Adware/DollarRevenue Not disinfected C:\drsmartload46a99.exe
Adware:Adware/DollarRevenue Not disinfected C:\drsmartload849a99.exe
Adware:Adware/DollarRevenue Not disinfected C:\drsmartload45a1001.exe
Adware:Adware/DollarRevenue Not disinfected C:\drsmartload46a1001.exe
Adware:Adware/DollarRevenue Not disinfected C:\drsmartload849a1001.exe
Adware:Adware/DollarRevenue Not disinfected C:\drsmartload46a2002.exe
Adware:Adware/DollarRevenue Not disinfected C:\drsmartload849a2002.exe

Logfile of HijackThis v1.99.1
Scan saved at 1:50:54 AM, on 19/08/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ICSMGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\WUAUBOOT.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\SYSTEM\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [SpySweeper] "C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE" /startintray
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [SDService] C:\Program Files\SpywareDetector\SDService.exe
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAM FILES\SYGATE\SPF\SMC.EXE
O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:21 PM

Posted 19 August 2006 - 03:42 PM

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):



    C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS\NPMYWEBS.DLL
    C:\PROGRAM FILES\MSN MESSENGER\RICHED20.DLL
    C:\PROGRAM FILES\MSN MESSENGER\MSIMG32.DLL
    C:\WINDOWS\TEMP\SskUpdater3.exe
    c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf
    c:\ucmoreiex.exe
    c:\drsmartload45a8b9abc.exe
    C:\WINDOWS\dfodcfa.exe
    C:\WINDOWS\DFODCFAA.exe
    C:\Program Files\Common Files\{40711903-0000-4105--0002}\services.dll
    C:\Program Files\Common Files\{40711903-0000-4105--0002}\update.exe
    C:\Program Files\Common Files\{40711903-0000-4105--0002}
    C:\Program Files\Angies folder\e-mail junk\ZwinkyFFSetup2.2.50.1.exe
    C:\install.exe
    C:\ac3_0010.exe
    C:\drsmartload46a8b9abc.exe
    C:\drsmartload849a8b9abc.exe
    C:\drsmartload45a2002.exe
    C:\drsmartload45a99.exe
    C:\drsmartload46a99.exe
    C:\drsmartload849a99.exe
    C:\drsmartload45a1001.exe
    C:\drsmartload46a1001.exe
    C:\drsmartload849a1001.exe
    C:\drsmartload46a2002.exe
    C:\drsmartload849a2002.exe



  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

    If your computer does not restart automatically, please restart it manually.

  • After rebooting, open up Killbox again. Click File -> Logs -> Actions History Log
  • Post this log in your next reply.
==============


Run another scan with Spysweeper now and post the resulting log in your next reply.

Edited by Buckeye_Sam, 19 August 2006 - 03:43 PM.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 monkeybutt

monkeybutt
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 20 August 2006 - 07:10 PM

Pocket Killbox version 2.0.0.648
Running on Windows Me as Angie Braun
was started @ Sunday, August 20, 2006, 4:59 PM

# 1 [Delete on Reboot]
Path = C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS\NPMYWEBS.DLL


# 2 [Delete on Reboot]
Path = C:\PROGRAM FILES\MSN MESSENGER\RICHED20.DLL


# 3 [Delete on Reboot]
Path = C:\PROGRAM FILES\MSN MESSENGER\MSIMG32.DLL


# 4 [Delete on Reboot]
Path = C:\WINDOWS\TEMP\SskUpdater3.exe


# 5 [Delete on Reboot]
Path = c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf


# 6 [Delete on Reboot]
Path = c:\ucmoreiex.exe


# 7 [Delete on Reboot]
Path = c:\drsmartload45a8b9abc.exe


# 8 [Delete on Reboot]
Path = C:\WINDOWS\dfodcfa.exe


# 9 [Delete on Reboot]
Path = C:\Program Files\Common Files\{40711903-0000-4105--0002}\services.dll


# 10 [Delete on Reboot]
Path = C:\Program Files\Common Files\{40711903-0000-4105--0002}\update.exe


# 11 [Delete on Reboot]
Path = C:\Program Files\Common Files\{40711903-0000-4105--0002}


# 12 [Delete on Reboot]
Path = C:\Program Files\Angies folder\e-mail junk\ZwinkyFFSetup2.2.50.1.exe


# 13 [Delete on Reboot]
Path = C:\install.exe


# 14 [Delete on Reboot]
Path = C:\ac3_0010.exe


# 15 [Delete on Reboot]
Path = C:\drsmartload46a8b9abc.exe


# 16 [Delete on Reboot]
Path = C:\drsmartload849a8b9abc.exe


# 17 [Delete on Reboot]
Path = C:\drsmartload45a2002.exe


# 18 [Delete on Reboot]
Path = C:\drsmartload45a99.exe


# 19 [Delete on Reboot]
Path = C:\drsmartload46a99.exe


# 20 [Delete on Reboot]
Path = C:\drsmartload849a99.exe


# 21 [Delete on Reboot]
Path = C:\drsmartload45a1001.exe


# 22 [Delete on Reboot]
Path = C:\drsmartload46a1001.exe


# 23 [Delete on Reboot]
Path = C:\drsmartload849a1001.exe


# 24 [Delete on Reboot]
Path = C:\drsmartload46a2002.exe


# 25 [Delete on Reboot]
Path = C:\drsmartload849a2002.exe


Killbox Closed(Exit) @ 5:08:58 PM
__________________________________________________

********
5:36 PM: | Start of Session, August 20, 2006 |
5:36 PM: Spy Sweeper started
5:36 PM: Sweep initiated using definitions version 744
5:36 PM: Starting Memory Sweep
5:51 PM: Memory Sweep Complete, Elapsed Time: 00:14:21
5:51 PM: Starting Registry Sweep
5:54 PM: Registry Sweep Complete, Elapsed Time:00:02:55
5:54 PM: Starting Cookie Sweep
5:54 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
5:54 PM: Starting File Sweep
5:54 PM: Warning: Failed to open file "c:\windows\win386.swp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\mozilla\firefox\profiles\6yatjsrm.default\parent.lock". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs6c8e9f37-1a7a-4264-9bbc-e9466e5ff6dc.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs31ea8690-3f86-4acf-8157-0b7822504ab3.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsdbdaf879-d683-40e2-88e9-c06608f54676.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsec289c59-48b6-4dda-af4e-1780e3cf30ce.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs8f00a9af-50f8-4fed-83b7-1dd6722ba14f.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs5cf8a673-dd92-4563-9a06-4f2dee8f53e0.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs633fa5f3-0b8f-43ac-80ab-bb358aafa9cd.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscse0930974-687e-4470-81af-b5415c48974a.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs651d4532-87eb-489d-8573-170e2c464d59.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsa6346cf6-aaf8-4e3a-915b-edf2a981f535.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs06ef8414-949c-4ed5-80f8-3d3a53f2eb9c.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscse884eec3-9a38-4771-a57c-111ee94f2dbf.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs838473f5-dd0c-4506-b260-34e4a5f08b27.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb7fa9d5f-53ae-419a-aeea-be62c6f7b802.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs1e8add90-be85-41f5-a346-730f8b35c189.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs47e034b4-10fd-428e-9053-2fbe1eb83a82.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsc92dcca0-5149-4efd-9346-aee34a344329.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsf8fb0251-f8af-43f4-921e-97b07c5eabcd.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsa29b873f-20bc-4466-84f3-5ee26913b860.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs740734e5-fd09-4946-a912-484a19bdc31f.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb2b53964-7794-46bf-9028-61e67f3c5563.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs3d8ca387-e499-4ec2-8b5a-93dfc725ea61.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4841b1bf-52d2-44e8-aa42-987190858ede.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs752c4ce5-9099-46fa-a961-1f3f98ce6166.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs9ddf7501-324b-4d87-aee0-3f59b9d873f9.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsa4d44089-d1f3-4d5a-b7e9-57d5d464b6c8.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs9146d2ce-dc7f-4d03-931c-ac48b0fd5e86.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs720f8b60-3135-4018-83c4-013b45b50389.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs93dd2ce2-d236-4af0-a588-4d826bb1e699.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs23f5b14d-5089-42b4-abb9-cdaca8966a99.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs978233ee-731b-4dde-a412-633bf5f7ae10.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs03a03e3d-4830-4b57-9f4a-19b5eb27e100.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscse5d7d548-97ee-4932-af61-1ca0675abef0.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsdd4d87de-0f31-48e5-9639-46b9bb7a0738.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs5b8cb7d4-a388-47db-b911-699e06c4d6ef.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbccb4f37-93e9-4177-9da5-af86b285376d.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsc864d9b5-21ea-48fe-afda-c490e9a6f404.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs1d89c695-3b65-4983-b274-cb6cb74bdd57.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsfc9cdb84-963d-4b20-b25e-531bf5549bad.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs8bc88876-4d4e-49d6-ad02-c0016dd5270f.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs569078ed-b80c-47c3-a1ee-31402cd62c79.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs177d5556-36a2-4b90-bd27-0d81a701ab11.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs60bc6e44-4ec2-43f7-9c4c-e3ca6b0050ea.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs592228d8-1c04-4fbc-b21b-ae7782d228df.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs33dd4b8b-ad29-476d-a986-ff292b135017.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs69ee7591-acec-48d0-aa6e-bd4337bafa54.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsfd7045c5-e3ee-4e44-bc5a-1ff4c5707ffa.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsfdec6e4b-aa65-4734-a2de-3ca36b7e4ff1.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs3973bc1a-145c-45c3-b7d8-062bec80db12.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsd6bb88dd-9c22-4cb6-9631-b530d3f3b685.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs2f65009f-7179-48ec-b96c-80e4be16655a.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs60924dac-80e9-4a8b-bdc0-b7fa4ca5162d.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscseaee0462-7b73-483c-81f4-57ed1d07b5c6.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs21058b98-dd56-4591-95aa-6eef20e696fc.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsa913e42f-d80b-4b22-9fe7-3d2043dca58a.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4dde332e-c326-4c0e-9af9-591051411201.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscscfe85941-f0a8-4144-a395-3955b5a5b9c4.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsbcd28561-def2-4f37-9c90-e530e00d3a0a.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsdbf93098-e7cc-4995-a9de-23dd7b538419.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs978a369a-1a84-41a0-a557-a84cf05f9ec7.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsd37c896c-37cd-48b8-930f-ae8d973f6cc6.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb1d6305b-da40-4854-a8fe-563b9e094edf.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsfd6cf03d-dbd3-4a66-9568-44b9d722e5c9.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs06865f56-793e-409f-96ea-a3f055506994.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs141b95a9-c896-4d16-97e3-6842f9299d3b.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4a89381e-f7be-44e6-8a30-8ef1ed7c79f4.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs05337920-e39f-4906-8ba4-f9b1d307965e.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb00f3d91-c46c-4f08-827a-fdf3fb29911c.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscse0c4987f-e12c-474a-9ec0-7f499adfeb43.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs223c66c7-f6c6-4091-8131-f70d44097a50.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs75eb741a-67f1-44cd-a1ae-9bb3ba3d6772.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs4025a3b0-6e57-410f-9fd2-44c6b0592846.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsc1c54484-dbe1-4f92-a11b-e6b5e8de96d0.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs325b5d2a-7fc8-4074-bcc1-f0bad0f24efd.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsc3ee3394-b393-4b3c-b38b-efc5ffeced0c.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsc556b2c0-f5f3-4b06-8b04-91c5c6082fcd.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsffb28609-2153-4f70-b34a-7172fe7cde88.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs055be288-dfed-4802-9607-b87ac92b38f3.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsfe7813a0-380c-4eb0-8d04-e9070d9ef76c.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs7fb57ef1-827d-4a75-b9da-e78c6d2cebe9.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs2bd4a4c5-c9fa-4233-8dea-0237e23a1463.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs225614d0-aa05-4e40-8d28-a834d7b32c10.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs55a217e0-d2b2-44da-9e4e-feaa0aea7d19.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsef9a4770-38a8-476a-9bbc-1be88fe17d12.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscse78703ec-dec9-4854-9054-dfdafc5e0e4c.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsc7b0b4a3-9e9a-49f8-b118-2ad2e9961317.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsc4cc4cf6-b65f-4d4f-a87f-e3055501c3db.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs318f606a-71ce-4559-b9c4-ad4b0c1dce5c.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs5b399d21-441e-4e3a-8295-6f458383e4fa.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs627ea5c9-d7a9-4c95-8ab8-efc5681dbb01.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs0a9c306f-05a8-4bd2-ae38-e6f729d46292.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs669afd0d-cc44-4622-949f-d8183df08ab3.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsd7cd9dfe-e40b-4069-b268-295353f72743.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsaa99a61c-b801-47f2-9c3c-522103d2400b.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs8c00e01e-130f-4998-910b-934408e2f169.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs438fb12d-29a4-4803-851b-6db42c1992bc.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsec931b3c-f563-4f56-a465-9cf8f241a1ef.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs5ef63eb4-1c90-4507-ace1-b70e5b8a37cd.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs26877d2f-6b1a-4f6f-acbf-f86ad9d75356.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs2a1ad17a-a9e8-4b6c-9df3-37664a85ff9e.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscs0fa03e67-913f-44c5-bb80-b49eb2e4021d.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscseb8a6680-af3c-4726-a42f-03f2803e7c70.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsfa9dc319-a771-4323-93e7-0830401d5ed5.tmp". The process cannot access the file because it is being used by another process
6:14 PM: Warning: Failed to open file "c:\windows\application data\webroot\spy sweeper\temp\sscsb0dede0d-7d70-4f21-9e7b-55686636d62a.tmp". The process cannot access the file because it is being used by another process
6:46 PM: File Sweep Complete, Elapsed Time: 00:52:22
6:46 PM: Full Sweep has completed. Elapsed time 01:09:56
6:46 PM: Traces Found: 0

MonkeyButt :thumbsup:

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:21 PM

Posted 20 August 2006 - 07:16 PM

That's a very good sign! :thumbsup:
How are things working on your end? Any problems?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#12 monkeybutt

monkeybutt
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:21 PM

Posted 20 August 2006 - 07:48 PM

No, everything seems to be running really smooth! Thanks so much!! You're the most help I've run into yet!


Thank you so so so much!

MonkeyButt :thumbsup:

#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:21 PM

Posted 21 August 2006 - 07:50 PM

Glad I could help you out! :thumbsup:

Here are some suggestions for you to keep your computer running smoothly and securely.


Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Managing Windows Millenium System Restore

    or

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:flowers: :huh:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:21 PM

Posted 05 September 2006 - 04:32 PM

Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users