Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Mbroot-H


  • This topic is locked This topic is locked
20 replies to this topic

#1 wenger_haus

wenger_haus

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 10 March 2010 - 09:36 AM

Same exact problem here including the security virus which has been removed. Also usin webroot spysweeper. Very frustrating. Anyone have ideas?

BC AdBot (Login to Remove)

 


#2 wenger_haus

wenger_haus
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 10 March 2010 - 09:43 AM

PS: Here is my webroot spysweeper log if it is of any help. I hope I am using this site appropriately -- I am a self-identified rookie in tech terms. This bug is on my laptop running XP.

As an aside, I have turned off system restore for the time being so the virus isn't restored (in theory), I have deleted all temp/history/cookies. Once the item is in quarantine with webroot, in theory, I am now safe from this virus. However, as soon as I start the sweep again, it comes up wtihin 2 minutes of the full scan setting. As you'll see, I have run it numerous times and most recently stop the sweep as soon as it finds it (nothing else is found now). Also of note, the original fake security bug was removed with both combofix and malware bytes. Udeas?

3/9/2010 1:45:43 PM: Your virus definitions have been updated.
3/9/2010 1:45:43 PM: Informational: Loaded AntiVirus Engine: 3.4.1; SDK Version: 4.50E; Virus Definitions: 03/09/2010 14:37:10 (GMT)
3/9/2010 1:45:43 PM: Your security definitions have been updated.
3/9/2010 1:45:23 PM: License Check Status (0): Success
3/9/2010 1:44:50 PM: Removal process completed. Elapsed time 00:00:01
3/9/2010 1:44:49 PM: Quarantining All Traces: Troj/Mbroot-H
3/9/2010 1:44:48 PM: Removal process initiated
3/9/2010 1:43:34 PM: Sweep Status: 1 Item Found
3/9/2010 1:43:34 PM: Traces Found: 1
3/9/2010 1:43:33 PM: File Sweep Complete, Elapsed Time: 00:00:27
3/9/2010 1:43:33 PM: Sweep Cancelled
3/9/2010 1:43:06 PM: Starting File Sweep
3/9/2010 1:43:06 PM: \\.\PHYSICALDRIVE0 (ID = 0)
3/9/2010 1:42:58 PM: Found Troj/Mbroot-H: Troj/Mbroot-H
3/9/2010 1:42:58 PM: Informational: Detected boot sector virus Troj/Mbroot-H in \\.\PHYSICALDRIVE0
3/9/2010 1:42:58 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
3/9/2010 1:42:57 PM: Starting Cookie Sweep
3/9/2010 1:42:56 PM: Registry Sweep Complete, Elapsed Time:00:00:12
3/9/2010 1:42:44 PM: Starting Registry Sweep
3/9/2010 1:42:44 PM: Memory Sweep Complete, Elapsed Time: 00:02:31
3/9/2010 1:40:13 PM: Starting Memory Sweep
3/9/2010 1:39:58 PM: Start Full Sweep
3/9/2010 1:39:58 PM: Sweep initiated using definitions version 1650
3/9/2010 1:39:52 PM: Informational: ShieldEmail: Start monitoring port 25 for mail activities
3/9/2010 1:39:52 PM: Informational: ShieldEmail: Start monitoring port 110 for mail activities
3/9/2010 1:39:49 PM: Warning: Unable to secure run key from ambiguous path exploit for HKU\S-1-5-21-1975857526-1641867396-262160769-1006\Software\Microsoft\Windows\CurrentVersion\Run\SansaDispatch. Parse Failure
3/9/2010 1:39:49 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Apoint. Parse Failure
3/9/2010 1:39:49 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\IgfxTray. Parse Failure
3/9/2010 1:39:49 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\HotKeysCmds. Parse Failure
3/9/2010 1:39:49 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Persistence. Parse Failure
3/9/2010 1:39:49 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Broadcom Wireless Manager UI. Parse Failure
3/9/2010 1:39:49 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\dscactivate. Parse Failure
3/9/2010 1:39:46 PM: Informational: Loaded AntiVirus Engine: 3.4.1; SDK Version: 4.50E; Virus Definitions: 03/09/2010 14:37:10 (GMT)
3/9/2010 1:38:43 PM: License Check Status (0): Success
3/9/2010 1:38:42 PM: Webroot Software 6.1.0.145 started
3/9/2010 1:38:42 PM: | Start of Session, Tuesday, March 09, 2010 |
***************
3/9/2010 1:31:26 PM: Informational: ShieldEmail: Start monitoring port 25 for mail activities
3/9/2010 1:31:26 PM: Informational: ShieldEmail: Start monitoring port 110 for mail activities
3/9/2010 1:31:26 PM: Warning: Unable to secure run key from ambiguous path exploit for HKU\S-1-5-21-1975857526-1641867396-262160769-1006\Software\Microsoft\Windows\CurrentVersion\Run\SansaDispatch. Parse Failure
3/9/2010 1:31:26 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Apoint. Parse Failure
3/9/2010 1:31:26 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\IgfxTray. Parse Failure
3/9/2010 1:31:26 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\HotKeysCmds. Parse Failure
3/9/2010 1:31:26 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Persistence. Parse Failure
3/9/2010 1:31:26 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Broadcom Wireless Manager UI. Parse Failure
3/9/2010 1:31:26 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\dscactivate. Parse Failure
3/9/2010 1:31:23 PM: Informational: Loaded AntiVirus Engine: 3.4.1; SDK Version: 4.50E; Virus Definitions: 03/09/2010 14:37:10 (GMT)
3/9/2010 1:31:01 PM: License Check Status (0): Success
3/9/2010 1:30:31 PM: Webroot Software 6.1.0.145 started
3/9/2010 1:30:31 PM: | Start of Session, Tuesday, March 09, 2010 |
***************
3/9/2010 1:27:22 PM: Webroot Software 6.1.0.145 started
3/9/2010 1:27:22 PM: | Start of Session, Tuesday, March 09, 2010 |
***************
3/9/2010 1:25:38 PM: Removal process completed. Elapsed time 00:00:01
3/9/2010 1:25:37 PM: Quarantining All Traces: Troj/Mbroot-H
3/9/2010 1:25:36 PM: Removal process initiated
3/9/2010 1:25:07 PM: Sweep Status: 1 Item Found
3/9/2010 1:25:07 PM: Traces Found: 1
3/9/2010 1:25:06 PM: File Sweep Complete, Elapsed Time: 00:02:44
3/9/2010 1:25:06 PM: Sweep Cancelled
3/9/2010 1:22:22 PM: Starting File Sweep
3/9/2010 1:22:22 PM: \\.\PHYSICALDRIVE0 (ID = 0)
3/9/2010 1:22:18 PM: Found Troj/Mbroot-H: Troj/Mbroot-H
3/9/2010 1:22:18 PM: Informational: Detected boot sector virus Troj/Mbroot-H in \\.\PHYSICALDRIVE0
3/9/2010 1:22:17 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
3/9/2010 1:22:16 PM: Starting Cookie Sweep
3/9/2010 1:22:15 PM: Registry Sweep Complete, Elapsed Time:00:00:15
3/9/2010 1:22:00 PM: Starting Registry Sweep
3/9/2010 1:22:00 PM: Memory Sweep Complete, Elapsed Time: 00:01:13
3/9/2010 1:20:46 PM: Starting Memory Sweep
3/9/2010 1:20:29 PM: Start Full Sweep
3/9/2010 1:20:29 PM: Sweep initiated using definitions version 1650
3/9/2010 1:20:03 PM: Warning: Unable to secure run key from ambiguous path exploit for HKU\S-1-5-21-1975857526-1641867396-262160769-1006\Software\Microsoft\Windows\CurrentVersion\Run\SansaDispatch. Parse Failure
3/9/2010 1:20:03 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Apoint. Parse Failure
3/9/2010 1:20:03 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\IgfxTray. Parse Failure
3/9/2010 1:20:03 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\HotKeysCmds. Parse Failure
3/9/2010 1:20:03 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Persistence. Parse Failure
3/9/2010 1:20:03 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Broadcom Wireless Manager UI. Parse Failure
3/9/2010 1:20:03 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\dscactivate. Parse Failure
3/9/2010 1:20:03 PM: Informational: Loaded AntiVirus Engine: 3.4.1; SDK Version: 4.50E; Virus Definitions: 03/09/2010 14:37:10 (GMT)
3/9/2010 1:19:41 PM: License Check Status (0): Success
3/9/2010 1:19:29 PM: Webroot Software 6.1.0.145 started
3/9/2010 1:19:29 PM: | Start of Session, Tuesday, March 09, 2010 |
***************
3/9/2010 1:17:40 PM: ApplicationMinimized - EXIT
3/9/2010 1:17:40 PM: ApplicationMinimized - ENTER
3/9/2010 1:06:43 PM: ApplicationMinimized - EXIT
3/9/2010 1:06:43 PM: ApplicationMinimized - ENTER
3/9/2010 1:06:43 PM: BHO Shield: found: -- BHO installation denied at user request
3/9/2010 1:06:43 PM: BHO Shield: found: -- BHO installation denied at user request
3/9/2010 1:06:41 PM: BHO Shield: found: -- BHO installation denied at user request
3/9/2010 1:06:41 PM: BHO Shield: found: -- BHO installation denied at user request
3/9/2010 1:06:34 PM: BHO Shield: found: ssv.dll-- BHO installation denied at user request
3/9/2010 1:06:30 PM: BHO Shield: found: ssv.dll-- BHO installation denied at user request
3/9/2010 1:06:25 PM: BHO Shield: found: -- BHO installation denied at user request
3/9/2010 1:06:20 PM: BHO Shield: found: -- BHO installation denied at user request
3/9/2010 12:27:09 PM: Informational: ShieldEmail: Start monitoring port 25 for mail activities
3/9/2010 12:27:09 PM: Informational: ShieldEmail: Start monitoring port 110 for mail activities
3/9/2010 12:27:08 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\PCMService. Parse Failure
3/9/2010 12:27:08 PM: Warning: Unable to secure run key from ambiguous path exploit for HKU\S-1-5-21-1975857526-1641867396-262160769-1006\Software\Microsoft\Windows\CurrentVersion\Run\SansaDispatch. Parse Failure
3/9/2010 12:27:08 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Apoint. Parse Failure
3/9/2010 12:27:08 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\IgfxTray. Parse Failure
3/9/2010 12:27:08 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\HotKeysCmds. Parse Failure
3/9/2010 12:27:08 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Persistence. Parse Failure
3/9/2010 12:27:08 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Broadcom Wireless Manager UI. Parse Failure
3/9/2010 12:27:08 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\KADxMain. Parse Failure
3/9/2010 12:27:08 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\dscactivate. Parse Failure
3/9/2010 12:27:05 PM: Informational: Loaded AntiVirus Engine: 3.4.1; SDK Version: 4.50E; Virus Definitions: 03/09/2010 14:37:10 (GMT)
3/9/2010 12:26:15 PM: License Check Status (0): Success
3/9/2010 12:26:14 PM: Webroot Software 6.1.0.145 started
3/9/2010 12:26:14 PM: | Start of Session, Tuesday, March 09, 2010 |
***************
3/9/2010 11:47:12 AM: Warning: AntiVirus engine for IFO returned [WL] on [C:\WINDOWS\NIRCMD.exe]
3/9/2010 11:27:59 AM: Starting File Sweep
3/9/2010 11:27:59 AM: \\.\PHYSICALDRIVE0 (ID = 0)
3/9/2010 11:27:55 AM: Found Troj/Mbroot-H: Troj/Mbroot-H
3/9/2010 11:27:55 AM: Informational: Detected boot sector virus Troj/Mbroot-H in \\.\PHYSICALDRIVE0
3/9/2010 11:27:55 AM: Cookie Sweep Complete, Elapsed Time: 00:00:01
3/9/2010 11:27:55 AM: C:\Documents and Settings\Lynn\Application Data\Mozilla\Firefox\Profiles\glyasa1q.default\cookies.sqlite (ID = 2253)
3/9/2010 11:27:55 AM: C:\Documents and Settings\Lynn\Application Data\Mozilla\Firefox\Profiles\glyasa1q.default\cookies.sqlite (ID = 2253)
3/9/2010 11:27:55 AM: C:\Documents and Settings\Lynn\Application Data\Mozilla\Firefox\Profiles\glyasa1q.default\cookies.sqlite (ID = 2253)
3/9/2010 11:27:55 AM: C:\Documents and Settings\Lynn\Application Data\Mozilla\Firefox\Profiles\glyasa1q.default\cookies.sqlite (ID = 2253)
3/9/2010 11:27:55 AM: Found Spy Cookie: atlas dmt cookie
3/9/2010 11:27:55 AM: C:\Documents and Settings\Lynn\Application Data\Mozilla\Firefox\Profiles\glyasa1q.default\cookies.sqlite (ID = 17499)
3/9/2010 11:27:55 AM: Found Spy Cookie: doubleclick cookie
3/9/2010 11:27:53 AM: Starting Cookie Sweep
3/9/2010 11:27:52 AM: Registry Sweep Complete, Elapsed Time:00:00:16
3/9/2010 11:27:36 AM: Starting Registry Sweep
3/9/2010 11:27:36 AM: Memory Sweep Complete, Elapsed Time: 00:01:27
3/9/2010 11:26:09 AM: Starting Memory Sweep
3/9/2010 11:26:05 AM: Start Full Sweep
3/9/2010 11:26:05 AM: Sweep initiated using definitions version 1650
3/9/2010 11:25:13 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\PCMService. Parse Failure
3/9/2010 11:25:13 AM: Warning: Unable to secure run key from ambiguous path exploit for HKU\S-1-5-21-1975857526-1641867396-262160769-1006\Software\Microsoft\Windows\CurrentVersion\Run\SansaDispatch. Parse Failure
3/9/2010 11:25:13 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Apoint. Parse Failure
3/9/2010 11:25:13 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\IgfxTray. Parse Failure
3/9/2010 11:25:13 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\HotKeysCmds. Parse Failure
3/9/2010 11:25:13 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Persistence. Parse Failure
3/9/2010 11:25:13 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Broadcom Wireless Manager UI. Parse Failure
3/9/2010 11:25:13 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\KADxMain. Parse Failure
3/9/2010 11:25:13 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\dscactivate. Parse Failure
3/9/2010 11:25:12 AM: Informational: Loaded AntiVirus Engine: 3.4.1; SDK Version: 4.50E; Virus Definitions: 03/09/2010 14:37:10 (GMT)
3/9/2010 11:24:48 AM: License Check Status (0): Success
3/9/2010 11:24:37 AM: Webroot Software 6.1.0.145 started
3/9/2010 11:24:37 AM: | Start of Session, Tuesday, March 09, 2010 |
***************
3/9/2010 11:22:05 AM: ApplicationMinimized - EXIT
3/9/2010 11:22:05 AM: ApplicationMinimized - ENTER
3/9/2010 11:22:01 AM: C:\DOCUME~1\ALLUSE~1\APPLIC~1\Webroot\BugReports\WRConsumerService.exe_000001.dmp.xml
3/9/2010 11:22:01 AM: Review and send the error report: C:\DOCUME~1\ALLUSE~1\APPLIC~1\Webroot\BugReports\WRConsumerService.exe_000001.dmp
3/9/2010 11:14:48 AM: Informational: ShieldEmail: Start monitoring port 25 for mail activities
3/9/2010 11:14:48 AM: Informational: ShieldEmail: Start monitoring port 110 for mail activities
3/9/2010 11:14:47 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\PCMService. Parse Failure
3/9/2010 11:14:47 AM: Warning: Unable to secure run key from ambiguous path exploit for HKU\S-1-5-21-1975857526-1641867396-262160769-1006\Software\Microsoft\Windows\CurrentVersion\Run\SansaDispatch. Parse Failure
3/9/2010 11:14:47 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Apoint. Parse Failure
3/9/2010 11:14:47 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\IgfxTray. Parse Failure
3/9/2010 11:14:47 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\HotKeysCmds. Parse Failure
3/9/2010 11:14:47 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Persistence. Parse Failure
3/9/2010 11:14:47 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Broadcom Wireless Manager UI. Parse Failure
3/9/2010 11:14:47 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\KADxMain. Parse Failure
3/9/2010 11:14:47 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\dscactivate. Parse Failure
3/9/2010 11:14:44 AM: Informational: Loaded AntiVirus Engine: 3.4.1; SDK Version: 4.50E; Virus Definitions: 03/09/2010 14:37:10 (GMT)
3/9/2010 11:13:54 AM: License Check Status (0): Success
3/9/2010 11:13:52 AM: Webroot Software 6.1.0.145 started
3/9/2010 11:13:52 AM: | Start of Session, Tuesday, March 09, 2010 |
***************
3/9/2010 10:54:03 AM: Informational: ShieldEmail: Start monitoring port 25 for mail activities
3/9/2010 10:54:03 AM: Informational: ShieldEmail: Start monitoring port 110 for mail activities
3/9/2010 10:54:03 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\PCMService. Parse Failure
3/9/2010 10:54:03 AM: Warning: Unable to secure run key from ambiguous path exploit for HKU\S-1-5-21-1975857526-1641867396-262160769-1006\Software\Microsoft\Windows\CurrentVersion\Run\SansaDispatch. Parse Failure
3/9/2010 10:54:03 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Apoint. Parse Failure
3/9/2010 10:54:03 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\IgfxTray. Parse Failure
3/9/2010 10:54:03 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\HotKeysCmds. Parse Failure
3/9/2010 10:54:03 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Persistence. Parse Failure
3/9/2010 10:54:03 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Broadcom Wireless Manager UI. Parse Failure
3/9/2010 10:54:03 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\KADxMain. Parse Failure
3/9/2010 10:54:03 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\dscactivate. Parse Failure
3/9/2010 10:53:59 AM: Informational: Loaded AntiVirus Engine: 3.4.1; SDK Version: 4.50E; Virus Definitions: 03/09/2010 14:37:10 (GMT)
3/9/2010 10:52:57 AM: License Check Status (0): Success
3/9/2010 10:52:54 AM: Webroot Software 6.1.0.145 started
3/9/2010 10:52:54 AM: | Start of Session, Tuesday, March 09, 2010 |
***************
3/9/2010 10:14:21 AM: Warning: Corrupt Archive: C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\YH561411.CAB
3/9/2010 10:14:21 AM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\WINDOWS\SoftwareDistribution\Download\ab7d6e068db86374fa802a1e6644fd87\BITB.tmp]
3/9/2010 9:30:01 AM: Warning: AntiVirus engine for IFO returned [WL] on [C:\WINDOWS\NIRCMD.exe]
3/9/2010 9:11:18 AM: ApplicationMinimized - EXIT
3/9/2010 9:11:17 AM: ApplicationMinimized - ENTER
3/9/2010 9:09:48 AM: Starting File Sweep
3/9/2010 9:09:48 AM: \\.\PHYSICALDRIVE0 (ID = 0)
3/9/2010 9:09:40 AM: Found Troj/Mbroot-H: Troj/Mbroot-H
3/9/2010 9:09:40 AM: Informational: Detected boot sector virus Troj/Mbroot-H in \\.\PHYSICALDRIVE0
3/9/2010 9:09:40 AM: Cookie Sweep Complete, Elapsed Time: 00:00:01
3/9/2010 9:09:39 AM: Starting Cookie Sweep
3/9/2010 9:09:38 AM: Registry Sweep Complete, Elapsed Time:00:00:11
3/9/2010 9:09:26 AM: Starting Registry Sweep
3/9/2010 9:09:26 AM: Memory Sweep Complete, Elapsed Time: 00:03:32
3/9/2010 9:05:54 AM: Starting Memory Sweep
3/9/2010 9:05:39 AM: Start Full Sweep
3/9/2010 9:05:39 AM: Sweep initiated using definitions version 1650
3/9/2010 9:05:12 AM: Your definitions are up to date.
3/9/2010 9:05:08 AM: License Check Status (0): Success
3/9/2010 9:04:51 AM: Informational: ShieldEmail: Start monitoring port 25 for mail activities
3/9/2010 9:04:51 AM: Informational: ShieldEmail: Start monitoring port 110 for mail activities
3/9/2010 9:04:51 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\PCMService. Parse Failure
3/9/2010 9:04:51 AM: Warning: Unable to secure run key from ambiguous path exploit for HKU\S-1-5-21-1975857526-1641867396-262160769-1006\Software\Microsoft\Windows\CurrentVersion\Run\SansaDispatch. Parse Failure
3/9/2010 9:04:51 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Apoint. Parse Failure
3/9/2010 9:04:51 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\IgfxTray. Parse Failure
3/9/2010 9:04:51 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\HotKeysCmds. Parse Failure
3/9/2010 9:04:51 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Persistence. Parse Failure
3/9/2010 9:04:51 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Broadcom Wireless Manager UI. Parse Failure
3/9/2010 9:04:51 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\KADxMain. Parse Failure
3/9/2010 9:04:51 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\dscactivate. Parse Failure
3/9/2010 9:04:48 AM: Informational: Loaded AntiVirus Engine: 3.4.1; SDK Version: 4.50E; Virus Definitions: 03/09/2010 14:37:10 (GMT)
3/9/2010 9:03:55 AM: License Check Status (0): Success
3/9/2010 9:03:53 AM: Webroot Software 6.1.0.145 started
3/9/2010 9:03:53 AM: | Start of Session, Tuesday, March 09, 2010 |
***************
3/9/2010 7:31:37 AM: ApplicationMinimized - EXIT
3/9/2010 7:31:37 AM: ApplicationMinimized - ENTER
3/9/2010 7:26:43 AM: Informational: ShieldEmail: Start monitoring port 25 for mail activities
3/9/2010 7:26:43 AM: Informational: ShieldEmail: Start monitoring port 110 for mail activities
3/9/2010 7:26:42 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\PCMService. Parse Failure
3/9/2010 7:26:42 AM: Warning: Unable to secure run key from ambiguous path exploit for HKU\S-1-5-21-1975857526-1641867396-262160769-1006\Software\Microsoft\Windows\CurrentVersion\Run\SansaDispatch. Parse Failure
3/9/2010 7:26:42 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Apoint. Parse Failure
3/9/2010 7:26:42 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\IgfxTray. Parse Failure
3/9/2010 7:26:42 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\HotKeysCmds. Parse Failure
3/9/2010 7:26:42 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Persistence. Parse Failure
3/9/2010 7:26:42 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Broadcom Wireless Manager UI. Parse Failure
3/9/2010 7:26:42 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\KADxMain. Parse Failure
3/9/2010 7:26:42 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\dscactivate. Parse Failure
3/9/2010 7:26:39 AM: Informational: Loaded AntiVirus Engine: 3.4.1; SDK Version: 4.50E; Virus Definitions: 03/08/2010 18:29:36 (GMT)
3/9/2010 7:00:24 AM: License Check Status (0): Success
3/9/2010 7:00:22 AM: Webroot Software 6.1.0.145 started
3/9/2010 7:00:22 AM: | Start of Session, Tuesday, March 09, 2010 |
***************
3/9/2010 1:05:11 AM: ApplicationMinimized - EXIT
3/9/2010 1:05:11 AM: ApplicationMinimized - ENTER
3/9/2010 1:05:02 AM: Sweep Status: 1 Item Found
3/9/2010 1:05:02 AM: Traces Found: 1
3/9/2010 1:05:02 AM: File Sweep Complete, Elapsed Time: 00:00:43
3/9/2010 1:05:02 AM: Sweep Cancelled
3/9/2010 1:04:19 AM: Starting File Sweep
3/9/2010 1:04:19 AM: \\.\PHYSICALDRIVE0 (ID = 0)
3/9/2010 1:04:19 AM: Found Troj/Mbroot-H: Troj/Mbroot-H
3/9/2010 1:04:19 AM: Informational: Detected boot sector virus Troj/Mbroot-H in \\.\PHYSICALDRIVE0
3/9/2010 1:04:18 AM: Cookie Sweep Complete, Elapsed Time: 00:00:01
3/9/2010 1:04:17 AM: Starting Cookie Sweep
3/9/2010 1:04:17 AM: Registry Sweep Complete, Elapsed Time:00:00:16
3/9/2010 1:04:00 AM: Starting Registry Sweep
3/9/2010 1:04:00 AM: Memory Sweep Complete, Elapsed Time: 00:01:41
3/9/2010 1:02:19 AM: Starting Memory Sweep
3/9/2010 1:02:17 AM: Start Full Sweep
3/9/2010 1:02:17 AM: Sweep initiated using definitions version 1650
3/9/2010 1:01:41 AM: Removal process completed. Elapsed time 00:00:02
3/9/2010 1:01:40 AM: Quarantining All Traces: Troj/Mbroot-H
3/9/2010 1:01:39 AM: Removal process initiated
3/8/2010 10:57:01 PM: Traces Found: 1
3/8/2010 10:57:01 PM: Full Sweep has completed. Elapsed time 01:24:29
3/8/2010 10:57:00 PM: File Sweep Complete, Elapsed Time: 01:22:36
3/8/2010 10:43:51 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\WINDOWS\SoftwareDistribution\Download\ab7d6e068db86374fa802a1e6644fd87\BITB.tmp]
3/8/2010 9:53:18 PM: Warning: AntiVirus engine for IFO returned [WL] on [C:\WINDOWS\NIRCMD.exe]
3/8/2010 9:34:23 PM: Starting File Sweep
3/8/2010 9:34:23 PM: \\.\PHYSICALDRIVE0 (ID = 0)
3/8/2010 9:34:23 PM: Found Troj/Mbroot-H: Troj/Mbroot-H
3/8/2010 9:34:23 PM: Informational: Detected boot sector virus Troj/Mbroot-H in \\.\PHYSICALDRIVE0
3/8/2010 9:34:23 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
3/8/2010 9:34:22 PM: Starting Cookie Sweep
3/8/2010 9:34:21 PM: Registry Sweep Complete, Elapsed Time:00:00:15
3/8/2010 9:34:05 PM: Starting Registry Sweep
3/8/2010 9:34:05 PM: Memory Sweep Complete, Elapsed Time: 00:01:31
3/8/2010 9:32:33 PM: Starting Memory Sweep
3/8/2010 9:32:31 PM: Start Full Sweep
3/8/2010 9:32:31 PM: Sweep initiated using definitions version 1650
3/8/2010 9:26:57 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\PCMService. Parse Failure
3/8/2010 9:26:57 PM: Warning: Unable to secure run key from ambiguous path exploit for HKU\S-1-5-21-1975857526-1641867396-262160769-1006\Software\Microsoft\Windows\CurrentVersion\Run\SansaDispatch. Parse Failure
3/8/2010 9:26:57 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Apoint. Parse Failure
3/8/2010 9:26:57 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\IgfxTray. Parse Failure
3/8/2010 9:26:57 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\HotKeysCmds. Parse Failure
3/8/2010 9:26:57 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Persistence. Parse Failure
3/8/2010 9:26:57 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Broadcom Wireless Manager UI. Parse Failure
3/8/2010 9:26:57 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\KADxMain. Parse Failure
3/8/2010 9:26:57 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\dscactivate. Parse Failure
3/8/2010 9:26:57 PM: Informational: Loaded AntiVirus Engine: 3.4.1; SDK Version: 4.50E; Virus Definitions: 03/08/2010 18:29:36 (GMT)
3/8/2010 9:26:35 PM: License Check Status (0): Success
3/8/2010 9:26:27 PM: Webroot Software 6.1.0.145 started
3/8/2010 9:26:27 PM: | Start of Session, Monday, March 08, 2010 |
***************
3/8/2010 8:49:14 PM: Traces Found: 1
3/8/2010 8:49:14 PM: Full Sweep has completed. Elapsed time 01:31:37
3/8/2010 8:49:14 PM: File Sweep Complete, Elapsed Time: 01:28:35
3/8/2010 8:36:00 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\WINDOWS\SoftwareDistribution\Download\ab7d6e068db86374fa802a1e6644fd87\BITB.tmp]
3/8/2010 7:41:59 PM: Warning: AntiVirus engine for IFO returned [WL] on [C:\WINDOWS\NIRCMD.exe]
3/8/2010 7:20:38 PM: Starting File Sweep
3/8/2010 7:20:38 PM: \\.\PHYSICALDRIVE0 (ID = 0)
3/8/2010 7:20:31 PM: Found Troj/Mbroot-H: Troj/Mbroot-H
3/8/2010 7:20:31 PM: Informational: Detected boot sector virus Troj/Mbroot-H in \\.\PHYSICALDRIVE0
3/8/2010 7:20:30 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
3/8/2010 7:20:29 PM: Starting Cookie Sweep
3/8/2010 7:20:28 PM: Registry Sweep Complete, Elapsed Time:00:00:11
3/8/2010 7:20:17 PM: Starting Registry Sweep
3/8/2010 7:20:17 PM: Memory Sweep Complete, Elapsed Time: 00:02:36
3/8/2010 7:17:40 PM: Starting Memory Sweep
3/8/2010 7:17:37 PM: Start Full Sweep
3/8/2010 7:17:37 PM: Sweep initiated using definitions version 1650
3/8/2010 7:15:43 PM: Informational: ShieldEmail: Start monitoring port 25 for mail activities
3/8/2010 7:15:43 PM: Informational: ShieldEmail: Start monitoring port 110 for mail activities
3/8/2010 7:15:41 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\PCMService. Parse Failure
3/8/2010 7:15:41 PM: Warning: Unable to secure run key from ambiguous path exploit for HKU\S-1-5-21-1975857526-1641867396-262160769-1006\Software\Microsoft\Windows\CurrentVersion\Run\SansaDispatch. Parse Failure
3/8/2010 7:15:41 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Apoint. Parse Failure
3/8/2010 7:15:41 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\IgfxTray. Parse Failure
3/8/2010 7:15:41 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\HotKeysCmds. Parse Failure
3/8/2010 7:15:41 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Persistence. Parse Failure
3/8/2010 7:15:41 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Broadcom Wireless Manager UI. Parse Failure
3/8/2010 7:15:41 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\KADxMain. Parse Failure
3/8/2010 7:15:41 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\dscactivate. Parse Failure
3/8/2010 7:15:37 PM: Informational: Loaded AntiVirus Engine: 3.4.1; SDK Version: 4.50E; Virus Definitions: 03/08/2010 18:29:36 (GMT)
3/8/2010 7:14:45 PM: License Check Status (0): Success
3/8/2010 7:14:43 PM: Webroot Software 6.1.0.145 started
3/8/2010 7:14:43 PM: | Start of Session, Monday, March 08, 2010 |
***************
3/8/2010 7:05:28 PM: ApplicationMinimized - EXIT
3/8/2010 7:05:28 PM: ApplicationMinimized - ENTER
3/8/2010 6:26:48 PM: ApplicationMinimized - EXIT
3/8/2010 6:26:48 PM: ApplicationMinimized - ENTER
3/8/2010 5:31:48 PM: Traces Found: 1
3/8/2010 5:31:48 PM: Full Sweep has completed. Elapsed time 01:24:49
3/8/2010 5:31:47 PM: File Sweep Complete, Elapsed Time: 01:22:53
3/8/2010 5:21:19 PM: ApplicationMinimized - EXIT
3/8/2010 5:21:19 PM: ApplicationMinimized - ENTER
3/8/2010 5:18:31 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\WINDOWS\SoftwareDistribution\Download\ab7d6e068db86374fa802a1e6644fd87\BITB.tmp]
3/8/2010 4:27:54 PM: Warning: AntiVirus engine for IFO returned [WL] on [C:\WINDOWS\NIRCMD.exe]
3/8/2010 4:08:53 PM: Starting File Sweep
3/8/2010 4:08:53 PM: \\.\PHYSICALDRIVE0 (ID = 0)
3/8/2010 4:08:49 PM: Found Troj/Mbroot-H: Troj/Mbroot-H
3/8/2010 4:08:49 PM: Informational: Detected boot sector virus Troj/Mbroot-H in \\.\PHYSICALDRIVE0
3/8/2010 4:08:49 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
3/8/2010 4:08:47 PM: Starting Cookie Sweep
3/8/2010 4:08:45 PM: Registry Sweep Complete, Elapsed Time:00:00:16
3/8/2010 4:08:29 PM: Starting Registry Sweep
3/8/2010 4:08:29 PM: Memory Sweep Complete, Elapsed Time: 00:01:27
3/8/2010 4:07:01 PM: Starting Memory Sweep
3/8/2010 4:06:59 PM: Start Full Sweep
3/8/2010 4:06:59 PM: Sweep initiated using definitions version 1650
3/8/2010 4:04:36 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\PCMService. Parse Failure
3/8/2010 4:04:36 PM: Warning: Unable to secure run key from ambiguous path exploit for HKU\S-1-5-21-1975857526-1641867396-262160769-1006\Software\Microsoft\Windows\CurrentVersion\Run\SansaDispatch. Parse Failure
3/8/2010 4:04:36 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Apoint. Parse Failure
3/8/2010 4:04:36 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\IgfxTray. Parse Failure
3/8/2010 4:04:36 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\HotKeysCmds. Parse Failure
3/8/2010 4:04:36 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Persistence. Parse Failure
3/8/2010 4:04:36 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Broadcom Wireless Manager UI. Parse Failure
3/8/2010 4:04:36 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\KADxMain. Parse Failure
3/8/2010 4:04:36 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\dscactivate. Parse Failure
3/8/2010 4:04:36 PM: Informational: Loaded AntiVirus Engine: 3.4.1; SDK Version: 4.50E; Virus Definitions: 03/08/2010 18:29:36 (GMT)
3/8/2010 4:04:13 PM: License Check Status (0): Success
3/8/2010 4:04:04 PM: Webroot Software 6.1.0.145 started
3/8/2010 4:04:04 PM: | Start of Session, Monday, March 08, 2010 |
***************
3/8/2010 4:01:50 PM: Sweep Cancelled
3/8/2010 4:01:30 PM: ApplicationMinimized - EXIT
3/8/2010 4:01:30 PM: ApplicationMinimized - ENTER
3/8/2010 3:56:32 PM: ApplicationMinimized - EXIT
3/8/2010 3:56:32 PM: ApplicationMinimized - ENTER
3/8/2010 3:55:49 PM: ApplicationMinimized - EXIT
3/8/2010 3:55:49 PM: ApplicationMinimized - ENTER
3/8/2010 3:55:06 PM: ApplicationMinimized - EXIT
3/8/2010 3:55:06 PM: ApplicationMinimized - ENTER
3/8/2010 3:53:53 PM: Starting File Sweep
3/8/2010 3:53:53 PM: \\.\PHYSICALDRIVE0 (ID = 0)
3/8/2010 3:53:49 PM: Found Troj/Mbroot-H: Troj/Mbroot-H
3/8/2010 3:53:48 PM: Informational: Detected boot sector virus Troj/Mbroot-H in \\.\PHYSICALDRIVE0
3/8/2010 3:53:48 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
3/8/2010 3:53:47 PM: Starting Cookie Sweep
3/8/2010 3:53:46 PM: Registry Sweep Complete, Elapsed Time:00:00:16
3/8/2010 3:53:30 PM: Starting Registry Sweep
3/8/2010 3:53:30 PM: Memory Sweep Complete, Elapsed Time: 00:01:26
3/8/2010 3:52:04 PM: Starting Memory Sweep
3/8/2010 3:52:00 PM: Start Full Sweep
3/8/2010 3:52:00 PM: Sweep initiated using definitions version 1650
3/8/2010 3:51:31 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\PCMService. Parse Failure
3/8/2010 3:51:31 PM: Warning: Unable to secure run key from ambiguous path exploit for HKU\S-1-5-21-1975857526-1641867396-262160769-1006\Software\Microsoft\Windows\CurrentVersion\Run\SansaDispatch. Parse Failure
3/8/2010 3:51:31 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Apoint. Parse Failure
3/8/2010 3:51:31 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\IgfxTray. Parse Failure
3/8/2010 3:51:31 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\HotKeysCmds. Parse Failure
3/8/2010 3:51:31 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Persistence. Parse Failure
3/8/2010 3:51:31 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Broadcom Wireless Manager UI. Parse Failure
3/8/2010 3:51:31 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\KADxMain. Parse Failure
3/8/2010 3:51:31 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\dscactivate. Parse Failure
3/8/2010 3:51:31 PM: Informational: Loaded AntiVirus Engine: 3.4.1; SDK Version: 4.50E; Virus Definitions: 03/08/2010 18:29:36 (GMT)
3/8/2010 3:51:07 PM: License Check Status (0): Success
3/8/2010 3:50:56 PM: Webroot Software 6.1.0.145 started
3/8/2010 3:50:56 PM: | Start of Session, Monday, March 08, 2010 |
***************
3/8/2010 3:48:25 PM: License Check Status (0): Success
3/8/2010 3:48:22 PM: Webroot Software 6.1.0.145 started
3/8/2010 3:48:22 PM: | Start of Session, Monday, March 08, 2010 |
***************
3/8/2010 3:42:33 PM: None
3/8/2010 3:42:33 PM: Traces Found: 0
3/8/2010 3:42:32 PM: Memory Sweep Complete, Elapsed Time: 00:00:19
3/8/2010 3:42:32 PM: Sweep Cancelled
3/8/2010 3:42:13 PM: Starting Memory Sweep
3/8/2010 3:42:12 PM: Start Full Sweep
3/8/2010 3:42:12 PM: Sweep initiated using definitions version 1650
3/8/2010 3:41:53 PM: Sweep Status: 1 Item Found
3/8/2010 3:41:53 PM: Traces Found: 1
3/8/2010 3:41:53 PM: File Sweep Complete, Elapsed Time: 00:00:12
3/8/2010 3:41:52 PM: Sweep Cancelled
3/8/2010 3:41:40 PM: Starting File Sweep
3/8/2010 3:41:40 PM: \\.\PHYSICALDRIVE0 (ID = 0)
3/8/2010 3:41:32 PM: Found Troj/Mbroot-H: Troj/Mbroot-H
3/8/2010 3:41:32 PM: Informational: Detected boot sector virus Troj/Mbroot-H in \\.\PHYSICALDRIVE0
3/8/2010 3:41:32 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
3/8/2010 3:41:31 PM: Starting Cookie Sweep
3/8/2010 3:41:30 PM: Registry Sweep Complete, Elapsed Time:00:00:11
3/8/2010 3:41:18 PM: Starting Registry Sweep
3/8/2010 3:41:18 PM: Memory Sweep Complete, Elapsed Time: 00:02:37
3/8/2010 3:38:40 PM: Starting Memory Sweep
3/8/2010 3:38:36 PM: Start Full Sweep
3/8/2010 3:38:36 PM: Sweep initiated using definitions version 1650
3/8/2010 3:37:49 PM: Informational: ShieldEmail: Start monitoring port 25 for mail activities
3/8/2010 3:37:49 PM: Informational: ShieldEmail: Start monitoring port 110 for mail activities
3/8/2010 3:37:48 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\PCMService. Parse Failure
3/8/2010 3:37:48 PM: Warning: Unable to secure run key from ambiguous path exploit for HKU\S-1-5-21-1975857526-1641867396-262160769-1006\Software\Microsoft\Windows\CurrentVersion\Run\SansaDispatch. Parse Failure
3/8/2010 3:37:48 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Apoint. Parse Failure
3/8/2010 3:37:48 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\IgfxTray. Parse Failure
3/8/2010 3:37:48 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\HotKeysCmds. Parse Failure
3/8/2010 3:37:48 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Persistence. Parse Failure
3/8/2010 3:37:48 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Broadcom Wireless Manager UI. Parse Failure
3/8/2010 3:37:48 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\KADxMain. Parse Failure
3/8/2010 3:37:48 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\dscactivate. Parse Failure
3/8/2010 3:37:44 PM: Informational: Loaded AntiVirus Engine: 3.4.1; SDK Version: 4.50E; Virus Definitions: 03/08/2010 18:29:36 (GMT)
3/8/2010 3:36:42 PM: License Check Status (0): Success
3/8/2010 3:36:40 PM: Webroot Software 6.1.0.145 started
3/8/2010 3:36:40 PM: | Start of Session, Monday, March 08, 2010 |
***************
3/8/2010 3:34:58 PM: ApplicationMinimized - EXIT
3/8/2010 3:34:58 PM: ApplicationMinimized - ENTER
3/8/2010 3:33:09 PM: Sweep Status: 1 Item Found
3/8/2010 3:33:09 PM: Traces Found: 1
3/8/2010 3:33:09 PM: File Sweep Complete, Elapsed Time: 00:00:34
3/8/2010 3:33:08 PM: Sweep Cancelled
3/8/2010 3:32:34 PM: Starting File Sweep
3/8/2010 3:32:34 PM: \\.\PHYSICALDRIVE0 (ID = 0)
3/8/2010 3:32:34 PM: Found Troj/Mbroot-H: Troj/Mbroot-H
3/8/2010 3:32:33 PM: Informational: Detected boot sector virus Troj/Mbroot-H in \\.\PHYSICALDRIVE0
3/8/2010 3:32:33 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
3/8/2010 3:32:32 PM: Starting Cookie Sweep
3/8/2010 3:32:32 PM: Registry Sweep Complete, Elapsed Time:00:00:17
3/8/2010 3:32:14 PM: Starting Registry Sweep
3/8/2010 3:32:14 PM: Memory Sweep Complete, Elapsed Time: 00:01:45
3/8/2010 3:30:28 PM: Starting Memory Sweep
3/8/2010 3:30:26 PM: Start Full Sweep
3/8/2010 3:30:26 PM: Sweep initiated using definitions version 1650
3/8/2010 3:26:06 PM: Removal process completed. Elapsed time 00:00:02
3/8/2010 3:26:05 PM: Quarantining All Traces: Troj/Mbroot-H
3/8/2010 3:26:04 PM: Removal process initiated
3/8/2010 3:21:14 PM: Traces Found: 1
3/8/2010 3:21:14 PM: Full Sweep has completed. Elapsed time 01:25:46
3/8/2010 3:21:13 PM: File Sweep Complete, Elapsed Time: 01:23:50
3/8/2010 3:07:38 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\WINDOWS\SoftwareDistribution\Download\ab7d6e068db86374fa802a1e6644fd87\BITB.tmp]
3/8/2010 2:16:20 PM: Warning: AntiVirus engine for IFO returned [WL] on [C:\WINDOWS\NIRCMD.exe]
3/8/2010 2:05:39 PM: ApplicationMinimized - EXIT
3/8/2010 2:05:39 PM: ApplicationMinimized - ENTER
3/8/2010 1:57:22 PM: Starting File Sweep
3/8/2010 1:57:22 PM: \\.\PHYSICALDRIVE0 (ID = 0)
3/8/2010 1:57:18 PM: Found Troj/Mbroot-H: Troj/Mbroot-H
3/8/2010 1:57:18 PM: Informational: Detected boot sector virus Troj/Mbroot-H in \\.\PHYSICALDRIVE0
3/8/2010 1:57:18 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
3/8/2010 1:57:17 PM: Starting Cookie Sweep
3/8/2010 1:57:15 PM: Registry Sweep Complete, Elapsed Time:00:00:15
3/8/2010 1:56:59 PM: Starting Registry Sweep
3/8/2010 1:56:59 PM: Memory Sweep Complete, Elapsed Time: 00:01:27
3/8/2010 1:55:31 PM: Starting Memory Sweep
3/8/2010 1:55:28 PM: Start Full Sweep
3/8/2010 1:55:28 PM: Sweep initiated using definitions version 1650
3/8/2010 1:55:15 PM: Deletion from quarantine completed. Elapsed time 00:00:00
3/8/2010 1:55:15 PM: Processing: Mal/Rootkit-Q
3/8/2010 1:55:15 PM: Deletion from quarantine initiated
3/8/2010 1:55:10 PM: Deletion from quarantine completed. Elapsed time 00:00:00
3/8/2010 1:55:10 PM: Processing: xiti cookie
3/8/2010 1:55:10 PM: Processing: zedo cookie
3/8/2010 1:55:10 PM: Processing: zedo cookie
3/8/2010 1:55:10 PM: Processing: zedo cookie
3/8/2010 1:55:10 PM: Processing: tacoda cookie
3/8/2010 1:55:10 PM: Processing: tacoda cookie
3/8/2010 1:55:10 PM: Processing: tacoda cookie
3/8/2010 1:55:10 PM: Processing: tacoda cookie
3/8/2010 1:55:10 PM: Processing: tacoda cookie
3/8/2010 1:55:10 PM: Processing: tacoda cookie
3/8/2010 1:55:10 PM: Processing: tacoda cookie
3/8/2010 1:55:10 PM: Processing: tacoda cookie
3/8/2010 1:55:10 PM: Processing: tacoda cookie
3/8/2010 1:55:10 PM: Processing: tacoda cookie
3/8/2010 1:55:10 PM: Processing: tacoda cookie
3/8/2010 1:55:10 PM: Processing: doubleclick cookie
3/8/2010 1:55:10 PM: Processing: atlas dmt cookie
3/8/2010 1:55:10 PM: Processing: atlas dmt cookie
3/8/2010 1:55:10 PM: Processing: atwola cookie
3/8/2010 1:55:10 PM: Processing: atwola cookie
3/8/2010 1:55:10 PM: Processing: atlas dmt cookie
3/8/2010 1:55:10 PM: Processing: atlas dmt cookie
3/8/2010 1:55:10 PM: Processing: atlas dmt cookie
3/8/2010 1:55:10 PM: Processing: atlas dmt cookie
3/8/2010 1:55:10 PM: Processing: atlas dmt cookie
3/8/2010 1:55:10 PM: Processing: doubleclick cookie
3/8/2010 1:55:10 PM: Processing: atwola cookie
3/8/2010 1:55:10 PM: Processing: atwola cookie
3/8/2010 1:55:10 PM: Processing: atlas dmt cookie
3/8/2010 1:55:10 PM: Processing: atlas dmt cookie
3/8/2010 1:55:10 PM: Processing: atlas dmt cookie
3/8/2010 1:55:10 PM: Processing: atlas dmt cookie
3/8/2010 1:55:10 PM: Processing: statcounter cookie
3/8/2010 1:55:10 PM: Processing: statcounter cookie
3/8/2010 1:55:10 PM: Processing: webtrendslive cookie
3/8/2010 1:55:10 PM: Processing: atlas dmt cookie
3/8/2010 1:55:10 PM: Processing: atlas dmt cookie
3/8/2010 1:55:10 PM: Processing: webtrendslive cookie
3/8/2010 1:55:10 PM: Processing: questionmarket cookie
3/8/2010 1:55:10 PM: Processing: specificclick.com cookie
3/8/2010 1:55:10 PM: Processing: specificclick.com cookie
3/8/2010 1:55:10 PM: Processing: specificclick.com cookie
3/8/2010 1:55:10 PM: Processing: specificclick.com cookie
3/8/2010 1:55:10 PM: Processing: specificclick.com cookie
3/8/2010 1:55:10 PM: Processing: specificclick.com cookie
3/8/2010 1:55:10 PM: Processing: redsheriff cookies
3/8/2010 1:55:10 PM: Processing: redsheriff cookies
3/8/2010 1:55:10 PM: Processing: redsheriff cookies
3/8/2010 1:55:10 PM: Processing: mygeek cookie
3/8/2010 1:55:10 PM: Processing: tribalfusion cookie
3/8/2010 1:55:10 PM: Processing: tribalfusion cookie
3/8/2010 1:55:10 PM: Processing: coremetrics cookie
3/8/2010 1:55:10 PM: Processing: doubleclick cookie
3/8/2010 1:55:10 PM: Processing: atlas dmt cookie
3/8/2010 1:55:10 PM: Processing: atlas dmt cookie
3/8/2010 1:55:10 PM: Processing: doubleclick cookie
3/8/2010 1:55:10 PM: Processing: doubleclick cookie
3/8/2010 1:55:10 PM: Processing: doubleclick cookie
3/8/2010 1:55:10 PM: Processing: yieldmanager cookie
3/8/2010 1:55:10 PM: Processing: yieldmanager cookie
3/8/2010 1:55:10 PM: Processing: yieldmanager cookie
3/8/2010 1:55:10 PM: Processing: yieldmanager cookie
3/8/2010 1:55:10 PM: Processing: yieldmanager cookie
3/8/2010 1:55:10 PM: Processing: yieldmanager cookie
3/8/2010 1:55:10 PM: Processing: yieldmanager cookie
3/8/2010 1:55:10 PM: Processing: yieldmanager cookie
3/8/2010 1:55:10 PM: Processing: yieldmanager cookie
3/8/2010 1:55:10 PM: Processing: pointroll cookie
3/8/2010 1:55:10 PM: Processing: pointroll cookie
3/8/2010 1:55:10 PM: Processing: pointroll cookie
3/8/2010 1:55:10 PM: Processing: pointroll cookie
3/8/2010 1:55:10 PM: Processing: pointroll cookie
3/8/2010 1:55:10 PM: Processing: pointroll cookie
3/8/2010 1:55:10 PM: Processing: atwola cookie
3/8/2010 1:55:10 PM: Processing: atlas dmt cookie
3/8/2010 1:55:10 PM: Processing: advertising cookie
3/8/2010 1:55:10 PM: Processing: atlas dmt cookie
3/8/2010 1:55:10 PM: Processing: advertising cookie
3/8/2010 1:55:10 PM: Processing: atwola cookie
3/8/2010 1:55:10 PM: Processing: burstnet cookie
3/8/2010 1:55:10 PM: Processing: apmebf cookie
3/8/2010 1:55:10 PM: Processing: apmebf cookie
3/8/2010 1:55:10 PM: Processing: adecn cookie
3/8/2010 1:55:10 PM: Processing: dealtime cookie
3/8/2010 1:55:10 PM: Processing: dealtime cookie
3/8/2010 1:55:10 PM: Processing: advertising cookie
3/8/2010 1:55:10 PM: Processing: advertising cookie
3/8/2010 1:55:10 PM: Processing: advertising cookie
3/8/2010 1:55:10 PM: Processing: advertising cookie
3/8/2010 1:55:10 PM: Processing: advertising cookie
3/8/2010 1:55:10 PM: Processing: advertising cookie
3/8/2010 1:55:10 PM: Processing: advertising cookie
3/8/2010 1:55:10 PM: Processing: advertising cookie
3/8/2010 1:55:10 PM: Processing: advertising cookie
3/8/2010 1:55:10 PM: Processing: advertising cookie
3/8/2010 1:55:10 PM: Processing: advertising cookie
3/8/2010 1:55:10 PM: Processing: advertising cookie
3/8/2010 1:55:10 PM: Processing: webtrendslive cookie
3/8/2010 1:55:10 PM: Processing: advertising cookie
3/8/2010 1:55:10 PM: Processing: webtrendslive cookie
3/8/2010 1:55:10 PM: Processing: mediaplex cookie
3/8/2010 1:55:10 PM: Processing: mediaplex cookie
3/8/2010 1:55:10 PM: Processing: realmedia cookie
3/8/2010 1:55:10 PM: Processing: rogue security products
3/8/2010 1:55:10 PM: Processing: rogue security products
3/8/2010 1:55:10 PM: Processing: Troj/ByteVer-H
3/8/2010 1:55:10 PM: Processing: Troj/ByteVer-H
3/8/2010 1:55:10 PM: Processing: Troj/ByteVer-H
3/8/2010 1:55:10 PM: Processing: Troj/Agent-MNR
3/8/2010 1:55:10 PM: Processing: Mal/FakeAvJs-A
3/8/2010 1:55:10 PM: Processing: Mal/FakeAV-BW
3/8/2010 1:55:10 PM: Processing: Mal/FakeAV-BW
3/8/2010 1:55:10 PM: Processing: fakealert.gen
3/8/2010 1:55:10 PM: Processing: fakealert.gen
3/8/2010 1:55:10 PM: Processing: trojan.gen
3/8/2010 1:55:09 PM: Deletion from quarantine initiated
3/8/2010 1:53:48 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\PCMService. Parse Failure
3/8/2010 1:53:48 PM: Warning: Unable to secure run key from ambiguous path exploit for HKU\S-1-5-21-1975857526-1641867396-262160769-1006\Software\Microsoft\Windows\CurrentVersion\Run\SansaDispatch. Parse Failure
3/8/2010 1:53:48 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Apoint. Parse Failure
3/8/2010 1:53:48 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\IgfxTray. Parse Failure
3/8/2010 1:53:48 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\HotKeysCmds. Parse Failure
3/8/2010 1:53:48 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Persistence. Parse Failure
3/8/2010 1:53:48 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Broadcom Wireless Manager UI. Parse Failure
3/8/2010 1:53:48 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\KADxMain. Parse Failure
3/8/2010 1:53:48 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\dscactivate. Parse Failure
3/8/2010 1:53:47 PM: Informational: Loaded AntiVirus Engine: 3.4.1; SDK Version: 4.50E; Virus Definitions: 03/08/2010 18:29:36 (GMT)
3/8/2010 1:53:20 PM: License Check Status (0): Success
3/8/2010 1:53:09 PM: Webroot Software 6.1.0.145 started
3/8/2010 1:53:09 PM: | Start of Session, Monday, March 08, 2010 |
***************
3/8/2010 1:47:04 PM: ApplicationMinimized - EXIT
3/8/2010 1:47:04 PM: ApplicationMinimized - ENTER
3/8/2010 1:47:01 PM: Removal process completed. Elapsed time 00:00:01
3/8/2010 1:47:00 PM: Quarantining All Traces: atlas dmt cookie
3/8/2010 1:47:00 PM: Quarantining All Traces: Troj/Mbroot-H
3/8/2010 1:47:00 PM: Removal process initiated
3/8/2010 1:46:48 PM: Sweep Status: 2 Items Detected
3/8/2010 1:46:48 PM: Traces Found: 2
3/8/2010 1:46:48 PM: File Sweep Complete, Elapsed Time: 00:02:41
3/8/2010 1:46:47 PM: Sweep Cancelled
3/8/2010 1:44:06 PM: Starting File Sweep
3/8/2010 1:44:06 PM: \\.\PHYSICALDRIVE0 (ID = 0)
3/8/2010 1:44:01 PM: Found Troj/Mbroot-H: Troj/Mbroot-H
3/8/2010 1:44:01 PM: Informational: Detected boot sector virus Troj/Mbroot-H in \\.\PHYSICALDRIVE0
3/8/2010 1:44:01 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
3/8/2010 1:44:01 PM: c:\documents and settings\lynn\cookies\lynn@atdmt[1].txt (ID = 2253)
3/8/2010 1:44:01 PM: Found Spy Cookie: atlas dmt cookie
3/8/2010 1:44:01 PM: Starting Cookie Sweep
3/8/2010 1:43:59 PM: Registry Sweep Complete, Elapsed Time:00:00:14
3/8/2010 1:43:44 PM: Starting Registry Sweep
3/8/2010 1:43:44 PM: Memory Sweep Complete, Elapsed Time: 00:02:19
3/8/2010 1:42:37 PM: ApplicationMinimized - EXIT
3/8/2010 1:42:37 PM: ApplicationMinimized - ENTER
3/8/2010 1:41:25 PM: Starting Memory Sweep
3/8/2010 1:41:22 PM: Start Full Sweep
3/8/2010 1:41:22 PM: Sweep initiated using definitions version 1650
3/8/2010 1:41:15 PM: ApplicationMinimized - EXIT
3/8/2010 1:41:15 PM: ApplicationMinimized - ENTER
3/8/2010 1:40:42 PM: Removal process completed. Elapsed time 00:00:01
3/8/2010 1:40:42 PM: Quarantining All Traces: redsheriff cookies
3/8/2010 1:40:41 PM: Quarantining All Traces: doubleclick cookie
3/8/2010 1:40:41 PM: Quarantining All Traces: dealtime cookie
3/8/2010 1:40:41 PM: Quarantining All Traces: coremetrics cookie
3/8/2010 1:40:41 PM: Quarantining All Traces: specificclick.com cookie
3/8/2010 1:40:41 PM: Quarantining All Traces: atlas dmt cookie
3/8/2010 1:40:41 PM: Quarantining All Traces: yieldmanager cookie
3/8/2010 1:40:41 PM: Quarantining All Traces: Troj/Mbroot-H
3/8/2010 1:40:40 PM: Removal process initiated
3/8/2010 1:40:01 PM: Sweep Status: 8 Items Detected
3/8/2010 1:40:01 PM: Traces Found: 13
3/8/2010 1:40:01 PM: File Sweep Complete, Elapsed Time: 00:11:22
3/8/2010 1:40:01 PM: Sweep Cancelled
3/8/2010 1:28:39 PM: Starting File Sweep
3/8/2010 1:28:39 PM: \\.\PHYSICALDRIVE0 (ID = 0)
3/8/2010 1:28:31 PM: Found Troj/Mbroot-H: Troj/Mbroot-H
3/8/2010 1:28:31 PM: Informational: Detected boot sector virus Troj/Mbroot-H in \\.\PHYSICALDRIVE0
3/8/2010 1:28:30 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
3/8/2010 1:28:30 PM: C:\Documents and Settings\Lynn\Application Data\Mozilla\Firefox\Profiles\glyasa1q.default\cookies.sqlite (ID = 2253)
3/8/2010 1:28:30 PM: C:\Documents and Settings\Lynn\Application Data\Mozilla\Firefox\Profiles\glyasa1q.default\cookies.sqlite (ID = 2253)
3/8/2010 1:28:30 PM: C:\Documents and Settings\Lynn\Application Data\Mozilla\Firefox\Profiles\glyasa1q.default\cookies.sqlite (ID = 2253)
3/8/2010 1:28:30 PM: c:\documents and settings\lynn\cookies\lynn@stat.dealtime[1].txt (ID = 2506)
3/8/2010 1:28:30 PM: c:\documents and settings\lynn\cookies\lynn@specificclick[1].txt (ID = 3399)
3/8/2010 1:28:30 PM: c:\documents and settings\lynn\cookies\lynn@imrworldwide[2].txt (ID = 2845)
3/8/2010 1:28:30 PM: Found Spy Cookie: redsheriff cookies
3/8/2010 1:28:30 PM: c:\documents and settings\lynn\cookies\lynn@doubleclick[1].txt (ID = 17499)
3/8/2010 1:28:30 PM: Found Spy Cookie: doubleclick cookie
3/8/2010 1:28:30 PM: c:\documents and settings\lynn\cookies\lynn@dealtime[1].txt (ID = 2505)
3/8/2010 1:28:30 PM: Found Spy Cookie: dealtime cookie
3/8/2010 1:28:30 PM: c:\documents and settings\lynn\cookies\lynn@data.coremetrics[1].txt (ID = 2472)
3/8/2010 1:28:30 PM: Found Spy Cookie: coremetrics cookie
3/8/2010 1:28:30 PM: c:\documents and settings\lynn\cookies\lynn@cdn4.specificclick[1].txt (ID = 3400)
3/8/2010 1:28:30 PM: Found Spy Cookie: specificclick.com cookie
3/8/2010 1:28:30 PM: c:\documents and settings\lynn\cookies\lynn@atdmt[1].txt (ID = 2253)
3/8/2010 1:28:30 PM: Found Spy Cookie: atlas dmt cookie
3/8/2010 1:28:30 PM: c:\documents and settings\lynn\cookies\lynn@ad.yieldmanager[2].txt (ID = 3751)
3/8/2010 1:28:30 PM: Found Spy Cookie: yieldmanager cookie
3/8/2010 1:28:29 PM: Starting Cookie Sweep
3/8/2010 1:28:28 PM: Registry Sweep Complete, Elapsed Time:00:00:12
3/8/2010 1:28:16 PM: Starting Registry Sweep
3/8/2010 1:28:15 PM: Memory Sweep Complete, Elapsed Time: 00:02:42
3/8/2010 1:25:33 PM: Starting Memory Sweep
3/8/2010 1:25:28 PM: Start Full Sweep
3/8/2010 1:25:28 PM: Sweep initiated using definitions version 1650
3/8/2010 1:21:58 PM: Your virus definitions have been updated.
3/8/2010 1:21:58 PM: Informational: Loaded AntiVirus Engine: 3.4.1; SDK Version: 4.50E; Virus Definitions: 03/05/2010 22:46:20 (GMT)
3/8/2010 1:21:58 PM: Your security definitions have been updated.
3/8/2010 1:21:58 PM: License Check Status (0): Success
3/8/2010 1:21:39 PM: Automated check for program update in progress.
3/8/2010 1:18:24 PM: Informational: ShieldEmail: Start monitoring port 25 for mail activities
3/8/2010 1:18:24 PM: Informational: ShieldEmail: Start monitoring port 110 for mail activities
3/8/2010 1:18:24 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\PCMService. Parse Failure
3/8/2010 1:18:24 PM: Warning: Unable to secure run key from ambiguous path exploit for HKU\S-1-5-21-1975857526-1641867396-262160769-1006\Software\Microsoft\Windows\CurrentVersion\Run\SansaDispatch. Parse Failure
3/8/2010 1:18:24 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Apoint. Parse Failure
3/8/2010 1:18:24 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\IgfxTray. Parse Failure
3/8/2010 1:18:24 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\HotKeysCmds. Parse Failure
3/8/2010 1:18:24 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Persistence. Parse Failure
3/8/2010 1:18:24 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Broadcom Wireless Manager UI. Parse Failure
3/8/2010 1:18:24 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\KADxMain. Parse Failure
3/8/2010 1:18:24 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\dscactivate. Parse Failure
3/8/2010 1:18:20 PM: Informational: Loaded AntiVirus Engine: 3.4.1; SDK Version: 4.50E; Virus Definitions: 03/05/2010 22:46:20 (GMT)
3/8/2010 1:17:28 PM: License Check Status (0): Success
3/8/2010 1:17:25 PM: Webroot Software 6.1.0.145 started
3/8/2010 1:17:25 PM: | Start of Session, Monday, March 08, 2010 |
***************
3/8/2010 12:39:16 PM: Informational: ShieldEmail: Start monitoring port 25 for mail activities
3/8/2010 12:39:16 PM: Informational: ShieldEmail: Start monitoring port 110 for mail activities
3/8/2010 12:39:16 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\PCMService. Parse Failure
3/8/2010 12:39:16 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\QuickTime Task. Parse Failure
3/8/2010 12:39:16 PM: Warning: Unable to secure run key from ambiguous path exploit for HKU\S-1-5-21-1975857526-1641867396-262160769-1006\Software\Microsoft\Windows\CurrentVersion\Run\DellAutomatedPCTuneUp. Parse Failure
3/8/2010 12:39:16 PM: Warning: Unable to secure run key from ambiguous path exploit for HKU\S-1-5-21-1975857526-1641867396-262160769-1006\Software\Microsoft\Windows\CurrentVersion\Run\SansaDispatch. Parse Failure
3/8/2010 12:39:16 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Apoint. Parse Failure
3/8/2010 12:39:16 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\IgfxTray. Parse Failure
3/8/2010 12:39:16 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\HotKeysCmds. Parse Failure
3/8/2010 12:39:16 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Persistence. Parse Failure
3/8/2010 12:39:16 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched. Parse Failure
3/8/2010 12:39:16 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Dell QuickSet. Parse Failure
3/8/2010 12:39:16 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Broadcom Wireless Manager UI. Parse Failure
3/8/2010 12:39:16 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\KADxMain. Parse Failure
3/8/2010 12:39:16 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Google Desktop Search. Parse Failure
3/8/2010 12:39:16 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ECenter. Parse Failure
3/8/2010 12:39:16 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\dscactivate. Parse Failure
3/8/2010 12:39:11 PM: Informational: Loaded AntiVirus Engine: 3.4.1; SDK Version: 4.50E; Virus Definitions: 03/05/2010 22:46:20 (GMT)
3/8/2010 12:38:05 PM: License Check Status (0): Success
3/8/2010 12:38:02 PM: Webroot Software 6.1.0.145 started
3/8/2010 12:38:02 PM: | Start of Session, Monday, March 08, 2010 |
***************
3/7/2010 6:44:09 AM: Informational: Loaded AntiVirus Engine: 3.4.1; SDK Version: 4.50E; Virus Definitions: 03/05/2010 22:46:20 (GMT)
3/7/2010 6:42:58 AM: License Check Status (0): Success
3/7/2010 6:42:55 AM: Webroot Software 6.1.0.145 started
3/7/2010 6:42:55 AM: | Start of Session, Sunday, March 07, 2010 |
***************
3/7/2010 6:32:50 AM: Informational: ShieldEmail: Start monitoring port 25 for mail activities
3/7/2010 6:32:50 AM: Informational: ShieldEmail: Start monitoring port 110 for mail activities
3/7/2010 6:32:48 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\PCMService. Parse Failure
3/7/2010 6:32:48 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\QuickTime Task. Parse Failure
3/7/2010 6:32:48 AM: Warning: Unable to secure run key from ambiguous path exploit for HKU\S-1-5-21-1975857526-1641867396-262160769-1006\Software\Microsoft\Windows\CurrentVersion\Run\DellAutomatedPCTuneUp. Parse Failure
3/7/2010 6:32:48 AM: Warning: Unable to secure run key from ambiguous path exploit for HKU\S-1-5-21-1975857526-1641867396-262160769-1006\Software\Microsoft\Windows\CurrentVersion\Run\SansaDispatch. Parse Failure
3/7/2010 6:32:48 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Apoint. Parse Failure
3/7/2010 6:32:48 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\IgfxTray. Parse Failure
3/7/2010 6:32:48 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\HotKeysCmds. Parse Failure
3/7/2010 6:32:48 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Persistence. Parse Failure
3/7/2010 6:32:48 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched. Parse Failure
3/7/2010 6:32:48 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Dell QuickSet. Parse Failure
3/7/2010 6:32:48 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Broadcom Wireless Manager UI. Parse Failure
3/7/2010 6:32:48 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\KADxMain. Parse Failure
3/7/2010 6:32:48 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Google Desktop Search. Parse Failure
3/7/2010 6:32:48 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ECenter. Parse Failure
3/7/2010 6:32:48 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\dscactivate. Parse Failure
3/7/2010 6:32:45 AM: Informational: Loaded AntiVirus Engine: 3.4.1; SDK Version: 4.50E; Virus Definitions: 03/05/2010 22:46:20 (GMT)
3/7/2010 6:31:46 AM: License Check Status (0): Success
3/7/2010 6:31:43 AM: Webroot Software 6.1.0.145 started
3/7/2010 6:31:43 AM: | Start of Session, Sunday, March 07, 2010 |
***************
3/7/2010 6:30:14 AM: Informational: ShieldEmail: Start monitoring port 25 for mail activities
3/7/2010 6:30:14 AM: Informational: ShieldEmail: Start monitoring port 110 for mail activities
3/7/2010 6:30:13 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\PCMService. Parse Failure
3/7/2010 6:30:13 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\QuickTime Task. Parse Failure
3/7/2010 6:30:13 AM: Warning: Unable to secure run key from ambiguous path exploit for HKU\S-1-5-21-1975857526-1641867396-262160769-1006\Software\Microsoft\Windows\CurrentVersion\Run\DellAutomatedPCTuneUp. Parse Failure
3/7/2010 6:30:13 AM: Warning: Unable to secure run key from ambiguous path exploit for HKU\S-1-5-21-1975857526-1641867396-262160769-1006\Software\Microsoft\Windows\CurrentVersion\Run\SansaDispatch. Parse Failure
3/7/2010 6:30:13 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Apoint. Parse Failure
3/7/2010 6:30:13 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\IgfxTray. Parse Failure
3/7/2010 6:30:13 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\HotKeysCmds. Parse Failure
3/7/2010 6:30:13 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Persistence. Parse Failure
3/7/2010 6:30:13 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched. Parse Failure
3/7/2010 6:30:13 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Dell QuickSet. Parse Failure
3/7/2010 6:30:13 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Broadcom Wireless Manager UI. Parse Failure
3/7/2010 6:30:13 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\KADxMain. Parse Failure
3/7/2010 6:30:13 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Google Desktop Search. Parse Failure
3/7/2010 6:30:13 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ECenter. Parse Failure
3/7/2010 6:30:13 AM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\dscactivate. Parse Failure
3/7/2010 6:30:10 AM: Informational: Loaded AntiVirus Engine: 3.4.1; SDK Version: 4.50E; Virus Definitions: 03/05/2010 22:46:20 (GMT)
3/7/2010 6:26:01 AM: License Check Status (0): Success
3/7/2010 6:25:58 AM: Webroot Software 6.1.0.145 started
3/7/2010 6:25:58 AM: | Start of Session, Sunday, March 07, 2010 |
***************
3/5/2010 4:12:53 PM: Your virus definitions have been updated.
3/5/2010 4:12:53 PM: Informational: Loaded AntiVirus Engine: 3.4.1; SDK Version: 4.50E; Virus Definitions: 03/04/2010 17:40:12 (GMT)
3/5/2010 4:12:53 PM: Your security definitions have been updated.
3/5/2010 4:12:31 PM: License Check Status (0): Success
3/5/2010 4:12:30 PM: Automated check for program update in progress.
3/5/2010 3:11:49 PM: Informational: ShieldEmail: Start monitoring port 25 for mail activities
3/5/2010 3:11:49 PM: Informational: ShieldEmail: Start monitoring port 110 for mail activities
3/5/2010 3:11:46 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\PCMService. Parse Failure
3/5/2010 3:11:46 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\QuickTime Task. Parse Failure
3/5/2010 3:11:46 PM: Warning: Unable to secure run key from ambiguous path exploit for HKU\S-1-5-21-1975857526-1641867396-262160769-1006\Software\Microsoft\Windows\CurrentVersion\Run\DellAutomatedPCTuneUp. Parse Failure
3/5/2010 3:11:46 PM: Warning: Unable to secure run key from ambiguous path exploit for HKU\S-1-5-21-1975857526-1641867396-262160769-1006\Software\Microsoft\Windows\CurrentVersion\Run\SansaDispatch. Parse Failure
3/5/2010 3:11:46 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Apoint. Parse Failure
3/5/2010 3:11:46 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\IgfxTray. Parse Failure
3/5/2010 3:11:46 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\HotKeysCmds. Parse Failure
3/5/2010 3:11:46 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Persistence. Parse Failure
3/5/2010 3:11:46 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched. Parse Failure
3/5/2010 3:11:46 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Dell QuickSet. Parse Failure
3/5/2010 3:11:46 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Broadcom Wireless Manager UI. Parse Failure
3/5/2010 3:11:46 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\KADxMain. Parse Failure
3/5/2010 3:11:46 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Google Desktop Search. Parse Failure
3/5/2010 3:11:46 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ECenter. Parse Failure
3/5/2010 3:11:46 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\dscactivate. Parse Failure
3/5/2010 3:11:43 PM: Informational: Loaded AntiVirus Engine: 3.4.1; SDK Version: 4.50E; Virus Definitions: 03/04/2010 17:40:12 (GMT)
3/5/2010 3:10:46 PM: License Check Status (0): Success
3/5/2010 3:10:43 PM: Webroot Software 6.1.0.145 started
3/5/2010 3:10:43 PM: | Start of Session, Friday, March 05, 2010 |
***************
3/5/2010 2:14:27 PM: Informational: ShieldEmail: Start monitoring port 25 for mail activities
3/5/2010 2:14:27 PM: Informational: ShieldEmail: Start monitoring port 110 for mail activities
3/5/2010 2:14:25 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\PCMService. Parse Failure
3/5/2010 2:14:25 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\QuickTime Task. Parse Failure
3/5/2010 2:14:25 PM: Warning: Unable to secure run key from ambiguous path exploit for HKU\S-1-5-21-1975857526-1641867396-262160769-1006\Software\Microsoft\Windows\CurrentVersion\Run\DellAutomatedPCTuneUp. Parse Failure
3/5/2010 2:14:25 PM: Warning: Unable to secure run key from ambiguous path exploit for HKU\S-1-5-21-1975857526-1641867396-262160769-1006\Software\Microsoft\Windows\CurrentVersion\Run\SansaDispatch. Parse Failure
3/5/2010 2:14:25 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Apoint. Parse Failure
3/5/2010 2:14:25 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\IgfxTray. Parse Failure
3/5/2010 2:14:25 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\HotKeysCmds. Parse Failure
3/5/2010 2:14:25 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Persistence. Parse Failure
3/5/2010 2:14:25 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched. Parse Failure
3/5/2010 2:14:25 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Dell QuickSet. Parse Failure
3/5/2010 2:14:25 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Broadcom Wireless Manager UI. Parse Failure
3/5/2010 2:14:25 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\KADxMain. Parse Failure
3/5/2010 2:14:25 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Google Desktop Search. Parse Failure
3/5/2010 2:14:25 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ECenter. Parse Failure
3/5/2010 2:14:25 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\dscactivate. Parse Failure
3/5/2010 2:14:22 PM: Informational: Loaded AntiVirus Engine: 3.4.1; SDK Version: 4.50E; Virus Definitions: 03/04/2010 17:40:12 (GMT)
3/5/2010 2:12:56 PM: License Check Status (0): Success
3/5/2010 2:12:51 PM: Webroot Software 6.1.0.145 started
3/5/2010 2:12:51 PM: | Start of Session, Friday, March 05, 2010 |
***************
3/5/2010 1:35:56 PM: Automated check for program update in progress.
3/5/2010 1:35:55 PM: There is a problem reaching the server. The cause may be in your connection or on the server. Please try again later.
3/5/2010 1:35:55 PM: License Check Status (0): Success
3/5/2010 12:32:07 PM: Informational: ShieldEmail: Start monitoring port 25 for mail activities
3/5/2010 12:32:07 PM: Informational: ShieldEmail: Start monitoring port 110 for mail activities
3/5/2010 12:32:06 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\PCMService. Parse Failure
3/5/2010 12:32:06 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\QuickTime Task. Parse Failure
3/5/2010 12:32:06 PM: Warning: Unable to secure run key from ambiguous path exploit for HKU\S-1-5-21-1975857526-1641867396-262160769-1006\Software\Microsoft\Windows\CurrentVersion\Run\DellAutomatedPCTuneUp. Parse Failure
3/5/2010 12:32:06 PM: Warning: Unable to secure run key from ambiguous path exploit for HKU\S-1-5-21-1975857526-1641867396-262160769-1006\Software\Microsoft\Windows\CurrentVersion\Run\SansaDispatch. Parse Failure
3/5/2010 12:32:06 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Apoint. Parse Failure
3/5/2010 12:32:06 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\IgfxTray. Parse Failure
3/5/2010 12:32:06 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\HotKeysCmds. Parse Failure
3/5/2010 12:32:06 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Persistence. Parse Failure
3/5/2010 12:32:06 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched. Parse Failure
3/5/2010 12:32:06 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Dell QuickSet. Parse Failure
3/5/2010 12:32:06 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Broadcom Wireless Manager UI. Parse Failure
3/5/2010 12:32:06 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\KADxMain. Parse Failure
3/5/2010 12:32:06 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Google Desktop Search. Parse Failure
3/5/2010 12:32:06 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ECenter. Parse Failure
3/5/2010 12:32:06 PM: Warning: Unable to secure run key from ambiguous path exploit for HKLM\Software\Microsoft\Windows\CurrentVersion\Run\dscactivate. Parse Failure
3/5/2010 12:32:03 PM: Informational: Loaded AntiVirus Engine: 3.4.1; SDK Version: 4.50E; Virus Definitions: 03/04/2010 17:40:12 (GMT)
3/5/2010 12:31:00 PM: License Check Status (0): Success
3/5/2010 12:30:53 PM: Webroot Software 6.1.0.145 started
3/5/2010 12:30:53 PM: | Start of Session, Friday, March 05, 2010 |
***************

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:11 PM

Posted 10 March 2010 - 09:07 PM

Hello and welcome ...looks like the Master Boot Record (mbr)may be infected.
Sure wish you had not switched off System Restore. Would rather an infected than no point to restore to if needed,.

Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware (v1.44) and save it to your desktop.Download Link 1
Download Link 2
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.



To check for and confirm the MBR rootkit,

Please download mbr.exe and save it to the root directory, usually C:\ <- (Important!).
  • Go to Start > Run and type: cmd.exe
  • press Ok.
  • At the command prompt type: c:\mbr.exe >>"C:\mbr.log"
  • press Enter.
  • The process is automatic...a black DOS window will open and quickly disappear. This is normal.
  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
  • Copy and paste the results of the mbr.log in your next reply.
If you have a problem using the command prompt, you can just double-click on mbr.exe to run the tool.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 wenger_haus

wenger_haus
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 11 March 2010 - 01:20 PM

Here's the log. Nothing found. BTW, I had run this a few times before both when getting rid of the fake XP security virus and this came on the heels immediately. I also used combofix (first) at the suggestion of my tech guy. Any ideas?

Thanks
Lynn

Malwarebytes' Anti-Malware 1.44
Database version: 3853
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

3/11/2010 1:12:13 PM
mbam-log-2010-03-11 (13-12-13).txt

Scan type: Quick Scan
Objects scanned: 135967
Time elapsed: 5 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#5 wenger_haus

wenger_haus
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 12 March 2010 - 12:25 PM

quick update: I called Webroots Tech Support give that is what found the virus and supposedly quarantined it -- yet it keeps coming back. Like you, they suspect a possible master boot record infectino or similar problem. I'm going to do some logs/GMER testing to see if that is the case. Hopefully we can get rid of this sooner rather than later. So for now, I'll pursue that path rather than take more of your time on this.

For the benefit of others, do you want me to do a post on what it turned out to be and how we fixed it? Thanks for your help so far and getting me to this point.

#6 liberateny

liberateny

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 12 March 2010 - 12:50 PM

I have a similiar problem with Webroot and a Mbroot trojan. Please post your findings!
Thanks

#7 wenger_haus

wenger_haus
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 12 March 2010 - 01:56 PM

For the person who said they also had a webroot/anitvirus/spy sweeper troj/mbroot-h problem:

Sorry you are dealing with this too! It is NASTY! Mine started with the fake security virus which we got rid of (combofix and malware helped with that). Then this showed up immediately afterward and is only detected in Webroot product. It has been nearly 2 weeks of trying to solve the problem with 4 different tech types on this. Here's where I am now.

I sat on hold for over 30 minutes waiting to talk to "free" Webroot tech support that came with the produt. Before doing any diagnostics, Webroot sent me an 8 page set of instructions for how to create the logs they need to analyze this. Then they'll look it over and tell me what to do next. It is quite involved. (if you want them to do it all and skip the 'free' help, send 'em $139 and they'll tend to it).

I was at the last step of sending the webroot log and the whole thing crashed in both normal and safe modes. I'm currently not able to boot the system at all (Dell lap top XP). I'm crying uncle. I have a tech contact who is going to reformat the drive and start from scratch. Don't know what else to do at this point.

Hope you have better luck. It has been countless hours trying to fix it. GOod luck!

#8 liberateny

liberateny

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 12 March 2010 - 02:00 PM

Hmmm....maybe it is worth the $139

Is the contact phone # in the product package somewhere?

Sorry you've had so much trouble! YIKES!

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:11 PM

Posted 12 March 2010 - 02:26 PM

To check for and confirm the MBR rootkit, use the standalone mbr.exe tool by Gmer (preferable).

Please download mbr.exe and save it to the root directory, usually C:\ <- (Important!).
  • Go to Start > Run and type: cmd.exe
  • press Ok.
  • At the command prompt type: c:\mbr.exe >>"C:\mbr.log"
  • press Enter.
  • The process is automatic...a black DOS window will open and quickly disappear. This is normal.
  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
  • Copy and paste the results of the mbr.log in your next reply.
If you have a problem using the command prompt, you can just double-click on mbr.exe to run the tool.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 liberateny

liberateny

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 12 March 2010 - 03:05 PM

I assume these instructions were directed to wenger haus rather than myself.

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:11 PM

Posted 12 March 2010 - 03:17 PM

Well actually to all who suspect the mbr rootkit. It would be best if those other than the OP would post ther new logs in a new topic and PM me the location.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 wenger_haus

wenger_haus
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 12 March 2010 - 04:35 PM

Per an earlier post, I called Webroot tech support, although that came to a dead end. Here's what I have done under the direction of webroot: turned on boot.ini. Then, ran GMER (initial scan and also did a 60 second scan). No errors appeared in that time (I have logs if you want them). Also at their direction, I was creating a number of system logs, directory listings, registry keys, session logs, boot logs, network configuration and setting logs all to be sent. Through their .exe (i downloaded their utility), it was preparing the logs when the system froze before I got a pass or fail (freezing up is the classic characteristic of the virus). So, I had to disconnect power/battery, hard boot, and when I did so, I got NTFS volume is dirty and a system check, which also froze. Hard boot again. Tried to get into safe mode without networking and it completely froze (hard boot) and tried unsuccessfully with 3 more attempts.

GRRRR. Can this be salvaged? Webroot tech support is not an option in my opinion (unless I want to pay $130++), which I don't. Webroots antivirus/spy sweeper found it but malwarebytes hasn't. However, even thought it is quarantined, it can not fix it.

Should I continue to my last resort: reformat hard drive??

Thanks! I'll try anything!!!!!

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:11 PM

Posted 12 March 2010 - 08:03 PM

Hello please post back with which Operating System is running. The Gmer log and the MBR test I asked for.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 wenger_haus

wenger_haus
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 12 March 2010 - 08:34 PM

Will try to boot laptop again (per prev post it is toast). Below are the GMER auto scan and a 60 second scan from earlier today before it died. But if I can reboot it, i'll run mbr and post. OS is XP.

Lynn
*******************************************************
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-03-12 13:12:37
Windows 5.1.2600 Service Pack 2
Running: rcivx9um.exe; Driver: C:\DOCUME~1\Lynn\LOCALS~1\Temp\pxtdapod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
AttachedDevice \FileSystem\Fastfat \Fat ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \Driver\Tcpip \Device\Ip 89CAA5D0
Device \Driver\Tcpip \Device\Ip 89A04E90
Device \Driver\Tcpip \Device\Tcp 89CAA5D0
Device \Driver\Tcpip \Device\Tcp 89A04E90
Device \Driver\Tcpip \Device\Udp 89CAA5D0
Device \Driver\Tcpip \Device\Udp 89A04E90
Device \Driver\Tcpip \Device\RawIp 89CAA5D0
Device \Driver\Tcpip \Device\RawIp 89A04E90

---- EOF - GMER 1.0.15 ----
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-12 13:15:12
Windows 5.1.2600 Service Pack 2
Running: rcivx9um.exe; Driver: C:\DOCUME~1\Lynn\LOCALS~1\Temp\pxtdapod.sys


---- System - GMER 1.0.15 ----

SSDT 8A834E40 ZwAllocateVirtualMemory
SSDT 8A88F990 ZwCreateKey
SSDT 8A853EB0 ZwCreateProcess
SSDT 8A88B248 ZwCreateProcessEx
SSDT 8A88D080 ZwCreateThread
SSDT 8A851310 ZwDeleteKey
SSDT 8A8520B8 ZwDeleteValueKey
SSDT 8A834EB8 ZwQueueApcThread
SSDT 8A834D50 ZwReadVirtualMemory
SSDT 8A8145A8 ZwRenameKey
SSDT 8A834FA8 ZwSetContextThread
SSDT 8A8147B8 ZwSetInformationKey
SSDT 8A88C108 ZwSetInformationProcess
SSDT 8A835298 ZwSetInformationThread
SSDT 8A80C240 ZwSetValueKey
SSDT 8A88D0F8 ZwSuspendProcess
SSDT 8A834F30 ZwSuspendThread
SSDT 8A873270 ZwTerminateProcess
SSDT 8A835310 ZwTerminateThread
SSDT 8A834DC8 ZwWriteVirtualMemory

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Dell Network Assistant\hnm_svc.exe[260] WS2_32.dll!send 71AB428A 5 Bytes JMP 0119273D
.text C:\Program Files\Dell Network Assistant\hnm_svc.exe[260] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 0119282F
.text C:\Program Files\Dell Network Assistant\hnm_svc.exe[260] WS2_32.dll!recv 71AB615A 5 Bytes JMP 01192775
.text C:\Program Files\Dell Network Assistant\hnm_svc.exe[260] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 011927AD
.text C:\Program Files\Dell Network Assistant\hnm_svc.exe[260] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 011928B1
.text C:\WINDOWS\Explorer.EXE[420] WS2_32.dll!send 71AB428A 5 Bytes JMP 01F8273D
.text C:\WINDOWS\Explorer.EXE[420] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 01F8282F
.text C:\WINDOWS\Explorer.EXE[420] WS2_32.dll!recv 71AB615A 5 Bytes JMP 01F82775
.text C:\WINDOWS\Explorer.EXE[420] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 01F827AD
.text C:\WINDOWS\Explorer.EXE[420] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 01F828B1
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[548] WS2_32.dll!send 71AB428A 5 Bytes JMP 0134273D
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[548] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 0134282F
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[548] WS2_32.dll!recv 71AB615A 5 Bytes JMP 01342775
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[548] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 013427AD
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[548] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 013428B1
.text C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe[716] WS2_32.dll!send 71AB428A 5 Bytes JMP 0219273D
.text C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe[716] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 0219282F
.text C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe[716] WS2_32.dll!recv 71AB615A 5 Bytes JMP 02192775
.text C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe[716] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 021927AD
.text C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe[716] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 021928B1
.text C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe[920] WS2_32.dll!send 71AB428A 5 Bytes JMP 00DB273D
.text C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe[920] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 00DB282F
.text C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe[920] WS2_32.dll!recv 71AB615A 5 Bytes JMP 00DB2775
.text C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe[920] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00DB27AD
.text C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe[920] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00DB28B1
.text C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe[1080] kernel32.dll!CreateThread + 1A 7C810661 4 Bytes CALL 00450771 C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Spy Sweeper Client Executable/Webroot Software, Inc.)
.text C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe[1080] WS2_32.dll!send 71AB428A 5 Bytes JMP 0644273D
.text C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe[1080] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 0644282F
.text C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe[1080] WS2_32.dll!recv 71AB615A 5 Bytes JMP 06442775
.text C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe[1080] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 064427AD
.text C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe[1080] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 064428B1
.text C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe[1100] WS2_32.dll!send 71AB428A 5 Bytes JMP 020B273D
.text C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe[1100] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 020B282F
.text C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe[1100] WS2_32.dll!recv 71AB615A 5 Bytes JMP 020B2775
.text C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe[1100] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 020B27AD
.text C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe[1100] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 020B28B1
.text C:\WINDOWS\System32\bcmwltry.exe[1708] WS2_32.dll!send 71AB428A 5 Bytes JMP 0129273D
.text C:\WINDOWS\System32\bcmwltry.exe[1708] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 0129282F
.text C:\WINDOWS\System32\bcmwltry.exe[1708] WS2_32.dll!recv 71AB615A 5 Bytes JMP 01292775
.text C:\WINDOWS\System32\bcmwltry.exe[1708] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 012927AD
.text C:\WINDOWS\System32\bcmwltry.exe[1708] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 012928B1
.text C:\WINDOWS\system32\wuauclt.exe[2184] WS2_32.dll!send 71AB428A 5 Bytes JMP 026E273D
.text C:\WINDOWS\system32\wuauclt.exe[2184] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 026E282F
.text C:\WINDOWS\system32\wuauclt.exe[2184] WS2_32.dll!recv 71AB615A 5 Bytes JMP 026E2775
.text C:\WINDOWS\system32\wuauclt.exe[2184] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 026E27AD
.text C:\WINDOWS\system32\wuauclt.exe[2184] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 026E28B1
.text F:\rcivx9um.exe[2584] WS2_32.dll!send 71AB428A 5 Bytes JMP 0130273D
.text F:\rcivx9um.exe[2584] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 0130282F
.text F:\rcivx9um.exe[2584] WS2_32.dll!recv 71AB615A 5 Bytes JMP 01302775
.text F:\rcivx9um.exe[2584] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 013027AD
.text F:\rcivx9um.exe[2584] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 013028B1
.text C:\WINDOWS\System32\alg.exe[2900] WS2_32.dll!send 71AB428A 5 Bytes JMP 009C273D
.text C:\WINDOWS\System32\alg.exe[2900] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 009C282F
.text C:\WINDOWS\System32\alg.exe[2900] WS2_32.dll!recv 71AB615A 5 Bytes JMP 009C2775
.text C:\WINDOWS\System32\alg.exe[2900] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 009C27AD
.text C:\WINDOWS\System32\alg.exe[2900] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 009C28B1
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3348] WS2_32.dll!send 71AB428A 5 Bytes JMP 00BF273D
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3348] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 00BF282F
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3348] WS2_32.dll!recv 71AB615A 5 Bytes JMP 00BF2775
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3348] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00BF27AD
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3348] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00BF28B1
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[3880] ntdll.dll!KiUserExceptionDispatcher + 9 7C90E485 5 Bytes JMP 00017DB0 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[3880] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00016000 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[3880] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 000169B0 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[3880] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00016000 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[3880] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00016960 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[3880] kernel32.dll!VirtualFree 7C809AF4 5 Bytes JMP 00016990 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] 8A834BE0
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] 8A834CD8
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] 8A834CD8
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] 8A834BE0
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] 8A834BE0
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] 8A834CD8
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] 8A834CD8
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] 8A834BE0
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] 8A834CD8
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] 8A834BE0
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] 8A834CD8
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] 8A834BE0
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] 8A834CD8
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] 8A834CD8
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] 8A834BE0

---- EOF - GMER 1.0.15 ----

#15 wenger_haus

wenger_haus
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 12 March 2010 - 09:00 PM

Ran mbr -- here's the log.

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
kernel: MBR read successfully




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users