Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

4 Trojans: Komforochka Smtp Relay + Dowloader 2pursuit + Backdoor Sapilayr + Backdoor Keylog Stes


  • This topic is locked This topic is locked
5 replies to this topic

#1 nologic

nologic

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:15 PM

Posted 18 January 2006 - 01:17 PM

I have Spysweeper and it can't get rid of these trojans and other stuff. It just keeps getting stuck when trying to delete. Please help. Here is my hijackthis log followed by my SpySweeper log (note: see most recent Hijackthis 1.99.1 log in reply below):

Scan saved at 9:12:12 PM, on 1/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\OWNER~1.JSS\LOCALS~1\Temp\Temporary Directory 2 for hijackthis[1].zip\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O23 - Service: AOL Connectivity Service - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Trend NT Realtime Service - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe

HERE IS MY WEBROOT SPYSWEEPER LOG:

9:04 PM: | Start of Session, Tuesday, January 17, 2006 |
9:04 PM: Spy Sweeper started
9:04 PM: Sweep initiated using definitions version 602
9:04 PM: Starting Memory Sweep
9:05 PM: Memory Sweep Complete, Elapsed Time: 00:00:19
9:05 PM: Starting Registry Sweep
9:05 PM: Found Adware: spywarestrike fakealert
9:05 PM: HKCR (ID = 1108224)
9:05 PM: HKLM (ID = 1108261)
9:05 PM: Found Adware: cashdeluxe
9:05 PM: HKCR (ID = 1112816)
9:05 PM: HKCR (ID = 1112830)
9:05 PM: HKCR (ID = 1112844)
9:05 PM: HKCR (ID = 1112858)
9:05 PM: HKCR (ID = 1112867)
9:05 PM: HKCR (ID = 1112876)
9:05 PM: HKCR (ID = 1112885)
9:05 PM: HKLM (ID = 1112906)
9:05 PM: HKLM (ID = 1112920)
9:05 PM: HKLM (ID = 1112934)
9:05 PM: HKLM (ID = 1112948)
9:05 PM: HKLM (ID = 1112957)
9:05 PM: HKLM (ID = 1112966)
9:05 PM: HKLM (ID = 1112975)
9:05 PM: HKLM (ID = 1112985)
9:05 PM: Found Trojan Horse: trojan-backdoor-keylog-sters
9:05 PM: HKCR (ID = 1113642)
9:05 PM: HKLM (ID = 1113652)
9:05 PM: Found Trojan Horse: trojan-backdoor-sapilayr
9:05 PM: HKCR (ID = 1113971)
9:05 PM: HKLM (ID = 1113975)
9:05 PM: Found Trojan Horse: trojan-downloader-2pursuit
9:05 PM: HKCR (ID = 1121573)
9:05 PM: HKLM (ID = 1121599)
9:05 PM: Found System Monitor: pcsentinels smoking gun
9:05 PM: HKU\WRSS_Profile_S-1-5-21-1816288889-1558544532-2984033133-500 (ID = 1062310)
9:05 PM: Found Adware: cas
9:05 PM: HKU\WRSS_Profile_S-1-5-21-1816288889-1558544532-2984033133-500 (ID = 1114074)
9:05 PM: HKU\S-1-5-21-1816288889-1558544532-2984033133-1006 (4697 subtraces) (ID = 1062310)
9:05 PM: HKU\S-1-5-21-1816288889-1558544532-2984033133-1006 (4697 subtraces) (ID = 1114074)
9:05 PM: HKU\S-1-5-20 (238 subtraces) (ID = 1062310)
9:05 PM: HKU\S-1-5-20 (238 subtraces) (ID = 1114074)
9:05 PM: HKU\WRSS_Profile_S-1-5-19 (792 subtraces) (ID = 1062310)
9:05 PM: HKU\WRSS_Profile_S-1-5-19 (792 subtraces) (ID = 1114074)
9:05 PM: HKU\S-1-5-18 (145 subtraces) (ID = 1062310)
9:05 PM: HKU\S-1-5-18 (145 subtraces) (ID = 1114074)
9:05 PM: Registry Sweep Complete, Elapsed Time:00:00:07
9:05 PM: Starting Cookie Sweep
9:05 PM: Found Spy Cookie: 247realmedia cookie
9:05 PM: owner@247realmedia[1].txt (ID = 1953)
9:05 PM: Found Spy Cookie: 2o7.net cookie
9:05 PM: owner@2o7[1].txt (ID = 1957)
9:05 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
9:05 PM: Starting File Sweep
9:05 PM: c:\program files (8133 subtraces) (ID = -2147459623)
9:05 PM: Found Trojan Horse: komforochka smtp relay
9:05 PM: c:\windows (19269 subtraces) (ID = -2147463100)
9:06 PM: File Sweep Complete, Elapsed Time: 00:00:57
9:06 PM: Full Sweep has completed. Elapsed time 00:01:25
9:06 PM: Traces Found: 39183
9:06 PM: Removal process initiated
9:06 PM: Quarantining All Traces: spywarestrike fakealert
9:06 PM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
9:06 PM: Failed to quarantine spywarestrike fakealert
9:06 PM: Failed to quarantine HKLM:
9:06 PM: Quarantining All Traces: cashdeluxe
9:06 PM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
9:06 PM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
9:06 PM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
9:06 PM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
9:06 PM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
9:06 PM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
9:06 PM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
9:06 PM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
********
9:04 PM: | Start of Session, Tuesday, January 17, 2006 |
9:04 PM: Spy Sweeper started
9:04 PM: Sweep initiated using definitions version 602
9:04 PM: Starting Memory Sweep
9:04 PM: Sweep Canceled
9:04 PM: Memory Sweep Complete, Elapsed Time: 00:00:06
9:04 PM: Traces Found: 0
9:04 PM: | End of Session, Tuesday, January 17, 2006 |
********
9:03 PM: | Start of Session, Tuesday, January 17, 2006 |
9:03 PM: Spy Sweeper started
9:03 PM: Sweep initiated using definitions version 602
9:03 PM: Starting Memory Sweep
9:04 PM: Sweep Canceled
9:04 PM: Memory Sweep Complete, Elapsed Time: 00:00:15
9:04 PM: Traces Found: 0
9:04 PM: | End of Session, Tuesday, January 17, 2006 |
********
8:58 PM: | Start of Session, Tuesday, January 17, 2006 |
8:58 PM: Spy Sweeper started
8:58 PM: Sweep initiated using definitions version 602
8:58 PM: Starting Memory Sweep
8:59 PM: Memory Sweep Complete, Elapsed Time: 00:00:35
8:59 PM: Starting Registry Sweep
8:59 PM: Found Adware: spywarestrike fakealert
8:59 PM: HKCR (ID = 1108224)
8:59 PM: HKLM (ID = 1108261)
8:59 PM: Found Adware: cashdeluxe
8:59 PM: HKCR (ID = 1112816)
8:59 PM: HKCR (ID = 1112830)
8:59 PM: HKCR (ID = 1112844)
8:59 PM: HKCR (ID = 1112858)
8:59 PM: HKCR (ID = 1112867)
8:59 PM: HKCR (ID = 1112876)
8:59 PM: HKCR (ID = 1112885)
8:59 PM: HKLM (ID = 1112906)
8:59 PM: HKLM (ID = 1112920)
8:59 PM: HKLM (ID = 1112934)
8:59 PM: HKLM (ID = 1112948)
8:59 PM: HKLM (ID = 1112957)
8:59 PM: HKLM (ID = 1112966)
8:59 PM: HKLM (ID = 1112975)
8:59 PM: HKLM (ID = 1112985)
8:59 PM: Found Trojan Horse: trojan-backdoor-keylog-sters
8:59 PM: HKCR (ID = 1113642)
8:59 PM: HKLM (ID = 1113652)
8:59 PM: Found Trojan Horse: trojan-backdoor-sapilayr
8:59 PM: HKCR (ID = 1113971)
8:59 PM: HKLM (ID = 1113975)
8:59 PM: Found Trojan Horse: trojan-downloader-2pursuit
8:59 PM: HKCR (ID = 1121573)
8:59 PM: HKLM (ID = 1121599)
8:59 PM: Found System Monitor: pcsentinels smoking gun
8:59 PM: HKU\WRSS_Profile_S-1-5-21-1816288889-1558544532-2984033133-500 (ID = 1062310)
8:59 PM: Found Adware: cas
8:59 PM: HKU\WRSS_Profile_S-1-5-21-1816288889-1558544532-2984033133-500 (ID = 1114074)
8:59 PM: HKU\S-1-5-21-1816288889-1558544532-2984033133-1006 (4646 subtraces) (ID = 1062310)
8:59 PM: HKU\S-1-5-21-1816288889-1558544532-2984033133-1006 (4646 subtraces) (ID = 1114074)
8:59 PM: HKU\S-1-5-20 (238 subtraces) (ID = 1062310)
8:59 PM: HKU\S-1-5-20 (238 subtraces) (ID = 1114074)
8:59 PM: HKU\WRSS_Profile_S-1-5-19 (792 subtraces) (ID = 1062310)
8:59 PM: HKU\WRSS_Profile_S-1-5-19 (792 subtraces) (ID = 1114074)
8:59 PM: HKU\S-1-5-18 (145 subtraces) (ID = 1062310)
8:59 PM: HKU\S-1-5-18 (145 subtraces) (ID = 1114074)
8:59 PM: Registry Sweep Complete, Elapsed Time:00:00:08
8:59 PM: Starting Cookie Sweep
8:59 PM: Found Spy Cookie: 247realmedia cookie
8:59 PM: owner@247realmedia[1].txt (ID = 1953)
8:59 PM: Found Spy Cookie: 2o7.net cookie
8:59 PM: owner@2o7[1].txt (ID = 1957)
8:59 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
8:59 PM: Starting File Sweep
8:59 PM: c:\program files (8133 subtraces) (ID = -2147459623)
8:59 PM: Found Trojan Horse: komforochka smtp relay
8:59 PM: c:\windows (19269 subtraces) (ID = -2147463100)
9:02 PM: File Sweep Complete, Elapsed Time: 00:03:42
9:02 PM: Full Sweep has completed. Elapsed time 00:04:32
9:02 PM: Traces Found: 39081
9:03 PM: | End of Session, Tuesday, January 17, 2006 |
********
1:46 PM: | Start of Session, Tuesday, January 17, 2006 |
1:46 PM: Spy Sweeper started
1:46 PM: Sweep initiated using definitions version 602
1:46 PM: Starting Memory Sweep
1:46 PM: Memory Sweep Complete, Elapsed Time: 00:00:19
1:46 PM: Starting Registry Sweep
1:46 PM: Found Adware: spywarestrike fakealert
1:46 PM: HKCR (ID = 1108224)
1:46 PM: HKLM (ID = 1108261)
1:46 PM: Found Adware: cashdeluxe
1:46 PM: HKCR (ID = 1112816)
1:46 PM: HKCR (ID = 1112830)
1:46 PM: HKCR (ID = 1112844)
1:46 PM: HKCR (ID = 1112858)
1:46 PM: HKCR (ID = 1112867)
1:46 PM: HKCR (ID = 1112876)
1:46 PM: HKCR (ID = 1112885)
1:46 PM: HKLM (ID = 1112906)
1:46 PM: HKLM (ID = 1112920)
1:46 PM: HKLM (ID = 1112934)
1:46 PM: HKLM (ID = 1112948)
1:46 PM: HKLM (ID = 1112957)
1:46 PM: HKLM (ID = 1112966)
1:46 PM: HKLM (ID = 1112975)
1:46 PM: HKLM (ID = 1112985)
1:46 PM: Found Trojan Horse: trojan-backdoor-keylog-sters
1:46 PM: HKCR (ID = 1113642)
1:46 PM: HKLM (ID = 1113652)
1:46 PM: Found Trojan Horse: trojan-backdoor-sapilayr
1:46 PM: HKCR (ID = 1113971)
1:46 PM: HKLM (ID = 1113975)
1:46 PM: Found Trojan Horse: trojan-downloader-2pursuit
1:46 PM: HKCR (ID = 1121573)
1:46 PM: HKLM (ID = 1121599)
1:46 PM: Found System Monitor: pcsentinels smoking gun
1:46 PM: HKU\WRSS_Profile_S-1-5-21-1816288889-1558544532-2984033133-500 (ID = 1062310)
1:46 PM: Found Adware: cas
1:46 PM: HKU\WRSS_Profile_S-1-5-21-1816288889-1558544532-2984033133-500 (ID = 1114074)
1:46 PM: HKU\S-1-5-21-1816288889-1558544532-2984033133-1006 (3630 subtraces) (ID = 1062310)
1:46 PM: HKU\S-1-5-21-1816288889-1558544532-2984033133-1006 (3630 subtraces) (ID = 1114074)
1:46 PM: HKU\S-1-5-20 (237 subtraces) (ID = 1062310)
1:46 PM: HKU\S-1-5-20 (237 subtraces) (ID = 1114074)
1:47 PM: HKU\WRSS_Profile_S-1-5-19 (791 subtraces) (ID = 1062310)
1:47 PM: HKU\WRSS_Profile_S-1-5-19 (791 subtraces) (ID = 1114074)
1:47 PM: HKU\S-1-5-18 (123 subtraces) (ID = 1062310)
1:47 PM: HKU\S-1-5-18 (123 subtraces) (ID = 1114074)
1:47 PM: Registry Sweep Complete, Elapsed Time:00:00:07
1:47 PM: Starting Cookie Sweep
1:47 PM: Found Spy Cookie: 247realmedia cookie
1:47 PM: owner@247realmedia[1].txt (ID = 1953)
1:47 PM: Found Spy Cookie: 2o7.net cookie
1:47 PM: owner@2o7[1].txt (ID = 1957)
1:47 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
1:47 PM: Starting File Sweep
1:47 PM: Found Trojan Horse: komforochka smtp relay
1:47 PM: c:\windows (19365 subtraces) (ID = -2147463100)
1:47 PM: Sweep Canceled
1:47 PM: File Sweep Complete, Elapsed Time: 00:00:30
1:47 PM: Traces Found: 28963
1:47 PM: Removal process initiated
1:47 PM: Quarantining All Traces: komforochka smtp relay
8:57 PM: Program Version 4.5.8 (Build 683) Using Spyware Definitions 602
8:58 PM: | End of Session, Tuesday, January 17, 2006 |
********
1:40 PM: | Start of Session, Tuesday, January 17, 2006 |
1:40 PM: Spy Sweeper started
1:40 PM: Sweep initiated using definitions version 602
1:40 PM: Starting Memory Sweep
1:40 PM: Memory Sweep Complete, Elapsed Time: 00:00:37
1:40 PM: Starting Registry Sweep
1:40 PM: Found Adware: spywarestrike fakealert
1:40 PM: HKCR (ID = 1108224)
1:40 PM: HKLM (ID = 1108261)
1:40 PM: Found Adware: cashdeluxe
1:40 PM: HKCR (ID = 1112816)
1:40 PM: HKCR (ID = 1112830)
1:40 PM: HKCR (ID = 1112844)
1:40 PM: HKCR (ID = 1112858)
1:40 PM: HKCR (ID = 1112867)
1:40 PM: HKCR (ID = 1112876)
1:40 PM: HKCR (ID = 1112885)
1:40 PM: HKLM (ID = 1112906)
1:40 PM: HKLM (ID = 1112920)
1:40 PM: HKLM (ID = 1112934)
1:40 PM: HKLM (ID = 1112948)
1:40 PM: HKLM (ID = 1112957)
1:40 PM: HKLM (ID = 1112966)
1:40 PM: HKLM (ID = 1112975)
1:41 PM: HKLM (ID = 1112985)
1:41 PM: Found Trojan Horse: trojan-backdoor-keylog-sters
1:41 PM: HKCR (ID = 1113642)
1:41 PM: HKLM (ID = 1113652)
1:41 PM: Found Trojan Horse: trojan-backdoor-sapilayr
1:41 PM: HKCR (ID = 1113971)
1:41 PM: HKLM (ID = 1113975)
1:41 PM: Found Trojan Horse: trojan-downloader-2pursuit
1:41 PM: HKCR (ID = 1121573)
1:41 PM: HKLM (ID = 1121599)
1:41 PM: Found System Monitor: pcsentinels smoking gun
1:41 PM: HKU\WRSS_Profile_S-1-5-21-1816288889-1558544532-2984033133-500 (ID = 1062310)
1:41 PM: Found Adware: cas
1:41 PM: HKU\WRSS_Profile_S-1-5-21-1816288889-1558544532-2984033133-500 (ID = 1114074)
1:41 PM: Sweep Canceled
1:41 PM: Registry Sweep Complete, Elapsed Time:00:00:08
1:41 PM: Traces Found: 25
1:41 PM: Removal process initiated
1:41 PM: Quarantining All Traces: spywarestrike fakealert
1:41 PM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
1:42 PM: Failed to quarantine spywarestrike fakealert
1:42 PM: Failed to quarantine HKLM:
1:42 PM: Quarantining All Traces: cashdeluxe
1:42 PM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
1:42 PM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
1:42 PM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
1:42 PM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
1:42 PM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
1:42 PM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
1:42 PM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
1:42 PM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
1:45 PM: Failed to quarantine cashdeluxe
1:45 PM: Failed to quarantine HKLM:
1:45 PM: Failed to quarantine HKLM:
1:45 PM: Failed to quarantine HKLM:
1:45 PM: Failed to quarantine HKLM:
1:45 PM: Failed to quarantine HKLM:
1:45 PM: Failed to quarantine HKLM:
1:45 PM: Failed to quarantine HKLM:
1:45 PM: Failed to quarantine HKLM:
1:45 PM: Quarantining All Traces: pcsentinels smoking gun
1:45 PM: Quarantining All Traces: cas
1:45 PM: Removal process completed. Elapsed time 00:03:56
1:46 PM: Deletion from quarantine initiated
1:46 PM: Processing: spywarestrike fakealert
1:46 PM: Processing: cas
1:46 PM: Processing: trojan-backdoor-keylog-sters
1:46 PM: Processing: cashdeluxe
1:46 PM: Processing: trojan-backdoor-sapilayr
1:46 PM: Processing: pcsentinels smoking gun
1:46 PM: Processing: trojan-downloader-2pursuit
1:46 PM: Deletion from quarantine completed. Elapsed time 00:00:00
1:46 PM: | End of Session, Tuesday, January 17, 2006 |
********
1:19 PM: | Start of Session, Tuesday, January 17, 2006 |
1:19 PM: Spy Sweeper started
1:19 PM: Sweep initiated using definitions version 602
1:19 PM: Starting Memory Sweep
1:19 PM: Memory Sweep Complete, Elapsed Time: 00:00:44
1:19 PM: Starting Registry Sweep
1:20 PM: Found Adware: spywarestrike fakealert
1:20 PM: HKCR (ID = 1108224)
1:20 PM: HKLM (ID = 1108261)
1:20 PM: Found Adware: cashdeluxe
1:20 PM: HKCR (ID = 1112816)
1:20 PM: HKCR (ID = 1112830)
1:20 PM: HKCR (ID = 1112844)
1:20 PM: HKCR (ID = 1112858)
1:20 PM: HKCR (ID = 1112867)
1:20 PM: HKCR (ID = 1112876)
1:20 PM: HKCR (ID = 1112885)
1:20 PM: HKLM (ID = 1112906)
1:20 PM: HKLM (ID = 1112920)
1:20 PM: HKLM (ID = 1112934)
1:20 PM: HKLM (ID = 1112948)
1:20 PM: HKLM (ID = 1112957)
1:20 PM: HKLM (ID = 1112966)
1:20 PM: HKLM (ID = 1112975)
1:20 PM: HKLM (ID = 1112985)
1:20 PM: Found Trojan Horse: trojan-backdoor-keylog-sters
1:20 PM: HKCR (ID = 1113642)
1:20 PM: HKLM (ID = 1113652)
1:20 PM: Found Trojan Horse: trojan-backdoor-sapilayr
1:20 PM: HKCR (ID = 1113971)
1:20 PM: HKLM (ID = 1113975)
1:20 PM: Found Trojan Horse: trojan-downloader-2pursuit
1:20 PM: HKCR (ID = 1121573)
1:20 PM: HKLM (ID = 1121599)
1:20 PM: Found System Monitor: pcsentinels smoking gun
1:20 PM: HKU\WRSS_Profile_S-1-5-21-1816288889-1558544532-2984033133-500 (ID = 1062310)
1:20 PM: Found Adware: cas
1:20 PM: HKU\WRSS_Profile_S-1-5-21-1816288889-1558544532-2984033133-500 (ID = 1114074)
1:20 PM: HKU\S-1-5-21-1816288889-1558544532-2984033133-1006 (711 subtraces) (ID = 1062310)
1:20 PM: HKU\S-1-5-21-1816288889-1558544532-2984033133-1006 (711 subtraces) (ID = 1114074)
1:20 PM: HKU\S-1-5-20 (18 subtraces) (ID = 1062310)
1:20 PM: HKU\S-1-5-20 (18 subtraces) (ID = 1114074)
1:20 PM: HKU\S-1-5-19 (804 subtraces) (ID = 1062310)
1:20 PM: HKU\S-1-5-19 (804 subtraces) (ID = 1114074)
1:20 PM: HKU\S-1-5-18 (80 subtraces) (ID = 1062310)
1:20 PM: HKU\S-1-5-18 (80 subtraces) (ID = 1114074)
1:20 PM: Registry Sweep Complete, Elapsed Time:00:00:06
1:20 PM: Starting Cookie Sweep
1:20 PM: Found Spy Cookie: 247realmedia cookie
1:20 PM: owner@247realmedia[1].txt (ID = 1953)
1:20 PM: Found Spy Cookie: 2o7.net cookie
1:20 PM: owner@2o7[1].txt (ID = 1957)
1:20 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
1:20 PM: Starting File Sweep
1:20 PM: Found Trojan Horse: komforochka smtp relay
1:20 PM: c:\windows (19365 subtraces) (ID = -2147463100)
1:20 PM: c:\program files (8163 subtraces) (ID = -2147459623)
1:21 PM: File Sweep Complete, Elapsed Time: 00:01:42
1:21 PM: Full Sweep has completed. Elapsed time 00:02:34
1:21 PM: Traces Found: 30791
1:25 PM: Removal process initiated
1:25 PM: Quarantining All Traces: komforochka smtp relay
1:40 PM: Program Version 4.5.8 (Build 683) Using Spyware Definitions 602
1:40 PM: | End of Session, Tuesday, January 17, 2006 |
********
1:08 PM: | Start of Session, Tuesday, January 17, 2006 |
1:08 PM: Spy Sweeper started
1:08 PM: Sweep initiated using definitions version 602
1:08 PM: Starting Memory Sweep
1:09 PM: Memory Sweep Complete, Elapsed Time: 00:00:47
1:09 PM: Starting Registry Sweep
1:09 PM: Found Adware: spywarestrike fakealert
1:09 PM: HKCR (ID = 1108224)
1:09 PM: HKLM (ID = 1108261)
1:09 PM: Found Adware: cashdeluxe
1:09 PM: HKCR (ID = 1112816)
1:09 PM: HKCR (ID = 1112830)
1:09 PM: HKCR (ID = 1112844)
1:09 PM: HKCR (ID = 1112858)
1:09 PM: HKCR (ID = 1112867)
1:09 PM: HKCR (ID = 1112876)
1:09 PM: HKCR (ID = 1112885)
1:09 PM: HKLM (ID = 1112906)
1:09 PM: HKLM (ID = 1112920)
1:09 PM: HKLM (ID = 1112934)
1:09 PM: HKLM (ID = 1112948)
1:09 PM: HKLM (ID = 1112957)
1:09 PM: HKLM (ID = 1112966)
1:09 PM: HKLM (ID = 1112975)
1:09 PM: HKLM (ID = 1112985)
1:09 PM: Found Trojan Horse: trojan-backdoor-keylog-sters
1:09 PM: HKCR (ID = 1113642)
1:09 PM: HKLM (ID = 1113652)
1:09 PM: Found Trojan Horse: trojan-backdoor-sapilayr
1:09 PM: HKCR (ID = 1113971)
1:09 PM: HKLM (ID = 1113975)
1:09 PM: Found Trojan Horse: trojan-downloader-2pursuit
1:09 PM: HKCR (ID = 1121573)
1:09 PM: HKLM (ID = 1121599)
1:09 PM: Found System Monitor: pcsentinels smoking gun
1:09 PM: HKU\WRSS_Profile_S-1-5-21-1816288889-1558544532-2984033133-500 (ID = 1062310)
1:09 PM: Found Adware: cas
1:09 PM: HKU\WRSS_Profile_S-1-5-21-1816288889-1558544532-2984033133-500 (ID = 1114074)
1:09 PM: HKU\S-1-5-21-1816288889-1558544532-2984033133-1006 (2029 subtraces) (ID = 1062310)
1:09 PM: HKU\S-1-5-21-1816288889-1558544532-2984033133-1006 (2029 subtraces) (ID = 1114074)
1:09 PM: Sweep Canceled
1:09 PM: Registry Sweep Complete, Elapsed Time:00:00:10
1:09 PM: Traces Found: 4085
1:09 PM: Removal process initiated
1:09 PM: Quarantining All Traces: pcsentinels smoking gun
1:09 PM: Quarantining All Traces: trojan-backdoor-keylog-sters
1:09 PM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
1:09 PM: Failed to quarantine trojan-backdoor-keylog-sters
1:09 PM: Failed to quarantine HKLM:
1:09 PM: Quarantining All Traces: cas
1:09 PM: Quarantining All Traces: trojan-backdoor-sapilayr
1:09 PM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
1:10 PM: Failed to quarantine trojan-backdoor-sapilayr
1:10 PM: Failed to quarantine HKLM:
1:10 PM: Quarantining All Traces: trojan-downloader-2pursuit
1:10 PM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
1:10 PM: Failed to quarantine trojan-downloader-2pursuit
1:10 PM: Failed to quarantine HKLM:
1:10 PM: Quarantining All Traces: cashdeluxe
1:10 PM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
1:10 PM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
1:10 PM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
1:10 PM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
1:10 PM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
1:10 PM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
1:10 PM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
1:10 PM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
1:13 PM: Failed to quarantine cashdeluxe
1:13 PM: Failed to quarantine HKLM:
1:13 PM: Failed to quarantine HKLM:
1:13 PM: Failed to quarantine HKLM:
1:13 PM: Failed to quarantine HKLM:
1:13 PM: Failed to quarantine HKLM:
1:13 PM: Failed to quarantine HKLM:
1:13 PM: Failed to quarantine HKLM:
1:13 PM: Failed to quarantine HKLM:
1:13 PM: Quarantining All Traces: spywarestrike fakealert
1:13 PM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
1:13 PM: Failed to quarantine spywarestrike fakealert
1:13 PM: Failed to quarantine HKLM:
1:13 PM: Warning: Failed to reregister registry notification for "HKU\S-1-5-21-1816288889-1558544532-2984033133-1006\Software\Microsoft\Windows\CurrentVersion\RunServices": Illegal operation attempted on a registry key that has been marked for deletion
1:13 PM: Warning: Failed to reregister registry notification for "HKU\S-1-5-21-1816288889-1558544532-2984033133-1006\Software\Microsoft\Windows\CurrentVersion\Run": Illegal operation attempted on a registry key that has been marked for deletion
1:13 PM: Warning: Failed to reregister registry notification for "HKU\S-1-5-21-1816288889-1558544532-2984033133-1006\Software\Microsoft\Windows\CurrentVersion\RunOnce": Illegal operation attempted on a registry key that has been marked for deletion
1:13 PM: Removal process completed. Elapsed time 00:04:06
1:13 PM: Warning: Failed to reregister registry notification for "HKU\S-1-5-21-1816288889-1558544532-2984033133-1006\Software\Microsoft\Windows\CurrentVersion\RunOnceEx": Illegal operation attempted on a registry key that has been marked for deletion
1:19 PM: Removal process initiated
1:19 PM: Quarantining All Traces: trojan-backdoor-keylog-sters
1:19 PM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
1:19 PM: Failed to quarantine trojan-backdoor-keylog-sters
1:19 PM: Failed to quarantine HKLM:
1:19 PM: Quarantining All Traces: trojan-backdoor-sapilayr
1:19 PM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
1:19 PM: Failed to quarantine trojan-backdoor-sapilayr
1:19 PM: Failed to quarantine HKLM:
1:19 PM: Quarantining All Traces: trojan-downloader-2pursuit
1:19 PM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
1:19 PM: Failed to quarantine trojan-downloader-2pursuit
1:19 PM: Failed to quarantine HKLM:
1:19 PM: Quarantining All Traces: cashdeluxe
1:19 PM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
1:19 PM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
1:19 PM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
1:19 PM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
1:19 PM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
1:19 PM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
1:19 PM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
1:19 PM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
1:19 PM: Failed to quarantine cashdeluxe
1:19 PM: Failed to quarantine HKLM:
1:19 PM: Failed to quarantine HKLM:
1:19 PM: Failed to quarantine HKLM:
1:19 PM: Failed to quarantine HKLM:
1:19 PM: Failed to quarantine HKLM:
1:19 PM: Failed to quarantine HKLM:
1:19 PM: Failed to quarantine HKLM:
1:19 PM: Failed to quarantine HKLM:
1:19 PM: Quarantining All Traces: spywarestrike fakealert
1:19 PM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
1:19 PM: Failed to quarantine spywarestrike fakealert
1:19 PM: Failed to quarantine HKLM:
1:19 PM: Removal process completed. Elapsed time 00:00:00
1:19 PM: | End of Session, Tuesday, January 17, 2006 |
********
12:04 PM: | Start of Session, Tuesday, January 17, 2006 |
12:04 PM: Spy Sweeper started
12:04 PM: Sweep initiated using definitions version 602
12:04 PM: Starting Memory Sweep
12:04 PM: Memory Sweep Complete, Elapsed Time: 00:00:20
12:04 PM: Starting Registry Sweep
12:05 PM: Found Adware: spywarestrike fakealert
12:05 PM: HKCR (ID = 1108224)
12:05 PM: HKLM (ID = 1108261)
12:05 PM: Found Adware: cashdeluxe
12:05 PM: HKCR (ID = 1112816)
12:05 PM: HKCR (ID = 1112830)
12:05 PM: HKCR (ID = 1112844)
12:05 PM: HKCR (ID = 1112858)
12:05 PM: HKCR (ID = 1112867)
12:05 PM: HKCR (ID = 1112876)
12:05 PM: HKCR (ID = 1112885)
12:05 PM: HKLM (ID = 1112906)
12:05 PM: HKLM (ID = 1112920)
12:05 PM: HKLM (ID = 1112934)
12:05 PM: HKLM (ID = 1112948)
12:05 PM: HKLM (ID = 1112957)
12:05 PM: HKLM (ID = 1112966)
12:05 PM: HKLM (ID = 1112975)
12:05 PM: HKLM (ID = 1112985)
12:05 PM: Found Trojan Horse: trojan-backdoor-keylog-sters
12:05 PM: HKCR (ID = 1113642)
12:05 PM: HKLM (ID = 1113652)
12:05 PM: Found Trojan Horse: trojan-backdoor-sapilayr
12:05 PM: HKCR (ID = 1113971)
12:05 PM: HKLM (ID = 1113975)
12:05 PM: Found Trojan Horse: trojan-downloader-2pursuit
12:05 PM: HKCR (ID = 1121573)
12:05 PM: HKLM (ID = 1121599)
12:05 PM: Found System Monitor: pcsentinels smoking gun
12:05 PM: HKU\WRSS_Profile_S-1-5-21-1816288889-1558544532-2984033133-500 (ID = 1062310)
12:05 PM: Found Adware: cas
12:05 PM: HKU\WRSS_Profile_S-1-5-21-1816288889-1558544532-2984033133-500 (ID = 1114074)
12:05 PM: HKU\S-1-5-21-1816288889-1558544532-2984033133-1006 (650 subtraces) (ID = 1062310)
12:05 PM: HKU\S-1-5-21-1816288889-1558544532-2984033133-1006 (650 subtraces) (ID = 1114074)
12:05 PM: HKU\S-1-5-20 (2 subtraces) (ID = 1062310)
12:05 PM: HKU\S-1-5-20 (2 subtraces) (ID = 1114074)
12:05 PM: HKU\WRSS_Profile_S-1-5-19 (ID = 1062310)
12:05 PM: HKU\WRSS_Profile_S-1-5-19 (ID = 1114074)
12:05 PM: HKU\S-1-5-18 (ID = 1062310)
12:05 PM: HKU\S-1-5-18 (ID = 1114074)
12:05 PM: Registry Sweep Complete, Elapsed Time:00:00:08
12:05 PM: Starting Cookie Sweep
12:05 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
12:05 PM: Starting File Sweep
12:05 PM: c:\program files (8128 subtraces) (ID = -2147459623)
12:05 PM: Found Trojan Horse: komforochka smtp relay
12:05 PM: c:\windows (19362 subtraces) (ID = -2147463100)
12:06 PM: Sweep Canceled
12:06 PM: File Sweep Complete, Elapsed Time: 00:00:53
12:06 PM: Traces Found: 28829
12:06 PM: Removal process initiated
12:06 PM: Quarantining All Traces: spywarestrike fakealert
12:06 PM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
12:06 PM: Failed to quarantine spywarestrike fakealert
12:06 PM: Failed to quarantine HKLM:
12:06 PM: Quarantining All Traces: cashdeluxe
12:06 PM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
12:06 PM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
12:06 PM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
12:06 PM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
12:06 PM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
12:06 PM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
12:06 PM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
12:06 PM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
12:09 PM: Failed to quarantine cashdeluxe
12:09 PM: Failed to quarantine HKLM:
12:09 PM: Failed to quarantine HKLM:
12:09 PM: Failed to quarantine HKLM:
12:09 PM: Failed to quarantine HKLM:
12:09 PM: Failed to quarantine HKLM:
12:09 PM: Failed to quarantine HKLM:
12:09 PM: Failed to quarantine HKLM:
12:09 PM: Failed to quarantine HKLM:
12:09 PM: Quarantining All Traces: trojan-backdoor-keylog-sters
12:09 PM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
12:10 PM: Failed to quarantine trojan-backdoor-keylog-sters
12:10 PM: Failed to quarantine HKLM:
12:10 PM: Quarantining All Traces: trojan-backdoor-sapilayr
12:10 PM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
12:10 PM: Failed to quarantine trojan-backdoor-sapilayr
12:10 PM: Failed to quarantine HKLM:
12:10 PM: Quarantining All Traces: trojan-downloader-2pursuit
12:10 PM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
12:11 PM: Failed to quarantine trojan-downloader-2pursuit
12:11 PM: Failed to quarantine HKLM:
12:11 PM: Quarantining All Traces: pcsentinels smoking gun
12:11 PM: Quarantining All Traces: cas
********
11:57 AM: | Start of Session, Tuesday, January 17, 2006 |
11:57 AM: Spy Sweeper started
11:57 AM: Sweep initiated using definitions version 602
11:57 AM: Starting Memory Sweep
11:57 AM: Memory Sweep Complete, Elapsed Time: 00:00:36
11:57 AM: Starting Registry Sweep
11:57 AM: Found Adware: spywarestrike fakealert
11:57 AM: HKCR (ID = 1108224)
11:57 AM: HKLM (ID = 1108261)
11:57 AM: Found Adware: cashdeluxe
11:57 AM: HKCR (ID = 1112816)
11:57 AM: HKCR (ID = 1112830)
11:57 AM: HKCR (ID = 1112844)
11:57 AM: HKCR (ID = 1112858)
11:57 AM: HKCR (ID = 1112867)
11:57 AM: HKCR (ID = 1112876)
11:57 AM: HKCR (ID = 1112885)
11:57 AM: HKLM (ID = 1112906)
11:57 AM: HKLM (ID = 1112920)
11:57 AM: HKLM (ID = 1112934)
11:57 AM: HKLM (ID = 1112948)
11:57 AM: HKLM (ID = 1112957)
11:57 AM: HKLM (ID = 1112966)
11:57 AM: HKLM (ID = 1112975)
11:57 AM: HKLM (ID = 1112985)
11:57 AM: Found Trojan Horse: trojan-backdoor-keylog-sters
11:57 AM: HKCR (ID = 1113642)
11:57 AM: HKLM (ID = 1113652)
11:57 AM: Found Trojan Horse: trojan-backdoor-sapilayr
11:57 AM: HKCR (ID = 1113971)
11:57 AM: HKLM (ID = 1113975)
11:57 AM: Found Trojan Horse: trojan-downloader-2pursuit
11:57 AM: HKCR (ID = 1121573)
11:57 AM: HKLM (ID = 1121599)
11:57 AM: Found System Monitor: pcsentinels smoking gun
11:57 AM: HKU\WRSS_Profile_S-1-5-21-1816288889-1558544532-2984033133-500 (ID = 1062310)
11:57 AM: Found Adware: cas
11:57 AM: HKU\WRSS_Profile_S-1-5-21-1816288889-1558544532-2984033133-500 (ID = 1114074)
11:57 AM: HKU\S-1-5-21-1816288889-1558544532-2984033133-1006 (3626 subtraces) (ID = 1062310)
11:57 AM: HKU\S-1-5-21-1816288889-1558544532-2984033133-1006 (3626 subtraces) (ID = 1114074)
11:57 AM: HKU\S-1-5-20 (2 subtraces) (ID = 1062310)
11:57 AM: HKU\S-1-5-20 (2 subtraces) (ID = 1114074)
11:57 AM: HKU\WRSS_Profile_S-1-5-19 (ID = 1062310)
11:57 AM: HKU\WRSS_Profile_S-1-5-19 (ID = 1114074)
11:57 AM: HKU\S-1-5-18 (39 subtraces) (ID = 1062310)
11:57 AM: HKU\S-1-5-18 (39 subtraces) (ID = 1114074)
11:57 AM: Registry Sweep Complete, Elapsed Time:00:00:07
11:57 AM: Sweep Canceled
11:57 AM: Traces Found: 7367
11:58 AM: Removal process initiated
11:58 AM: Quarantining All Traces: spywarestrike fakealert
11:58 AM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
11:58 AM: Failed to quarantine spywarestrike fakealert
11:58 AM: Failed to quarantine HKLM:
11:58 AM: Quarantining All Traces: cashdeluxe
11:58 AM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
11:58 AM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
11:58 AM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
11:58 AM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
11:58 AM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
11:58 AM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
11:58 AM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
11:58 AM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
12:01 PM: Failed to quarantine cashdeluxe
12:01 PM: Failed to quarantine HKLM:
12:01 PM: Failed to quarantine HKLM:
12:01 PM: Failed to quarantine HKLM:
12:01 PM: Failed to quarantine HKLM:
12:01 PM: Failed to quarantine HKLM:
12:01 PM: Failed to quarantine HKLM:
12:01 PM: Failed to quarantine HKLM:
12:01 PM: Failed to quarantine HKLM:
12:01 PM: Quarantining All Traces: trojan-backdoor-keylog-sters
12:01 PM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
12:02 PM: Failed to quarantine trojan-backdoor-keylog-sters
12:02 PM: Failed to quarantine HKLM:
12:02 PM: Quarantining All Traces: trojan-backdoor-sapilayr
12:02 PM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
12:02 PM: Failed to quarantine trojan-backdoor-sapilayr
12:02 PM: Failed to quarantine HKLM:
12:02 PM: Quarantining All Traces: trojan-downloader-2pursuit
12:02 PM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
12:03 PM: Failed to quarantine trojan-downloader-2pursuit
12:03 PM: Failed to quarantine HKLM:
12:03 PM: Quarantining All Traces: pcsentinels smoking gun
12:03 PM: Quarantining All Traces: cas
12:03 PM: Removal process completed. Elapsed time 00:05:31
12:04 PM: Deletion from quarantine initiated
12:04 PM: Processing: spywarestrike fakealert
12:04 PM: Processing: cas
12:04 PM: Processing: trojan-backdoor-keylog-sters
12:04 PM: Processing: cashdeluxe
12:04 PM: Processing: trojan-backdoor-sapilayr
12:04 PM: Processing: pcsentinels smoking gun
12:04 PM: Processing: trojan-downloader-2pursuit
12:04 PM: Deletion from quarantine completed. Elapsed time 00:00:00
12:04 PM: Program Version 4.5.8 (Build 683) Using Spyware Definitions 602
12:04 PM: | End of Session, Tuesday, January 17, 2006 |
********
10:55 AM: | Start of Session, Tuesday, January 17, 2006 |
10:55 AM: Spy Sweeper started
10:55 AM: Sweep initiated using definitions version 602
10:55 AM: Starting Memory Sweep
10:56 AM: Memory Sweep Complete, Elapsed Time: 00:01:08
10:56 AM: Starting Registry Sweep
10:56 AM: Found Adware: spywarestrike fakealert
10:56 AM: HKCR (ID = 1108224)
10:56 AM: HKLM (ID = 1108261)
10:56 AM: Found Adware: cashdeluxe
10:56 AM: HKCR (ID = 1112816)
10:56 AM: HKCR (ID = 1112830)
10:56 AM: HKCR (ID = 1112844)
10:56 AM: HKCR (ID = 1112858)
10:56 AM: HKCR (ID = 1112867)
10:56 AM: HKCR (ID = 1112876)
10:56 AM: HKCR (ID = 1112885)
10:56 AM: HKLM (ID = 1112906)
10:56 AM: HKLM (ID = 1112920)
10:56 AM: HKLM (ID = 1112934)
10:56 AM: HKLM (ID = 1112948)
10:56 AM: HKLM (ID = 1112957)
10:56 AM: HKLM (ID = 1112966)
10:56 AM: HKLM (ID = 1112975)
10:56 AM: HKLM (ID = 1112985)
10:56 AM: Found Trojan Horse: trojan-backdoor-keylog-sters
10:56 AM: HKCR (ID = 1113642)
10:56 AM: HKLM (ID = 1113652)
10:56 AM: Found Trojan Horse: trojan-backdoor-sapilayr
10:56 AM: HKCR (ID = 1113971)
10:56 AM: HKLM (ID = 1113975)
10:56 AM: Found Trojan Horse: trojan-downloader-2pursuit
10:56 AM: HKCR (ID = 1121573)
10:56 AM: HKLM (ID = 1121599)
10:56 AM: Found System Monitor: pcsentinels smoking gun
10:56 AM: HKU\WRSS_Profile_S-1-5-21-1816288889-1558544532-2984033133-500 (6559 subtraces) (ID = 1062310)
10:56 AM: Found Adware: cas
10:56 AM: HKU\WRSS_Profile_S-1-5-21-1816288889-1558544532-2984033133-500 (6559 subtraces) (ID = 1114074)
10:56 AM: HKU\S-1-5-21-1816288889-1558544532-2984033133-1006 (8514 subtraces) (ID = 1062310)
10:56 AM: HKU\S-1-5-21-1816288889-1558544532-2984033133-1006 (8514 subtraces) (ID = 1114074)
10:56 AM: HKU\S-1-5-20 (2718 subtraces) (ID = 1062310)
10:56 AM: HKU\S-1-5-20 (2718 subtraces) (ID = 1114074)
10:56 AM: HKU\WRSS_Profile_S-1-5-19 (2705 subtraces) (ID = 1062310)
10:56 AM: HKU\WRSS_Profile_S-1-5-19 (2705 subtraces) (ID = 1114074)
10:56 AM: HKU\S-1-5-18 (3540 subtraces) (ID = 1062310)
10:56 AM: HKU\S-1-5-18 (3540 subtraces) (ID = 1114074)
10:56 AM: Registry Sweep Complete, Elapsed Time:00:00:07
10:56 AM: Starting Cookie Sweep
10:56 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
10:56 AM: Starting File Sweep
10:57 AM: Found Trojan Horse: komforochka smtp relay
10:57 AM: c:\windows (19254 subtraces) (ID = -2147463100)
10:57 AM: c:\program files (8126 subtraces) (ID = -2147459623)
11:00 AM: File Sweep Complete, Elapsed Time: 00:03:36
11:00 AM: Full Sweep has completed. Elapsed time 00:04:59
11:00 AM: Traces Found: 75487
11:00 AM: Removal process initiated
11:00 AM: Quarantining All Traces: spywarestrike fakealert
11:00 AM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
11:01 AM: Failed to quarantine spywarestrike fakealert
11:01 AM: Failed to quarantine HKLM:
11:01 AM: Quarantining All Traces: cashdeluxe
11:01 AM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
11:01 AM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
11:01 AM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
11:01 AM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
11:01 AM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
11:01 AM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
11:01 AM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
11:01 AM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
11:04 AM: Failed to quarantine cashdeluxe
11:04 AM: Failed to quarantine HKLM:
11:04 AM: Failed to quarantine HKLM:
11:04 AM: Failed to quarantine HKLM:
11:04 AM: Failed to quarantine HKLM:
11:04 AM: Failed to quarantine HKLM:
11:04 AM: Failed to quarantine HKLM:
11:04 AM: Failed to quarantine HKLM:
11:04 AM: Failed to quarantine HKLM:
11:04 AM: Quarantining All Traces: trojan-backdoor-keylog-sters
11:04 AM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
11:04 AM: Failed to quarantine trojan-backdoor-keylog-sters
11:04 AM: Failed to quarantine HKLM:
11:04 AM: Quarantining All Traces: trojan-backdoor-sapilayr
11:04 AM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
11:05 AM: Failed to quarantine trojan-backdoor-sapilayr
11:05 AM: Failed to quarantine HKLM:
11:05 AM: Quarantining All Traces: trojan-downloader-2pursuit
11:05 AM: Warning: Failed to export "HKEY_LOCAL_MACHINE\": Access is denied
11:05 AM: Failed to quarantine trojan-downloader-2pursuit
11:05 AM: Failed to quarantine HKLM:
11:05 AM: Quarantining All Traces: pcsentinels smoking gun
11:06 AM: Quarantining All Traces: cas
11:54 AM: Program Version 4.5.8 (Build 683) Using Spyware Definitions 602
11:55 AM: Program Version 4.5.8 (Build 683) Using Spyware Definitions 602
11:56 AM: Deletion from quarantine initiated
11:56 AM: Processing: spywarestrike fakealert
11:56 AM: Processing: trojan-backdoor-keylog-sters
11:56 AM: Processing: cashdeluxe
11:56 AM: Processing: trojan-backdoor-sapilayr
11:56 AM: Processing: pcsentinels smoking gun
11:56 AM: Processing: trojan-downloader-2pursuit
11:56 AM: Deletion from quarantine completed. Elapsed time 00:00:00
********
10:45 AM: | Start of Session, Tuesday, January 17, 2006 |
10:45 AM: Spy Sweeper started
10:45 AM: Sweep initiated using definitions version 602
10:45 AM: Starting Memory Sweep
10:46 AM: Memory Sweep Complete, Elapsed Time: 00:00:50
10:46 AM: Starting Registry Sweep
10:46 AM: Found Adware: spywarestrike fakealert
10:46 AM: HKCR (ID = 1108224)
10:46 AM: HKLM (ID = 1108261)
10:46 AM: Found Adware: cashdeluxe
10:46 AM: HKCR (ID = 1112816)
10:46 AM: HKCR (ID = 1112830)
10:46 AM: HKCR (ID = 1112844)
10:46 AM: HKCR (ID = 1112858)
10:46 AM: HKCR (ID = 1112867)
10:46 AM: HKCR (ID = 1112876)
10:46 AM: HKCR (ID = 1112885)
10:46 AM: HKLM (ID = 1112906)
10:46 AM: HKLM (ID = 1112920)
10:46 AM: HKLM (ID = 1112934)
10:46 AM: HKLM (ID = 1112948)
10:46 AM: HKLM (ID = 1112957)
10:46 AM: HKLM (ID = 1112966)
10:46 AM: HKLM (ID = 1112975)
10:46 AM: HKLM (ID = 1112985)
10:46 AM: Found Trojan Horse: trojan-backdoor-keylog-sters
10:46 AM: HKCR (ID = 1113642)
10:46 AM: HKLM (ID = 1113652)
10:46 AM: Found Trojan Horse: trojan-backdoor-sapilayr
10:46 AM: HKCR (ID = 1113971)
10:46 AM: HKLM (ID = 1113975)
10:46 AM: Found Trojan Horse: trojan-downloader-2pursuit
10:46 AM: HKCR (ID = 1121573)
10:46 AM: HKLM (ID = 1121599)
10:46 AM: Found System Monitor: pcsentinels smoking gun
10:46 AM: HKU\WRSS_Profile_S-1-5-21-1816288889-1558544532-2984033133-500 (6559 subtraces) (ID = 1062310)
10:46 AM: Found Adware: cas
10:46 AM: HKU\WRSS_Profile_S-1-5-21-1816288889-1558544532-2984033133-500 (6559 subtraces) (ID = 1114074)
10:46 AM: HKU\S-1-5-21-1816288889-1558544532-2984033133-1006 (8533 subtraces) (ID = 1062310)
10:46 AM: HKU\S-1-5-21-1816288889-1558544532-2984033133-1006 (8533 subtraces) (ID = 1114074)
10:46 AM: HKU\S-1-5-20 (2718 subtraces) (ID = 1062310)
10:46 AM: HKU\S-1-5-20 (2718 subtraces) (ID = 1114074)
10:46 AM: HKU\S-1-5-19 (2718 subtraces) (ID = 1062310)
10:46 AM: HKU\S-1-5-19 (2718 subtraces) (ID = 1114074)
10:46 AM: HKU\S-1-5-18 (3540 subtraces) (ID = 1062310)
10:46 AM: HKU\S-1-5-18 (3540 subtraces) (ID = 1114074)
10:46 AM: Registry Sweep Complete, Elapsed Time:00:00:07
10:46 AM: Starting Cookie Sweep
10:46 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
10:46 AM: Starting File Sweep
10:46 AM: c:\program files (8126 subtraces) (ID = -2147459623)
10:46 AM: Sweep Canceled
10:47 AM: Found Trojan Horse: komforochka smtp relay
10:47 AM: c:\windows (19253 subtraces) (ID = -2147463100)
10:47 AM: File Sweep Complete, Elapsed Time: 00:00:30
10:47 AM: Traces Found: 75550
10:47 AM: Removal process initiated
10:47 AM: Quarantining All Traces: komforochka smtp relay
10:55 AM: Program Version 4.5.8 (Build 683) Using Spyware Definitions 602
10:55 AM: | End of Session, Tuesday, January 17, 2006 |
********
9:46 AM: | Start of Session, Tuesday, January 17, 2006 |
9:46 AM: Spy Sweeper started
9:46 AM: Sweep initiated using definitions version 602
9:46 AM: Starting Memory Sweep
9:47 AM: Memory Sweep Complete, Elapsed Time: 00:00:56
9:47 AM: Starting Registry Sweep
9:47 AM: Found Adware: spywarestrike fakealert
9:47 AM: HKCR (ID = 1108224)
9:47 AM: HKLM (ID = 1108261)
9:47 AM: Found Adware: cashdeluxe
9:47 AM: HKCR (ID = 1112816)
9:47 AM: HKCR (ID = 1112830)
9:47 AM: HKCR (ID = 1112844)
9:47 AM: HKCR (ID = 1112858)
9:47 AM: HKCR (ID = 1112867)
9:47 AM: HKCR (ID = 1112876)
9:47 AM: HKCR (ID = 1112885)
9:47 AM: HKLM (ID = 1112906)
9:47 AM: HKLM (ID = 1112920)
9:47 AM: HKLM (ID = 1112934)
9:47 AM: HKLM (ID = 1112948)
9:47 AM: HKLM (ID = 1112957)
9:47 AM: HKLM (ID = 1112966)
9:47 AM: HKLM (ID = 1112975)
9:47 AM: HKLM (ID = 1112985)
9:47 AM: Found Trojan Horse: trojan-backdoor-keylog-sters
9:47 AM: HKCR (ID = 1113642)
9:47 AM: HKLM (ID = 1113652)
9:47 AM: Found Trojan Horse: trojan-backdoor-sapilayr
9:47 AM: HKCR (ID = 1113971)
9:47 AM: HKLM (ID = 1113975)
9:47 AM: Found Trojan Horse: trojan-downloader-2pursuit
9:47 AM: HKCR (ID = 1121573)
9:47 AM: HKLM (ID = 1121599)
9:47 AM: Found System Monitor: pcsentinels smoking gun
9:47 AM: HKU\WRSS_Profile_S-1-5-21-1816288889-1558544532-2984033133-500 (6559 subtraces) (ID = 1062310)
9:47 AM: Found Adware: cas
9:47 AM: HKU\WRSS_Profile_S-1-5-21-1816288889-1558544532-2984033133-500 (6559 subtraces) (ID = 1114074)
9:47 AM: HKU\S-1-5-21-1816288889-1558544532-2984033133-1006 (8491 subtraces) (ID = 1062310)
9:47 AM: HKU\S-1-5-21-1816288889-1558544532-2984033133-1006 (8491 subtraces) (ID = 1114074)
9:47 AM: HKU\S-1-5-20 (2718 subtraces) (ID = 1062310)
9:47 AM: HKU\S-1-5-20 (2718 subtraces) (ID = 1114074)
9:47 AM: HKU\S-1-5-19 (2718 subtraces) (ID = 1062310)
9:47 AM: HKU\S-1-5-19 (2718 subtraces) (ID = 1114074)
9:47 AM: HKU\S-1-5-18 (3540 subtraces) (ID = 1062310)
9:47 AM: HKU\S-1-5-18 (3540 subtraces) (ID = 1114074)
9:47 AM: Registry Sweep Complete, Elapsed Time:00:00:07
9:47 AM: Starting Cookie Sweep
9:47 AM: Found Spy Cookie: 247realmedia cookie
9:47 AM: owner@247realmedia[1].txt (ID = 1953)
9:47 AM: Found Spy Cookie: 2o7.net cookie
9:47 AM: owner@2o7[2].txt (ID = 1957)
9:47 AM: Found Spy Cookie: about cookie
9:47 AM: owner@about[1].txt (ID = 2037)
9:47 AM: Found Spy Cookie: advertising cookie
9:47 AM: owner@advertising[2].txt (ID = 2175)
9:47 AM: Found Spy Cookie: atlas dmt cookie
9:47 AM: owner@atdmt[2].txt (ID = 2253)
9:47 AM: owner@compnetworking.about[2].txt (ID = 2038)
9:47 AM: Found Spy Cookie: ru4 cookie
9:47 AM: owner@edge.ru4[1].txt (ID = 3269)
9:47 AM: owner@gateway.122.2o7[1].txt (ID = 1958)
9:47 AM: Found Spy Cookie: linksynergy cookie
9:47 AM: owner@linksynergy[2].txt (ID = 2926)
9:47 AM: Found Spy Cookie: pricegrabber cookie
9:47 AM: owner@pricegrabber[2].txt (ID = 3185)
9:47 AM: Found Spy Cookie: webtrendslive cookie
9:47 AM: owner@statse.webtrendslive[1].txt (ID = 3667)
9:47 AM: Found Spy Cookie: trafficmp cookie
9:47 AM: owner@trafficmp[1].txt (ID = 3581)
9:47 AM: Found Spy Cookie: tribalfusion cookie
9:47 AM: owner@tribalfusion[1].txt (ID = 3589)
9:47 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
9:47 AM: Starting File Sweep
9:48 AM: c:\program files (8156 subtraces) (ID = -2147459623)
9:48 AM: Found Trojan Horse: komforochka smtp relay
9:48 AM: c:\windows (19249 subtraces) (ID = -2147463100)
9:49 AM: File Sweep Complete, Elapsed Time: 00:01:52
9:49 AM: Full Sweep has completed. Elapsed time 00:02:58
9:49 AM: Traces Found: 75505
9:51 AM: Removal process initiated
9:51 AM: Quarantining All Traces: komforochka smtp relay
10:21 AM: Processing Startup Alerts
10:21 AM: Allowed Startup entry: AWMON
10:27 AM: Deletion from quarantine initiated
10:27 AM: Processing: 247realmedia cookie
10:27 AM: Processing: 2o7.net cookie
10:27 AM: Processing: advertising cookie
10:27 AM: Processing: atlas dmt cookie
10:27 AM: Processing: coremetrics cookie
10:27 AM: Processing: pointroll cookie
10:27 AM: Processing: ru4 cookie
10:27 AM: Processing: trafficmp cookie
10:27 AM: Processing: tribalfusion cookie
10:27 AM: Processing: zedo cookie
10:27 AM: Deletion from quarantine completed. Elapsed time 00:00:00
10:27 AM: Deletion from quarantine initiated
10:27 AM: Processing: nextag cookie
10:27 AM: Deletion from quarantine completed. Elapsed time 00:00:00
10:27 AM: IE Tracking Cookies Shield: Removed about cookie
10:27 AM: IE Tracking Cookies Shield: Removed about cookie
10:27 AM: IE Tracking Cookies Shield: Removed 2o7.net cookie
10:27 AM: IE Tracking Cookies Shield: Removed pricegrabber cookie
10:36 AM: Processing Startup Alerts
10:36 AM: Allowed Startup entry: MSConfig
10:41 AM: Processing Startup Alerts
10:41 AM: Allowed Startup entry: MSConfig
********
4:00 AM: | Start of Session, Tuesday, January 17, 2006 |
4:00 AM: Spy Sweeper started
4:00 AM: Sweep initiated using definitions version 602
4:00 AM: Starting Memory Sweep
4:00 AM: Memory Sweep Complete, Elapsed Time: 00:00:44
4:00 AM: Starting Registry Sweep
4:00 AM: Found Adware: spywarestrike fakealert
4:00 AM: HKCR (ID = 1108224)
4:00 AM: HKLM (ID = 1108261)
4:00 AM: Found Adware: cashdeluxe
4:00 AM: HKCR (ID = 1112816)
4:00 AM: HKCR (ID = 1112830)
4:00 AM: HKCR (ID = 1112844)
4:00 AM: HKCR (ID = 1112858)
4:00 AM: HKCR (ID = 1112867)
4:00 AM: HKCR (ID = 1112876)
4:00 AM: HKCR (ID = 1112885)
4:00 AM: HKLM (ID = 1112906)
4:00 AM: HKLM (ID = 1112920)
4:00 AM: HKLM (ID = 1112934)
4:00 AM: HKLM (ID = 1112948)
4:00 AM: HKLM (ID = 1112957)
4:00 AM: HKLM (ID = 1112966)
4:00 AM: HKLM (ID = 1112975)
4:00 AM: HKLM (ID = 1112985)
4:00 AM: Found Trojan Horse: trojan-backdoor-keylog-sters
4:00 AM: HKCR (ID = 1113642)
4:00 AM: HKLM (ID = 1113652)
4:00 AM: Found Trojan Horse: trojan-backdoor-sapilayr
4:00 AM: HKCR (ID = 1113971)
4:00 AM: HKLM (ID = 1113975)
4:00 AM: Found Trojan Horse: trojan-downloader-2pursuit
4:00 AM: HKCR (ID = 1121573)
4:00 AM: HKLM (ID = 1121599)
4:00 AM: Found System Monitor: pcsentinels smoking gun
4:00 AM: HKU\WRSS_Profile_S-1-5-21-1816288889-1558544532-2984033133-500 (6559 subtraces) (ID = 1062310)
4:00 AM: Found Adware: cas
4:00 AM: HKU\WRSS_Profile_S-1-5-21-1816288889-1558544532-2984033133-500 (6559 subtraces) (ID = 1114074)
4:00 AM: HKU\S-1-5-21-1816288889-1558544532-2984033133-1006 (8488 subtraces) (ID = 1062310)
4:00 AM: HKU\S-1-5-21-1816288889-1558544532-2984033133-1006 (8488 subtraces) (ID = 1114074)
4:00 AM: HKU\S-1-5-20 (2718 subtraces) (ID = 1062310)
4:00 AM: HKU\S-1-5-20 (2718 subtraces) (ID = 1114074)
4:00 AM: HKU\S-1-5-19 (2718 subtraces) (ID = 1062310)
4:00 AM: HKU\S-1-5-19 (2718 subtraces) (ID = 1114074)
4:00 AM: HKU\S-1-5-18 (3538 subtraces) (ID = 1062310)
4:00 AM: HKU\S-1-5-18 (3538 subtraces) (ID = 1114074)
4:00 AM: Registry Sweep Complete, Elapsed Time:00:00:07
4:00 AM: Starting Cookie Sweep
4:00 AM: Found Spy Cookie: 247realmedia cookie
4:00 AM: owner@247realmedia[1].txt (ID = 1953)
4:00 AM: Found Spy Cookie: 2o7.net cookie
4:00 AM: owner@2o7[2].txt (ID = 1957)
4:00 AM: Found Spy Cookie: about cookie
4:00 AM: owner@about[1].txt (ID = 2037)
4:00 AM: Found Spy Cookie: advertising cookie
4:00 AM: owner@advertising[2].txt (ID = 2175)
4:00 AM: Found Spy Cookie: atlas dmt cookie
4:00 AM: owner@atdmt[2].txt (ID = 2253)
4:00 AM: owner@compnetworking.about[2].txt (ID = 2038)
4:00 AM: Found Spy Cookie: ru4 cookie
4:00 AM: owner@edge.ru4[1].txt (ID = 3269)
4:00 AM: owner@gateway.122.2o7[1].txt (ID = 1958)
4:00 AM: Found Spy Cookie: linksynergy cookie
4:00 AM: owner@linksynergy[2].txt (ID = 2926)
4:00 AM: Found Spy Cookie: pricegrabber cookie
4:00 AM: owner@pricegrabber[2].txt (ID = 3185)
4:00 AM: Found Spy Cookie: webtrendslive cookie
4:00 AM: owner@statse.webtrendslive[1].txt (ID = 3667)
4:00 AM: Found Spy Cookie: trafficmp cookie
4:00 AM: owner@trafficmp[1].txt (ID = 3581)
4:00 AM: Found Spy Cookie: tribalfusion cookie
4:00 AM: owner@tribalfusion[1].txt (ID = 3589)
4:00 AM: Cookie Sweep Complete, Elapsed Time: 00:00:01
4:00 AM: Starting File Sweep
4:01 AM: c:\program files (8145 subtraces) (ID = -2147459623)
4:01 AM: Found Trojan Horse: komforochka smtp relay
4:01 AM: c:\windows (19247 subtraces) (ID = -2147463100)
4:02 AM: File Sweep Complete, Elapsed Time: 00:01:47
4:02 AM: Full Sweep has completed. Elapsed time 00:02:40
4:02 AM: Traces Found: 75482
9:19 AM: Removal process initiated
9:19 AM: Quarantining All Traces: komforochka smtp relay
9:46 AM: Processing Internet Explorer Favorites Alerts
9:46 AM: Allowed IE Favorite: SPG Communispace
9:46 AM: | End of Session, Tuesday, January 17, 2006 |
********
4:00 AM: | Start of Session, Monday, January 16, 2006 |
4:00 AM: Spy Sweeper started
4:00 AM: Sweep initiated using definitions version 601
4:00 AM: Starting Memory Sweep
4:00 AM: Memory Sweep Complete, Elapsed Time: 00:00:43
4:00 AM: Starting Registry Sweep
4:00 AM: Registry Sweep Complete, Elapsed Time:00:00:06
4:00 AM: Starting Cookie Sweep
4:00 AM: Found Spy Cookie: 247realmedia cookie
4:00 AM: owner@247realmedia[1].txt (ID = 1953)
4:00 AM: Found Spy Cookie: 2o7.net cookie
4:00 AM: owner@2o7[1].txt (ID = 1957)
4:00 AM: Found Spy Cookie: pointroll cookie
4:00 AM: owner@ads.pointroll[1].txt (ID = 3148)
4:00 AM: Found Spy Cookie: advertising cookie
4:00 AM: owner@advertising[2].txt (ID = 2175)
4:00 AM: Found Spy Cookie: atlas dmt cookie
4:00 AM: owner@atdmt[2].txt (ID = 2253)
4:00 AM: Found Spy Cookie: zedo cookie
4:00 AM: owner@c7.zedo[1].txt (ID = 3763)
4:00 AM: Found Spy Cookie: trafficmp cookie
4:00 AM: owner@trafficmp[1].txt (ID = 3581)
4:00 AM: owner@zedo[1].txt (ID = 3762)
4:00 AM: Cookie Sweep Complete, Elapsed Time: 00:00:01
4:00 AM: Starting File Sweep
4:02 AM: File Sweep Complete, Elapsed Time: 00:01:20
4:02 AM: Full Sweep has completed. Elapsed time 00:02:12
4:02 AM: Traces Found: 8
8:50 AM: Removal process initiated
8:50 AM: Quarantining All Traces: 247realmedia cookie
8:50 AM: Quarantining All Traces: 2o7.net cookie
8:50 AM: Quarantining All Traces: advertising cookie
8:50 AM: Quarantining All Traces: atlas dmt cookie
8:50 AM: Quarantining All Traces: pointroll cookie
8:50 AM: Quarantining All Traces: trafficmp cookie
8:50 AM: Quarantining All Traces: zedo cookie
8:50 AM: Removal process completed. Elapsed time 00:00:00
5:41 PM: Processing Startup Alerts
5:41 PM: Allowed Startup entry: dlmMgr
5:46 PM: Processing Startup Alerts
5:46 PM: Allowed Startup entry: Adobe Reader Speed Launch.lnk
9:14 PM: Your spyware definitions have been updated.
4:00 AM: A scheduled sweep will now start.
4:00 AM: | End of Session, Tuesday, January 17, 2006 |
********
9:04 PM: | Start of Session, Sunday, January 15, 2006 |
9:04 PM: Spy Sweeper started
9:04 PM: Sweep initiated using definitions version 601
9:04 PM: Starting Memory Sweep
9:05 PM: Memory Sweep Complete, Elapsed Time: 00:01:04
9:05 PM: Starting Registry Sweep
9:05 PM: Registry Sweep Complete, Elapsed Time:00:00:09
9:05 PM: Starting Cookie Sweep
9:05 PM: Found Spy Cookie: 247realmedia cookie
9:05 PM: owner@247realmedia[1].txt (ID = 1953)
9:05 PM: Found Spy Cookie: 2o7.net cookie
9:05 PM: owner@2o7[1].txt (ID = 1957)
9:05 PM: Found Spy Cookie: advertising cookie
9:05 PM: owner@advertising[2].txt (ID = 2175)
9:05 PM: Found Spy Cookie: atlas dmt cookie
9:05 PM: owner@atdmt[1].txt (ID = 2253)
9:05 PM: Found Spy Cookie: coremetrics cookie
9:05 PM: owner@data.coremetrics[1].txt (ID = 2472)
9:05 PM: Found Spy Cookie: ru4 cookie
9:05 PM: owner@edge.ru4[1].txt (ID = 3269)
9:05 PM: owner@gateway.122.2o7[1].txt (ID = 1958)
9:05 PM: Found Spy Cookie: nextag cookie
9:05 PM: owner@nextag

Edited by nologic, 18 January 2006 - 01:28 PM.


BC AdBot (Login to Remove)

 


#2 nologic

nologic
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:15 PM

Posted 18 January 2006 - 01:27 PM

Here's a more recent log from the latest version of Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 1:22:25 PM, on 1/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Antivirus\pccguide.exe
C:\Program Files\Trend Micro\Antivirus\PCClient.exe
C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
C:\Program Files\Trend Micro\Antivirus\tmproxy.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner.JSS-AMD\Local Settings\Temporary Internet Files\Content.IE5\S5QN49MB\HijackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.boston.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Antivirus\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Antivirus\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Antivirus\TMOAgent.exe" /run
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [Ad-Aware] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" +c
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Antivirus\tmproxy.exe

#3 middle of nowhere

middle of nowhere

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 21 January 2006 - 02:45 PM

Posted Image & Welcome to Bleeping Computer

I would be glad to help you with your computer problems. :thumbsup:

HijackThis logs take awhile to research. Please be patient with me. I know that you want your problems solved quicky, and I will work hard to help you.

Please observe these rules while we work:

1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.

If you can do those two things, everything should go smoothly

Posted Image
Middle of Nowhere

#4 middle of nowhere

middle of nowhere

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 21 January 2006 - 02:58 PM

Hi nologic

Please follow the below instructions:

We'll need to move HiJackThis.exe out of a temporary directory and into a directory of its own, preferably C:\HJT (creating the folder if necessary).

The reason behind this is that HJT creates backups of every "fix" we do in the folder it's running in. If we happen to "fix" something and need it later on, there is a very good chance that, by that time, that TEMP directory could be purged and our backups would be lost.

If you need a detailed tutorial or just a better explanation as to why, please Look Here

I need you to run an on-line virus scan From Here

Please move HJT to its own directory and repost your log. Also can you tell me what the results of the virus scan says. Thanks

Edited by middle of nowhere, 21 January 2006 - 02:59 PM.

Middle of Nowhere

#5 middle of nowhere

middle of nowhere

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 30 January 2006 - 04:25 AM

Hi

I am contacting you to see if you still require the help, as i have not heard anything from you.

If you do still need help, please can you Copy/Paste a new HJT Log, back here in this thread.


Do Not Start a New Topic


Regards
Middle of Nowhere

#6 middle of nowhere

middle of nowhere

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 06 February 2006 - 02:42 PM

Since no response , this thread will now be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
Middle of Nowhere




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users