Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Keylogger on my computer?


  • Please log in to reply
16 replies to this topic

#1 Groffeaston

Groffeaston

  • Members
  • 518 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easton,PA
  • Local time:12:33 AM

Posted 10 December 2010 - 12:09 AM

Hello everyone!

Today my Yahoo email account sent out spam emails with out me being on the computer! I contacted Yahoo about the incident. I have since changed my Password. They gave me thing to check and I have checked everything except my computer. I went to update Spybot S&D and I could not access their website.

I have these programs already installed on my computer: Emsisoft Anti-Malware free(formerly a2), MBAM = Malwarebytes Anti-Malware free, Spybot S&D free, and SUPERAntiSpyware free. I have Microsoft Security Essentials and Windows Firewall.

I need to check for key-loggers on my computer to see if that could have caused the "phantom" to send those spam emails from my Yahoo account. What program is best to check for key-loggers?

BC AdBot (Login to Remove)

 


#2 Groffeaston

Groffeaston
  • Topic Starter

  • Members
  • 518 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easton,PA
  • Local time:12:33 AM

Posted 16 December 2010 - 12:21 AM

Hello! Anyone out there? Can someone please answer my question. I need to do a scan to find out if I have a "key-logger" on my computer. Here are the Questions I have:

1) Which of the Anti-malware programs that I already have, I mention them before, would be the best for scanning for "key-loggers"?

2) What type of scan should I do; quick scan or a full scan?

3) Should I run the scan in Safe mode or just after Starting Up the computer?

4) if nothing is found, How can I determine if something was there, but it either deleted itself, was removed when the spam emails were sent, or is hidden?

Thank you.

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:33 AM

Posted 16 December 2010 - 10:20 AM

Safe Mode is a troubleshooting mode designed to start Windows with minimal drivers and running processes to diagnose problems with your computer. This means some of the programs that normally run when Windows starts will not run.

Why use safe mode? The Windows operating system protects files when they are being accessed by an application or a program. Malware writers create programs that can insert itself and hide in these protected areas when the files are being used. Using safe mode reduces the number of modules requesting files to only essentials which make your computer functional. This in turn reduces the number of hiding places for malware, making it easier to find and delete the offending files when performing scans with anti-virus and anti-malware tools. In most cases, performing your scans in safe mode speeds up the scanning process.

Why not use safe mode? Some security tools like anti-rootkit scanners (ARKs) and programs with anti-rootkit technology use special drivers which are required for the scanning and removal process. These tools are designed to work in normal mode because the drivers will not load in safe mode which lessens the scan's effectiveness. Other security tools are optimized to run from normal mode where they are most effective. For example, Malwarebytes Anti-Malware is designed to be at full power when malware is running so safe mode is not necessary when using it. In fact, MBAM loses some effectiveness for detection and removal when used in safe mode.

Further, scanning in safe mode prevents some types of malware from running so it may be missed during the detection process. Additionally, there are various types of malware infections which target the safeboot keyset so booting into safe mode is not always possible.

Note: If the malware is not related to a running process (i.e. malicious .dll) it probably will not make a difference performing a scan in normal or safe mode. If the scanner you're using does not include definitions for the malware, then they may not detect or remove it regardless of what mode is used.


Scanning with Malwarebytes Anti-Malware in safe or normal mode will work but removal functions are not as powerful in safe mode. Why? MBAM is designed to be at full power when malware is running so safe mode is not necessary when using it. In fact, MBAM loses some effectiveness for detection & removal when used in safe mode because the program includes a special driver which does not work in safe mode. Further, scanning in safe mode prevents some types of malware from running so it may be missed during the detection process. Additionally, there are various types of malware infections which target the safeboot keyset so booting into safe mode is not always possible. For optimal removal, normal mode is recommended so it does not limit the abilities of MBAM. Doing a safe mode scan should only be done when a regular mode scan fails or you cannot boot up normally. If that is the case, after completing a safe mode scan, reboot normally, update the database definitions through the program's interface (preferable method) and try rescanning again. After performing a new scan, click the Logs tab and copy/paste the contents of the new report in your next reply.


Malwarebytes Anti-Malware is designed to remove malware as effectively with a Quick Scan as it will with a Full Scan which takes much longer to complete. Both scans use heuristics that bypasses polymorphic blackhat packers & encryption, MD5, check memory (loaded .exes and .dlls), unique strings, autostart load points and hotspots (everywhere current malware is known to load from) and multiple other malware checks which are not discussed in public to safeguard the program from malware writers.
  • A Quick Scan looks at the most prevalent places for active malware so scanning every single file on the drive isn't always necessary.
  • A Full Scan only has the ability to catch more traces in rare circumstances but it can be used to scan every drive (including removable) on the system.
  • A Flash Scan will analyze memory and autorun objects but that option is only available to licensed users in the paid version.
The above information about how the program works is general rather than specific. The reason for this is that the developers of MABM do not want to reveal all the special techniques utilized in order to protect the integrity of the tool from malware writers who would use that information for nefarious purposes.


Please download Norman Malware Cleaner and save to your desktop.
alternate download link
If you previously used Norman, delete that version and download it again as the tool is frequently updated!
  • Be sure to read all the information Norman provides on that same page.
  • Double-click on Norman_Malware_Cleaner.exe to start. Vista/Windows 7 users right-click and select Run As Administrator.
    The tool is very slow to load as it uses a special driver. This is normal so please be patient.
  • Read the End User License Agreement and click the Accept button to open the scanning window.
  • Click Start Scan to begin.
  • In some cases Norman Malware Cleaner may require that you restart the computer to completely remove an infection. If prompted, reboot to ensure that all infections are removed.
  • After the scan has finished, a log file a log file named NFix_date_time (i.e. NFix_2009-06-22_07-08-56.log) will be created on your desktop with the results.
  • Copy and paste the contents of that file in your next reply.
-- Note: If you need to scan a usb flash drives or other removable drives not listed, use the Add button to browse to the drives location, click on the drive to highlight and choose Ok.

Edited by quietman7, 16 December 2010 - 10:21 AM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Groffeaston

Groffeaston
  • Topic Starter

  • Members
  • 518 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easton,PA
  • Local time:12:33 AM

Posted 30 December 2010 - 09:50 PM

Hello everyone!

Sorry I have not gotten back on here sooner. I have been laid up again because of my back causing intense pain in my lower back, right butt cheek, right hip and down my right leg! I was doing fine until 2:00am on Thursday December 16, 2010. I felt a very sharp pain in the middle of my back, felt like my back crack, the pain then went down my spine into my left leg, and also up my spine and into my left shoulder. Then about a couple of minutes later both my arms went numb and tingly for about a couple of minutes. Then both of my legs went numb and tingly for a couple of minutes. Ever since then, I have been in constant pain in my lower back,right butt cheek, right hip, and pain going down my right leg. That is why I have not been on here since.

Now back to my computer problem. I ran a "Smart Scan" with Emsisoft Anti-Malware formerly "a2" or "a-Squared" and will include the scan results below:

Emsisoft Anti-Malware - Version 5.1
Last update: 12/30/2010 7:13:21 PM

Scan settings:

Scan type: Smart Scan
Objects: Memory, Traces, Cookies, C:\Windows\, C:\Program Files
Scan archives: Off
Heuristics: Off
ADS Scan: On

Scan start: 12/30/2010 7:16:10 PM

c:\program files\search toolbar detected: Trace.Directory.HuntBar.Stoolbar!A2
c:\programdata\microsoft\windows\start menu\programs\imesh detected: Trace.Directory.IMesh!A2
c:\program files\iMesh Applications\iMesh detected: Trace.Directory.iMesh!A2
c:\program files\iMesh Applications\iMesh\HTML detected: Trace.Directory.iMesh!A2
c:\program files\iMesh Applications\iMesh\Skins detected: Trace.Directory.iMesh!A2
c:\program files\iMesh Applications\iMesh\Skins\Images detected: Trace.Directory.iMesh!A2
c:\programdata\microsoft\windows\start menu\programs\Ascentive detected: Trace.Directory.Spyware Striker Pro!A2
c:\program files\Ascentive\Performance Center detected: Trace.Directory.Spyware Striker Pro!A2
c:\users\matthew\appdata\roaming\Microsoft\Internet Explorer\Quick Launch\iMesh.lnk detected: Trace.File.iMesh!A2
c:\users\public\desktop\iMesh.lnk detected: Trace.File.iMesh!A2
c:\programdata\microsoft\windows\start menu\programs\imesh\imesh.lnk detected: Trace.File.IMesh!A2
c:\program files\iMesh Applications\iMesh\DiscoveryHelper.dll detected: Trace.File.iMesh!A2
c:\program files\iMesh Applications\iMesh\HTML\error.html detected: Trace.File.iMesh!A2
c:\program files\iMesh Applications\iMesh\HTML\loading.html detected: Trace.File.iMesh!A2
c:\program files\iMesh Applications\iMesh\iMesh.exe detected: Trace.File.iMesh!A2
c:\program files\iMesh Applications\iMesh\IMWebControl.dll detected: Trace.File.iMesh!A2
c:\program files\iMesh Applications\iMesh\Launcher.exe detected: Trace.File.iMesh!A2
c:\program files\iMesh Applications\iMesh\license.txt detected: Trace.File.iMesh!A2
c:\program files\iMesh Applications\iMesh\NCTAudioCDWriter2.dll detected: Trace.File.iMesh!A2
c:\program files\iMesh Applications\iMesh\NCTDataCDWriter2.dll detected: Trace.File.iMesh!A2
c:\program files\iMesh Applications\iMesh\ResourcesLOC.dll detected: Trace.File.iMesh!A2
c:\program files\iMesh Applications\iMesh\Shw32.dll detected: Trace.File.iMesh!A2
c:\program files\iMesh Applications\iMesh\Skins\Default.skn detected: Trace.File.iMesh!A2
c:\program files\iMesh Applications\iMesh\Skins\Default.xml detected: Trace.File.iMesh!A2
c:\program files\iMesh Applications\iMesh\Skins\Images\DefArtwork.jpg detected: Trace.File.iMesh!A2
c:\program files\iMesh Applications\iMesh\Skins\Images\TAFLogo.PNG detected: Trace.File.iMesh!A2
c:\program files\iMesh Applications\iMesh\Skins\Images\ToGoLogo.PNG detected: Trace.File.iMesh!A2
c:\program files\iMesh Applications\iMesh\Skins\Settings.xml detected: Trace.File.iMesh!A2
c:\program files\iMesh Applications\iMesh\UpdateInst.exe detected: Trace.File.iMesh!A2
c:\users\public\desktop\Performance Center.lnk detected: Trace.File.Spyware Striker Pro!A2
c:\programdata\microsoft\windows\start menu\programs\Ascentive\Performance Center.lnk detected: Trace.File.Spyware Striker Pro!A2
c:\program files\Ascentive\Performance Center\ApcMain.exe detected: Trace.File.Spyware Striker Pro!A2
Key: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\TTB000001\Cache detected: Trace.Registry.Couponbar!A2
N/A detected: Trace.Registry.CouponBar!A2
Key: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\TTB000001\Toolbar\tb_items detected: Trace.Registry.Couponbar!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\TTB000001\Toolbar\tb_items --> tbs_space_010261 detected: Trace.Registry.CouponBar!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\TTB000001\Toolbar --> AutoComplete detected: Trace.Registry.CouponBar!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\TTB000001\Toolbar --> autoUpdateMsg detected: Trace.Registry.Couponbar!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\TTB000001\Toolbar --> closeAllWindowsForUpdate detected: Trace.Registry.Couponbar!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\TTB000001\Toolbar --> connectionError detected: Trace.Registry.CouponBar!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\TTB000001\Toolbar --> corruptedMsg detected: Trace.Registry.Couponbar!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\TTB000001\Toolbar --> CountOS detected: Trace.Registry.CouponBar!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\TTB000001\Toolbar --> CurrentFont detected: Trace.Registry.CouponBar!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\TTB000001\Toolbar --> CurrentLayout detected: Trace.Registry.CouponBar!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\TTB000001\Toolbar --> DescriptiveText detected: Trace.Registry.CouponBar!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\TTB000001\Toolbar --> EditWidthcombo1 detected: Trace.Registry.CouponBar!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\TTB000001\Toolbar --> firstURL detected: Trace.Registry.Couponbar!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\TTB000001\Toolbar --> FontSize detected: Trace.Registry.CouponBar!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\TTB000001\Toolbar --> KeepHistory detected: Trace.Registry.CouponBar!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\TTB000001\Toolbar --> lastVersionMsg detected: Trace.Registry.Couponbar!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\TTB000001\Toolbar --> m_bWorking detected: Trace.Registry.CouponBar!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\TTB000001\Toolbar --> OldOS detected: Trace.Registry.CouponBar!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\TTB000001\Toolbar --> OpenNew detected: Trace.Registry.CouponBar!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\TTB000001\Toolbar --> RunSearchAutomatically detected: Trace.Registry.CouponBar!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\TTB000001\Toolbar --> RunSearchDragAutomatically detected: Trace.Registry.CouponBar!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\TTB000001\Toolbar --> Scope detected: Trace.Registry.CouponBar!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\TTB000001\Toolbar --> serverpath detected: Trace.Registry.Couponbar!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\TTB000001\Toolbar --> ShowFindButtons detected: Trace.Registry.CouponBar!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\TTB000001\Toolbar --> ShowHighlightButton detected: Trace.Registry.CouponBar!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\TTB000001\Toolbar --> TBBreak detected: Trace.Registry.CouponBar!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\TTB000001\Toolbar --> TBPos detected: Trace.Registry.CouponBar!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\TTB000001\Toolbar --> TBShow detected: Trace.Registry.CouponBar!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\TTB000001\Toolbar --> TBWidth detected: Trace.Registry.CouponBar!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\TTB000001\Toolbar --> toolbar_id detected: Trace.Registry.CouponBar!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\TTB000001\Toolbar --> toolbar_version detected: Trace.Registry.CouponBar!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\TTB000001\Toolbar --> ToolbarIsFailed detected: Trace.Registry.CouponBar!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\TTB000001\Toolbar --> uninstallMsg detected: Trace.Registry.Couponbar!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\TTB000001\Toolbar --> UpdateAutomatically detected: Trace.Registry.CouponBar!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\TTB000001\Toolbar --> updateMsg detected: Trace.Registry.Couponbar!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\TTB000001\Toolbar --> updateUrl detected: Trace.Registry.Couponbar!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\TTB000001\Toolbar --> updateXML detected: Trace.Registry.CouponBar!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\TTB000001\Toolbar --> urlAfterUninstall detected: Trace.Registry.Couponbar!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\TTB000001\Toolbar --> urlAfterUpdate detected: Trace.Registry.Couponbar!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\TTB000001\Toolbar --> versionError detected: Trace.Registry.CouponBar!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TTB000001.TTB000001Toolbar --> DisplayName detected: Trace.Registry.Couponbar!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TTB000001.TTB000001Toolbar --> UninstallString detected: Trace.Registry.Couponbar!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iMesh --> DisplayName detected: Trace.Registry.iMesh 6!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iMesh --> Publisher detected: Trace.Registry.iMesh 6!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iMesh --> UninstallString detected: Trace.Registry.iMesh 6!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Player --> Volume detected: Trace.Registry.iMesh MediaBar!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Preferences\PortablePlayers\0 --> AutoSync detected: Trace.Registry.iMesh MediaBar!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Preferences\PortablePlayers\0 --> NoRemove detected: Trace.Registry.iMesh MediaBar!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Preferences\PortablePlayers\0 --> SerialNumber detected: Trace.Registry.iMesh MediaBar!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Preferences\PortablePlayers\0 --> Usages detected: Trace.Registry.iMesh MediaBar!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Preferences\PortablePlayers --> Devices detected: Trace.Registry.iMesh MediaBar!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\General --> AppData detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\General --> DownloadDir detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\General --> DownloadLimit detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\General --> DSUniqueID detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\General --> Home detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\General --> LanguageCode detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\General --> LimitTime detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\General --> Login detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\General --> MNEnabled detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\General --> NetworkPaneShow detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\General --> OKHashes detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\General --> SettingsXML detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\General --> Skin detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\General --> SkinXML detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\General --> StatisticsFileName detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Network\IM2Net --> AccessUploading detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Network\IM2Net --> AntPort detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Network\IM2Net --> ConnectIp detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Network\IM2Net --> EnableLocalConnections detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Network\IM2Net --> MaxConnForFile detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Network\IM2Net --> MaxDownload detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Network\IM2Net --> MaxDownloadSpeed detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Network\IM2Net --> MaxUpload detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Network\IM2Net --> MaxUploadSpeed detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Network\IM2Net --> PreviewPort detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Network\IM2Net --> ReassignSlowSources detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Network\IM2Net --> SmartTraffic detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Network\IM2Net --> StatusUploadPort detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Network\IM2Net --> TimeLibraryReportSent detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Network\IM2Net --> TimeUploadPort detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Network\Proxy --> Password detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Network\Proxy --> ServerAddress detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Network\Proxy --> ServerPort detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Network\Proxy --> Type detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Network\Proxy --> UseAuthentication detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Network\Proxy --> Username detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Preferences\FileList --> DeleteFromDisk detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Preferences\FileList --> MediaTypeFilter detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Preferences\IEHomepage --> DontShowIEHomepageOffer detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Preferences\IEHomepage --> DontShowIEHomepageOfferNever detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Preferences\IEHomepage --> IEHomepage detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Preferences\IEHomepage --> LastHomepageCheck detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Preferences\Invite --> DownloadCount detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Preferences\Invite --> InviteShowCount detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Preferences\Invite --> PlayCount detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Preferences\Search --> MaxResultsCount detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Preferences\Search --> MediaTypeFilter detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Preferences\Search --> PremiumEnabled detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Preferences\Security --> DoNotShare detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Preferences --> AUDeclineDate detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Preferences --> AutoResetPlayCount detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Preferences --> CopyFromRemovable detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Preferences --> IMHistoryFolderPath detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Preferences --> IMPictureFolderPath detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Preferences --> IsAutoVolume detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Preferences --> IsCrossfadeEnable detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Preferences --> IsIMAlertContacts detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Preferences --> IsIMAlertMessages detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Preferences --> IsIMDontPlayWhenPlaying detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Preferences --> IsIMEveryone detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Preferences --> IsIMSpecialAlers detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Preferences --> IsNeedUpdateHisory detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Preferences --> IsNotPresentAnyVideo detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Preferences --> IsNotShowNick detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Preferences --> IsPlayDownloadSound detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Preferences --> IsSearchAutoSuggest detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Preferences --> IsSecurityLock detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Preferences --> IsShowCRQDialog detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Preferences --> IsShowDownloadTray detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Preferences --> IsShowFTPDialog detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Preferences --> IsShowLQDialog detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Preferences --> IsShowToday detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Preferences --> ReceiveLooking detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Preferences --> RootLicenseDate detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Preferences --> SendLooking detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Preferences --> ShowNILWarning detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Preferences --> SubsType detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Preferences --> UpdaterLocation detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Preferences --> UsedMNPortable detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Preferences --> UsedPortable detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Preferences --> VideoRegime detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Preferences --> VisualEnabled detected: Trace.Registry.iMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh\Preferences --> VisualRegime detected: Trace.Registry.iMesh!A2
Key: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\software\imesh detected: Trace.Registry.IMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\iMesh --> LastOpenFileDir detected: Trace.Registry.iMesh!A2
Key: HKEY_LOCAL_MACHINE\software\imesh detected: Trace.Registry.IMesh!A2
Key: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\imesh detected: Trace.Registry.IMesh!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\Ascentive\Performance Center --> AppPath detected: Trace.Registry.Spyware Striker Pro!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\Ascentive\Performance Center --> InstallDate detected: Trace.Registry.Spyware Striker Pro!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\Ascentive\Performance Center --> Language detected: Trace.Registry.Spyware Striker Pro!A2
Value: HKEY_USERS\S-1-5-21-1921292706-2233922792-2079689605-1000\Software\Viewpoint\Content Debugger --> Viewpoint Manager detected: Trace.Registry.Viewpoint Media Toolbar!A2
Value: HKEY_CLASSES_ROOT\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Widomaker Toolbar!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}\InprocServer32 --> ThreadingModel detected: Trace.Registry.Widomaker Toolbar!A2
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Sony Pictures Games\JEOPARDY! --> PID detected: Trace.Registry.JEOPARDY!!A2

C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Cookies\matthew@bs.serving-sys[1].txt detected: Trace.TrackingCookie.bs.serving-sys!A2
C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Cookies\matthew@com[2].txt detected: Trace.TrackingCookie.com!A2
C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Cookies\matthew@pointroll[1].txt detected: Trace.TrackingCookie.pointroll!A2
C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Cookies\matthew@questionmarket[2].txt detected: Trace.TrackingCookie.questionmarket!A2
C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Cookies\matthew@serving-sys[1].txt detected: Trace.TrackingCookie.serving-sys!A2
C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Cookies\matthew@specificclick[2].txt detected: Trace.TrackingCookie.specificclick!A2
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\cookies.sqlite:1292592231140000 detected: Trace.TrackingCookie.media!A2
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\cookies.sqlite:1292592231143000 detected: Trace.TrackingCookie.media!A2
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\cookies.sqlite:1292592232356000 detected: Trace.TrackingCookie.www.burstbeacon.com!A2
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\cookies.sqlite:1292592930393000 detected: Trace.TrackingCookie.trafficmp.com!A2
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\cookies.sqlite:1292592930393001 detected: Trace.TrackingCookie.trafficmp.com!A2
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\cookies.sqlite:1292595376154000 detected: Trace.TrackingCookie.tribalfusion.com!A2
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\cookies.sqlite:1292595393681000 detected: Trace.TrackingCookie.myspace.com!A2
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\cookies.sqlite:1292595393682000 detected: Trace.TrackingCookie.myspace.com!A2
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\cookies.sqlite:1292595396230000 detected: Trace.TrackingCookie.myspace.com!A2
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\cookies.sqlite:1292595396231000 detected: Trace.TrackingCookie.myspace.com!A2
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\cookies.sqlite:1292595412566002 detected: Trace.TrackingCookie.myspace.com!A2
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\cookies.sqlite:1292595414510001 detected: Trace.TrackingCookie.myspace.com!A2
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\cookies.sqlite:1292595422322000 detected: Trace.TrackingCookie.myspace.com!A2
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\cookies.sqlite:1292607388356002 detected: Trace.TrackingCookie.com!A2
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\cookies.sqlite:1292607388357000 detected: Trace.TrackingCookie.com!A2
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\cookies.sqlite:1292632719497000 detected: Trace.TrackingCookie.www.googleadservices.com!A2
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\cookies.sqlite:1292634019710002 detected: Trace.TrackingCookie.citi.bridgetrack!A2
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\cookies.sqlite:1292634019710004 detected: Trace.TrackingCookie.citi.bridgetrack!A2
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\cookies.sqlite:1292644727496000 detected: Trace.TrackingCookie.eas.apm.emediate.eu!A2
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\cookies.sqlite:1292717098329000 detected: Trace.TrackingCookie.trafficmp.com!A2
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\cookies.sqlite:1292717098329001 detected: Trace.TrackingCookie.trafficmp.com!A2
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\cookies.sqlite:1292717098329002 detected: Trace.TrackingCookie.trafficmp.com!A2
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\cookies.sqlite:1292725624947000 detected: Trace.TrackingCookie.www.googleadservices.com!A2
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\cookies.sqlite:1292733562179000 detected: Trace.TrackingCookie.thefreedictionary.com!A2
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\cookies.sqlite:1292733569965000 detected: Trace.TrackingCookie.thefreedictionary.com!A2
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\cookies.sqlite:1292737952794001 detected: Trace.TrackingCookie.aol.com!A2
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\cookies.sqlite:1292737952801000 detected: Trace.TrackingCookie.aol.com!A2
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\cookies.sqlite:1292737953419000 detected: Trace.TrackingCookie.aol.com!A2
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\cookies.sqlite:1292738041264003 detected: Trace.TrackingCookie.aol.com!A2
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\cookies.sqlite:1292738041265002 detected: Trace.TrackingCookie.aol.com!A2
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\cookies.sqlite:1292738041266000 detected: Trace.TrackingCookie.aol.com!A2
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\cookies.sqlite:1292738054380002 detected: Trace.TrackingCookie.aol.com!A2
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\cookies.sqlite:1292738059597001 detected: Trace.TrackingCookie.ar.atwola.com!A2
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\cookies.sqlite:1292738103769000 detected: Trace.TrackingCookie.com!A2
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\cookies.sqlite:1292738103770000 detected: Trace.TrackingCookie.com!A2
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\cookies.sqlite:1292738103770001 detected: Trace.TrackingCookie.com!A2
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\cookies.sqlite:1292739769590000 detected: Trace.TrackingCookie.m.webtrends.com!A2
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\cookies.sqlite:1292769853008000 detected: Trace.TrackingCookie.d1.openx.org!A2
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\cookies.sqlite:1292879108394000 detected: Trace.TrackingCookie.e.nvero.net!A2
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\cookies.sqlite:1292997362984000 detected: Trace.TrackingCookie.www.adfusion.com!A2
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\cookies.sqlite:1293082847820000 detected: Trace.TrackingCookie.go.com!A2
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\cookies.sqlite:1293082848644000 detected: Trace.TrackingCookie.go.com!A2
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\cookies.sqlite:1293082849637000 detected: Trace.TrackingCookie.go.com!A2
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\cookies.sqlite:1293082849778000 detected: Trace.TrackingCookie.go.com!A2
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\cookies.sqlite:1293082849779000 detected: Trace.TrackingCookie.go.com!A2
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\cookies.sqlite:1293082849779001 detected: Trace.TrackingCookie.go.com!A2
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\cookies.sqlite:1293082850229000 detected: Trace.TrackingCookie.go.com!A2
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\cookies.sqlite:1293082850611000 detected: Trace.TrackingCookie.go.com!A2
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\cookies.sqlite:1293082851000000 detected: Trace.TrackingCookie.go.com!A2
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\cookies.sqlite:1293082973606002 detected: Trace.TrackingCookie.go.com!A2
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\cookies.sqlite:1293082973606003 detected: Trace.TrackingCookie.go.com!A2
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\cookies.sqlite:1293686239616000 detected: Trace.TrackingCookie.ads.pubmatic.com!A2
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\cookies.sqlite:1293742032295000 detected: Trace.TrackingCookie.trafficmp.com!A2
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\cookies.sqlite:1293742032296000 detected: Trace.TrackingCookie.trafficmp.com!A2
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\cookies.sqlite:1293742032296001 detected: Trace.TrackingCookie.trafficmp.com!A2
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\cookies.sqlite:1293743910787001 detected: Trace.TrackingCookie.network.realmedia.com!A2
C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\lu0si6w3.default\cookies.sqlite:1293743921968001 detected: Trace.TrackingCookie.trafficmp.com!A2
C:\Program Files\Gacela\custom_uninstall_step2.js detected: Trojan.Swizzor!IK

Scanned

Files: 116791
Traces: 624394
Cookies: 1987
Processes: 71

Found

Files: 1
Traces: 179
Cookies: 65
Processes: 0
Registry keys: 0

Scan end: 12/30/2010 9:24:06 PM
Scan time: 2:07:56


I color coded the text so it will be easier to find the results I am concerned about. The text in Red are "High Risk" results. The text in Blue are the "Medium Risk" results.

I quarantined all of the "High Risk" and "Medium Risk" results except the following "Medium Risk" results: Trace.Directory.HuntBar.Stoolbar!A2 1 trace, Trace.Registry.Couponbar!A2 44 traces, and Trace.Registry.JEOPARDY!!A2 1 trace.

What should I do with all of the Quarantined items?

The Reason I did not quarantine the other 3 "medium risk" items is I know what 2 of the 3 are and I am 75% sure what the third one is. Here they are: 1)the Couponbar; I added so I can print coupons for my mom. 2) JEOPARDY! is a game that came installed on the computer. and 3) Huntbar.Stoolbar I believe, is one of the search bars, but not exactly sure which one.

Edited by Groffeaston, 30 December 2010 - 09:56 PM.


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:33 AM

Posted 30 December 2010 - 11:43 PM

Sorry to hear about your back. I have chronic back pain myself so I know how bad it can get.

What should I do with all of the Quarantined items?

When an anti-virus or security program quarantines a file and moves it into a virus vault (chest) or a dedicated Quarantine folder, that file is safely held there and no longer a threat. The file is essentially disabled and prevented from causing any harm to your system through security routines which may copy, rename, encrypt and password protect the file before moving. Quarantine is just an added safety measure which allows you to view and investigate the files while keeping them from harming your computer.

One reason for doing this is to prevent deletion of a legitimate file file that may have been flagged as a "false positive" especially if the scanner uses heuristic analysis technology. Heuristics is the ability of a scanning program to detect possible new variants of malware before the vendor can get samples and update the program's definitions for detection. Heuristics uses non-specific detection methods to find new or unknown malware which allows the anti-virus to detect and stop if before doing any harm to your system. The disadvantage to using heuristics is that it is not as reliable as signature-based detection (blacklisting) and can potentially increase the chances that a non-malicious program is flagged as suspicious or infected. If that is the case, then you can restore the file and add it to the exclusion or ignore list.

When the quarantined file is known to be malicious, you can delete it at any time by launching the program which removed it, going to the Quarantine tab, and choosing the option to delete.


FYI: Emsisoft (a-squared) products are prone to "false positives" and they even acknowledge this.

...Sometimes security software falsely identifies important crucial system components as a threat (hence the term False Positives - FP).

Removing/deleting critical system files, even temporarily, can make a system crash. Sometimes the system will recover after a reboot, and sometimes it will not. Therefore, you may not be able to start your system. Special system restore measures may be needed, or even a full system re-installation...If detections are FP's, you run the risk of rendering your system inoperable...

a-squared HiJackFree: Using security Software to scan data
a-squared Anti-Malware: Using security Software to scan data
a-squared Free: Using security Software to scan data

...the Anti-Malware Scanner looks for files, folders, registry entries and Tracking Cookies that are typically created by Spyware programs. Traces are exactly these trails that Spyware leaves behind...This approach has both advantages and disadvantages for Malware recognition...The negative side is that it provides a relatively inexact, or insufficiently differentiated to be more precise, Malware recognition. Benign software can be falsely recognized, for example, if it uses the same file name or folder as a dangerous Spyware program.

Software discovered via Traces should therefore first be double-checked to see if it is actually Malware before it is finally deleted...

Spyware Traces in Detail

If you're going to use Emsisoft (a-squared) products, get a second opinion on suspicious or questionable file detections by submitting them to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file(s) and submit (upload) it for scanning/analysis. If there are multiple file detections you're not sure about, then perform an Online Virus Scan like ESET or Kaspersky.

Please perform the Norman Malware Cleaner scan and post the results.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 Groffeaston

Groffeaston
  • Topic Starter

  • Members
  • 518 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easton,PA
  • Local time:12:33 AM

Posted 31 December 2010 - 11:59 PM

Hello Everyone!

I ran the Norman Malware Cleaner scan and here are the results:

Norman Malware Cleaner
Version 1.8.3
Copyright 1990 - 2010, Norman ASA. Built 2010/12/30 19:13:27

Norman Scanner Engine Version: 6.06.12
Nvcbin.def Version: 6.06.00, Date: 2010/12/30 19:13:27, Variants: 8626096

Scan started: 2010/12/31 19:37:56

Running pre-scan cleanup routine:
Operating System: Microsoft Windows Vista 6.0.6002 Service Pack 2
Logged on user: Matthew-PC\Matthew


Scanning kernel...

Kernel scan complete


Scanning bootsectors...

Number of sectors found: 1
Number of sectors scanned: 1
Number of sectors not scanned: 0
Number of infections found: 0
Number of infections removed: 0
Total scanning time: 0s 31ms


Scanning running processes and process memory...

Number of processes/threads found: 8168
Number of processes/threads scanned: 8168
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 7m 0s


Scanning file system...

Scanning: prescan

Scanning: C:\*.*

C:\Program Files\Dell Games\Dell Game Console\Uninstall.exe (Infected with W32/Zlob.AUZL)
Removed registry key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall -> Dell Game Console
Deleted file

C:\System Volume Information\{06d86c94-1208-11e0-ae71-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{06d86fc0-1208-11e0-ae71-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{0a045322-1303-11e0-9522-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{0ac90a8e-0aff-11e0-a5f8-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{0ac90c90-0aff-11e0-a5f8-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{135fff42-1472-11e0-9772-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{185f85ab-144f-11e0-a27d-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{1df6daf9-0bce-11e0-a482-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{20a4c6d7-0969-11e0-abce-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{2dfd7a61-08af-11e0-9c5a-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{2dfd7b2f-08af-11e0-9c5a-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{6833c086-0e41-11e0-a7f0-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{73842794-109f-11e0-8c08-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{8f5b53e8-150d-11e0-8dc8-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{a642b152-0c9a-11e0-a5a1-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{b8251ab1-0a38-11e0-83c1-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{bd5931a0-0d76-11e0-bde1-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{ce3d4814-0f14-11e0-abd4-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{d48203e9-0fb2-11e0-b86a-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{d7a0331d-08ce-11e0-9fe2-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{e8f13aba-08de-11e0-8852-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\Users\Matthew\AppData\Roaming\OpenCandy\WeFiSetup_5_141_4.exe/noname.nsis/file0/file48 (Error whilst scanning file: I/O Error (0x00220005))

C:\Users\Matthew\Desktop\ShopAtHome_Toolbar.exe (Infected with ShopAtHome.F)
Deleted file

C:\Windows\CouponPrinter.ocx (Infected with W32/Suspicious_Gen.CZDW)
Deleted file

Scanning: D:\*.*

D:\System Volume Information\{009cf229-64b0-11de-b18c-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

D:\System Volume Information\{0fbdc1d6-6788-11de-8d36-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

D:\System Volume Information\{369d4a7f-6bf9-11de-91e5-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

D:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

D:\System Volume Information\{48066127-62ab-11de-b1a5-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

D:\System Volume Information\{4aa0109b-67e1-11de-b7c5-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

D:\System Volume Information\{4aa010a5-67e1-11de-b7c5-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

D:\System Volume Information\{55c44030-31c3-11de-948b-00038a000015}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

D:\System Volume Information\{5a355961-337f-11de-9322-00038a000015}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

D:\System Volume Information\{8ed9e09c-32af-11de-b3e6-00038a000015}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

D:\System Volume Information\{8ed9e0ad-32af-11de-b3e6-00038a000015}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

D:\System Volume Information\{937249ef-634f-11de-9230-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

D:\System Volume Information\{937249f9-634f-11de-9230-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

D:\System Volume Information\{93724a03-634f-11de-9230-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

D:\System Volume Information\{93724a20-634f-11de-9230-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

D:\System Volume Information\{93724a38-634f-11de-9230-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

D:\System Volume Information\{93724a86-634f-11de-9230-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

D:\System Volume Information\{93724ab4-634f-11de-9230-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

D:\System Volume Information\{abf89598-65df-11de-a32f-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

D:\System Volume Information\{b9b66595-5ec5-11de-80fa-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

D:\System Volume Information\{c69493f5-3512-11de-859d-00038a000015}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

D:\System Volume Information\{c6949406-3512-11de-859d-00038a000015}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

D:\System Volume Information\{d54c3eb4-5de9-11de-97a9-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

D:\System Volume Information\{da1c0998-5f31-11de-82b9-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

D:\System Volume Information\{da1c09a2-5f31-11de-82b9-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

D:\System Volume Information\{dcad7c28-6c1a-11de-940d-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

D:\System Volume Information\{dcad7c5d-6c1a-11de-940d-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

D:\System Volume Information\{dcad7c67-6c1a-11de-940d-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

D:\System Volume Information\{e415e24d-3216-11de-a71e-00038a000015}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

D:\System Volume Information\{e415e25e-3216-11de-a71e-00038a000015}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

D:\System Volume Information\{e8efb31d-5dd9-11de-aded-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

D:\System Volume Information\{e8efb334-5dd9-11de-aded-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

D:\System Volume Information\{e8efb356-5dd9-11de-aded-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

D:\System Volume Information\{fda27eb8-34e9-11de-90c6-00038a000015}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

D:\System Volume Information\{fda27ec2-34e9-11de-90c6-00038a000015}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

D:\System Volume Information\{fda27ecc-34e9-11de-90c6-00038a000015}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

Scanning: C:\System Volume Information\*.*

C:\System Volume Information\{06d86c94-1208-11e0-ae71-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{06d86fc0-1208-11e0-ae71-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{0a045322-1303-11e0-9522-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{0ac90a8e-0aff-11e0-a5f8-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{0ac90c90-0aff-11e0-a5f8-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{135fff42-1472-11e0-9772-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{185f85ab-144f-11e0-a27d-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{1df6daf9-0bce-11e0-a482-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{20a4c6d7-0969-11e0-abce-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{2dfd7b2f-08af-11e0-9c5a-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{6833c086-0e41-11e0-a7f0-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{73842794-109f-11e0-8c08-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{8f5b53e8-150d-11e0-8dc8-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{a642b152-0c9a-11e0-a5a1-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{b8251ab1-0a38-11e0-83c1-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{bd5931a0-0d76-11e0-bde1-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{ce3d4814-0f14-11e0-abd4-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{d48203e9-0fb2-11e0-b86a-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{d7a0331d-08ce-11e0-9fe2-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{deb67b70-1537-11e0-b71e-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

C:\System Volume Information\{e8f13aba-08de-11e0-8852-001aa040a456}{3808876b-c176-4e48-b7ae-04046e6cc752} (Error opening file: Access denied)

Scanning: postscan


Running post-scan cleanup routine:
Set TCP/IP autotuning to "normal" (or it was already "normal")

Number of files found: 561116
Number of archives unpacked: 10764
Number of files scanned: 560996
Number of files not scanned: 120
Number of files skipped due to exclude list: 0
Number of infected files found: 3
Number of infected files repaired/deleted: 3
Number of infections removed: 3
Total scanning time: 3h 42m 4s

I will go through the files that Emsisoft had discovered and submit them for scanning/analysis.

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:33 AM

Posted 01 January 2011 - 08:59 AM

Try doing an online scan to see if it finds anything else that the other scans may have missed.

Please perform a scan with Eset Online Anti-virus Scanner.
  • This scan requires Internet Explorer to work. If using a different browser, you will be given the option to download and use the ESET Smart Installer.
  • Vista/Windows 7 users need to run Internet Explorer as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Check Remove found threats and Scan potentially unwanted applications. (If given the option, choose "Quarantine" instead of delete.)
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer.
  • If offered the option to get information or buy software at any point, just close the window.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply.
Note: A log.txt file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
If you did not save the ESETScan log, click Posted Image > Run..., then type or copy and paste everything in the code box below into the Open dialogue box:

C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Click Ok and the scan results will open in Notepad.
  • Copy and paste the contents of log.txt in your next reply.
-- Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 Groffeaston

Groffeaston
  • Topic Starter

  • Members
  • 518 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easton,PA
  • Local time:12:33 AM

Posted 01 January 2011 - 06:59 PM

Hello everyone!

Here are the Results from the ESET Scan:

ESETScan.txt:
C:\Users\Matthew\Downloads\registrybooster(2).exe Win32/RegistryBooster application deleted - quarantined


ESET Log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=6a58773f5525134999fdb969c94c999d
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-01-01 07:09:18
# local_time=2011-01-01 02:09:18 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776574 100 100 18266302 130469142 0 0
# compatibility_mode=8192 67108863 100 0 32958939 32958939 0 0
# scanned=51811
# found=0
# cleaned=0
# scan_time=4143
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=6a58773f5525134999fdb969c94c999d
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-01-01 11:36:53
# local_time=2011-01-01 06:36:53 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776574 100 100 18321781 130524621 0 0
# compatibility_mode=8192 67108863 100 0 33014418 33014418 0 0
# scanned=167494
# found=1
# cleaned=1
# scan_time=7919
C:\Users\Matthew\Downloads\registrybooster(2).exe Win32/RegistryBooster application (deleted - quarantined) 00000000000000000000000000000000 C

I did not get a chance yet to re go through the files that Emsisoft discovered as High risk and medium risk and then Quarantined, to see if they are False Positives or not. I will do it shortly. Then post results or let you know the results.

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:33 AM

Posted 01 January 2011 - 09:57 PM

Ok.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 Groffeaston

Groffeaston
  • Topic Starter

  • Members
  • 518 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easton,PA
  • Local time:12:33 AM

Posted 03 January 2011 - 01:01 AM

Hello everyone!

Of the files I could check, they were all false positives. The one however came up 1 out of 19 picked it up as a malware also, when using Jotti's Virusscan. The one that got picked up by only one out of 19 was: C:\Program Files\Gacela\custom_uninstall_step2.js detected: Trojan.Swizzor!IK and the only scanner to pick it up was: IKARUS.

A couple of the programs that got listed by Emsisoft, I might be uninstalling soon, because I have not used in a while.

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:33 AM

Posted 03 January 2011 - 01:41 PM

That's why I don't recommend Emsisoft (a-squared) products.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 Groffeaston

Groffeaston
  • Topic Starter

  • Members
  • 518 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easton,PA
  • Local time:12:33 AM

Posted 04 January 2011 - 09:31 PM

Hello everyone!

I tried to remove the one program and then all heck broke loose! I forgot I had to get the correct uninstall program for it, I ended up having to go back to a restore point that was before the uninstall. But that problem is okay now, I hope.

As for my original problem: still do not know what caused my computer to send all of that Spam email. So far all of the scans have turned up minor stuff: cookies and other stuff that are False positives. So I guess it looks like it might have been in one of the emails I opened and not got picked up by my anti-spyware, anti-malware, and anti-virus programs, or it deleted itself after it sent those spam emails and did not leave a trace, that is getting detected.

Now what do I do?

Just keep an eye on my system to see if anything funky happens?

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:33 AM

Posted 06 January 2011 - 07:18 PM

Yes monitor your system for a while.

Since things appear to be stable I would also create a new restore point you can use rather than go back to an old one.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 Groffeaston

Groffeaston
  • Topic Starter

  • Members
  • 518 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Easton,PA
  • Local time:12:33 AM

Posted 06 January 2011 - 08:31 PM

Hello everyone!

I still have these funky movements with my screen and mouse. But outside of that, there is nothing major happening, knock on wood!

Probably could be: registry errors, remnants of what ever caused my initial problem (but is not being picked up on scans), or something with my browser. It is just an annoyance at this time, more than anything. I will try to figure out what is causing the weird screen movement and mouse movement.

Thanks for the help! Will let you know if anything pops up in the next few days or so.

#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:33 AM

Posted 06 January 2011 - 09:04 PM

If you have a wireless mouse, low batteries can result in weak, mixed or no signals that can affect its functionality so start by replacing them. If you are using a ball mouse, remove it and clean the rollers as dirt and gunk will cause erratic behavior. If its an opitcal mouse, it can cause "jumpiness" if used on a glossy surface or reflective mouse pad. As a test, try placing it on a piece of newspaper to see if that resolves the problem.

If that does not help, confirm that the mouse works on another machine. It is possible the mouse could be defective or has gone bad. Another thing to try is to use a different mouse or a PS2 adapter if its a USB mouse.

If this is an issue on a notebook or laptop, please see Disable Touch Pad of your Laptop; Avoid Erratic Cursor Movement When Typing.

If you need additional assistance with hardware related issues, you can start a new topic in the Hardware Subforums.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users