Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please Help - New To Site!


  • Please log in to reply
8 replies to this topic

#1 caincm

caincm

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 21 July 2007 - 02:48 PM

I would like some help to determine if my computer is still infected with any type of virus/malware/spyware, etc. I have previously tried to remove the Win Antispyware 2007. I found a bunch of "solutions" but am not sure that any of them have worked completely. I do know that I no longer have the flashing warning message in the lower right hand corner. One previous solution that I tried was to install SpyNoMore. I just recently ran the scan and it is still showing that I have 'winantivirus' on my system. I also ran PC Tools registy cleaner and my registry seems to be clean.

I don't know what else to do to find out if my system is infected still. I have installed and run the HiJackThis tool. Can someone point me in the right direction from here? Thanks so much!

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:30 AM

Posted 21 July 2007 - 06:37 PM

Hello caincm,

Welcome to Bleeping Computer :thumbsup:

If you will please post a new HijackThis log we'll see what still needs to be done.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 caincm

caincm
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 22 July 2007 - 08:47 AM

Hi Tea ~

Here is a new hijackthis log. Thanks!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:46:30 AM, on 7/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Memeo\AutoBackup\MemeoService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Norton AntiVirus\navw32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\webhelper.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [HPHUPD08] "c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe"
O4 - HKLM\..\Run: [DISCover] "C:\Program Files\DISC\DISCover.exe"
O4 - HKLM\..\Run: [DiscUpdateManager] "C:\Program Files\DISC\DiscUpdMgr.exe"
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Tracker] "C:\Program Files\MySoftware\MyInvoices\tracker.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: AutoBackup Launcher.lnk = C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://download-games.pogo.com/online2/pog...ameLauncher.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AutoBackup (BMUService) - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 11149 bytes

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:30 AM

Posted 24 July 2007 - 11:38 AM

Hello,

Let's see what this finds then :

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 caincm

caincm
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 24 July 2007 - 05:57 PM

Hi again ~

Here is the Combofix Log:

"HP_Administrator" - 2007-07-24 17:51:46 [GMT -5:00] - ComboFix 07-07-24.5 - Service Pack 2 NTFS
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000009_.tmp.dll


((((((((((((((((((((((((( Files Created from 2007-06-24 to 2007-07-24 )))))))))))))))))))))))))))))))


2007-07-24 17:51 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-23 18:02 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB8.sys
2007-07-23 18:02 1,520,952 --a------ C:\WINDOWS\WRSetup.dll
2007-07-22 08:56 <DIR> d-------- C:\Program Files\Autoruns
2007-07-08 14:56 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2007-07-08 14:56 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2007-07-08 14:56 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2007-07-08 14:56 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2007-07-08 14:56 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2007-07-08 14:55 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-07-08 14:55 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-07-08 14:55 51,328 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2007-07-08 14:55 48,128 --a------ C:\WINDOWS\system32\drivers\61883.sys
2007-07-08 14:55 38,912 --a------ C:\WINDOWS\system32\drivers\avc.sys
2007-07-08 14:55 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2007-07-08 14:51 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\muvee Technologies
2007-07-08 14:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\muvee Technologies
2007-07-08 11:19 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Hewlett-Packard
2007-07-08 10:36 <DIR> d-------- C:\Program Files\Memeo
2007-07-08 10:36 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Tanagra
2007-07-08 10:35 <DIR> d-------- C:\Program Files\Seagate


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-23 23:18:18 -------- d-----w C:\Program Files\Quicken
2007-07-23 12:30:58 -------- d-----w C:\Program Files\music_now
2007-07-21 20:21:09 -------- d-----w C:\Program Files\HP Games
2007-07-21 20:20:24 -------- d-----w C:\Program Files\Enigma Software Group
2007-07-21 20:15:09 -------- d-----w C:\DOCUME~1\HP_ADM~1\APPLIC~1\AdobeUM
2007-07-21 18:17:36 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-07-08 15:36:59 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-21 23:43:52 23,864 ----a-w C:\WINDOWS\system32\drivers\sskbfd.sys
2007-06-21 23:43:52 21,816 ----a-w C:\WINDOWS\system32\drivers\sshrmd.sys
2007-06-21 23:43:52 160,056 ----a-w C:\WINDOWS\system32\drivers\ssidrv.sys
2007-06-17 03:21:59 4,336 ----a-w C:\WINDOWS\system32\tmp.reg
2007-06-05 01:05:54 5,037,072 ----a-w C:\Program Files\spybotsd14.exe
2007-06-05 00:58:07 -------- d-----w C:\Program Files\SpyNoMore
2007-06-05 00:20:19 1,152 ----a-w C:\WINDOWS\system32\windrv.sys
2007-06-05 00:19:36 -------- d-----w C:\Program Files\Common Files\Download Manager
2007-06-05 00:18:42 128,592 ----a-w C:\Program Files\Download_spynomore.exe
2007-06-02 15:36:24 164 ----a-w C:\install.dat
2007-06-02 15:35:35 13,198,600 ----a-w C:\Program Files\sspsetup1_1.exe
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2006-09-01 13:56:14 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 18:19 C:\WINDOWS\arpwrmsg.exe]
"nwiz"="nwiz.exe" [2006-01-24 14:15 C:\WINDOWS\system32\nwiz.exe]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 18:35]
"DISCover"="C:\Program Files\DISC\DISCover.exe" [2006-03-15 21:12]
"DiscUpdateManager"="C:\Program Files\DISC\DiscUpdMgr.exe" [2006-03-15 21:11]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 04:05]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 17:34]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"Tracker"="C:\Program Files\MySoftware\MyInvoices\tracker.exe" [2005-12-12 17:50]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 17:44]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 20:22]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-05-23 15:30]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"StxTrayMenu"="C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe" [2007-01-18 13:20]
"@"="" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-06-21 18:57]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-09 16:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]

C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\
AutoBackup Launcher.lnk - C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe [2007-02-08 17:38:14]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22]
Updates From HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [2006-05-23 15:47:50]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService]

R0 bb-run;Promise driver accelerator;C:\WINDOWS\system32\DRIVERS\bb-run.sys
R0 ftsata2;ftsata2;C:\WINDOWS\system32\DRIVERS\ftsata2.sys
R0 iaStor;Intel RAID Controller;C:\WINDOWS\system32\DRIVERS\iaStor.sys
R0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;C:\WINDOWS\system32\Drivers\SSFS0BB8.SYS
R0 SSHRMD;Spy Sweeper Hookrack MiniDriver;C:\WINDOWS\system32\Drivers\SSHRMD.SYS
R0 SSIDRV;Spy Sweeper Interdiction Driver;C:\WINDOWS\system32\Drivers\SSIDRV.SYS
R1 AmdK8;AMD Processor Driver;C:\WINDOWS\system32\DRIVERS\AmdK8.sys
R1 SRTSPX;SRTSPX;C:\WINDOWS\system32\Drivers\SRTSPX.SYS
R2 ARSVC;ARSVC;C:\WINDOWS\arservice.exe
R2 ehRecvr;Media Center Receiver Service;C:\WINDOWS\eHome\ehRecvr.exe
R2 ehSched;Media Center Scheduler Service;C:\WINDOWS\eHome\ehSched.exe
R2 McrdSvc;Media Center Extender Service;C:\WINDOWS\ehome\mcrdsvc.exe
R3 aracpi;aracpi;C:\WINDOWS\system32\DRIVERS\aracpi.sys
R3 arhidfltr;MS Ar HID Filter Driver;C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
R3 arkbcfltr;Microsoft PS2 Keyboard Filter;C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
R3 armoucfltr;Microsoft PS2 Mouse Filter;C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
R3 ARPolicy;ARPolicy;C:\WINDOWS\system32\DRIVERS\arpolicy.sys
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
R3 HidUsb;Microsoft HID Class Driver;C:\WINDOWS\system32\DRIVERS\hidusb.sys
R3 HSX_DP;HSX_DP;C:\WINDOWS\system32\DRIVERS\HSX_DP.sys
R3 HSXHWBS2;HSXHWBS2;C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys
R3 Ps2;PS2;C:\WINDOWS\system32\DRIVERS\PS2.sys
R3 SRTSP;SRTSP;C:\WINDOWS\system32\Drivers\SRTSP.SYS
R3 SSKBFD;Webroot Spy Sweeper Keylogger Shield Keyboard Filter;C:\WINDOWS\system32\Drivers\sskbfd.sys
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbehci.sys
R3 usbhub;USB2 Enabled Hub;C:\WINDOWS\system32\DRIVERS\usbhub.sys
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbohci.sys
R3 usbstor;USB Mass Storage Driver;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
R3 winachsx;winachsx;C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
S3 61883;61883 Unit Device;C:\WINDOWS\system32\DRIVERS\61883.sys
S3 Avc;AVC Device;C:\WINDOWS\system32\DRIVERS\avc.sys
S3 Fax;Fax;C:\WINDOWS\system32\fxssvc.exe
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12;C:\WINDOWS\system32\DRIVERS\HPZius12.sys
S3 MHN;MHN;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 MHNDRV;MHN driver;C:\WINDOWS\system32\DRIVERS\mhndrv.sys
S3 MSDV;Microsoft DV Camera and VCR;C:\WINDOWS\system32\DRIVERS\msdv.sys
S3 SRTSPL;SRTSPL;C:\WINDOWS\system32\Drivers\SRTSPL.SYS
S3 usbccgp;Microsoft USB Generic Parent Driver;C:\WINDOWS\system32\DRIVERS\usbccgp.sys
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
S3 usbscan;USB Scanner Driver;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbuhci.sys
S3 WpdUsb;WpdUsb;C:\WINDOWS\system32\DRIVERS\wpdusb.sys


Contents of the 'Scheduled Tasks' folder
2007-05-26 03:08:53 C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - HP_Administrator.job
2007-07-23 22:00:02 C:\WINDOWS\tasks\wrSpySweeper_L5A8FBD7E87644B69B5FCB9C01FE03DB7.job
2007-07-21 20:16:11 C:\WINDOWS\tasks\wrSpySweeper_LC3A11336DAB441DB87E770C3D99046D4.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-24 17:54:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:0000043a

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-24 17:55:10
C:\ComboFix-quarantined-files.txt ... 2007-07-24 17:54

--- E O F ---

And here is the new Hijackthis Log. Thanks for your help!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:57:12 PM, on 7/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\MySoftware\MyInvoices\tracker.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Memeo\AutoBackup\MemeoService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
C:\Program Files\DISC\DiscStreamHub.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\webhelper.dll
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [HPHUPD08] "c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe"
O4 - HKLM\..\Run: [DISCover] "C:\Program Files\DISC\DISCover.exe"
O4 - HKLM\..\Run: [DiscUpdateManager] "C:\Program Files\DISC\DiscUpdMgr.exe"
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Tracker] "C:\Program Files\MySoftware\MyInvoices\tracker.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: AutoBackup Launcher.lnk = C:\Program Files\Memeo\AutoBackup\MemeoLauncher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} (Playtime Games Launcher) - http://download-games.pogo.com/online2/pog...ameLauncher.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AutoBackup (BMUService) - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 11005 bytes

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:30 AM

Posted 25 July 2007 - 11:24 PM

Hello,
How is it running now please? I see you have SpySweeper.....could you be sure it's updated and run a scan with it, please? I'd like to see the report when you let me know how it's running. :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 caincm

caincm
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 27 July 2007 - 07:06 PM

Hi! It seems to be running good. I have just started the SpySweeper Full Scan. I think it takes a little while, so I will post the log when it finishes. So everything else looks okay to you?

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:30 AM

Posted 28 July 2007 - 05:19 PM

Hello,

Thanks for running that for me. I want to be sure there's nothing lurking in the registry before I give you the all clear. You never know, and no one program is all seeing. :thumbsup:

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 caincm

caincm
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:30 AM

Posted 28 July 2007 - 06:42 PM

Here is the Spy Sweeper Log. Yikes! It seems like there may be some problems?? For some reason it posts the log in reverse so the beginning is at the bottom of this reply. Thanks for helping me out!

6:36 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:36 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:36 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:35 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:35 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:35 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:35 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:35 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:35 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:35 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:34 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:34 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:34 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:34 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:34 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:34 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:34 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:32 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:32 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:32 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:32 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:32 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:31 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:31 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:31 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:31 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:31 PM: IE Tracking Cookies Shield: Removed pointroll cookie
6:31 PM: IE Tracking Cookies Shield: Removed specificclick.com cookie
6:31 PM: IE Tracking Cookies Shield: Removed specificclick.com cookie
6:31 PM: IE Tracking Cookies Shield: Removed specificclick.com cookie
6:31 PM: IE Tracking Cookies Shield: Removed specificclick.com cookie
6:31 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:31 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:30 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:30 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:30 PM: IE Tracking Cookies Shield: Removed pointroll cookie
6:30 PM: IE Tracking Cookies Shield: Removed specificclick.com cookie
6:30 PM: IE Tracking Cookies Shield: Removed specificclick.com cookie
6:30 PM: IE Tracking Cookies Shield: Removed specificclick.com cookie
6:30 PM: Warning: Unable to remove cookie c:\documents and settings\hp_administrator\cookies\hp_administrator@adopt.specificclick[1].txt
6:30 PM: IE Tracking Cookies Shield: Removed specificclick.com cookie
6:30 PM: IE Tracking Cookies Shield: Removed specificclick.com cookie
6:30 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:30 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:30 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:30 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:30 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:30 PM: IE Tracking Cookies Shield: Removed pointroll cookie
6:30 PM: IE Tracking Cookies Shield: Removed pointroll cookie
6:30 PM: IE Tracking Cookies Shield: Removed specificclick.com cookie
6:30 PM: IE Tracking Cookies Shield: Removed specificclick.com cookie
6:30 PM: IE Tracking Cookies Shield: Removed specificclick.com cookie
6:30 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:30 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:29 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:29 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:29 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:29 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:29 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:28 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:28 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:28 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:28 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:28 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:27 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:27 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:26 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
6:26 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
5:29 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
5:29 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
5:28 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
5:28 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
5:28 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
5:28 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
5:28 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
5:28 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
5:28 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
5:28 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
5:28 PM: IE Tracking Cookies Shield: Removed 2o7.net cookie
Keylogger: On
E-mail Attachment: On
5:23 PM: Informational: ShieldEmail: Start monitoring port 25 for mail activities
5:23 PM: Informational: ShieldEmail: Start monitoring port 110 for mail activities
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: On
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
File System Shield: On
Execution Shield: On
System Services Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: On
5:23 PM: Shield States
5:23 PM: Spyware Definitions: 956
5:23 PM: Informational: Loaded AntiVirus Engine: 2.47.0; SDK Version: 4.19E; Virus Definitions: 7/27/2007 5:43:44 PM (GMT)
5:22 PM: Spy Sweeper 5.5.1.3356 started
5:22 PM: Spy Sweeper 5.5.1.3356 started
5:22 PM: | Start of Session, Saturday, July 28, 2007 |
***************
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:30 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:30 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:30 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:30 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:30 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:30 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:30 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:29 PM: Tamper Detection
9:01 PM: Warning: DoTerm :\Device\HarddiskVolume1\WINDOWS\system32\csrss.exe
9:00 PM: Warning: DoTerm :\Device\HarddiskVolume1\WINDOWS\system32\csrss.exe
9:00 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\WINDOWS\TEMP\00000AA5]
9:00 PM: Warning: DoTerm :\Device\HarddiskVolume1\WINDOWS\system32\csrss.exe
9:00 PM: Warning: DoTerm :\Device\HarddiskVolume1\WINDOWS\system32\csrss.exe
9:00 PM: Warning: DoTerm :\Device\HarddiskVolume1\WINDOWS\system32\csrss.exe
9:00 PM: Warning: DoTerm :\Device\HarddiskVolume1\WINDOWS\system32\csrss.exe
8:59 PM: Warning: DoTerm :\Device\HarddiskVolume1\WINDOWS\system32\csrss.exe
8:59 PM: Warning: DoTerm :\Device\HarddiskVolume1\WINDOWS\system32\csrss.exe
8:59 PM: Warning: DoTerm :\Device\HarddiskVolume1\WINDOWS\system32\csrss.exe
8:59 PM: Warning: DoTerm :\Device\HarddiskVolume1\WINDOWS\system32\csrss.exe
8:58 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\WINDOWS\TEMP\000008C0]
8:57 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\WINDOWS\TEMP\00000882]
8:55 PM: Warning: DoTerm :\Device\HarddiskVolume1\WINDOWS\system32\csrss.exe
8:55 PM: Warning: DoTerm :\Device\HarddiskVolume1\WINDOWS\system32\csrss.exe
8:51 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\WINDOWS\TEMP\00000654]
8:50 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\WINDOWS\TEMP\0000062F]
8:49 PM: Access to Hosts file blocked for C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\APPCORE\APPSVC32.EXE
8:48 PM: Access to Hosts file blocked for C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\APPCORE\APPSVC32.EXE
8:45 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\WINDOWS\TEMP\0000060B]
Operation: File Access
Target:
Source: C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\APPCORE\APPSVC32.EXE
8:40 PM: Tamper Detection
8:29 PM: Warning: DoTerm :\Device\HarddiskVolume1\WINDOWS\system32\csrss.exe
8:29 PM: Warning: DoTerm :\Device\HarddiskVolume1\WINDOWS\system32\csrss.exe
8:29 PM: Warning: DoTerm :\Device\HarddiskVolume1\WINDOWS\system32\csrss.exe
8:29 PM: Warning: DoTerm :\Device\HarddiskVolume1\WINDOWS\system32\csrss.exe
8:29 PM: Warning: DoTerm :\Device\HarddiskVolume1\WINDOWS\system32\csrss.exe
8:28 PM: Warning: DoTerm :\Device\HarddiskVolume1\WINDOWS\system32\csrss.exe
8:28 PM: Warning: DoTerm :\Device\HarddiskVolume1\WINDOWS\system32\csrss.exe
8:28 PM: Warning: DoTerm :\Device\HarddiskVolume1\WINDOWS\system32\csrss.exe
8:11 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\WINDOWS\TEMP\0000018E]
8:11 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\WINDOWS\TEMP\0000018B]
8:10 PM: Warning: DoTerm :\Device\HarddiskVolume1\WINDOWS\system32\csrss.exe
8:10 PM: Warning: DoTerm :\Device\HarddiskVolume1\WINDOWS\system32\csrss.exe
8:10 PM: Warning: DoTerm :\Device\HarddiskVolume1\WINDOWS\system32\csrss.exe
8:10 PM: Warning: DoTerm :\Device\HarddiskVolume1\WINDOWS\system32\csrss.exe
8:09 PM: Warning: DoTerm :\Device\HarddiskVolume1\WINDOWS\system32\csrss.exe
8:09 PM: Warning: DoTerm :\Device\HarddiskVolume1\WINDOWS\system32\csrss.exe
8:05 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\ADOBE\ACROBAT\7.0\MESSAGES\ENU\READ0700WIN_ENUADBE0700.PDF]
8:05 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR\APPLICATION DATA\ADOBE\ACROBAT\7.0\MESSAGES\ENU\READ0700WIN_ENUADBE0700.PDF]
8:04 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\WINDOWS\TEMP\0000007D]
7:52 PM: None
7:52 PM: Traces Found: 0
7:52 PM: Full Sweep has completed. Elapsed time 00:48:33
7:52 PM: File Sweep Complete, Elapsed Time: 00:43:35
7:43 PM: Warning: SweepDirectories: Cannot find directory "i:". This directory was not added to the list of paths to be scanned.
7:43 PM: Warning: SweepDirectories: Cannot find directory "h:". This directory was not added to the list of paths to be scanned.
7:43 PM: Warning: SweepDirectories: Cannot find directory "g:". This directory was not added to the list of paths to be scanned.
7:43 PM: Warning: SweepDirectories: Cannot find directory "f:". This directory was not added to the list of paths to be scanned.
7:43 PM: Warning: SweepDirectories: Cannot find directory "e:". This directory was not added to the list of paths to be scanned.
7:40 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [d:\i386\apps\app25782\src\adberdr7.0.5_enu_oem3343.exe]
7:40 PM: Warning: DoTerm :\Device\HarddiskVolume1\WINDOWS\system32\csrss.exe
7:35 PM: Warning: DoTerm :\Device\HarddiskVolume1\WINDOWS\system32\csrss.exe
7:35 PM: Warning: DoTerm :\Device\HarddiskVolume1\WINDOWS\system32\csrss.exe
7:35 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\hp_administrator\ntuser.dat]
7:34 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\windows\system32\config\software]
7:34 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\windows\system32\config\system]
7:34 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\windows\system32\config\default]
7:33 PM: Warning: DoTerm :\Device\HarddiskVolume1\WINDOWS\system32\csrss.exe
7:33 PM: Warning: DoTerm :\Device\HarddiskVolume1\WINDOWS\system32\csrss.exe
7:33 PM: Warning: DoTerm :\Device\HarddiskVolume1\WINDOWS\system32\csrss.exe
7:31 PM: Warning: DoTerm :\Device\HarddiskVolume1\WINDOWS\system32\csrss.exe
7:30 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\hp_administrator\application data\adobe\acrobat\7.0\messages\enu\read0700win_enuadbe0700.pdf]
7:28 PM: Warning: DoTerm :\Device\HarddiskVolume1\WINDOWS\system32\csrss.exe
7:25 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\pagefile.sys]
7:25 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\hiberfil.sys]
7:22 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\windows\system32\catroot2\tmp.edb]
7:21 PM: Warning: DoTerm :\Device\HarddiskVolume1\WINDOWS\system32\csrss.exe
7:13 PM: Warning: DoTerm :\Device\HarddiskVolume1\WINDOWS\system32\csrss.exe
7:12 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\windows\system32\config\security]
7:11 PM: Warning: MailShield: Proxy select() timed out after 10 minutes
7:09 PM: Starting File Sweep
7:09 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
7:09 PM: Starting Cookie Sweep
7:09 PM: Registry Sweep Complete, Elapsed Time:00:00:13
7:08 PM: Starting Registry Sweep
7:08 PM: Memory Sweep Complete, Elapsed Time: 00:04:41
7:06 PM: ApplicationMinimized - EXIT
7:06 PM: ApplicationMinimized - ENTER
7:04 PM: Starting Memory Sweep
7:04 PM: Start Full Sweep
7:04 PM: Sweep initiated using definitions version 956
7:02 PM: Your virus definitions have been updated.
7:02 PM: Informational: Loaded AntiVirus Engine: 2.47.0; SDK Version: 4.19E; Virus Definitions: 7/27/2007 5:43:44 PM (GMT)
7:01 PM: Your spyware definitions have been updated.
7:01 PM: Automated check for program update in progress.
Keylogger: On
7:01 PM: Informational: ShieldEmail: Start monitoring port 25 for mail activities
E-mail Attachment: On
7:01 PM: Informational: ShieldEmail: Start monitoring port 110 for mail activities
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: On
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
File System Shield: On
Execution Shield: On
System Services Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: On
7:01 PM: Shield States
7:01 PM: Spyware Definitions: 954
7:01 PM: Informational: Loaded AntiVirus Engine: 2.47.0; SDK Version: 4.19E; Virus Definitions: 7/25/2007 12:12:40 PM (GMT)
6:59 PM: Spy Sweeper 5.5.1.3356 started
6:59 PM: Spy Sweeper 5.5.1.3356 started
6:59 PM: | Start of Session, Friday, July 27, 2007




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users