WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93105 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

[Closed] XPAntivirus, AdvancedCleaner, and AntiSpyStorm

Started by firefighter17103 , Oct 16 2007 05:09 PM

This topic is locked

5 replies to this topic

#1 firefighter17103

New Member

New Member
3 posts

Posted 16 October 2007 - 05:09 PM

I am getting popups from all three and i also have a black screen on my desktop that says "Warning? Spyware threat has been detected on your PC", it then says "Your computer has several fatal errors due to spyware activity", below that it syas "Your IP address is ***.***.***.*** and via this address an unauthorized access was gained by another computer. It is strongly recommended to install an antispyware software to close all security vulnerabilities."

also seeing 3 cmd windows open then close...i then get LoadLibrary Manager error saying that it encountered a problem and needs to close, asking weather i want to send a report to microsoft. I also get the bubbles pop up from my sys tray about internet attacks and spyware....

also ctl+atl+del does not work it says it was disabled by admin and i am logged in as the admin

just saw the cmd window open then close it had sysrlb32.exe in the blue bar

Thanks in advanced for your help

Here is my log file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:18:55 PM, on 10/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\WINDOWS\system32\nusrmgr.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Common Files\AOL\1142130950\ee\AOLSoftware.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\OneStepSearch\onestep.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\OneStepSearch\onestep.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\HPZipm12.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.mywa...idebar.jsp?p=DE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {6D857B37-E4F7-9403-A241-EC2B5C93DEEC} - C:\WINDOWS\system32\nqmowarx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: BndDrive2 BHO Class - {8C6D5A56-791E-4fe8-9D64-81781FA15D68} - C:\Program Files\ISM\BndDrive6.dll (file missing)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: Her - {971D5B7B-F7DF-43ee-B771-6B7FA09975C3} - C:\WINDOWS\system32\sipov.dll (file missing)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: oembios32.msdn_hlp - {D79E1D43-C805-40EF-8ACB-DFFB17E9A4AF} - C:\WINDOWS\system32\oembios32.dll
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1142130950\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {3B0AFE6A-6AEF-47D7-83EA-D1929568B81B} (KWClient16 Control) - http://71.183.76.13:2001/client16.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: OneStep Search Service - OneStepSearch.net, Inc. - C:\Program Files\OneStepSearch\onestep.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 15279 bytes

Advertisements

Register to Remove

#2 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 17 October 2007 - 03:29 PM

Hello and welcome to the forums

I suggest you do this:

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.

Please do not delete anything unless instructed to.

Next:

Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

It's normal after running ATF cleaner that the PC will be slower to boot the first time.

Next:

Download ComboFix from Here to your Desktop.

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you, combofix.txt. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick while its running. That may cause it to stall

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#3 firefighter17103

New Member

New Member
3 posts

Posted 18 October 2007 - 04:51 PM

LDTate,

I appreciate that you are willing to help and want to thank you in advance. I have tried some other things and still am finding a bunch of junk. Here is my HJT log, SpySweeper Log, Ad-Aware Log, and what SpyBot S&D has found. All scans were ran in safe mode.

----HJT Log start

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:33:46 PM, on 10/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\Program Files\McAfee.com\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [OASClnt] "C:\Program Files\McAfee.com\VSO\oasclnt.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Dell QuickSet] "C:\Program Files\Dell\QuickSet\Quickset.exe"
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint\Apoint.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1142130950\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {3B0AFE6A-6AEF-47D7-83EA-D1929568B81B} (KWClient16 Control) - http://71.183.76.13:2001/client16.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10708 bytes

-----here is the spy sweeper log

4:17 PM: Traces Found: 5
4:17 PM: Full Sweep has completed. Elapsed time 00:50:49
4:17 PM: File Sweep Complete, Elapsed Time: 00:47:40
4:00 PM: Warning: SweepDirectories: Cannot find directory "e:". This directory was not added to the list of paths to be scanned.
4:00 PM: Warning: SweepDirectories: Cannot find directory "d:". This directory was not added to the list of paths to be scanned.
4:00 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\ssms527f60a0-9544-4612-a328-236ab6fb6643.tmp". The operation completed successfully
4:00 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\ssmsa9d27328-c052-461f-8192-bf089616ff50.tmp". The operation completed successfully
4:00 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\ssmsb6895dbe-da2f-4e61-93e2-672063ed5737.tmp". The operation completed successfully
4:00 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\ssmsc1b02b6a-5050-4ff8-9619-0bc90cc8690b.tmp". The operation completed successfully
4:00 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\ssms6b5bc1cf-8190-4def-82d3-5c1f83ee19b1.tmp". The operation completed successfully
4:00 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\ssms574a5503-76ac-4546-95c4-f2f547b5eb7d.tmp". The operation completed successfully
4:00 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\ssms43fad82b-ccc6-4b43-a52c-bce870158bc4.tmp". The operation completed successfully
4:00 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\ssmsef32d159-186e-45cd-b56d-2dc3f878fdda.tmp". The operation completed successfully
4:00 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\ssms4e87a7c3-f0a6-41e8-9ebf-5d6d855da042.tmp". The operation completed successfully
4:00 PM: Warning: Failed to open file "c:\documents and settings\networkservice\application data\webroot\spy sweeper\temp\ssmsee71234a-dbfc-4845-ae84-0189793fd10a.tmp". The operation completed successfully
3:29 PM: Starting File Sweep
3:29 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
3:29 PM: Starting Cookie Sweep
3:29 PM: Registry Sweep Complete, Elapsed Time:00:00:29
3:29 PM: HKU\WRSS_Profile_S-1-5-21-715897722-2105470360-92900422-1005\software\bnddrive\ (ID = 3116811)
3:29 PM: HKU\WRSS_Profile_S-1-5-21-715897722-2105470360-92900422-1009\software\bnddrive\ (ID = 3116811)
3:29 PM: HKU\WRSS_Profile_S-1-5-21-715897722-2105470360-92900422-1009\software\microsoft\internet explorer\searchscopes\{5b4c3b43-49b6-42a7-a602-f7acdca0d409}\ (ID = 3105592)
3:29 PM: Found Adware: onestep search
3:29 PM: HKU\WRSS_Profile_S-1-5-21-715897722-2105470360-92900422-1009\software\antica\ (ID = 2720687)
3:29 PM: Found Adware: internet speed monitor
3:29 PM: HKU\WRSS_Profile_S-1-5-21-715897722-2105470360-92900422-1009\software\microsoft\internet explorer\new windows\allow\ || *.starsdoor.com (ID = 2089452)
3:29 PM: Found Adware: maxifiles
3:28 PM: Starting Registry Sweep
3:28 PM: Memory Sweep Complete, Elapsed Time: 00:02:22
3:26 PM: Starting Memory Sweep
3:26 PM: Sweep initiated using definitions version 1012
3:26 PM: Spy Sweeper 5.5.7.103 started
3:26 PM: | Start of Session, Thursday, October 18, 2007 |
***************
2:46 PM: Traces Found: 0
2:45 PM: Sweep Canceled
2:45 PM: Sweep initiated using definitions version 1012
2:45 PM: Spy Sweeper 5.5.7.103 started
2:45 PM: | Start of Session, Thursday, October 18, 2007 |
***************
2:45 PM: Program Version 5.5.7.103 Using Spyware Definitions 1012
2:44 PM: Spy Sweeper 5.5.7.103 started
2:44 PM: | Start of Session, Thursday, October 18, 2007 |
***************
Operation: Code Injection
Target: C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
Source: C:\WINDOWS\system32\csrss.exe
11:14 AM: Tamper Detection
11:14 AM: ApplicationMinimized - EXIT
11:14 AM: ApplicationMinimized - ENTER
11:08 AM: ApplicationMinimized - EXIT
11:08 AM: ApplicationMinimized - ENTER
Keylogger: Off
E-mail Attachment: On
11:00 AM: Informational: ShieldEmail: Start monitoring port 25 for mail activities
11:00 AM: Informational: ShieldEmail: Start monitoring port 110 for mail activities
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
File System Shield: On
Execution Shield: On
System Services Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
11:00 AM: Shield States
11:00 AM: License Check Status (0): Success
11:00 AM: Spyware Definitions: 1012
10:59 AM: Spy Sweeper 5.5.7.103 started
10:59 AM: Spy Sweeper 5.5.7.103 started
10:59 AM: | Start of Session, Thursday, October 18, 2007 |
***************
Operation: Code Injection
Target: C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
Source: C:\WINDOWS\system32\csrss.exe
11:37 AM: Tamper Detection
11:37 AM: ApplicationMinimized - EXIT
11:37 AM: ApplicationMinimized - ENTER
11:30 AM: ApplicationMinimized - EXIT
11:30 AM: ApplicationMinimized - ENTER
Keylogger: Off
11:18 AM: Informational: ShieldEmail: Start monitoring port 25 for mail activities
E-mail Attachment: On
11:18 AM: Informational: ShieldEmail: Start monitoring port 110 for mail activities
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
File System Shield: On
Execution Shield: On
System Services Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
11:18 AM: Shield States
11:18 AM: License Check Status (0): Success
11:18 AM: Spyware Definitions: 1012
11:18 AM: Spy Sweeper 5.5.7.103 started
11:18 AM: Spy Sweeper 5.5.7.103 started
11:18 AM: | Start of Session, Thursday, October 18, 2007 |
***************
7:38 AM: ApplicationMinimized - EXIT
7:38 AM: ApplicationMinimized - ENTER
7:36 AM: Removal process completed. Elapsed time 00:01:10
7:36 AM: A reboot was suggested but declined.
7:36 AM: Quarantining All Traces: mediaplex cookie
7:36 AM: Quarantining All Traces: server.iad.liveperson cookie
7:36 AM: Quarantining All Traces: webtrendslive cookie
7:35 AM: Quarantining All Traces: 2o7.net cookie
7:35 AM: Quarantining All Traces: adlegend cookie
7:35 AM: Quarantining All Traces: advertising cookie
7:35 AM: Quarantining All Traces: clickbank cookie
7:35 AM: Quarantining All Traces: statcounter cookie
7:35 AM: Quarantining All Traces: zedo cookie
7:35 AM: Quarantining All Traces: specificclick.com cookie
7:35 AM: Quarantining All Traces: atlas dmt cookie
7:35 AM: Quarantining All Traces: trafficmp cookie
7:35 AM: Quarantining All Traces: realmedia cookie
7:35 AM: Quarantining All Traces: questionmarket cookie
7:35 AM: Quarantining All Traces: adrevolver cookie
7:35 AM: Quarantining All Traces: yieldmanager cookie
7:35 AM: Quarantining All Traces: command
7:35 AM: Quarantining All Traces: mirar webband
7:35 AM: Quarantining All Traces: internet speed monitor
7:35 AM: Quarantining All Traces: onestep search
7:35 AM: Quarantining All Traces: targetsaver
7:35 AM: Quarantining All Traces: trojan-downloader.gen
7:35 AM: Quarantining All Traces: zquest
7:35 AM: Quarantining All Traces: aconti
7:35 AM: Quarantining All Traces: trojan.gen
7:35 AM: Quarantining All Traces: trojan-downloader-esucesm
7:35 AM: Quarantining All Traces: maxifiles
7:35 AM: Quarantining All Traces: cnsmin
7:35 AM: Quarantining All Traces: absolute keylogger
7:35 AM: Quarantining All Traces: purityscan
7:35 AM: Quarantining All Traces: trojan downloader matcash
7:35 AM: Removal process initiated
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV00\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD00\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:30 AM: Tamper Detection
12:04 AM: Traces Found: 119
12:04 AM: Full Sweep has completed. Elapsed time 00:27:57
12:04 AM: C:\Program Files\ISM2 (3 subtraces) (ID = 2147575230)
12:04 AM: File Sweep Complete, Elapsed Time: 00:22:45
11:56 PM: Warning: SweepDirectories: Cannot find directory "d:". This directory was not added to the list of paths to be scanned.
11:56 PM: C:\WINDOWS\TGlzYSBDaGlhcmFtb250ZQ\n35Wsm1Gu351wAIQvZcXtk.vbs (ID = 185675)
11:56 PM: C:\Program Files\OneStepSearch\uninstall.exe (ID = 872417)
11:56 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsb9778dce-bdad-41e3-bcca-60acbf9b6027.tmp". The operation completed successfully
11:56 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms6b2c6d66-f4e8-473a-81a5-94efb99fadf1.tmp". The operation completed successfully
11:56 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms0ee25aed-dca7-4373-9606-22eb8b59f740.tmp". The operation completed successfully
11:56 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms66620941-9e5d-4c72-9924-fbe9212d0aaf.tmp". The operation completed successfully
11:56 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsfcd4b0af-f0db-41b7-b52e-f4d27cc570d9.tmp". The operation completed successfully
11:56 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms9c902317-8beb-4daf-9b57-b994f7bfc024.tmp". The operation completed successfully
11:56 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms58d1c8e8-ffd2-499a-9295-fef915b9471d.tmp". The operation completed successfully
11:56 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms9f24f0ff-58d7-4dfc-b702-1f21e9be5aa3.tmp". The operation completed successfully
11:56 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsf2ed6719-c17f-4e6b-b52a-97acd3436c0d.tmp". The operation completed successfully
11:56 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmseba1e368-f7bd-4283-a860-f7fe3faa2f64.tmp". The operation completed successfully
11:53 PM: C:\Program Files\Common Files\zwuk\zwukd\class-barrel (ID = 78229)
11:53 PM: C:\Program Files\Common Files\zwuk\zwukd\vocabulary (ID = 78283)
11:53 PM: Found Adware: targetsaver
11:53 PM: C:\WINDOWS\tsitra72.exe (ID = 997407)
11:53 PM: Found Trojan Horse: trojan-downloader.gen
11:53 PM: C:\Program Files\OneStepSearch\onestep.dll (ID = 872415)
11:53 PM: C:\Program Files\OneStepSearch\onestep.exe (ID = 872369)
11:52 PM: C:\WINDOWS\aconti.sdb (ID = 48727)
11:52 PM: C:\qoobox\Quarantine\C\WINDOWS\system32\RACLE~1\ati2evxx.exe.vir (ID = 903470)
11:51 PM: C:\WINDOWS\acdt-pid70.exe (ID = 507482)
11:51 PM: Found Adware: zquest
11:49 PM: C:\WINDOWS\aconti.ini (ID = 48724)
11:48 PM: C:\qoobox\Quarantine\C\Program Files\ISM\ISMModule6.exe.vir (ID = 965397)
11:48 PM: C:\WINDOWS\aconti.log (ID = 48726)
11:48 PM: Found Adware: aconti
11:46 PM: C:\qoobox\Quarantine\C\WINDOWS\system32\nqmowarx.dll.vir (ID = 998919)
11:45 PM: C:\qoobox\Quarantine\C\Program Files\ISM\Uninstall.exe.vir (ID = 965407)
11:45 PM: C:\WINDOWS\absolute key logger.lnk (ID = 190263)
11:45 PM: Found System Monitor: absolute keylogger
11:45 PM: C:\qoobox\Quarantine\C\Program Files\WinAble\winable.exe.vir (ID = 890421)
11:45 PM: HKU\WRSS_Profile_S-1-5-21-715897722-2105470360-92900422-1009\Software\Microsoft\Windows\CurrentVersion\Run || ISMPack6 (ID = 0)
11:45 PM: C:\Program Files\ISM2\ISMPack6.exe (ID = 951708)
11:45 PM: C:\qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\WinTouch\WTUninstaller.exe.vir (ID = 645155)
11:44 PM: C:\qoobox\Quarantine\C\WINDOWS\system32\oembios32.dll.vir (ID = 892606)
11:44 PM: Found Trojan Horse: trojan.gen
11:44 PM: C:\Program Files\OneStepSearch\osopt.exe (ID = 872416)
11:43 PM: C:\qoobox\Quarantine\C\WINDOWS\winh32.exe.vir (ID = 535587)
11:43 PM: Found Trojan Horse: trojan-downloader-esucesm
11:42 PM: C:\qoobox\Quarantine\C\WINDOWS\b138.exe.vir (ID = 803394)
11:42 PM: C:\qoobox\Quarantine\C\WINDOWS\b104.exe.vir (ID = 350493)
11:42 PM: C:\qoobox\Quarantine\C\Program Files\Common Files\Yazzle1552OinAdmin.exe.vir (ID = 449)
11:42 PM: Found Adware: purityscan
11:42 PM: C:\qoobox\Quarantine\C\WINDOWS\uninstall_nmon.vbs.vir (ID = 231442)
11:42 PM: Found Adware: command
11:42 PM: C:\Documents and Settings\Brendan\Start Menu\Programs\Internet Speed Monitor (2 subtraces) (ID = 2147568575)
11:42 PM: C:\Program Files\OneStepSearch (6 subtraces) (ID = 2147570717)
11:42 PM: Starting File Sweep
11:42 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
11:42 PM: C:\Documents and Settings\Lisa Chiaramonte\Application Data\Mozilla\Firefox\Profilesl20vufi.default\cookies.txt (ID = 6442)
11:42 PM: C:\Documents and Settings\Lisa Chiaramonte\Application Data\Mozilla\Firefox\Profilesl20vufi.default\cookies.txt (ID = 6442)
11:42 PM: Found Spy Cookie: mediaplex cookie
11:42 PM: C:\Documents and Settings\Lisa Chiaramonte\Application Data\Mozilla\Firefox\Profilesl20vufi.default\cookies.txt (ID = 1957)
11:42 PM: C:\Documents and Settings\Lisa Chiaramonte\Application Data\Mozilla\Firefox\Profilesl20vufi.default\cookies.txt (ID = 1957)
11:42 PM: C:\Documents and Settings\Lisa Chiaramonte\Application Data\Mozilla\Firefox\Profilesl20vufi.default\cookies.txt (ID = 1957)
11:42 PM: C:\Documents and Settings\Lisa Chiaramonte\Application Data\Mozilla\Firefox\Profilesl20vufi.default\cookies.txt (ID = 1957)
11:42 PM: C:\Documents and Settings\Lisa Chiaramonte\Application Data\Mozilla\Firefox\Profilesl20vufi.default\cookies.txt (ID = 3341)
11:42 PM: C:\Documents and Settings\Lisa Chiaramonte\Application Data\Mozilla\Firefox\Profilesl20vufi.default\cookies.txt (ID = 3341)
11:42 PM: Found Spy Cookie: server.iad.liveperson cookie
11:42 PM: C:\Documents and Settings\Lisa Chiaramonte\Application Data\Mozilla\Firefox\Profilesl20vufi.default\cookies.txt (ID = 3667)
11:42 PM: Found Spy Cookie: webtrendslive cookie
11:42 PM: C:\Documents and Settings\Lisa Chiaramonte\Application Data\Mozilla\Firefox\Profilesl20vufi.default\cookies.txt (ID = 2253)
11:42 PM: C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\36r3lht9.default\cookies.txt (ID = 1957)
11:42 PM: Found Spy Cookie: 2o7.net cookie
11:42 PM: C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\36r3lht9.default\cookies.txt (ID = 2088)
11:42 PM: C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\36r3lht9.default\cookies.txt (ID = 2089)
11:42 PM: C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\36r3lht9.default\cookies.txt (ID = 2089)
11:42 PM: C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\36r3lht9.default\cookies.txt (ID = 2089)
11:42 PM: C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\36r3lht9.default\cookies.txt (ID = 2089)
11:42 PM: C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\36r3lht9.default\cookies.txt (ID = 2074)
11:42 PM: Found Spy Cookie: adlegend cookie
11:42 PM: C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\36r3lht9.default\cookies.txt (ID = 3235)
11:42 PM: C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\36r3lht9.default\cookies.txt (ID = 3235)
11:42 PM: C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\36r3lht9.default\cookies.txt (ID = 3581)
11:42 PM: C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\36r3lht9.default\cookies.txt (ID = 3581)
11:42 PM: C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\36r3lht9.default\cookies.txt (ID = 3581)
11:42 PM: C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\36r3lht9.default\cookies.txt (ID = 3581)
11:42 PM: C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\36r3lht9.default\cookies.txt (ID = 3581)
11:42 PM: C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\36r3lht9.default\cookies.txt (ID = 3581)
11:42 PM: C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\36r3lht9.default\cookies.txt (ID = 3581)
11:42 PM: C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\36r3lht9.default\cookies.txt (ID = 3581)
11:42 PM: C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\36r3lht9.default\cookies.txt (ID = 2253)
11:42 PM: C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\36r3lht9.default\cookies.txt (ID = 2175)
11:42 PM: C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\36r3lht9.default\cookies.txt (ID = 2175)
11:42 PM: C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\36r3lht9.default\cookies.txt (ID = 2175)
11:42 PM: C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\36r3lht9.default\cookies.txt (ID = 2175)
11:42 PM: C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\36r3lht9.default\cookies.txt (ID = 2175)
11:42 PM: Found Spy Cookie: advertising cookie
11:42 PM: C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\36r3lht9.default\cookies.txt (ID = 3751)
11:42 PM: C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\36r3lht9.default\cookies.txt (ID = 3751)
11:42 PM: C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\36r3lht9.default\cookies.txt (ID = 3751)
11:42 PM: C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\36r3lht9.default\cookies.txt (ID = 3751)
11:42 PM: C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\36r3lht9.default\cookies.txt (ID = 3751)
11:42 PM: C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\36r3lht9.default\cookies.txt (ID = 3751)
11:42 PM: C:\Documents and Settings\Brendan\Application Data\Mozilla\Firefox\Profiles\36r3lht9.default\cookies.txt (ID = 3751)
11:42 PM: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mai2gimq.default\cookies.txt (ID = 2398)
11:42 PM: Found Spy Cookie: clickbank cookie
11:42 PM: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mai2gimq.default\cookies.txt (ID = 3447)
11:42 PM: Found Spy Cookie: statcounter cookie
11:42 PM: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mai2gimq.default\cookies.txt (ID = 3762)
11:42 PM: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mai2gimq.default\cookies.txt (ID = 3762)
11:42 PM: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mai2gimq.default\cookies.txt (ID = 3762)
11:42 PM: Found Spy Cookie: zedo cookie
11:42 PM: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mai2gimq.default\cookies.txt (ID = 3399)
11:42 PM: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mai2gimq.default\cookies.txt (ID = 3399)
11:42 PM: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mai2gimq.default\cookies.txt (ID = 3399)
11:42 PM: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mai2gimq.default\cookies.txt (ID = 3399)
11:42 PM: Found Spy Cookie: specificclick.com cookie
11:42 PM: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mai2gimq.default\cookies.txt (ID = 3217)
11:42 PM: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mai2gimq.default\cookies.txt (ID = 2253)
11:42 PM: Found Spy Cookie: atlas dmt cookie
11:42 PM: c:\documents and settings\lisa chiaramonte\cookies\lisa_chiaramonte@ad.yieldmanager[2].txt (ID = 3751)
11:42 PM: c:\documents and settings\brendan\cookies\brendan@trafficmp[1].txt (ID = 3581)
11:42 PM: Found Spy Cookie: trafficmp cookie
11:42 PM: c:\documents and settings\brendan\cookies\brendan@realmedia[1].txt (ID = 3235)
11:42 PM: Found Spy Cookie: realmedia cookie
11:42 PM: c:\documents and settings\brendan\cookies\brendan@questionmarket[2].txt (ID = 3217)
11:42 PM: Found Spy Cookie: questionmarket cookie
11:42 PM: c:\documents and settings\brendan\cookies\brendan@media.adrevolver[2].txt (ID = 2089)
11:42 PM: c:\documents and settings\brendan\cookies\brendan@adrevolver[1].txt (ID = 2088)
11:42 PM: Found Spy Cookie: adrevolver cookie
11:42 PM: c:\documents and settings\brendan\cookies\brendan@ad.yieldmanager[1].txt (ID = 3751)
11:42 PM: Found Spy Cookie: yieldmanager cookie
11:42 PM: Starting Cookie Sweep
11:42 PM: Registry Sweep Complete, Elapsed Time:00:00:23
11:42 PM: HKU\WRSS_Profile_S-1-5-21-715897722-2105470360-92900422-1005\software\bnddrive\ (ID = 3116811)
11:42 PM: HKU\WRSS_Profile_S-1-5-21-715897722-2105470360-92900422-1005\software\microsoft\internet explorer\toolbar\webbrowser\ || {9a9c9b68-f908-4aab-8d0c-10ea8997f37e} (ID = 135102)
11:42 PM: Found Adware: mirar webband
11:42 PM: HKU\WRSS_Profile_S-1-5-21-715897722-2105470360-92900422-1009\software\bnddrive\ (ID = 3116811)
11:42 PM: HKU\WRSS_Profile_S-1-5-21-715897722-2105470360-92900422-1009\software\microsoft\internet explorer\searchscopes\{5b4c3b43-49b6-42a7-a602-f7acdca0d409}\ (ID = 3105592)
11:42 PM: HKU\WRSS_Profile_S-1-5-21-715897722-2105470360-92900422-1009\software\antica\ (ID = 2720687)
11:42 PM: HKU\WRSS_Profile_S-1-5-21-715897722-2105470360-92900422-1009\software\microsoft\internet explorer\new windows\allow\ || *.starsdoor.com (ID = 2089452)
11:42 PM: Found Adware: maxifiles
11:42 PM: HKU\S-1-5-21-715897722-2105470360-92900422-500\software\bnddrive\ (ID = 3116811)
11:42 PM: HKU\S-1-5-21-715897722-2105470360-92900422-500\software\microsoft\windows\currentversion\uninstall\wintouch\ (ID = 2443371)
11:42 PM: Found Trojan Horse: trojan downloader matcash
11:42 PM: HKLM\software\microsoft\internet explorer\explorer bars\{1b2588f5-45ce-4322-b755-d79944ad1b17}\ (ID = 3179800)
11:42 PM: HKLM\software\classes\typelib\{de4476af-4276-44ac-964b-7e2555c3bef2}\ (ID = 3179790)
11:42 PM: HKLM\software\classes\clsid\{1b2588f5-45ce-4322-b755-d79944ad1b17}\ (ID = 3179763)
11:42 PM: Found Adware: internet speed monitor
11:42 PM: HKLM\system\currentcontrolset\services\onestep search service\ (ID = 3105851)
11:42 PM: HKLM\system\controlset001\services\onestep search service\ (ID = 3105563)
11:42 PM: HKLM\software\onestepsearch\ (ID = 3105543)
11:42 PM: HKLM\software\microsoft\windows\currentversion\uninstall\onestepsearch\ (ID = 3105540)
11:42 PM: HKLM\software\microsoft\internet explorer\searchscopes\{5b4c3b43-49b6-42a7-a602-f7acdca0d409}\ (ID = 3105536)
11:42 PM: HKLM\software\microsoft\internet explorer\activex compatibility\{9a578c98-3c2f-4630-890b-fc04196ef420}\ (ID = 2346201)
11:42 PM: Found Adware: cnsmin
11:41 PM: Starting Registry Sweep
11:41 PM: Memory Sweep Complete, Elapsed Time: 00:04:41
11:41 PM: Detected running threat: C:\Program Files\OneStepSearch\onestep.exe (ID = 872369)
11:41 PM: Detected running threat: C:\Program Files\OneStepSearch\onestep.exe (ID = 872369)
11:38 PM: Detected running threat: C:\Program Files\OneStepSearch\onestep.dll (ID = 872415)
11:38 PM: Found Adware: onestep search
11:37 PM: Starting Memory Sweep
11:37 PM: Start Full Sweep
11:37 PM: Sweep initiated using definitions version 1012
Keylogger: Off
11:33 PM: Informational: ShieldEmail: Start monitoring port 25 for mail activities
E-mail Attachment: On
11:33 PM: Informational: ShieldEmail: Start monitoring port 110 for mail activities
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
File System Shield: On
Execution Shield: On
System Services Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
11:33 PM: Shield States
11:33 PM: License Check Status (0): Success
11:32 PM: Spyware Definitions: 992
11:31 PM: Spy Sweeper 5.5.7.103 started
11:31 PM: Spy Sweeper 5.5.7.103 started
11:31 PM: | Start of Session, Wednesday, October 17, 2007 |
***************

---here is the ad-aware log---

Ad-Aware 2007 Build
Log File Created on: 2007-10-18 12:25:52
Using Definitions File: C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\core.aawdef
Computer name: SNICKERS
Name of user performing scan: SYSTEM

System information
===========================
Number of processors: 1
Processor type: Intel® Pentium® M processor 1.60GHz
Memory Available: 50%
Total Physical Memory: 527822848 Bytes
Available Physical Memory: 262909952 Bytes
Total Page File Size: 1288048640 Bytes
Available On Page File: 1105317888 Bytes
Total Virtual Memory: 2147352576 Bytes
Available Virtual Memory: 1989701632 Bytes
OS: Microsoft Windows XP Service Pack 2 (Build 2600)

Ad-Aware 2007 Settings
===========================
Skipping files larger than 1048576 kB
Ignoring infections with lower TAI than: 3

Extended Ad-Aware 2007 Settings
===========================
Unloading known modules during scan
Ignoring spanned files when scanning cab archives
Scanning registry for all users
Using permanent archive caching
Reanalyzing results after scanning before displaying results
Trying to unload modules prior to removal
Let Windows remove files currently in use at next reboot
Removing quarantined objects after restore
Logging Ad-Aware events
Blocking Pop-Ups aggressively
Deactivating Ad-Watch during scans
Writeprotecting system files after repairs
Including Ad-aware command line parameters in log file
Include info about ignored objects in log file
Including basic settings in log file
Including advanced settings in log file
Including user and computer name in log file
Include reference summary in log file
Creating log file for removal operations
Including module info in log file
Include Alternate Data Stream details in log file
Create and save WebUpdate log file

Databaseinfo
===========================
Version number: 26
Build Number: 0
Build Date and Time: 2007/10/15 03:25:21

Scan Statistics
===========================
Method: Full
Scan tracking cookies.............................: On
Scan ADS filestreams..............................: Off

Item Scanned: 295960
Infections Detected: 18
Infections Ignored: 0

Scan detailed statistics
===========================
Type Critical Total
Process Scan....: 0 0
Registry Scan...: 5 5
Registry PE Scan: 0 0
Hosts File Scan.: 0 0
File Scan.......: 0 0
Folder Scan.....: 0 0
LSP Scan........: 0 0
ADS Scan........: 0 0
Cookie Scan.....: 9 9
File Hash Scan..: 2 2

Infections Found
===========================
Family Id: 203 Name: BargainBuddy Category: Malware TAI:8
Item Id: 300004342 Value: Root: HKU Path: S-1-5-21-715897722-2105470360-92900422-500\software\microsoft\windows\currentversion\ext\stats\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}
Family Id: 926 Name: Win32.Spyware.Acoona Category: Spyware TAI:7
Item Id: 300018729 Value: Root: HKU Path: S-1-5-21-715897722-2105470360-92900422-500\software\microsoft\windows\currentversion\ext\stats\{944864a5-3916-46e2-96a9-a2e84f3f1208}
Family Id: 948 Name: Win32.Trojan.Crypt Category: Virus TAI:10
Item Id: 300033494 Value: Root: HKCR Path: interface\{8e36a11e-7301-4007-a380-bcbbd7afb400}
Item Id: 300033496 Value: Root: HKCR Path: typelib\{c4df2c47-6d4f-4ca5-a35d-cca88842b504}
Item Id: 59453 Value: File: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0071723.dll
Item Id: 300033495 Value: Root: HKCR Path: oembios32.msdn_hlp
Family Id: 725 Name: Tracking Cookie Category: DataMiner TAI:3
Item Id: 600000190 Value: Browser: Firefox Cookie: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles/mai2gimq.default\cookies.txt www.googleadservices.com Conversion /pagead/conversion/1070299046/
Item Id: 600000415 Value: Browser: Firefox Cookie: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles/mai2gimq.default\cookies.txt revsci.net rsi_segs_1000000 /
Item Id: 600000415 Value: Browser: Firefox Cookie: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles/mai2gimq.default\cookies.txt revsci.net rsi_cls_1000000 /
Item Id: 600000415 Value: Browser: Firefox Cookie: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles/mai2gimq.default\cookies.txt revsci.net NETSEGS_K05540 /
Item Id: 600000415 Value: Browser: Firefox Cookie: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles/mai2gimq.default\cookies.txt revsci.net NETID01 /
Item Id: 600000083 Value: Browser: Firefox Cookie: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles/mai2gimq.default\cookies.txt adwarealert.com stats_ref /
Item Id: 600000083 Value: Browser: Firefox Cookie: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles/mai2gimq.default\cookies.txt adwarealert.com __utma /
Item Id: 600000083 Value: Browser: Firefox Cookie: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles/mai2gimq.default\cookies.txt adwarealert.com __utmz /
Item Id: 600000190 Value: Browser: Firefox Cookie: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles/mai2gimq.default\cookies.txt www.googleadservices.com Conversion /pagead/conversion/1072645447/
Family Id: 997 Name: Win32.TrojanDownloader.Adload Category: Virus TAI:10
Item Id: 62046 Value: File: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP183\A0068760.exe
Family Id: 9999 Name: MRU Object Category: MRU Object TAI:0
Item Id: 1 Value: MRU Path: C:\Documents and Settings\Administrator\Recent Count: 32
Item Id: 3 Value: MRU Registry Key: S-1-5-21-715897722-2105470360-92900422-500\Software\Microsoft\Internet Explorer\TypedURLs Count: 6

Items Ignored During Scan
===========================

Listing of running processes
===========================
C:\WINDOWS\SYSTEM32\SMSS.EXE
c:\windows\system32\smss.exe

c:\windows\system32\ntdll.dll

C:\WINDOWS\SYSTEM32\CSRSS.EXE
c:\windows\system32\csrss.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\csrsrv.dll

c:\windows\system32\basesrv.dll

c:\windows\system32\winsrv.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\sxs.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

C:\WINDOWS\SYSTEM32\WINLOGON.EXE
c:\windows\system32\winlogon.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\authz.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\nddeapi.dll

c:\windows\system32\profmap.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\psapi.dll

c:\windows\system32\regapi.dll

c:\windows\system32\secur32.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\version.dll

c:\windows\system32\winsta.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\imm32.dll

c:\windows\system32\msgina.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\odbc32.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\comdlg32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\odbcint.dll

c:\windows\system32\shsvcs.dll

c:\windows\system32\sfc.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\ole32.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\winmm.dll

c:\windows\system32\cscdll.dll

c:\windows\system32\lmiinit.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\wlnotify.dll

c:\windows\system32\winscard.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winspool.drv

c:\windows\system32\mpr.dll

c:\windows\system32\wgalogon.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\wrlogonntf.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\lmirfsclientnp.dll

c:\program files\intel\wireless\bin\lgnotify.dll

c:\windows\system32\cscui.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\xpsp2res.dll

C:\WINDOWS\SYSTEM32\SERVICES.EXE
c:\windows\system32\services.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\scesrv.dll

c:\windows\system32\authz.dll

c:\windows\system32\umpnpmgr.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\ncobjapi.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\secur32.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\eventlog.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\psapi.dll

c:\windows\system32\wtsapi32.dll

C:\WINDOWS\SYSTEM32\LSASS.EXE
c:\windows\system32\lsass.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\lsasrv.dll

c:\windows\system32\mpr.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\secur32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\samsrv.dll

c:\windows\system32\cryptdll.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\msprivs.dll

c:\windows\system32\kerberos.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\netlogon.dll

c:\windows\system32\w32time.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\schannel.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\wdigest.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\scecli.dll

c:\windows\system32\setupapi.dll

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\rpcss.dll

c:\windows\system32\secur32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\rpcss.dll

c:\windows\system32\secur32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AAWSERVICE.EXE
c:\program files\lavasoft\ad-aware 2007\aawservice.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\program files\lavasoft\ad-aware 2007\ceapi.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\program files\lavasoft\ad-aware 2007\pkarchive84cb.dll

c:\windows\system32\shell32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\ole32.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\psapi.dll

c:\windows\system32\version.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\program files\lavasoft\ad-aware 2007\update.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\userenv.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\secur32.dll

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\cryptsvc.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\certcli.dll

c:\windows\system32\atl.dll

c:\windows\system32\secur32.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\cryptui.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\esent.dll

c:\windows\system32\srsvc.dll

c:\windows\system32\powrprof.dll

c:\windows\pchealth\helpctr\binaries\pchsvc.dll

c:\windows\system32\winsta.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\wbem\wmisvc.dll

c:\windows\system32\vssapi.dll

c:\windows\system32\wbem\wbemcore.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\wbem\esscli.dll

c:\windows\system32\wbem\wbemcomn.dll

c:\windows\system32\wbem\fastprox.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\wbem\wmiutils.dll

c:\windows\system32\wbem\repdrvfs.dll

c:\windows\system32\wbem\wmiprvsd.dll

c:\windows\system32\ncobjapi.dll

c:\windows\system32\wbem\wbemess.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\wbem\ncprov.dll

C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
c:\program files\webroot\spy sweeper\spysweeper.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\ole32.dll

c:\windows\system32\version.dll

c:\windows\system32\mpr.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\wininet.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\shell32.dll

c:\windows\system32\comdlg32.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\winmm.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\program files\webroot\spy sweeper\pcre.dll

c:\windows\system32\psapi.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\vdmdbg.dll

c:\windows\system32\sxs.dll

c:\windows\system32\olepro32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\program files\webroot\spy sweeper\ztvcabinet.dll

c:\program files\webroot\spy sweeper\ztvunrar3.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

C:\PROGRAM FILES\INTEL\WIRELESS\BIN\ZCFGSVC.EXE
c:\program files\intel\wireless\bin\zcfgsvc.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\program files\intel\wireless\bin\pfmgrapi.dll

c:\program files\intel\wireless\bin\traceapi.dll

c:\program files\intel\wireless\bin\psregapi.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\winspool.drv

c:\windows\system32\comctl32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\atl.dll

c:\windows\system32\secur32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\shell32.dll

c:\program files\intel\wireless\bin\murocapi.dll

c:\program files\intel\wireless\bin\s24mudll.dll

c:\windows\system32\version.dll

c:\program files\intel\wireless\bin\c1xstngs.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\comdlg32.dll

c:\windows\system32\oledlg.dll

c:\windows\system32\olepro32.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\program files\intel\wireless\bin\lsawrapi.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\netapi32.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\msctf.dll

C:\WINDOWS\EXPLORER.EXE
c:\windows\explorer.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\browseui.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\user32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\ole32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\shdocvw.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\cryptui.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\cscui.dll

c:\windows\system32\cscdll.dll

c:\windows\system32\themeui.dll

c:\windows\system32\secur32.dll

c:\windows\system32\msimg32.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\msutb.dll

c:\windows\system32\msctf.dll

c:\windows\system32\shimgvw.dll

c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll

c:\windows\system32\linkinfo.dll

c:\windows\system32\ntshrui.dll

c:\windows\system32\atl.dll

c:\windows\system32\winsta.dll

c:\windows\system32\msi.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\psapi.dll

c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll

c:\program files\microsoft office\office11\msohev.dll

c:\windows\system32\urlmon.dll

c:\windows\system32\mlang.dll

c:\windows\system32\browselc.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\comdlg32.dll

c:\windows\system32\mpr.dll

c:\windows\system32\drprov.dll

c:\windows\system32\ntlanman.dll

c:\windows\system32\netui0.dll

c:\windows\system32\netui1.dll

c:\windows\system32\netrap.dll

c:\windows\system32\samlib.dll

c:\windows\system32\davclnt.dll

c:\windows\system32\lmirfsclientnp.dll

c:\windows\system32\msgina.dll

c:\windows\system32\odbc32.dll

c:\windows\system32\odbcint.dll

c:\windows\system32\setupapi.dll

C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AD-AWARE2007.EXE
c:\program files\lavasoft\ad-aware 2007\ad-aware2007.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\imm32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\comdlg32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\shell32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\inetmib1.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\snmpapi.dll

c:\windows\system32\wsock32.dll

c:\windows\system32\mprapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\atl.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\samlib.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\version.dll

c:\windows\system32\mpr.dll

c:\windows\system32\winmm.dll

c:\windows\system32\oleacc.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\uxtheme.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\olepro32.dll

c:\windows\system32\secur32.dll

c:\windows\system32\msctf.dll

C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
c:\program files\mcafee.com\agent\mcagent.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\version.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shell32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\program files\mcafee.com\agent\scres.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\msxml3.dll

c:\windows\system32\msctf.dll

C:\WINDOWS\SYSTEM32\CTFMON.EXE
c:\windows\system32\ctfmon.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\msctf.dll

c:\windows\system32\msutb.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\msctfime.ime

End of Scan Section
===========================

Quarantined Infections
===========================
Root: HKU Path: S-1-5-21-715897722-2105470360-92900422-500\software\microsoft\windows\currentversion\ext\stats\{1adbcce8-cf84-441e-9b38-afc7a19c06a4} belonging to BargainBuddy
Root: HKU Path: S-1-5-21-715897722-2105470360-92900422-500\software\microsoft\windows\currentversion\ext\stats\{944864a5-3916-46e2-96a9-a2e84f3f1208} belonging to Win32.Spyware.Acoona
Root: HKCR Path: interface\{8e36a11e-7301-4007-a380-bcbbd7afb400} belonging to Win32.Trojan.Crypt
Root: HKCR Path: typelib\{c4df2c47-6d4f-4ca5-a35d-cca88842b504} belonging to Win32.Trojan.Crypt
File: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0071723.dll belonging to Win32.Trojan.Crypt
Root: HKCR Path: oembios32.msdn_hlp belonging to Win32.Trojan.Crypt
File: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP183\A0068760.exe belonging to Win32.TrojanDownloader.Adload
Root: HKU Path: S-1-5-21-715897722-2105470360-92900422-500\software\microsoft\windows\currentversion\ext\stats\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}, Belonging to BargainBuddy
Root: HKU Path: S-1-5-21-715897722-2105470360-92900422-500\software\microsoft\windows\currentversion\ext\stats\{944864a5-3916-46e2-96a9-a2e84f3f1208}, Belonging to Win32.Spyware.Acoona
Root: HKCR Path: interface\{8e36a11e-7301-4007-a380-bcbbd7afb400}, Belonging to Win32.Trojan.Crypt
Root: HKCR Path: typelib\{c4df2c47-6d4f-4ca5-a35d-cca88842b504}, Belonging to Win32.Trojan.Crypt
Root: HKCR Path: oembios32.msdn_hlp, Belonging to Win32.Trojan.Crypt
File: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP184\A0071723.dll, Belonging to Win32.Trojan.Crypt
File: C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP183\A0068760.exe, Belonging to Win32.TrojanDownloader.Adload

End Quarantine / Cleaned Infection Log
===========================

----in spybot s&d i have found

-Freeze - 1 entry - file in C:\Program Files\Free offers from Freeze.com\wfallsaw.ico
-Microsoft.WindowsSecurityCenter.AntivirusDisableNotify - 1 entry - reg change in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify
-Microsoft.WindowsSecurityCenter.FirewallDisableNotify - 1 entry - reg change in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify
-Mirar - 2 entries - reg keys
-(SBI $86D6B8E5) User settings
HKEY_USERS\S-1-5-21-715897722-2105470360-92900422-500 \SoftwarMicrosoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B69-F908-4AAV-8D0C-10EA8997F37E}
-(SBI $88315034) User settings
HKEY_USERS\S-1-5-21-715897722-2105470360-92900422-500 \SoftwarMicrosoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B69-F908-4AAV-8D0C-10EA8997F37E}
-Smitfraud-C - 1 entry - file IN C:\WINDOWS\system32\ace16win.dll

#4 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 18 October 2007 - 04:55 PM

This is all we need for now.

Please do not delete anything unless instructed to.

Next:

Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

It's normal after running ATF cleaner that the PC will be slower to boot the first time.

Next:

Download ComboFix from Here to your Desktop.

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you, combofix.txt. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick while its running. That may cause it to stall

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#5 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 20 October 2007 - 07:21 PM

You still ned help?

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

#6 LDTate

Grand Poobah

Root Admin
57,211 posts

Posted 24 October 2007 - 04:16 PM

Due to inactivity this topic will be closed. If you need help please start a new thread and post a new HJT log

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

If you would like to for the help you received.

Proud graduate of TC/WTT Classroom

Body Background

skin color theme