potentially rootkit-masked files...?

[robot_takeover]

hi all. these forums have helped me tons a few times now... i hope you guys can help me out this time.

let me start by telling you that i have run ad-aware multiple times, i have used spybot multiple times, i have run trendmicro's free housecall, and i have a paid subscription to webroot's spysweeper. i have also run my highjackthis log through the automated thing, and removed what it suggested.

after all these things, spysweeper STILL finds "potentially rootkit-masked files" (file type - system monitor) EVERY time it does a full system scan. (which is daily.) i have tried everything spysweeper can do - quarantine, permanantly delete, nothing works. it still finds this every time. when i read up on it, it says it could be a possible browser highjack, and someone may be logging my keystrokes and passwords.

someone PLEASE take a look at my logfile, and tell me if i have something horribly wrong going on here.

thanks a lot in advance to anyone who can help me out and shed some light on my situation.

[robot_takeover]

also, here is a short section of the log from spysweeper over the last two days. (in case this helps you out at all.)

thanks again.

[jholland1964]

Have you used Spysweeper in Safe Mode?
Have you done a search, in Safe mode for these two files;
c:\windows\imsins.log
c:\windows\kb887998.log

I would suggest that your update all these programs, AdAwareSE, Spybot, Spysweeper, your antivirus program, Enable the Viewing of Hidden Files and Folders and then reboot to SAFE MODE

Run each of the above programs and remove whatever they find. Make note of name and location of anything found and post back here with that also.
Then do a file search for the above two folders and also any files which happen to be found by the Safe Mode Scans.
Once you have completed all of the above then reboot to Normal Mode and run a new HJT scan and save the log and post it along with the new FULL Spysweeper log

[robot_takeover]

judy,

thanks again for volunteering your time to my lame problem. you should make a billion dollars a year.

i tried everything you said. i enabled viewing of hidden files and folders, i logged into safe mode, i ran ad-aware, (deleting everything it found,) i ran spybot, (deleting everything it found,) i ran spysweeper, (it found nothing,) then i searched for the 2 files you told me to.

it FOUND the 2 .log files you asked me to search for, but it would not let me delete them.

i have included .bmps of all the steps of my process, as well as the HJT log and the spysweeper log that i have made since doing a "normal startup" boot into windows from safe mode.

please take a look at your earliest convenience, and advise me what to do.

again, thank you so much for your continued support and dedication. below, please find the links to the .bmps associated with my problem(s).

thanks.

http://i98.photobucket.com/albums/l2...06/adaware.jpg
http://i98.photobucket.com/albums/l2...006/spybot.jpg
http://i98.photobucket.com/albums/l2...per_finish.jpg
http://i98.photobucket.com/albums/l2...006/imsins.jpg
http://i98.photobucket.com/albums/l2...6/KB887998.jpg

[robot_takeover]

here are the copies of the logs i said i would post. also a few more .bmps. thanks again.

thsi is the error message i get every time i run spysweeper. even after tell it to restart, it still finds the same thing. http://i98.photobucket.com/albums/l2...eper_error.jpg


this is the baddie that wont go away. help me get rid of this!!!
http://i98.photobucket.com/albums/l2...al_startup.jpg

[robot_takeover]

oh. also, i ran panda's free scan, and removed what it said to.

also, that is not a FULL spysweeper log; since your forums only allow 19kb attachments, i included as many das as i could without going over the limit.

[jholland1964]

oh. also, i ran panda's free scan, and removed what it said to.

also, that is not a FULL spysweeper log; since your forums only allow 19kb attachments, i included as many das as i could without going over the limit.

We need that full log. The forums attachment size is much larger than that. We have several with attachments here that are 99kb
If you can't attach it then copy paste it.

[jholland1964]

Here is a new free program to remove rootkits posted by our Administrator F11

Sophos Anti-Rootkit

Why don't you try this? Follow all the directions for installing and running the program given at their website.

[robot_takeover]

judy,

thanks. here is the full log. (as far back as it goes.) did you check out my links?

12:11 AM: Your spyware definitions have been updated.
12:11 AM: Automated check for program update in progress.
10:48 PM: A reboot was required but declined.
10:37 PM: potentially rootkit-masked files is in use. It will be removed on reboot.
10:37 PM: Quarantining All Traces: potentially rootkit-masked files
10:37 PM: Traces Found: 2
10:37 PM: Full Sweep has completed. Elapsed time 00:37:56
10:37 PM: File Sweep Complete, Elapsed Time: 00:36:14
Trace marked as Always Remove
10:28 PM: c:\windows\imsins.log (ID = 0)
Trace marked as Always Remove
10:28 PM: c:\windows\kb887998.log (ID = 0)
10:28 PM: Threat marked as Always Remove
10:28 PM: Found System Monitor: potentially rootkit-masked files
10:13 PM: Warning: Failed to access drive J:
10:13 PM: Warning: Failed to access drive I:
10:13 PM: Warning: Failed to access drive H:
10:13 PM: Warning: Failed to access drive G:
10:13 PM: Warning: Failed to access drive F:
10:09 PM: Warning: Failed to open file "c:\program files\compaq connections\5577497\users\default\data\d0000000.fc s". The operation completed successfully
10:09 PM: Warning: Failed to open file "c:\documents and settings\compaq_administrator\application data\mozilla\firefox\profiles\quq1m6ax.default\par ent.lock". The operation completed successfully
10:00 PM: Starting File Sweep
10:00 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
10:00 PM: Starting Cookie Sweep
10:00 PM: Registry Sweep Complete, Elapsed Time:00:00:09
10:00 PM: Starting Registry Sweep
10:00 PM: Memory Sweep Complete, Elapsed Time: 00:01:28
9:59 PM: Starting Memory Sweep
9:59 PM: Sweep initiated using definitions version 758
9:59 PM: Spy Sweeper 5.0.5.1286 started
9:59 PM: | Start of Session, Wednesday, September 13, 2006 |
********
9:59 PM: | End of Session, Wednesday, September 13, 2006 |
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
9:43 PM: Shield States
9:43 PM: Spyware Definitions: 758
9:42 PM: Spy Sweeper 5.0.5.1286 started
A system shutdown is in progress
8:24 PM: Warning: System Error. Code: 1115.
Operation: Terminate
Target: C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPERUI.EXE
Source: C:\WINDOWS\SYSTEM32\CSRSS.EXE
8:24 PM: Tamper Detection
Operation: Terminate
Target: C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPERUI.EXE
Source: C:\WINDOWS\SYSTEM32\CSRSS.EXE
8:23 PM: Tamper Detection
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
8:23 PM: Shield States
8:23 PM: Spyware Definitions: 758
8:23 PM: Spy Sweeper 5.0.5.1286 started
6:26 PM: A reboot was required but declined.
9:37 AM: potentially rootkit-masked files is in use. It will be removed on reboot.
9:37 AM: Quarantining All Traces: potentially rootkit-masked files
9:37 AM: Quarantining All Traces: questionmarket cookie
9:37 AM: Quarantining All Traces: 2o7.net cookie
9:37 AM: Quarantining All Traces: advertising cookie
9:37 AM: Traces Found: 5
9:37 AM: Full Sweep has completed. Elapsed time 00:37:38
9:37 AM: File Sweep Complete, Elapsed Time: 00:35:42
Trace marked as Always Remove
9:29 AM: c:\windows\imsins.log (ID = 0)
Trace marked as Always Remove
9:29 AM: c:\windows\kb887998.log (ID = 0)
9:29 AM: Threat marked as Always Remove
9:29 AM: Found System Monitor: potentially rootkit-masked files
9:14 AM: Warning: Failed to access drive J:
9:14 AM: Warning: Failed to access drive I:
9:14 AM: Warning: Failed to access drive H:
9:14 AM: Warning: Failed to access drive G:
9:14 AM: Warning: Failed to access drive F:
9:10 AM: Warning: Failed to open file "c:\program files\compaq connections\5577497\users\default\data\d0000000.fc s". The operation completed successfully
9:01 AM: Starting File Sweep
9:01 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
Trace marked as Always Remove
9:01 AM: c:\documents and settings\compaq_administrator\cookies\compaq_admin istrator@questionmarket[2].txt (ID = 3217)
9:01 AM: Threat marked as Always Remove
9:01 AM: Found Spy Cookie: questionmarket cookie
Trace marked as Always Remove
9:01 AM: c:\documents and settings\compaq_administrator\cookies\compaq_admin istrator@cnn.122.2o7[1].txt (ID = 1958)
9:01 AM: Threat marked as Always Remove
9:01 AM: Found Spy Cookie: 2o7.net cookie
Trace marked as Always Remove
9:01 AM: c:\documents and settings\compaq_administrator\cookies\compaq_admin istrator@advertising[2].txt (ID = 2175)
9:01 AM: Threat marked as Always Remove
9:01 AM: Found Spy Cookie: advertising cookie
9:01 AM: Starting Cookie Sweep
9:01 AM: Registry Sweep Complete, Elapsed Time:00:00:09
9:01 AM: Starting Registry Sweep
9:01 AM: Memory Sweep Complete, Elapsed Time: 00:01:45
9:00 AM: Starting Memory Sweep
9:00 AM: Sweep initiated using definitions version 758
9:00 AM: Spy Sweeper 5.0.5.1286 started
9:00 AM: | Start of Session, Wednesday, September 13, 2006 |
********
8:38 PM: | End of Session, Tuesday, September 12, 2006 |
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
8:37 PM: Shield States
8:37 PM: Spyware Definitions: 757
8:37 PM: Spy Sweeper 5.0.5.1286 started
8:32 PM: IE Hijack Shield: Resetting IE advanced data value.
8:32 PM: IE Hijack Shield: Resetting IE advanced data value.
8:32 PM: IE Hijack Shield: Resetting Home Page value.
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
8:18 PM: Warning: The handle is invalid
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
8:17 PM: Shield States
8:17 PM: Spyware Definitions: 757
8:17 PM: Spy Sweeper 5.0.5.1286 started
8:14 PM: Preparing to restart your computer. Please wait...
8:14 PM: IE Security Shield: found: C:\DOCUMENTS AND SETTINGS\COMPAQ_ADMINISTRATOR\DESKTOP\HIJACKTHIS\H IJACKTHIS.EXE -- IE Security modification allowed at user request
8:14 PM: IE Hijack Shield: Resetting IE advanced data value.
8:14 PM: IE Hijack Shield: Resetting IE advanced data value.
8:14 PM: IE Hijack Shield: Resetting Home Page value.
Operation: Terminate
Target: C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPERUI.EXE
Source: C:\WINDOWS\SYSTEM32\CSRSS.EXE
8:02 PM: Tamper Detection
12:50 AM: potentially rootkit-masked files is in use. It will be removed on reboot.
12:50 AM: Quarantining All Traces: potentially rootkit-masked files
12:50 AM: Traces Found: 2
12:50 AM: Full Sweep has completed. Elapsed time 00:42:38
12:50 AM: File Sweep Complete, Elapsed Time: 00:40:57
Trace marked as Always Remove
12:42 AM: c:\windows\imsins.log (ID = 0)
Trace marked as Always Remove
12:42 AM: c:\windows\kb887998.log (ID = 0)
12:42 AM: Threat marked as Always Remove
12:42 AM: Found System Monitor: potentially rootkit-masked files
12:21 AM: Warning: Failed to access drive J:
12:21 AM: Warning: Failed to access drive I:
12:21 AM: Warning: Failed to access drive H:
12:21 AM: Warning: Failed to access drive G:
12:21 AM: Warning: Failed to access drive F:
12:18 AM: Warning: Failed to open file "c:\program files\compaq connections\5577497\users\default\data\d0000000.fc s". The operation completed successfully
12:09 AM: Starting File Sweep
12:09 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
12:09 AM: Starting Cookie Sweep
12:09 AM: Registry Sweep Complete, Elapsed Time:00:00:08
12:09 AM: Starting Registry Sweep
12:09 AM: Memory Sweep Complete, Elapsed Time: 00:01:29
12:07 AM: Starting Memory Sweep
12:07 AM: Sweep initiated using definitions version 757
12:07 AM: Spy Sweeper 5.0.5.1286 started
12:07 AM: | Start of Session, Tuesday, September 12, 2006 |
********
9:00 AM: | End of Session, Wednesday, September 13, 2006 |
12:18 AM: Access to Hosts file blocked for C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
12:08 AM: Your spyware definitions have been updated.
12:08 AM: Automated check for program update in progress.
Operation: File Access
Target:
Source: C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
11:46 PM: Tamper Detection
9:16 PM: A reboot was required but declined.
9:16 PM: potentially rootkit-masked files is in use. It will be removed on reboot.
9:16 PM: Quarantining All Traces: potentially rootkit-masked files
9:16 PM: Traces Found: 2
9:16 PM: Full Sweep has completed. Elapsed time 00:38:00
9:16 PM: File Sweep Complete, Elapsed Time: 00:36:18
Trace marked as Always Remove
9:08 PM: c:\windows\imsins.log (ID = 0)
Trace marked as Always Remove
9:07 PM: c:\windows\kb887998.log (ID = 0)
9:07 PM: Threat marked as Always Remove
9:07 PM: Found System Monitor: potentially rootkit-masked files
8:52 PM: Warning: Failed to access drive J:
8:52 PM: Warning: Failed to access drive I:
8:52 PM: Warning: Failed to access drive H:
8:52 PM: Warning: Failed to access drive G:
8:52 PM: Warning: Failed to access drive F:
8:48 PM: Warning: PerformFileOffsetMatch Failed to check file "c:\program files\common files\symantec shared\eengine\eraserutildrv10621.sys". "c:\program files\common files\symantec shared\eengine\eraserutildrv10621.sys": File not found
8:48 PM: Warning: Failed to open file "c:\program files\compaq connections\5577497\users\default\data\d0000000.fc s". The operation completed successfully
8:39 PM: Starting File Sweep
8:39 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
8:39 PM: Starting Cookie Sweep
8:39 PM: Registry Sweep Complete, Elapsed Time:00:00:08
8:39 PM: Starting Registry Sweep
8:39 PM: Memory Sweep Complete, Elapsed Time: 00:01:29
8:38 PM: Starting Memory Sweep
8:38 PM: Sweep initiated using definitions version 757
8:38 PM: Spy Sweeper 5.0.5.1286 started
8:38 PM: | Start of Session, Tuesday, September 12, 2006 |
********
12:07 AM: | End of Session, Tuesday, September 12, 2006 |
12:07 AM: Deleted error log without sending: C:\Documents and Settings\Compaq_Administrator\Application Data\Webroot\Spy Sweeper\Logs\bugreport.txt
7:02 PM: Your definitions are up to date.
7:02 PM: Automated check for program update in progress.
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
7:01 PM: Shield States
7:01 PM: Spyware Definitions: 757
7:01 PM: Spy Sweeper 5.0.5.1286 started
6:58 PM: Preparing to restart your computer. Please wait...
9:38 AM: potentially rootkit-masked files is in use. It will be removed on reboot.
9:38 AM: Quarantining All Traces: potentially rootkit-masked files
9:38 AM: Traces Found: 2
9:38 AM: Full Sweep has completed. Elapsed time 00:38:03
9:38 AM: File Sweep Complete, Elapsed Time: 00:36:13
Trace marked as Always Remove
9:30 AM: c:\windows\imsins.log (ID = 0)
Trace marked as Always Remove
9:30 AM: c:\windows\kb887998.log (ID = 0)
9:30 AM: Threat marked as Always Remove
9:30 AM: Found System Monitor: potentially rootkit-masked files
9:14 AM: Warning: Failed to access drive J:
9:14 AM: Warning: Failed to access drive I:
9:14 AM: Warning: Failed to access drive H:
9:14 AM: Warning: Failed to access drive G:
9:14 AM: Warning: Failed to access drive F:
9:11 AM: Warning: Failed to read file "c:\documents and settings\compaq_administrator\.housecall6.6\log\en gine0.log.lck". The process cannot access the file because another process has locked a portion of the file
9:11 AM: Warning: Failed to read file "c:\documents and settings\compaq_administrator\.housecall6.6\log\er ror0.log.lck". The process cannot access the file because another process has locked a portion of the file
9:11 AM: Warning: Failed to read file "c:\documents and settings\compaq_administrator\.housecall6.6\log\ex ecution0.log.lck". The process cannot access the file because another process has locked a portion of the file
9:10 AM: Warning: Failed to open file "c:\documents and settings\compaq_administrator\application data\mozilla\firefox\profiles\quq1m6ax.default\par ent.lock". The operation completed successfully
9:10 AM: Warning: Failed to open file "c:\program files\compaq connections\5577497\users\default\data\d0000000.fc s". The operation completed successfully
9:01 AM: Starting File Sweep
9:01 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
9:01 AM: Starting Cookie Sweep
9:01 AM: Registry Sweep Complete, Elapsed Time:00:00:10
9:01 AM: Starting Registry Sweep
9:01 AM: Memory Sweep Complete, Elapsed Time: 00:01:33
9:00 AM: Starting Memory Sweep
9:00 AM: Sweep initiated using definitions version 757
9:00 AM: Spy Sweeper 5.0.5.1286 started
9:00 AM: | Start of Session, Monday, September 11, 2006 |
********
9:00 AM: | End of Session, Monday, September 11, 2006 |
Operation: File Access
Target:
Source: C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
8:25 AM: Tamper Detection
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
8:04 AM: Warning: The handle is invalid
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
8:04 AM: Shield States
8:04 AM: Spyware Definitions: 757
8:04 AM: Spy Sweeper 5.0.5.1286 started
Operation: File Access
Target:
Source: C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\VPC32.EXE
11:08 PM: Tamper Detection
Operation: File Access
Target:
Source: C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
6:41 PM: Tamper Detection
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
5:16 PM: Warning: The handle is invalid
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
5:16 PM: Warning: The handle is invalid
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
5:16 PM: Shield States
5:16 PM: Spyware Definitions: 757
5:15 PM: Spy Sweeper 5.0.5.1286 started
4:47 PM: Memory Sweep Complete, Elapsed Time: 00:00:07
4:47 PM: Starting Memory Sweep
4:47 PM: Sweep initiated using definitions version 757
4:47 PM: Spy Sweeper 5.0.5.1286 started
4:47 PM: | Start of Session, Sunday, September 10, 2006 |
********
4:47 PM: | End of Session, Sunday, September 10, 2006 |
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
4:46 PM: Shield States
4:46 PM: Spyware Definitions: 757
4:46 PM: Spy Sweeper 5.0.5.1286 started
4:36 PM: IE Tracking Cookies Shield: Off
4:36 PM: IE Tracking Cookies Shield: On
4:35 PM: Spy Sweeper 5.0.5.1286 started
Operation: File Access
Target:
Source: C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
3:01 PM: Tamper Detection
2:36 PM: Your spyware definitions have been updated.
2:36 PM: Automated check for program update in progress.
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
2:37 PM: Shield States
2:37 PM: Spyware Definitions: 756
2:37 PM: Spy Sweeper 5.0.5.1286 started
11:13 AM: | End of Session, Friday, September 08, 2006 |
1:34 AM: Traces Found: 2
1:34 AM: Full Sweep has completed. Elapsed time 00:40:22
1:34 AM: File Sweep Complete, Elapsed Time: 00:38:46
1:25 AM: c:\windows\imsins.log (ID = 0)
1:25 AM: c:\windows\kb887998.log (ID = 0)
1:25 AM: Found System Monitor: potentially rootkit-masked files
1:07 AM: Warning: Failed to access drive J:
1:07 AM: Warning: Failed to access drive I:
1:07 AM: Warning: Failed to access drive H:
1:07 AM: Warning: Failed to access drive G:
1:07 AM: Warning: Failed to access drive F:
1:04 AM: Warning: Failed to open file "c:\program files\compaq connections\5577497\users\default\data\d0000000.fc s". The operation completed successfully
12:55 AM: Starting File Sweep
12:55 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
12:55 AM: Starting Cookie Sweep
12:55 AM: Registry Sweep Complete, Elapsed Time:00:00:09
12:55 AM: Starting Registry Sweep
12:55 AM: Memory Sweep Complete, Elapsed Time: 00:01:22
12:53 AM: Starting Memory Sweep
12:53 AM: Sweep initiated using definitions version 756
12:53 AM: Spy Sweeper 5.0.5.1286 started
12:53 AM: | Start of Session, Friday, September 08, 2006 |
********
3:07 PM: Preparing to restart your computer. Please wait...
11:54 AM: potentially rootkit-masked files is in use. It will be removed on reboot.
11:54 AM: Quarantining All Traces: potentially rootkit-masked files
11:54 AM: Traces Found: 2
11:54 AM: Full Sweep has completed. Elapsed time 00:41:23
11:54 AM: File Sweep Complete, Elapsed Time: 00:39:26
Trace marked as Always Remove
11:46 AM: c:\windows\imsins.log (ID = 0)
Trace marked as Always Remove
11:46 AM: c:\windows\kb887998.log (ID = 0)
11:46 AM: Threat marked as Always Remove
11:46 AM: Found System Monitor: potentially rootkit-masked files
11:29 AM: Warning: Failed to access drive J:
11:29 AM: Warning: Failed to access drive I:
11:29 AM: Warning: Failed to access drive H:
11:29 AM: Warning: Failed to access drive G:
11:29 AM: Warning: Failed to access drive F:
11:25 AM: Warning: Failed to open file "c:\program files\compaq connections\5577497\users\default\data\d0000000.fc s". The operation completed successfully
11:25 AM: Warning: Failed to open file "c:\documents and settings\compaq_administrator\application data\mozilla\firefox\profiles\quq1m6ax.default\met rics.xml". The operation completed successfully
11:24 AM: Warning: Failed to read file "c:\recycler\s-1-5-21-2236532280-3181498190-635397818-1008\dc17\thumbs.db". "c:\recycler\s-1-5-21-2236532280-3181498190-635397818-1008\dc17\thumbs.db": File not found
11:15 AM: Starting File Sweep
11:15 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
11:15 AM: Starting Cookie Sweep
11:15 AM: Registry Sweep Complete, Elapsed Time:00:00:13
11:14 AM: Starting Registry Sweep
11:14 AM: Memory Sweep Complete, Elapsed Time: 00:01:33
11:13 AM: Starting Memory Sweep
11:13 AM: Sweep initiated using definitions version 756
11:13 AM: Spy Sweeper 5.0.5.1286 started
11:13 AM: | Start of Session, Friday, September 08, 2006 |
********
12:53 AM: | End of Session, Friday, September 08, 2006 |
10:37 PM: Sent error log: C:\Documents and Settings\Compaq_Administrator\Application Data\Webroot\Spy Sweeper\Logs\bugreport.txt
9:34 PM: Your spyware definitions have been updated.
9:34 PM: Automated check for program update in progress.
7:27 PM: Warning: Failed to reregister registry notification for "HKLM\Software\Microsoft\Windows\CurrentVersion\Ru nServices": Illegal operation attempted on a registry key that has been marked for deletion
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
7:21 PM: Shield States
7:21 PM: Spyware Definitions: 755
7:20 PM: Spy Sweeper 5.0.5.1286 started
7:13 PM: Spy Sweeper 5.0.5.1286 started
7:09 PM: Spy Sweeper 5.0.5.1286 started
Operation: File Access
Target:
Source: C:\PROGRAM FILES\SYMANTEC ANTIVIRUS\RTVSCAN.EXE
9:40 PM: Tamper Detection
9:34 PM: Your spyware definitions have been updated.
9:33 PM: Automated check for program update in progress.
8:38 PM: Warning: Failed to reregister registry notification for "HKLM\Software\Microsoft\Windows\CurrentVersion\Ru nServices": Illegal operation attempted on a registry key that has been marked for deletion
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
8:35 PM: Shield States
8:35 PM: Spyware Definitions: 754
8:35 PM: Spy Sweeper 5.0.5.1286 started
7:30 PM: IE Security Shield: found: C:\PROGRAM FILES\SPYBOT - SEARCH DESTROY\SPYBOTSD.EXE -- IE Security modification allowed at user request
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
6:56 PM: Shield States
6:56 PM: Spyware Definitions: 754
6:56 PM: Spy Sweeper 5.0.5.1286 started
6:54 PM: Removal process completed. Elapsed time 00:00:02
6:54 PM: Preparing to restart your computer. Please wait...
6:54 PM: c:\windows\imsins.log is in use. It will be removed on reboot.
6:54 PM: c:\windows\kb887998.log is in use. It will be removed on reboot.
6:54 PM: potentially rootkit-masked files is in use. It will be removed on reboot.
6:54 PM: Quarantining All Traces: potentially rootkit-masked files
6:54 PM: Removal process initiated
9:36 AM: Traces Found: 2
9:36 AM: Full Sweep has completed. Elapsed time 00:36:14
9:36 AM: File Sweep Complete, Elapsed Time: 00:34:49
9:29 AM: c:\windows\imsins.log (ID = 0)
9:29 AM: c:\windows\kb887998.log (ID = 0)
9:29 AM: Found System Monitor: potentially rootkit-masked files
9:14 AM: Warning: Failed to access drive J:
9:14 AM: Warning: Failed to access drive I:
9:14 AM: Warning: Failed to access drive H:
9:14 AM: Warning: Failed to access drive G:
9:14 AM: Warning: Failed to access drive F:
9:14 AM: Warning: Failed to access drive E:
9:12 AM: Warning: Failed to open file "c:\program files\compaq connections\5577497\users\default\data\d0000000.fc s". The operation completed successfully
9:01 AM: Starting File Sweep
9:01 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
9:01 AM: Starting Cookie Sweep
9:01 AM: Registry Sweep Complete, Elapsed Time:00:00:08
9:01 AM: Starting Registry Sweep
9:01 AM: Memory Sweep Complete, Elapsed Time: 00:01:14
9:00 AM: Starting Memory Sweep
9:00 AM: Sweep initiated using definitions version 754
9:00 AM: Spy Sweeper 5.0.5.1286 started
9:00 AM: | Start of Session, Wednesday, September 06, 2006 |
********
9:00 AM: | End of Session, Wednesday, September 06, 2006 |
9:32 PM: Your spyware definitions have been updated.
9:32 PM: Automated check for program update in progress.
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
9:31 PM: Shield States
9:31 PM: Spyware Definitions: 753
9:31 PM: Spy Sweeper 5.0.5.1286 started
9:28 PM: Removal process completed. Elapsed time 00:00:06
9:28 PM: Preparing to restart your computer. Please wait...
9:28 PM: c:\windows\imsins.log is in use. It will be removed on reboot.
9:28 PM: c:\windows\kb887998.log is in use. It will be removed on reboot.
9:28 PM: potentially rootkit-masked files is in use. It will be removed on reboot.
9:28 PM: Quarantining All Traces: potentially rootkit-masked files
9:28 PM: Removal process initiated
9:38 AM: Traces Found: 2
9:38 AM: Full Sweep has completed. Elapsed time 00:38:09
9:38 AM: File Sweep Complete, Elapsed Time: 00:36:39
9:32 AM: c:\windows\imsins.log (ID = 0)
9:32 AM: c:\windows\kb887998.log (ID = 0)
9:32 AM: Found System Monitor: potentially rootkit-masked files
9:14 AM: Warning: Failed to access drive J:
9:14 AM: Warning: Failed to access drive I:
9:14 AM: Warning: Failed to access drive H:
9:14 AM: Warning: Failed to access drive G:
9:14 AM: Warning: Failed to access drive F:
9:14 AM: Warning: Failed to access drive E:
9:13 AM: Warning: Failed to open file "c:\program files\compaq connections\5577497\users\default\data\d0000000.fc s". The operation completed successfully
9:01 AM: Starting File Sweep
9:01 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
9:01 AM: Starting Cookie Sweep
9:01 AM: Registry Sweep Complete, Elapsed Time:00:00:09
9:01 AM: Starting Registry Sweep
9:01 AM: Memory Sweep Complete, Elapsed Time: 00:01:15
9:00 AM: Starting Memory Sweep
9:00 AM: Sweep initiated using definitions version 753
9:00 AM: Spy Sweeper 5.0.5.1286 started
9:00 AM: | Start of Session, Tuesday, September 05, 2006 |
********
9:00 AM: | End of Session, Tuesday, September 05, 2006 |
3:50 PM: Your definitions are up to date.
3:50 PM: Automated check for program update in progress.
2:20 PM: Removal process completed. Elapsed time 00:00:03
2:20 PM: Quarantining All Traces: go.com cookie
2:20 PM: Removal process initiated
9:36 AM: Traces Found: 3
9:36 AM: Full Sweep has completed. Elapsed time 00:36:05
9:36 AM: File Sweep Complete, Elapsed Time: 00:34:26
9:29 AM: c:\windows\imsins.log (ID = 0)
9:29 AM: c:\windows\kb887998.log (ID = 0)
9:29 AM: Found System Monitor: potentially rootkit-masked files
9:14 AM: Warning: Failed to access drive J:
9:14 AM: Warning: Failed to access drive I:
9:14 AM: Warning: Failed to access drive H:
9:14 AM: Warning: Failed to access drive G:
9:14 AM: Warning: Failed to access drive F:
9:14 AM: Warning: Failed to access drive E:
9:12 AM: Warning: Failed to open file "c:\program files\compaq connections\5577497\users\default\data\d0000000.fc s". The operation completed successfully
9:01 AM: Starting File Sweep
9:01 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
9:01 AM: c:\documents and settings\compaq_administrator\cookies\compaq_admin istrator@go[2].txt (ID = 2728)
9:01 AM: Found Spy Cookie: go.com cookie
9:01 AM: Starting Cookie Sweep
9:01 AM: Registry Sweep Complete, Elapsed Time:00:00:09
9:01 AM: Starting Registry Sweep
9:01 AM: Memory Sweep Complete, Elapsed Time: 00:01:25
9:00 AM: Starting Memory Sweep
9:00 AM: Sweep initiated using definitions version 753
9:00 AM: Spy Sweeper 5.0.5.1286 started
9:00 AM: | Start of Session, Monday, September 04, 2006 |
********
9:00 AM: | End of Session, Monday, September 04, 2006 |
3:49 PM: Your definitions are up to date.
3:49 PM: Automated check for program update in progress.
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
3:45 PM: Shield States
3:45 PM: Spyware Definitions: 753
3:45 PM: Spy Sweeper 5.0.5.1286 started
3:30 PM: Spy Sweeper 5.0.5.1286 started
9:37 AM: None
9:37 AM: Traces Found: 0
9:37 AM: Full Sweep has completed. Elapsed time 00:37:41
9:37 AM: File Sweep Complete, Elapsed Time: 00:34:49
9:16 AM: Warning: Failed to access drive J:
9:16 AM: Warning: Failed to access drive I:
9:16 AM: Warning: Failed to access drive H:
9:16 AM: Warning: Failed to access drive G:
9:16 AM: Warning: Failed to access drive F:
9:16 AM: Warning: Failed to access drive E:
9:14 AM: Warning: Failed to open file "c:\documents and settings\compaq_administrator\application data\mozilla\firefox\profiles\quq1m6ax.default\par ent.lock". The operation completed successfully
9:14 AM: Warning: Failed to open file "c:\program files\compaq connections\5577497\users\default\data\d0000000.fc s". The operation completed successfully
9:03 AM: Starting File Sweep
9:03 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
9:03 AM: Starting Cookie Sweep
9:03 AM: Registry Sweep Complete, Elapsed Time:00:00:10
9:02 AM: Starting Registry Sweep
9:02 AM: Memory Sweep Complete, Elapsed Time: 00:02:36
9:00 AM: Starting Memory Sweep
9:00 AM: Sweep initiated using definitions version 753
9:00 AM: Spy Sweeper 5.0.5.1286 started
9:00 AM: | Start of Session, Sunday, September 03, 2006 |
********
9:00 AM: | End of Session, Sunday, September 03, 2006 |
9:37 AM: None
9:37 AM: Traces Found: 0
9:37 AM: Full Sweep has completed. Elapsed time 00:37:37
9:37 AM: File Sweep Complete, Elapsed Time: 00:35:00
9:16 AM: Warning: Failed to access drive J:
9:16 AM: Warning: Failed to access drive I:
9:16 AM: Warning: Failed to access drive H:
9:16 AM: Warning: Failed to access drive G:
9:16 AM: Warning: Failed to access drive F:
9:16 AM: Warning: Failed to access drive E:
9:14 AM: Warning: Failed to open file "c:\documents and settings\compaq_administrator\application data\mozilla\firefox\profiles\quq1m6ax.default\par ent.lock". The operation completed successfully
9:14 AM: Warning: Failed to open file "c:\program files\compaq connections\5577497\users\default\data\d0000000.fc s". The operation completed successfully
9:02 AM: Starting File Sweep
9:02 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
9:02 AM: Starting Cookie Sweep
9:02 AM: Registry Sweep Complete, Elapsed Time:00:00:09
9:02 AM: Starting Registry Sweep
9:02 AM: Memory Sweep Complete, Elapsed Time: 00:02:24
9:00 AM: Starting Memory Sweep
9:00 AM: Sweep initiated using definitions version 753
9:00 AM: Spy Sweeper 5.0.5.1286 started
9:00 AM: | Start of Session, Saturday, September 02, 2006 |
********
9:00 AM: | End of Session, Saturday, September 02, 2006 |
7:10 PM: Your spyware definitions have been updated.
7:09 PM: Automated check for program update in progress.
9:37 AM: None
9:37 AM: Traces Found: 0
9:37 AM: Full Sweep has completed. Elapsed time 00:37:37
9:37 AM: File Sweep Complete, Elapsed Time: 00:34:53
9:16 AM: Warning: Failed to access drive J:
9:16 AM: Warning: Failed to access drive I:
9:16 AM: Warning: Failed to access drive H:
9:16 AM: Warning: Failed to access drive G:
9:16 AM: Warning: Failed to access drive F:
9:16 AM: Warning: Failed to access drive E:
9:14 AM: Warning: Failed to open file "c:\documents and settings\compaq_administrator\application data\mozilla\firefox\profiles\quq1m6ax.default\par ent.lock". The operation completed successfully
9:14 AM: Warning: Failed to open file "c:\program files\compaq connections\5577497\users\default\data\d0000000.fc s". The operation completed successfully
9:02 AM: Starting File Sweep
9:02 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
9:02 AM: Starting Cookie Sweep
9:02 AM: Registry Sweep Complete, Elapsed Time:00:00:09
9:02 AM: Starting Registry Sweep
9:02 AM: Memory Sweep Complete, Elapsed Time: 00:02:28
9:00 AM: Starting Memory Sweep
9:00 AM: Sweep initiated using definitions version 752
9:00 AM: Spy Sweeper 5.0.5.1286 started
9:00 AM: | Start of Session, Friday, September 01, 2006 |
********
9:00 AM: | End of Session, Friday, September 01, 2006 |
7:09 PM: Your definitions are up to date.
7:09 PM: Automated check for program update in progress.
9:37 AM: None
9:37 AM: Traces Found: 0
9:37 AM: Full Sweep has completed. Elapsed time 00:37:15
9:37 AM: File Sweep Complete, Elapsed Time: 00:34:20
9:16 AM: Warning: Failed to access drive J:
9:16 AM: Warning: Failed to access drive I:
9:16 AM: Warning: Failed to access drive H:
9:16 AM: Warning: Failed to access drive G:
9:16 AM: Warning: Failed to access drive F:
9:16 AM: Warning: Failed to access drive E:
9:14 AM: Warning: Failed to open file "c:\documents and settings\compaq_administrator\application data\mozilla\firefox\profiles\quq1m6ax.default\par ent.lock". The operation completed successfully
9:14 AM: Warning: Failed to open file "c:\program files\compaq connections\5577497\users\default\data\d0000000.fc s". The operation completed successfully
9:02 AM: Starting File Sweep
9:02 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
9:02 AM: Starting Cookie Sweep
9:02 AM: Registry Sweep Complete, Elapsed Time:00:00:09
9:02 AM: Starting Registry Sweep
9:02 AM: Memory Sweep Complete, Elapsed Time: 00:02:42
9:00 AM: Starting Memory Sweep
9:00 AM: Sweep initiated using definitions version 752
9:00 AM: Spy Sweeper 5.0.5.1286 started
9:00 AM: | Start of Session, Thursday, August 31, 2006 |
********
9:00 AM: | End of Session, Thursday, August 31, 2006 |
7:08 PM: Your spyware definitions have been updated.
7:08 PM: Automated check for program update in progress.
9:37 AM: None
9:37 AM: Traces Found: 0
9:37 AM: Full Sweep has completed. Elapsed time 00:37:20
9:37 AM: File Sweep Complete, Elapsed Time: 00:34:55
9:15 AM: Warning: Failed to access drive J:
9:15 AM: Warning: Failed to access drive I:
9:15 AM: Warning: Failed to access drive H:
9:15 AM: Warning: Failed to access drive G:
9:15 AM: Warning: Failed to access drive F:
9:15 AM: Warning: Failed to access drive E:
9:14 AM: Warning: Failed to open file "c:\program files\compaq connections\5577497\users\default\data\d0000000.fc s". The operation completed successfully
9:02 AM: Starting File Sweep
9:02 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
9:02 AM: Starting Cookie Sweep
9:02 AM: Registry Sweep Complete, Elapsed Time:00:00:09
9:02 AM: Starting Registry Sweep
9:02 AM: Memory Sweep Complete, Elapsed Time: 00:02:11
9:00 AM: Starting Memory Sweep
9:00 AM: Sweep initiated using definitions version 751
9:00 AM: Spy Sweeper 5.0.5.1286 started
9:00 AM: | Start of Session, Wednesday, August 30, 2006 |
********

[robot_takeover]

will try, and respond as soon as im done. thanks. i thought it was weird though that spysweeper found NOTHING when i ran it in safemode, but it finds a rootkit every time i run in normal mode?