Posted 06 June 2006 - 06:32 AM
Here is the log from 2nd SpySweeper scan last night in Safe Mode:
********
10:13 PM: | Start of Session, Monday, June 05, 2006 |
10:13 PM: Spy Sweeper started
10:13 PM: Sweep initiated using definitions version 691
10:13 PM: Starting Memory Sweep
10:15 PM: Memory Sweep Complete, Elapsed Time: 00:01:02
10:15 PM: Starting Registry Sweep
10:15 PM: Registry Sweep Complete, Elapsed Time:00:00:15
10:15 PM: Starting Cookie Sweep
10:15 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
10:15 PM: Starting File Sweep
10:16 PM: Found Trojan Horse: trojan downloader matcash
10:16 PM: a0026882.exe (ID = 294587)
10:16 PM: Found Adware: visfx
10:16 PM: a0027293.exe (ID = 244295)
10:16 PM: Found Adware: enbrowser
10:16 PM: a0025729.exe (ID = 270029)
10:16 PM: Found Adware: clkoptimizer
10:16 PM: a0025730.exe (ID = 271215)
10:16 PM: Found Adware: surfsidekick
10:16 PM: a0026743.dll (ID = 302237)
10:16 PM: Found Adware: dollarrevenue
10:16 PM: a0026885.exe (ID = 302233)
10:16 PM: Found Trojan Horse: trojan-downloader-ac2
10:16 PM: a0026888.dll (ID = 276222)
10:16 PM: a0026889.dll (ID = 276222)
10:16 PM: Found Adware: zenosearchassistant
10:16 PM: a0026891.exe (ID = 293)
10:16 PM: Found Adware: purityscan
10:16 PM: a0027224.exe (ID = 296574)
10:16 PM: a0027233.exe (ID = 302231)
10:16 PM: a0027234.exe (ID = 302232)
10:16 PM: a0027235.exe (ID = 302233)
10:16 PM: a0027241.exe (ID = 244277)
10:16 PM: a0027276.exe (ID = 293)
10:16 PM: a0027287.exe (ID = 301896)
10:20 PM: a0027294.exe (ID = 270029)
10:20 PM: a0027299.exe (ID = 300281)
10:41 PM: File Sweep Complete, Elapsed Time: 00:26:32
10:41 PM: Full Sweep has completed. Elapsed time 00:27:58
10:41 PM: Traces Found: 18
10:52 PM: Removal process initiated
10:52 PM: Quarantining All Traces: clkoptimizer
10:52 PM: Quarantining All Traces: purityscan
10:52 PM: Quarantining All Traces: trojan downloader matcash
10:52 PM: Quarantining All Traces: visfx
10:52 PM: Quarantining All Traces: dollarrevenue
10:52 PM: Quarantining All Traces: enbrowser
10:52 PM: Quarantining All Traces: surfsidekick
10:52 PM: Quarantining All Traces: trojan-downloader-ac2
10:52 PM: Quarantining All Traces: zenosearchassistant
10:52 PM: Removal process completed. Elapsed time 00:00:07
********
10:12 PM: | Start of Session, Monday, June 05, 2006 |
10:12 PM: Spy Sweeper started
10:12 PM: Sweep initiated using definitions version 691
10:12 PM: Starting Memory Sweep
10:13 PM: Sweep Canceled
10:13 PM: Memory Sweep Complete, Elapsed Time: 00:00:47
10:13 PM: Traces Found: 0
10:13 PM: | End of Session, Monday, June 05, 2006 |
********
10:00 PM: | Start of Session, Monday, June 05, 2006 |
10:00 PM: Spy Sweeper started
10:00 PM: Sweep initiated using definitions version 691
10:00 PM: Starting Memory Sweep
10:01 PM: Sweep Canceled
10:01 PM: Memory Sweep Complete, Elapsed Time: 00:00:23
10:01 PM: Traces Found: 0
********
2:11 PM: | Start of Session, Monday, June 05, 2006 |
2:11 PM: Spy Sweeper started
2:11 PM: Sweep initiated using definitions version 691
2:11 PM: Starting Memory Sweep
2:14 PM: Memory Sweep Complete, Elapsed Time: 00:03:07
2:14 PM: Starting Registry Sweep
2:14 PM: Found Adware: apropos
2:14 PM: HKLM\software\aprps\ (2 subtraces) (ID = 103741)
2:14 PM: Found Adware: coolwebsearch (cws)
2:14 PM: HKCR\clsid\{6ee714d9-32a7-986a-b54e-a994f454edd3}\ (2 subtraces) (ID = 107303)
2:14 PM: HKLM\software\classes\clsid\{6ee714d9-32a7-986a-b54e-a994f454edd3}\ (2 subtraces) (ID = 108691)
2:14 PM: Found Adware: cws-aboutblank
2:14 PM: HKCR\clsid\{8f6c5de9-fddf-569a-0a0f-fef0e3957f0f}\ (2 subtraces) (ID = 113181)
2:14 PM: HKLM\software\classes\clsid\{8f6c5de9-fddf-569a-0a0f-fef0e3957f0f}\ (2 subtraces) (ID = 114762)
2:14 PM: Found Adware: cws_ns3
2:14 PM: HKCR\clsid\{30d83f56-da50-b817-ef00-1deb557b32f8}\ (2 subtraces) (ID = 118125)
2:14 PM: HKCR\clsid\{8669abb2-7410-3460-f449-e119dca24cc4}\ (4 subtraces) (ID = 118546)
2:14 PM: HKLM\software\classes\clsid\{30d83f56-da50-b817-ef00-1deb557b32f8}\ (2 subtraces) (ID = 119994)
2:14 PM: HKLM\software\classes\clsid\{8669abb2-7410-3460-f449-e119dca24cc4}\ (4 subtraces) (ID = 120392)
2:14 PM: Found Adware: purityscan
2:14 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\conflict.1\mediaticketsinstaller.ocx (ID = 139075)
2:14 PM: Found Adware: screensavers
2:14 PM: HKLM\software\screensavers.com\ (14 subtraces) (ID = 140569)
2:14 PM: Found Adware: enbrowser
2:14 PM: HKLM\software\system\sysold\ (2 subtraces) (ID = 926808)
2:14 PM: Found Adware: command
2:14 PM: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\0000\ (6 subtraces) (ID = 1016064)
2:14 PM: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\ (8 subtraces) (ID = 1016072)
2:14 PM: Found Adware: marketscore
2:14 PM: HKLM\software\microsoft\windows\currentversion\uninstall\{2cbd1bb3-9ac7-4d7f-9023-8a3e8dfb841a}\ (12 subtraces) (ID = 1141383)
2:14 PM: Found Adware: linkmaker
2:14 PM: HKCR\fseytdc.ariaqudok\ (3 subtraces) (ID = 1180460)
2:14 PM: HKCR\fseytdc.yvakt\ (3 subtraces) (ID = 1180468)
2:14 PM: HKLM\software\classes\fseytdc.ariaqudok\ (3 subtraces) (ID = 1180510)
2:14 PM: HKLM\software\classes\fseytdc.yvakt\ (3 subtraces) (ID = 1180518)
2:14 PM: HKU\S-1-5-21-3151056399-85685617-3384630467-1003\software\system\sysuid\ (1 subtraces) (ID = 731748)
2:14 PM: Registry Sweep Complete, Elapsed Time:00:00:15
2:14 PM: Starting Cookie Sweep
2:14 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
2:14 PM: Starting File Sweep
2:19 PM: Found Trojan Horse: trojan-dropper-agenthl
2:19 PM: vsl03.exe (ID = 297448)
2:19 PM: vsl05.exe (ID = 299775)
2:21 PM: pf78.exe (ID = 244430)
2:22 PM: jiub5f27y.hhy (ID = 276229)
2:27 PM: Found Adware: targetsaver
2:27 PM: class-barrel (ID = 78229)
2:32 PM: vocabulary (ID = 78283)
2:41 PM: Found Adware: directrevenue-abetterinternet
2:41 PM: belt.inf (ID = 83154)
2:41 PM: backup-20060605-101804-258.inf (ID = 74756)
2:41 PM: Found Adware: java byteverify
2:41 PM: classload.jar-1f8050ce-6aa381c3.zip (ID = 64823)
2:42 PM: File Sweep Complete, Elapsed Time: 00:27:33
2:42 PM: Full Sweep has completed. Elapsed time 00:31:01
2:42 PM: Traces Found: 106
2:43 PM: Removal process initiated
2:43 PM: Quarantining All Traces: cws_ns3
2:43 PM: Quarantining All Traces: cws-aboutblank
2:43 PM: Quarantining All Traces: directrevenue-abetterinternet
2:43 PM: Quarantining All Traces: purityscan
2:43 PM: Quarantining All Traces: apropos
2:43 PM: Quarantining All Traces: coolwebsearch (cws)
2:43 PM: Quarantining All Traces: enbrowser
2:43 PM: Quarantining All Traces: linkmaker
2:43 PM: Quarantining All Traces: marketscore
2:43 PM: Quarantining All Traces: trojan-dropper-agenthl
2:43 PM: Quarantining All Traces: command
2:43 PM: Quarantining All Traces: java byteverify
2:43 PM: Quarantining All Traces: screensavers
2:43 PM: Quarantining All Traces: targetsaver
2:44 PM: Removal process completed. Elapsed time 00:01:01
3:00 PM: The Spy Communication shield has blocked access to: paypopup.com
3:00 PM: The Spy Communication shield has blocked access to: paypopup.com
3:00 PM: The Spy Communication shield has blocked access to: paypopup.com
3:00 PM: The Spy Communication shield has blocked access to: paypopup.com
3:01 PM: The Spy Communication shield has blocked access to: paypopup.com
3:01 PM: The Spy Communication shield has blocked access to: paypopup.com
3:01 PM: The Spy Communication shield has blocked access to: paypopup.com
3:01 PM: The Spy Communication shield has blocked access to: paypopup.com
3:01 PM: The Spy Communication shield has blocked access to: apps.deskwizz.com
3:01 PM: The Spy Communication shield has blocked access to: apps.deskwizz.com
3:01 PM: The Spy Communication shield has blocked access to: apps.deskwizz.com
3:01 PM: The Spy Communication shield has blocked access to: apps.deskwizz.com
3:01 PM: The Spy Communication shield has blocked access to: apps.deskwizz.com
3:01 PM: The Spy Communication shield has blocked access to: apps.deskwizz.com
3:01 PM: The Spy Communication shield has blocked access to: apps.deskwizz.com
3:01 PM: The Spy Communication shield has blocked access to: apps.deskwizz.com
3:35 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
3:35 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
3:35 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
3:35 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
3:53 PM: The Spy Communication shield has blocked access to: paypopup.com
3:53 PM: The Spy Communication shield has blocked access to: paypopup.com
3:53 PM: The Spy Communication shield has blocked access to: paypopup.com
3:53 PM: The Spy Communication shield has blocked access to: paypopup.com
3:53 PM: The Spy Communication shield has blocked access to: paypopup.com
3:53 PM: The Spy Communication shield has blocked access to: paypopup.com
3:53 PM: The Spy Communication shield has blocked access to: paypopup.com
3:53 PM: The Spy Communication shield has blocked access to: paypopup.com
4:39 PM: The Spy Communication shield has blocked access to: apps.deskwizz.com
4:39 PM: The Spy Communication shield has blocked access to: apps.deskwizz.com
4:39 PM: The Spy Communication shield has blocked access to: apps.deskwizz.com
4:39 PM: The Spy Communication shield has blocked access to: apps.deskwizz.com
4:39 PM: The Spy Communication shield has blocked access to: apps.deskwizz.com
4:39 PM: The Spy Communication shield has blocked access to: apps.deskwizz.com
4:39 PM: The Spy Communication shield has blocked access to: apps.deskwizz.com
4:39 PM: The Spy Communication shield has blocked access to: apps.deskwizz.com
4:53 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
4:53 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
4:53 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
4:53 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
5:21 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
5:21 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
5:21 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
5:21 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
5:21 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
5:21 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
5:21 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
5:21 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
5:44 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
5:44 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
5:44 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
5:44 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
6:07 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
6:07 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
6:07 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
6:07 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
6:18 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
6:18 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
6:18 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
6:18 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
6:30 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
6:30 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
6:30 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
6:30 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
6:53 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
6:53 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
6:53 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
6:53 PM: The Spy Communication shield has blocked access to: count.exitexchange.com
********
2:08 PM: | Start of Session, Monday, June 05, 2006 |
2:08 PM: Spy Sweeper started
2:10 PM: Your spyware definitions have been updated.
2:11 PM: | End of Session, Monday, June 05, 2006 |