Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tagasaurus Infection


  • This topic is locked This topic is locked
21 replies to this topic

#1 shred1970

shred1970

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:22 PM

Posted 04 September 2007 - 08:46 PM

Hi, I seem to have picked up a Tagasaurus infection that wont go away. Here's my latest log. Thanks in advance for any help :thumbsup:

Logfile of HijackThis v1.99.1
Scan saved at 11:41:08 AM, on 5/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
D:\avg\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
D:\Program Files\Comodo\Firewall\CPF.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
D:\Program Files\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dmcs.com.au/home
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [COMODO Firewall Pro] "D:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB9AA6A8-755D-498A-8E1B-BD9D37CF5FD4}: NameServer = 203.194.56.150 203.194.27.57
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\avg\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - D:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
" Those who wander from the way of understanding will surely rest in the assembly of the dead." - Author unknown.

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:22 AM

Posted 17 September 2007 - 09:35 AM

Hello shred1970,

Welcome back to Bleeping Computer :flowers:

Sorry about the delay.:thumbsup: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 shred1970

shred1970
  • Topic Starter

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:22 PM

Posted 19 September 2007 - 08:28 PM

Hi teacup61. The Tagasaurus infection is popping up every 2nd or 3rd time I run Spybot. Here's my new HijackThis log.
Thanks again for your help


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:20:47 AM, on 20/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
D:\avg\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
D:\Program Files\Comodo\Firewall\CPF.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dmcs.com.au/home
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [COMODO Firewall Pro] "D:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB9AA6A8-755D-498A-8E1B-BD9D37CF5FD4}: NameServer = 203.194.56.150 203.194.27.57
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\avg\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - D:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 6646 bytes
" Those who wander from the way of understanding will surely rest in the assembly of the dead." - Author unknown.

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:22 AM

Posted 19 September 2007 - 11:12 PM

Hello,

Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Please make sure AVG AntiSpyware is fully updated and run a scan in safe mode with it. Save the report and boot back into normal mode. Post the report for me, please, along with a new HijackThis log and let me know how it's running now. :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 shred1970

shred1970
  • Topic Starter

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:22 PM

Posted 20 September 2007 - 08:42 PM

Hi, I ran the ATF cleaner as well as the CCleaner. Whilst in safe mode though, AVG antispyware didn't save a report even though all the setting were cecked to do so. Anyways AVG antispyware said "scan complete. Nothing found." There doesn't seem to be much difference in the running of my pc apart from being a little slower because of the ATF and CCleaner getting rid of the temp folders. Anyways here is my new HiJackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:29 AM, on 21/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
D:\avg\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dmcs.com.au/home
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [COMODO Firewall Pro] "D:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB9AA6A8-755D-498A-8E1B-BD9D37CF5FD4}: NameServer = 203.194.56.150 203.194.27.57
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\avg\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - D:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 6628 bytes
" Those who wander from the way of understanding will surely rest in the assembly of the dead." - Author unknown.

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:22 AM

Posted 21 September 2007 - 07:53 AM

Hello,

That's okay, and thanks for letting me know that nothing was found. Let's see what might be lurking in the registry :

Download the trial version of Spy Sweeper from
Here


Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)

You will be prompted to check for updated definitions, please do so.
(This may take several minutes)

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.

Click on Sweep and allow it to fully scan your system.

When the sweep has finished, click Remove. Click Select All and then Next

From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.

Exit Spy Sweeper.

Restart your computer, and then please copy and paste the SpySweeper log into this thread.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 shred1970

shred1970
  • Topic Starter

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:22 PM

Posted 23 September 2007 - 01:04 AM

Hi again. I downloaded the Spy sweeper with ativirus by accident ( should I redownload it to just spysweeper ?) but I think it may have been a good mistake as it found a trojan virus on my pc. here is the log ... It's quite big though so I will include another hyjackThis log in a new post.




3:38 PM: Removal process completed. Elapsed time 00:02:24
3:37 PM: Quarantining All Traces: mirar webband
3:37 PM: Quarantining All Traces: coolwebsearch (cws)
3:36 PM: Quarantining All Traces: Mal/HckPk-A
3:36 PM: Quarantining All Traces: Mal/Behav-053
3:36 PM: Quarantining All Traces: Mal/Packer
3:36 PM: Quarantining All Traces: Mal/HckPk-D
3:36 PM: Informational: Virus infected file c:\documents and settings\shredder\local settings\application data\microsoft\messenger\bearguitar7@yahoo.com.au\sharing folders\neil.osborn@bigpond.com\winmx music\03 track 3 (comedy).wma not cleaned.
3:36 PM: Informational: Virus infected file d:\program files\winmx music\winmx music old\03 track 3 (comedy).wma not cleaned.
3:36 PM: Quarantining All Traces: Troj/Wimad-D
3:36 PM: Quarantining All Traces: virtumonde
3:36 PM: Removal process initiated
3:34 PM: Traces Found: 16
3:34 PM: Full Sweep has completed. Elapsed time 01:00:40
3:34 PM: File Sweep Complete, Elapsed Time: 00:55:36
3:30 PM: D:\Install\Multimedia\TVTool.v9.6.1.Incl.Keygen-ORiON.rar (ID = 0)
3:30 PM: D:\Install\Multimedia\Tiamat Micro DVD Player v1.2.zip (ID = 0)
3:30 PM: Informational: Detected virus Mal/Packer in file d:\install\multimedia\tvtool.v9.6.1.incl.keygen-orion.rar object Keygen.exe
3:30 PM: Informational: Detected virus Mal/Packer in file d:\install\multimedia\tiamat micro dvd player v1.2.zip object Tiamat.Micro.DVD.Player.v1.2-ROR\rortmp12.zip\ror.rar\keygen.exe
3:29 PM: ApplicationMinimized - EXIT
3:29 PM: ApplicationMinimized - ENTER
3:26 PM: D:\Install\Multimedia\Micro_DVD_Player_v1.2.zip (ID = 0)
3:26 PM: Informational: Detected virus Mal/Packer in file d:\install\multimedia\micro_dvd_player_v1.2.zip object keygen.exe
3:25 PM: D:\Install\Multimedia\i-Sound WMA-MP3 Recorder Pro 6.00.zip (ID = 0)
3:25 PM: D:\Install\Multimedia\i-Sound WMA-MP3 Recorder Pro 6.00.zip (ID = 0)
3:25 PM: Found Mal/HckPk-A: Mal/HckPk-A
3:25 PM: Informational: Detected virus Mal/HckPk-A in file d:\install\multimedia\i-sound wma-mp3 recorder pro 6.00.zip object setup.exe\\FILE:0002
3:25 PM: Informational: Detected virus Mal/HckPk-A in file d:\install\multimedia\i-sound wma-mp3 recorder pro 6.00.zip object setup.exe\\FILE:0001
3:25 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [d:\install\multimedia\dfxae7.300.rar]
3:25 PM: Warning: TCompressedFile.GetStreams(1): Stream read error
3:24 PM: D:\Install\Utilz\serials.2000.7.1.plus.build.06.16.04.release.tool-rev.rar (ID = 0)
3:24 PM: Informational: Detected virus Mal/Packer in file d:\install\utilz\serials.2000.7.1.plus.build.06.16.04.release.tool-rev.rar object setup.exe
3:23 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [d:\program files\bgp2p\plugins\ceva_vfs.cvd.cab]
3:23 PM: Warning: TCompressedFile.GetStreams(2): Stream read error
3:23 PM: D:\Install\Cracks\DFX.For.Winamp_v7.257.zip (ID = 0)
3:23 PM: Found Mal/Behav-053: Mal/Behav-053
3:23 PM: Informational: Detected virus Mal/Behav-053 in file d:\install\cracks\dfx.for.winamp_v7.257.zip object DFX.Audio.Enhancer.For.Winamp.2.and.5.v7.257.WinALL.Incl.Keymaker-CORE\CR-D72WP.exe
3:22 PM: D:\Install\Cracks\i-Sound v5.56.zip (ID = 0)
3:22 PM: Informational: Detected virus Mal/Packer in file d:\install\cracks\i-sound v5.56.zip object Keygen.exe
3:22 PM: D:\Install\Cracks\Macromedia_Studio_MX_2004_Generic_Crack_by_n-GEN.zip (ID = 0)
3:22 PM: Informational: Detected virus Mal/Packer in file d:\install\cracks\macromedia_studio_mx_2004_generic_crack_by_n-gen.zip object Studio_Mx_2004_Crack.exe
3:22 PM: D:\Install\Cracks\WinAmp.Pro.v5.08.WinALL.Cracked-DVT.ZIP (ID = 0)
3:22 PM: Found Mal/Packer: Mal/Packer
3:22 PM: Informational: Detected virus Mal/Packer in file d:\install\cracks\winamp.pro.v5.08.winall.cracked-dvt.zip object WinAmp.Pro.v5.08.WinALL.Cracked-DVT\crack\crack.exe
3:22 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [d:\program files\bgp2p\plugins\ceva_dll.cvd.cab]
3:22 PM: Warning: TCompressedFile.GetStreams(2): Stream read error
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [d:\my shared folder\ps2bbdb2k.rar]
3:22 PM: Warning: TCompressedFile.GetStreams(1): Stream read error
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\altnet9.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\hotbar5.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\hotbar4.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\altnet7.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\altnet6.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\altnet5.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\altnet4.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\altnet.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\hotbar1.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\hotbar10.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\hotbar7.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zango10.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zango9.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zango8.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zango7.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zango6.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zango5.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zango4.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zango3.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zango2.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zango1.zip]
3:22 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zango.zip]
3:21 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\commonname.zip]
3:21 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch16.zip]
3:21 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\virtumondegeneric2.zip]
3:21 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\virtumondegeneric1.zip]
3:21 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\virtumondegeneric.zip]
3:21 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funwebproducts9.zip]
3:21 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\webhancer14.zip]
3:21 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\webhancer.zip]
3:21 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\webhancer10.zip]
3:21 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch33.zip]
3:21 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\webhancer19.zip]
3:21 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\webhancer9.zip]
3:21 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\webhancer4.zip]
3:21 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\adscontexurlchanger.zip]
3:21 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\altnet2.zip]
3:21 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funwebproducts11.zip]
3:21 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\windowssecuritycenterantivirusdisablenotify5.zip]
3:21 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\windowssecuritycenterantivirusdisablenotify4.zip]
3:21 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funweb1.zip]
3:21 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudctoolbar7.zip]
3:21 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch27.zip]
3:21 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudctoolbar6.zip]
3:21 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funwebproducts16.zip]
3:21 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch31.zip]
3:21 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\altnet1.zip]
3:21 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zango11.zip]
3:21 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funweb13.zip]
3:21 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funwebproducts10.zip]
3:21 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywebsearch9.zip]
3:21 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywebsearch5.zip]
3:21 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywebsearch10.zip]
3:21 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywebsearch16.zip]
3:21 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funwebproducts17.zip]
3:21 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\hotbar8.zip]
3:21 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funweb2.zip]
3:21 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funweb10.zip]
3:21 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\webhancer18.zip]
3:21 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch28.zip]
3:21 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch15.zip]
3:21 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funwebproducts4.zip]
3:21 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywebsearch19.zip]
3:21 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywebsearch7.zip]
3:21 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\webhancer13.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch18.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywebsearch8.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funweb11.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch32.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funwebproducts7.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\webhancer7.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\webhancer6.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywebsearch4.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywebsearch.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\webhancer5.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\webhancer8.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funwebproducts18.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch19.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funwebproducts19.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch14.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\webhancer11.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudctoolbar.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funwebproducts33.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funwebproducts32.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funwebproducts31.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch53.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch13.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funwebproducts30.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywebsearch12.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywebsearch13.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funweb3.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funweb6.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funwebproducts29.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\inetloader1.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch12.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch52.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch11.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\inetloader.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywebsearch14.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch51.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch50.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch49.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch48.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funwebproducts28.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funwebproducts27.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch47.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywebsearch1.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch46.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch45.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funwebproducts12.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch56.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch44.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch35.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch36.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\webhancer20.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch37.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch38.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funwebproducts26.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funwebproducts6.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch39.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch40.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch41.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch42.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch43.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funwebproducts25.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch10.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funwebproducts24.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funwebproducts23.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funwebproducts22.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funwebproducts8.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funwebproducts21.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\windowssecuritycenterantivirusdisablenotify6.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\coolwwwsearchbadzonemap.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funwebproducts20.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywebsearch17.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywebsearch15.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\coolwwwsearchbadzonemap1.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funweb14.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywebsearch11.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funweb8.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funweb4.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\cydoor.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funwebproducts2.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\hotbar9.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funweb5.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch54.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch55.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywebsearch18.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch26.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funweb7.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funwebproducts1.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch9.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\coolwwwsearchbadzonemap2.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywebsearch20.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\webhancer15.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch1.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\webhancer2.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\virtumonde1.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funwebproducts.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\webhancer3.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funweb12.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudctoolbar4.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywebsearch3.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywebsearch6.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch17.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funwebproducts14.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\coolwwwsearchbadzonemap3.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\webhancer16.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch20.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch2.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch21.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\coolwwwsearchbadzonemap4.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\webhancer17.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch3.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\coolwwwsearchbadzonemap5.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\hotbar.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\coolwwwsearchgooglems.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\coolwwwsearchgooglems1.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywebsearch2.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\webhancer1.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\windowssecuritycenterantivirusdisablenotify3.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\coolwwwsearch.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\neededware.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudc.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudc1.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudc2.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\virtumonde.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funwebproducts3.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch4.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\hotbar11.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\webhancer12.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\altnet8.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch5.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudc3.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch22.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch6.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\windowssecuritycenterantivirusdisablenotify2.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\windowssecuritycenterantivirusdisablenotify1.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funwebproducts34.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudctoolbar3.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funwebproducts13.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\windowssecuritycenterantivirusdisablenotify.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudctoolbar2.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch23.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudctoolbar5.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudctoolbar1.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudc4.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudc5.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funwebproducts5.zip]
3:20 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funweb.zip]
3:19 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch24.zip]
3:19 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch29.zip]
3:19 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\altnet3.zip]
3:19 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funweb9.zip]
3:19 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch30.zip]
3:19 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\hotbar6.zip]
3:19 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funwebproducts15.zip]
3:19 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch8.zip]
3:19 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch34.zip]
3:19 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymybar.zip]
3:19 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\hotbar3.zip]
3:19 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\hotbar2.zip]
3:19 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch25.zip]
3:19 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\smitfraudctoolbar8.zip]
3:19 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch7.zip]
3:19 PM: Warning: SweepDirectories: Cannot find directory "f:". This directory was not added to the list of paths to be scanned.
3:19 PM: Warning: SweepDirectories: Cannot find directory "e:". This directory was not added to the list of paths to be scanned.
3:18 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [d:\my shared folder\real one player v9.0.exe]
3:17 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [d:\install\appz\asap_utilities_3.09.exe]
3:16 PM: D:\Program Files\WinMX Music\WinMX Music old\03 Track 3 (comedy).wma (ID = 0)
3:16 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [d:\install\drivers\audio\via fix for kt133 with soundblaster live.exe]
3:04 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [d:\install\utilz\winzip90.exe]
3:04 PM: Warning: AntiVirus engine for IFO returned [Error Code A0040237] on [d:\program files\multimedia launcher\skin\mpanelblue.skn]
3:01 PM: D:\Install\Cracks\MS-CDKeyGen.exe (ID = 0)
3:01 PM: Found Mal/HckPk-D: Mal/HckPk-D
3:00 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms1d565212-5fb4-4ba6-a4be-fa0018e4c2b0.tmp]
3:00 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms72394d59-e58e-4cd3-b141-10bf3292ce24.tmp]
3:00 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms509add3b-cd4a-4c44-84f2-8f5408d70e20.tmp]
3:00 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms0e8cf7cf-79e3-4d39-a6cd-f89015741e63.tmp]
3:00 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsbde84523-4904-4c46-b9d4-36392ed89c03.tmp]
3:00 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsed4f6d56-0554-4a51-b596-73eb25b54260.tmp]
3:00 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsb5949bfd-7a34-4300-a323-10f2cd8b98e3.tmp]
3:00 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms0e671bd6-d027-4526-8290-9fc83cc29e69.tmp]
3:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms1d565212-5fb4-4ba6-a4be-fa0018e4c2b0.tmp". The operation completed successfully
3:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms72394d59-e58e-4cd3-b141-10bf3292ce24.tmp". The operation completed successfully
3:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms509add3b-cd4a-4c44-84f2-8f5408d70e20.tmp". The operation completed successfully
3:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms0e8cf7cf-79e3-4d39-a6cd-f89015741e63.tmp". The operation completed successfully
3:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsbde84523-4904-4c46-b9d4-36392ed89c03.tmp". The operation completed successfully
3:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsed4f6d56-0554-4a51-b596-73eb25b54260.tmp". The operation completed successfully
3:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsb5949bfd-7a34-4300-a323-10f2cd8b98e3.tmp". The operation completed successfully
3:00 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms0e671bd6-d027-4526-8290-9fc83cc29e69.tmp". The operation completed successfully
2:59 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\windows\system32\config\default]
2:59 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms974bebc9-61f4-4c5e-bf78-892735cfff01.tmp]
2:59 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms75041a1a-0246-42a1-9d9e-23fb6fa5e79b.tmp]
2:59 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms0abd2ad5-5d59-4e06-9ce7-1d3ee979dbd4.tmp]
2:59 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsb309c636-55e8-46b7-b0ed-a721192b24d4.tmp]
2:59 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsec0c3c99-7f8d-4f14-bd2d-e5e8da1b21f1.tmp]
2:59 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsda625c02-7b60-4a73-a534-ee58430e8003.tmp]
2:58 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\windows\system32\config\software]
2:58 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\windows\system32\config\system]
2:57 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms9cc8c019-9250-4dda-b08b-2a1d879888cf.tmp]
2:56 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\shredder\ntuser.dat]
2:56 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms8ce41f2a-ae73-4f58-b518-0e4313a3db5d.tmp]
2:56 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms4ffae87e-65a1-4145-885b-ea79e1e5fe8e.tmp]
2:55 PM: C:\Documents and Settings\Shredder\Local Settings\Application Data\Microsoft\Messenger\bearguitar7@yahoo.com.au\Sharing Folders\neil.osborn@bigpond.com\WinMX Music\03 Track 3 (comedy).wma (ID = 0)
2:55 PM: Found Troj/Wimad-D: Troj/Wimad-D
2:54 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [c:\windows\installer\msi41.tmp]
2:51 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\hiberfil.sys]
2:51 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\pagefile.sys]
2:51 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsb0646d1c-a484-434c-a44c-0b5528404340.tmp]
2:47 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\lavasoft\ad-aware se professional\skins\yellow sky.ask]
2:45 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\lavasoft\ad-aware se professional\skins\ad-aware se default.ask]
2:45 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\lavasoft\ad-aware se professional\skins\medium blue.ask]
2:45 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\program files\lavasoft\ad-aware se professional\skins\greyscale.ask]
2:39 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\windows\system32\config\default.log]
2:39 PM: Starting File Sweep
2:39 PM: Warning: SweepDirectories: Cannot find directory "a:". This directory was not added to the list of paths to be scanned.
2:39 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
2:39 PM: Starting Cookie Sweep
2:39 PM: Registry Sweep Complete, Elapsed Time:00:00:33
2:38 PM: HKU\S-1-5-21-1214440339-362288127-839522115-1004\software\microsoft\windows\currentversion\ext\stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6}\ (ID = 1922744)
2:38 PM: Found Adware: coolwebsearch (cws)
2:38 PM: HKU\S-1-5-21-1214440339-362288127-839522115-1004\software\relevanceinstaller\ (ID = 1896814)
2:38 PM: Found Adware: mirar webband
2:38 PM: HKLM\software\microsoft\uniqdata\ (ID = 1997747)
2:38 PM: Found Adware: virtumonde
2:38 PM: Starting Registry Sweep
2:38 PM: Memory Sweep Complete, Elapsed Time: 00:04:17
2:34 PM: Starting Memory Sweep
2:34 PM: Start Full Sweep
2:34 PM: Sweep initiated using definitions version 906
2:29 PM: Your virus definitions have been updated.
2:29 PM: Informational: Loaded AntiVirus Engine: 2.49.1; SDK Version: 4.21E; Virus Definitions: 21/09/2007 11:52:58 PM (GMT)
2:29 PM: Your definitions are up to date.
2:02 PM: ApplicationMinimized - EXIT
2:02 PM: ApplicationMinimized - ENTER
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:43 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:42 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:42 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:42 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:42 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:42 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:42 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:42 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:42 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:42 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:42 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:42 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:42 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:42 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:42 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:42 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:42 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:42 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:42 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:42 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:42 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:42 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:42 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:42 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:42 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:42 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:42 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:42 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:42 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:42 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:42 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:42 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:42 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:42 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:42 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:42 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:42 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:42 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:42 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:42 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:42 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:42 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:42 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:42 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:42 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:42 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:42 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:42 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:42 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:42 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:42 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
1:42 PM: Tamper Detection
1:06 PM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
Keylogger: Off
1:06 PM: Informational: ShieldEmail: Start monitoring port 25 for mail activities
1:06 PM: Informational: ShieldEmail: Start monitoring port 110 for mail activities
E-mail Attachment: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
File System Shield: On
Execution Shield: On
System Services Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
1:06 PM: Shield States
1:06 PM: Spyware Definitions: 906
1:05 PM: Spy Sweeper 5.5.7.48 started
1:05 PM: Spy Sweeper 5.5.7.48 started
1:05 PM: | Start of Session, Sunday, 23 September 2007 |
***************
" Those who wander from the way of understanding will surely rest in the assembly of the dead." - Author unknown.

#8 shred1970

shred1970
  • Topic Starter

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:22 PM

Posted 23 September 2007 - 02:22 AM

hi again teacup61, just posting a new HijackThis log, I hope this is helpful.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:14:52 PM, on 23/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
D:\avg\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
D:\Program Files\Comodo\Firewall\CPF.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dmcs.com.au/home
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [COMODO Firewall Pro] "D:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB9AA6A8-755D-498A-8E1B-BD9D37CF5FD4}: NameServer = 203.194.56.150 203.194.27.57
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\avg\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - D:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 7055 bytes
" Those who wander from the way of understanding will surely rest in the assembly of the dead." - Author unknown.

#9 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:22 AM

Posted 23 September 2007 - 10:25 AM

Hello,

Well, I see how you probably got infected. That's what you get for downloading cracks! Even the best protection programs won't stop the bad guys from coming in if you purposely let them.

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Reboot your computer.

Hi, I seem to have picked up a Tagasaurus infection that wont go away

Any sign of this remaining? Let me know please. :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#10 shred1970

shred1970
  • Topic Starter

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:22 PM

Posted 23 September 2007 - 08:48 PM

Hi teacup61. I'm not totally sure what you mean by downloading cracks ? My mate re-installed my whole pc for me about 3 years ago (I'm actually quite a novice user). He partitioned it and put in several folders in D/ ( now I sound like I know what I'm talking about :flowers: ) He said there were games and programs in there and serial numbers that I might be interested in looking at. Most of it was meaningless to me so I just left it there or deleted some of the files manually when a scan said there was something bad in there. So my question I guess is - can these files or "cracks" that have been sitting there all these years been infecting my pc and without me even looking at them ? After yesterdays scan I wound up deleting all but 1 of those files (3 gig or more !) my mate put in there.

Anyway I did the new HijackThis scan and ticked the objects you recommended, however these 2 objects still remain -
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
If they are still there does that mean they are "fixed" and can stay ?

Another question I have is, once the free trail of spysweeper is up and I decide to uninstall it do all the infections it found leave with it ?

Everything seems to be running fine though, Spybot and Adaware aren't picking up anything as yet. Thanks heaps for your help. :thumbsup:

I suppose I should include another HijackThis log just in case. Thanks again and looking forward to your take on my questions.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:22:44 AM, on 24/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
D:\avg\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
D:\Program Files\Comodo\Firewall\CPF.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dmcs.com.au/home
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [COMODO Firewall Pro] "D:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\avg\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - D:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 6780 bytes
" Those who wander from the way of understanding will surely rest in the assembly of the dead." - Author unknown.

#11 shred1970

shred1970
  • Topic Starter

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:22 PM

Posted 24 September 2007 - 07:43 AM

Hi again tea, I just did a spybot scan and Tagasaurus came up again .........
" Those who wander from the way of understanding will surely rest in the assembly of the dead." - Author unknown.

#12 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:22 AM

Posted 24 September 2007 - 02:46 PM

Hello,

Is it showing as a cookie?

Please download and run Bit Defender 8 online scanner
  • Install the program and then follow the prompts to download all available updates.
  • Select Antivirus and then click the Settings button. Click Default. Click Ok.
  • Select Local Drives and click Scan.
  • When the scan is complete save the log and post it back here in your next reply.
Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#13 shred1970

shred1970
  • Topic Starter

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:22 PM

Posted 24 September 2007 - 11:20 PM

hi, I didn't see if it came up as a cookie. Today my pc is having trouble with IE7. When trying to go to a webpage it is more often than not commimg up as "This page cannot be displayed" and the refresh button isn't always fixing it.
As for BitDefender, the scan came up with seval items but one it couldnt fix or delete. I deleted the one it couldnt manually. Here is the results teacup, thanks again for your help.


BitDefender Online Scanner



Scan report generated at: Tue, Sep 25, 2007 - 13:54:43





Scan path: A:\;C:\;D:\;E:\;F:\;







Statistics

Time
00:43:24

Files
142574

Folders
3970

Boot Sectors
3

Archives
1926

Packed Files
6208




Results

Identified Viruses
4

Infected Files
4

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
3




Engines Info

Virus Definitions
823562

Engine build
AVCORE v1.0 (build 2418) (i386) (Sep 24 2007 15:35:36)

Scan plugins
14

Archive plugins
38

Unpack plugins
7

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\Shredder\Local Settings\Application Data\Microsoft\Messenger\bearguitar7@yahoo.com.au\Sharing Folders\neil.osborn@bigpond.com\WinMX Music\03 Track 3 (comedy).wma
Infected with: Trojan.Downloader.Wma.Wimad.K

C:\Documents and Settings\Shredder\Local Settings\Application Data\Microsoft\Messenger\bearguitar7@yahoo.com.au\Sharing Folders\neil.osborn@bigpond.com\WinMX Music\03 Track 3 (comedy).wma
Disinfection failed

C:\Documents and Settings\Shredder\Local Settings\Application Data\Microsoft\Messenger\bearguitar7@yahoo.com.au\Sharing Folders\neil.osborn@bigpond.com\WinMX Music\03 Track 3 (comedy).wma
Deleted

C:\Program Files\MSN Messenger\msimg32.dll
Detected with: Adware.Mywebsearch.G

C:\Program Files\MSN Messenger\msimg32.dll
Disinfection failed

C:\Program Files\MSN Messenger\msimg32.dll
Delete failed

D:\Program Files\WinMX Music\WinMX Music old\03 Track 3 (comedy).wma
Infected with: Trojan.Downloader.Wma.Wimad.K

D:\Program Files\WinMX Music\WinMX Music old\03 Track 3 (comedy).wma
Disinfection failed

D:\Program Files\WinMX Music\WinMX Music old\03 Track 3 (comedy).wma
Deleted

D:\System Volume Information\_restore{BF3876D0-5FDB-46AD-ACF9-B6ECA250C2BD}\RP122\A0016062.exe=>wise0015
Infected with: Trojan.Spy.Agent.ED

D:\System Volume Information\_restore{BF3876D0-5FDB-46AD-ACF9-B6ECA250C2BD}\RP122\A0016062.exe=>wise0015
Disinfection failed

D:\System Volume Information\_restore{BF3876D0-5FDB-46AD-ACF9-B6ECA250C2BD}\RP122\A0016062.exe=>wise0015
Deleted

D:\System Volume Information\_restore{BF3876D0-5FDB-46AD-ACF9-B6ECA250C2BD}\RP122\A0016062.exe
Update failed
" Those who wander from the way of understanding will surely rest in the assembly of the dead." - Author unknown.

#14 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:01:22 AM

Posted 25 September 2007 - 03:58 PM

Hello,

Are you still having the same problem this evening? Well....evening for me. :thumbsup:

Could you please post a new HijackThis log for me to look at?

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#15 shred1970

shred1970
  • Topic Starter

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:22 PM

Posted 26 September 2007 - 08:34 AM

hi tea, no probs as yet .... here's my log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:11 PM, on 26/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
D:\avg\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
D:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Comodo\Firewall\CPF.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dmcs.com.au/home
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [COMODO Firewall Pro] "D:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EB9AA6A8-755D-498A-8E1B-BD9D37CF5FD4}: NameServer = 203.194.56.150 203.194.27.57
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\avg\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - D:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 6964 bytes
" Those who wander from the way of understanding will surely rest in the assembly of the dead." - Author unknown.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users