Jump to content
Sign in to follow this  
sphan

Malware Swizzor D

Recommended Posts

A few days ago my spysweeper detected this some sort of malware/behavioral along the names of Malware Swizzor D. Slightly panicked I did everything I could in attempt to get rid of it but webroot wasn't able to quarantine it. and Malware bytes' Anti-malware didn't pick up any sign of threats, however, just this morning there was something wrong with my IE browser. No matter how many browsers were up, if you closed one, a runtime error would appear and close out all the other IE browers! Pleasee help.

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:52:18 PM, on 12/22/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\AIM6\aim6.exe

C:\Program Files\Ares\Ares.exe

C:\Program Files\AIM6\aolsoftware.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Program Files\Seekeen\seekeen.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\Seekeen\seekeen.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Webroot\Spy Sweeper\SSU.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

R3 - URLSearchHook: (no name) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [LVCOMS] "C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE"

O4 - HKLM\..\Run: [LogitechGalleryRepair] "C:\Program Files\Logitech\ImageStudio\ISStart.exe"

O4 - HKLM\..\Run: [LogitechImageStudioTray] "C:\Program Files\Logitech\ImageStudio\LogiTray.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [spySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=laptop

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB

O16 - DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} (AXIDMDCP Class) - http://m1.cdn.gaiaonline.com/plugins/IDMFlash.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: Seekeen Service - Unknown owner - C:\Program Files\Seekeen\seekeen.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

 

--

End of file - 7886 bytes

 

 

 

 

 

log.txt

Logfile of random's system information tool 1.05 (written by random/random)

Run by Owner at 2008-12-22 21:48:13

Microsoft Windows XP Professional Service Pack 2

System drive C: has 742 MB (1%) free of 76 GB

Total RAM: 1022 MB (47% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:48:36 PM, on 12/22/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\AIM6\aim6.exe

C:\Program Files\Ares\Ares.exe

C:\Program Files\AIM6\aolsoftware.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Program Files\Seekeen\seekeen.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\Seekeen\seekeen.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Webroot\Spy Sweeper\SSU.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Owner\Desktop\RSIT.exe

C:\Program Files\trend micro\Owner.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

R3 - URLSearchHook: (no name) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [LVCOMS] "C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE"

O4 - HKLM\..\Run: [LogitechGalleryRepair] "C:\Program Files\Logitech\ImageStudio\ISStart.exe"

O4 - HKLM\..\Run: [LogitechImageStudioTray] "C:\Program Files\Logitech\ImageStudio\LogiTray.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [spySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=laptop

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab

O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB

O16 - DPF: {4A116A80-85B6-4299-A018-A717FD7AC66A} (AXIDMDCP Class) - http://m1.cdn.gaiaonline.com/plugins/IDMFlash.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O23 - Service: Seekeen Service - Unknown owner - C:\Program Files\Seekeen\seekeen.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

 

--

End of file - 7854 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\wrSpySweeper_L33ED8BC326074492B7A0BCA5DB6E9EA0.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"LVCOMS"=C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE [2002-12-10 127022]

"LogitechGalleryRepair"=C:\Program Files\Logitech\ImageStudio\ISStart.exe [2002-12-10 155648]

"LogitechImageStudioTray"=C:\Program Files\Logitech\ImageStudio\LogiTray.exe [2002-12-10 61440]

"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-05-18 49152]

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]

"SpySweeper"=C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2007-07-19 5361464]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-10 15360]

"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-08-06 50472]

"ares"=C:\Program Files\Ares\Ares.exe [2008-11-13 883712]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-09-28 344064]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2005-10-11 409600]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]

C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-17 49152]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2005-05-04 794624]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]

c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [2004-10-14 253952]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-06-19 729178]

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

 

C:\Documents and Settings\Owner\Start Menu\Programs\Startup

Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\system32\Ati2evxx.dll [2005-09-27 46080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]

C:\WINDOWS\system32\WRLogonNTF.dll [2007-07-19 219448]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"notification packages"=

scecli

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\svcWRSSSDK]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"DisableTaskMgr"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"

"C:\Program Files\DealBook FX 2\DealBookFX.exe"="C:\Program Files\DealBook FX 2\DealBookFX.exe:*:Enabled:DealBookFX"

"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"

"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"

"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

 

======File associations======

 

.reg - open - regedit.exe "%1" %*

 

======List of files/folders created in the last 1 months======

 

2008-12-22 21:48:13 ----D---- C:\rsit

2008-12-16 21:18:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2008-12-16 17:51:22 ----D---- C:\Program Files\Seekeen

2008-12-16 17:51:10 ----D---- C:\Program Files\My.Freeze.com Toolbar

2008-12-12 03:13:08 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$

2008-12-12 03:12:53 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$

2008-12-12 03:03:01 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$

2008-12-12 03:02:35 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$

 

======List of files/folders modified in the last 1 months======

 

2008-12-22 21:48:36 ----D---- C:\Program Files\Trend Micro

2008-12-22 21:48:20 ----D---- C:\WINDOWS\temp

2008-12-22 21:48:05 ----D---- C:\WINDOWS\Prefetch

2008-12-22 21:42:51 ----RSHD---- C:\WINDOWS\system32\dllcache

2008-12-22 21:42:45 ----D---- C:\Program Files\Internet Explorer

2008-12-22 21:42:12 ----D---- C:\WINDOWS\system32\CatRoot2

2008-12-22 15:27:40 ----A---- C:\WINDOWS\ModemLog_AC97 Soft Data Fax Modem with SmartCP.txt

2008-12-22 14:42:29 ----D---- C:\Documents and Settings\Owner\Application Data\ZoomBrowser EX

2008-12-22 14:42:24 ----D---- C:\Documents and Settings\All Users\Application Data\ZoomBrowser

2008-12-22 14:26:20 ----D---- C:\WINDOWS\system32

2008-12-22 14:26:20 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2008-12-22 14:21:50 ----D---- C:\WINDOWS\Registration

2008-12-22 14:21:36 ----D---- C:\WINDOWS

2008-12-20 00:10:23 ----D---- C:\WINDOWS\system32\wbem

2008-12-19 05:29:19 ----A---- C:\WINDOWS\SchedLgU.Txt

2008-12-18 03:01:40 ----HD---- C:\WINDOWS\inf

2008-12-18 03:01:23 ----D---- C:\WINDOWS\ie7updates

2008-12-18 03:00:32 ----HD---- C:\WINDOWS\$hf_mig$

2008-12-17 20:05:11 ----SHD---- C:\WINDOWS\Installer

2008-12-17 20:05:10 ----RD---- C:\Program Files

2008-12-17 20:05:10 ----D---- C:\WINDOWS\WinSxS

2008-12-17 19:51:43 ----D---- C:\Program Files\Common Files\Wise Installation Wizard

2008-12-17 19:51:38 ----D---- C:\WINDOWS\system32\drivers

2008-12-16 21:38:09 ----A---- C:\WINDOWS\win.ini

2008-12-16 18:19:24 ----A---- C:\WINDOWS\imsins.BAK

2008-12-16 18:05:29 ----D---- C:\My Downloads

2008-12-16 17:14:30 ----D---- C:\Program Files\Movie Maker

2008-12-16 17:14:05 ----D---- C:\WINDOWS\RegisteredPackages

2008-12-13 01:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll

2008-12-09 18:24:37 ----A---- C:\WINDOWS\system32\MRT.exe

2008-12-04 20:03:25 ----D---- C:\WINDOWS\system32\Macromed

2008-12-03 18:14:33 ----SD---- C:\WINDOWS\Downloaded Program Files

2008-11-26 19:30:31 ----D---- C:\WINDOWS\Help

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]

R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []

R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]

R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]

R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-16 13059]

R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []

R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2007-12-19 97216]

R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-10 60800]

R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-09-27 1345536]

R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-08-12 376320]

R3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camc6aud.sys [2005-08-02 38016]

R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camc6hal.sys [2005-08-02 349312]

R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]

R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]

R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2005-08-22 1035008]

R3 HSFHWATI;HSFHWATI; C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 231424]

R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]

R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-10 61824]

R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-06-21 74496]

R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-10 67584]

R3 SSKBFD;Webroot Spy Sweeper Keylogger Shield Keyboard Filter; C:\WINDOWS\System32\Drivers\sskbfd.sys [2007-07-19 23864]

R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-06-19 190400]

R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-06-22 162176]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-10 26624]

R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-10 57600]

R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-10 17024]

R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-08-22 718464]

S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2005-08-18 56648]

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]

S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []

S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-21 49920]

S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-21 16496]

S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-21 21568]

S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []

S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]

S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]

S3 npkcrypt;npkcrypt; \??\C:\Documents and Settings\Owner\Desktop\Gravity\RO\npkcrypt.sys []

S3 npkycryp;npkycryp; \??\C:\Documents and Settings\Owner\Desktop\Gravity\RO\npkycryp.sys []

S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0); C:\WINDOWS\system32\DRIVERS\CamDrL21.sys [2002-06-10 371766]

S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []

S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]

S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []

S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]

S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]

S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-09-27 376832]

R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-05-15 100032]

R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2006-03-30 96341]

R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-10-11 237568]

R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-09-22 53248]

R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]

R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2005-08-08 167936]

R2 Seekeen Service;Seekeen Service; C:\Program Files\Seekeen\seekeen.exe [2008-12-09 4608]

R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2007-04-11 1174152]

R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2007-07-19 3564344]

R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]

S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-03-13 72704]

S3 AresChatServer;Ares Chatroom server; C:\Program Files\Ares\chatServer.exe [2007-02-02 261120]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]

S3 hpqwmi;HP WMI Interface; C:\Program Files\HPQ\SHARED\HPQWMI.exe [2005-10-11 102400]

S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-05-15 2086592]

S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-04 38912]

S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]

S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

 

-----------------EOF-----------------

 

 

 

 

Info.txt

info.txt logfile of random's system information tool 1.05 2008-12-22 21:48:40

 

======Uninstall list======

 

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu

-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}

-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}

-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}

-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{939F8208-C8CE-4AFF-B7BA-ACEB2E74A6CB}\Setup.exe"

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}

Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}

Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}

Adobe Premiere Pro 1.5-->RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{A14F7508-B784-40B8-B11A-E0E2EEB7229F}\setup.exe" -l0x0009

Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}

Adobe Reader Korean Fonts-->MsiExec.exe /I{AC76BA86-7AD7-5676-5A64-7E8A45000001}

Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log

Adobe Stock Photos 1.0-->MsiExec.exe /I{BC467935-A9A5-4D0F-BD89-94F36CDF0524}

Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log

AIM 6-->C:\Program Files\AIM6\uninst.exe

AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"

Apple Mobile Device Support-->MsiExec.exe /I{AA9768AA-FF0B-4C66-A085-31E934F77841}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

Ares 2.0.9-->"C:\Program Files\Ares\uninstall.exe"

Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9

ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"

ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

Canon Camera Access Library-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"

Canon Camera Support Core Library-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"

Canon Camera Window DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"

Canon Camera Window DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"

Canon Camera Window MC 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"

Canon G.726 WMP-Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"

Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"

Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"

Canon RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"

Canon Utilities EOS Utility-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"

Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"

Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"

Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}

Conexant AC-Link Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO\HXFSETUP.EXE -U -ICPL309BA.INF

DealBook FX 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4F1AEBC-6259-459B-BF23-201335038F3F}\Setup.exe" -l0x9

DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"

Fidelity Active Trader Pro-->"C:\Program Files\Fidelity Investments\Fidelity Active Trader\System\atngcmgr.exe" /cmd:uninstall /interactive

Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}

Graphmatica-->C:\Program Files\Graphmatica\uninstall.exe

High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe

HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall

Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"

Hotfix for Windows XP (KB896256)-->"C:\WINDOWS\$NtUninstallKB896256$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

HP Help and Support-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly

HP PSC 2350 series-->rundll32 hpzcon10.dll,VendorJettison HP PSC 2350 series

HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}

HP User Guides 0008-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{43A6AA2A-74B5-4E1C-91DB-ECB2F99D9ED7}\setup.exe" -l0x9 -removeonly

HP Wireless Assistant 1.01 C1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst

InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe

InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL

iTunes-->MsiExec.exe /I{41B9E2CF-0B3F-442A-B5B3-592A4A355634}

LiveUpdate 3.0 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U

Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL

Logitech ImageStudio-->MsiExec.exe /I{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

MathType 6-->"C:\Program Files\MathType\Setup.exe" -R

Messenger Plus! Live & Sponsor (CiD)-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"

Microsoft .NET Framework 1.0 Hotfix (KB887998)-->"C:\WINDOWS\$NtUninstallKB887998$\spuninst\spuninst.exe"

Microsoft .NET Framework 1.0 Hotfix (KB930494)-->"C:\WINDOWS\$NtUninstallKB930494$\spuninst\spuninst.exe"

Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}

Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft Money 2005-->C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120

Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft Office Excel Viewer 2003-->MsiExec.exe /I{90840409-6000-11D3-8CFE-0150048383C9}

Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}

MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

muvee autoProducer 4.0 - SE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{534AA552-E1F1-4965-B2AA-FBDEB0730D60}\setup.exe" -l0x9

My.Freeze.com Toolbar-->"C:\Program Files\My.Freeze.com Toolbar\settings_uninstall_app.exe" --uninstall

OTOY-->RunDll32 C:\WINDOWS\DOWNLO~1\OTOYAX.dll,_RemoveGroove@16

Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"

PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall

Quick Launch Buttons 5.20 D2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe" -l0x9 -uninst

QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}

Ragnarok Sakray-->"C:\WINDOWS\IFinst27.exe" -UC:\Program Files\Gravity\RO\IFUAD.inf

Rhapsody Player Engine-->MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"

Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"

Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"

Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"

Security Update for Windows XP (KB883939)-->"C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"

Security Update for Windows XP (KB893066)-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"

Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"

Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"

Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"

Security Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"

Security Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"

Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"

Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"

Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"

Security Update for Windows XP (KB912812)-->"C:\WINDOW

Share this post


Link to post
Share on other sites

Please check the Options panel of SpySweeper for View Session Log or similar. Locate a log that shows the Swizzor detection then Save to File and post that log here.

Share this post


Link to post
Share on other sites

Please check the Options panel of SpySweeper for View Session Log or similar. Locate a log that shows the Swizzor detection then Save to File and post that log here.

 

It doesn't seem to have a log anywhere.

Share this post


Link to post
Share on other sites

Recommend you so a full scan with SpySweeper and see if you can get details.

 

 

12:25 AM: Removal process completed. Elapsed time 00:00:43

12:25 AM: Informational: Virus infected file c:\recycler\s-1-5-21-2393387428-2213101547-2949826486-1005\dc184.vir not cleaned.

12:25 AM: Informational: File c:\recycler\s-1-5-21-2393387428-2213101547-2949826486-1005\dc184.vir still infected with virus Mal/Swizzor-D after 20 rounds of disinfection.

12:25 AM: Informational: File c:\recycler\s-1-5-21-2393387428-2213101547-2949826486-1005\dc184.vir still infected with virus Mal/Swizzor-D after 19 rounds of disinfection.

12:25 AM: Informational: File c:\recycler\s-1-5-21-2393387428-2213101547-2949826486-1005\dc184.vir still infected with virus Mal/Swizzor-D after 18 rounds of disinfection.

12:25 AM: Informational: File c:\recycler\s-1-5-21-2393387428-2213101547-2949826486-1005\dc184.vir still infected with virus Mal/Swizzor-D after 17 rounds of disinfection.

12:25 AM: Informational: File c:\recycler\s-1-5-21-2393387428-2213101547-2949826486-1005\dc184.vir still infected with virus Mal/Swizzor-D after 16 rounds of disinfection.

12:25 AM: Informational: File c:\recycler\s-1-5-21-2393387428-2213101547-2949826486-1005\dc184.vir still infected with virus Mal/Swizzor-D after 15 rounds of disinfection.

12:25 AM: Informational: File c:\recycler\s-1-5-21-2393387428-2213101547-2949826486-1005\dc184.vir still infected with virus Mal/Swizzor-D after 14 rounds of disinfection.

12:25 AM: Informational: File c:\recycler\s-1-5-21-2393387428-2213101547-2949826486-1005\dc184.vir still infected with virus Mal/Swizzor-D after 13 rounds of disinfection.

12:25 AM: Informational: File c:\recycler\s-1-5-21-2393387428-2213101547-2949826486-1005\dc184.vir still infected with virus Mal/Swizzor-D after 12 rounds of disinfection.

12:25 AM: Informational: File c:\recycler\s-1-5-21-2393387428-2213101547-2949826486-1005\dc184.vir still infected with virus Mal/Swizzor-D after 11 rounds of disinfection.

12:25 AM: Informational: File c:\recycler\s-1-5-21-2393387428-2213101547-2949826486-1005\dc184.vir still infected with virus Mal/Swizzor-D after 10 rounds of disinfection.

12:25 AM: Informational: File c:\recycler\s-1-5-21-2393387428-2213101547-2949826486-1005\dc184.vir still infected with virus Mal/Swizzor-D after 9 rounds of disinfection.

12:25 AM: Informational: File c:\recycler\s-1-5-21-2393387428-2213101547-2949826486-1005\dc184.vir still infected with virus Mal/Swizzor-D after 8 rounds of disinfection.

12:25 AM: Informational: File c:\recycler\s-1-5-21-2393387428-2213101547-2949826486-1005\dc184.vir still infected with virus Mal/Swizzor-D after 7 rounds of disinfection.

12:25 AM: Informational: File c:\recycler\s-1-5-21-2393387428-2213101547-2949826486-1005\dc184.vir still infected with virus Mal/Swizzor-D after 6 rounds of disinfection.

12:25 AM: Informational: File c:\recycler\s-1-5-21-2393387428-2213101547-2949826486-1005\dc184.vir still infected with virus Mal/Swizzor-D after 5 rounds of disinfection.

12:25 AM: Informational: File c:\recycler\s-1-5-21-2393387428-2213101547-2949826486-1005\dc184.vir still infected with virus Mal/Swizzor-D after 4 rounds of disinfection.

12:25 AM: Informational: File c:\recycler\s-1-5-21-2393387428-2213101547-2949826486-1005\dc184.vir still infected with virus Mal/Swizzor-D after 3 rounds of disinfection.

12:25 AM: Informational: File c:\recycler\s-1-5-21-2393387428-2213101547-2949826486-1005\dc184.vir still infected with virus Mal/Swizzor-D after 2 rounds of disinfection.

12:25 AM: Informational: File c:\recycler\s-1-5-21-2393387428-2213101547-2949826486-1005\dc184.vir still infected with virus Mal/Swizzor-D after 1 round of disinfection.

12:25 AM: Informational: Virus infected file c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir not cleaned.

12:25 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 20 rounds of disinfection.

12:25 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 19 rounds of disinfection.

12:25 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 18 rounds of disinfection.

12:25 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 17 rounds of disinfection.

12:25 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 16 rounds of disinfection.

12:25 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 15 rounds of disinfection.

12:25 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 14 rounds of disinfection.

12:25 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 13 rounds of disinfection.

12:25 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 12 rounds of disinfection.

12:25 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 11 rounds of disinfection.

12:25 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 10 rounds of disinfection.

12:25 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 9 rounds of disinfection.

12:25 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 8 rounds of disinfection.

12:25 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 7 rounds of disinfection.

12:25 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 6 rounds of disinfection.

12:25 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 5 rounds of disinfection.

12:25 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 4 rounds of disinfection.

12:25 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 3 rounds of disinfection.

12:25 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 2 rounds of disinfection.

12:25 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 1 round of disinfection.

12:25 AM: Informational: Virus infected file c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir not cleaned.

12:25 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 20 rounds of disinfection.

12:25 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 19 rounds of disinfection.

12:25 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 18 rounds of disinfection.

12:25 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 17 rounds of disinfection.

12:25 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 16 rounds of disinfection.

12:25 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 15 rounds of disinfection.

12:25 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 14 rounds of disinfection.

12:25 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 13 rounds of disinfection.

12:25 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 12 rounds of disinfection.

12:25 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 11 rounds of disinfection.

12:25 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 10 rounds of disinfection.

12:25 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 9 rounds of disinfection.

12:25 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 8 rounds of disinfection.

12:25 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 7 rounds of disinfection.

12:25 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 6 rounds of disinfection.

12:25 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 5 rounds of disinfection.

12:25 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 4 rounds of disinfection.

12:25 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 3 rounds of disinfection.

12:25 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 2 rounds of disinfection.

12:25 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 1 round of disinfection.

12:25 AM: Quarantining All Traces: Mal/Swizzor-D

12:25 AM: Removal process initiated

12:04 AM: Traces Found: 3

12:04 AM: Full Sweep has completed. Elapsed time 02:33:41

12:04 AM: File Sweep Complete, Elapsed Time: 02:27:46

11:49 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr004tj]

11:49 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\windows\sf6da12ef.tmp]

11:49 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr004u9]

11:49 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr004tx]

11:49 PM: Warning: Failed to open file "c:\windows\sf6da12ef.tmp". The operation completed successfully

11:49 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr004u9". The operation completed successfully

11:49 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr004tx". The operation completed successfully

11:49 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr004tj". The operation completed successfully

11:49 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr004gt]

11:48 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr004t2]

11:48 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr004su]

11:48 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr004t2". The operation completed successfully

11:48 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr004su". The operation completed successfully

11:48 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr004hn]

11:48 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr004gx]

11:48 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr004gv]

11:48 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\opcache\opr0046f]

11:48 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr004gk]

11:48 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr004hn". The operation completed successfully

11:48 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr004gx". The operation completed successfully

11:48 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr004gv". The operation completed successfully

11:48 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr004gt". The operation completed successfully

11:48 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr004sm]

11:48 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\1gqxo684\aggregate[3].txt]

11:48 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\bhmnxo74\aggregate[1].txt]

11:48 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\opcache\opr0046f". The operation completed successfully

11:48 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr004fx]

11:48 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr004sm". The operation completed successfully

11:48 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\1gqxo684\aggregate[3].txt". The operation completed successfully

11:48 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\bhmnxo74\aggregate[1].txt". The operation completed successfully

11:48 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\opcache\opr003qw]

11:48 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr004fh]

11:48 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\z7ijvwca\tips_aim_com[2].xml]

11:48 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr004gk". The operation completed successfully

11:48 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr004fx". The operation completed successfully

11:48 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr004fh". The operation completed successfully

11:48 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\z7ijvwca\tips_aim_com[2].xml". The operation completed successfully

11:48 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\opcache\opr003qw". The operation completed successfully

11:48 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr003gw]

11:48 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0039k]

11:48 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0039l]

11:48 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0039i]

11:48 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0039g]

11:48 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr00397]

11:48 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0039d]

11:48 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr00399]

11:48 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr00396]

11:48 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr00394]

11:48 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr00392]

11:48 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002z6]

11:48 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002yx]

11:48 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr00390]

11:48 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002yz]

11:48 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002yr]

11:48 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002xo]

11:48 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002xm]

11:48 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002xj]

11:48 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002xi]

11:48 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0038x]

11:48 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002x8]

11:48 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002wl]

11:48 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002wj]

11:48 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002wk]

11:48 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002vy]

11:48 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002w0]

11:48 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0038w]

11:48 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002vx]

11:48 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002vw]

11:48 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002vv]

11:48 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002vc]

11:48 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0038t]

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002v5]

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr004pu]

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0038r]

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0038p]

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0038n]

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0038l]

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr003gw". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0039l". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0039k". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0039i". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0039g". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0039d". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr00399". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr00397". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr00396". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr00394". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr00392". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002z6". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002yx". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr00390". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002yr". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002xo". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002xm". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002xj". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002xi". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002yz". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002x8". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0038x". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002wl". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002wk". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002wj". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002w0". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002vy". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002vx". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002vw". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002vv". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0038w". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002vc". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002v5". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr004pu". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0038t". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0038r". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0038p". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0038n". The operation completed successfully

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0038k]

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0038j]

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0038i]

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0038g]

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0038e]

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0038b]

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0038a]

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr00387]

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr003f6]

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr00386]

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr00380]

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr00384]

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr00382]

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr00381]

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0037y]

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0037w]

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0037v]

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0037u]

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0037n]

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0037i]

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0037k]

11:47 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsf4c964a9-8933-4234-930b-e530c944b017.tmp]

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0037b]

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0039b]

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0037d]

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr00374]

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr00379]

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr00376]

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr004si]

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr00373]

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr00370]

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0036z]

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0036y]

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0036x]

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0036v]

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0036t]

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0036q]

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr00364]

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0008y]

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr00363]

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0035z]

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr00361]

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0035y]

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0035x]

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0035v]

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0035r]

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0035q]

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0035p]

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0035o]

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0035i]

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0035f]

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0035e]

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0035d]

11:47 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsaff053aa-156a-4284-8256-5bb1a7fffc2b.tmp]

11:47 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms38936996-ed2e-432d-9b6d-37d9285d605f.tmp]

11:47 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmse2c0104b-4f0f-4005-bc01-7bb0b2c1ce54.tmp]

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0038l". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0038k". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0038j". The operation completed successfully

11:47 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms54f303e6-d133-44f7-8dad-b94d16453d29.tmp]

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0038i". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0038g". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0038e". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0038b". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0038a". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr003f6". The operation completed successfully

11:47 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms9cd56be2-9ba0-4625-a192-cac7e28e31ba.tmp]

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr00387". The operation completed successfully

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0036p]

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr00386". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr00384". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr00382". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr00381". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr00380". The operation completed successfully

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0035c]

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0037y". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0037w". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0037v". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0037u". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0037n". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0037k". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsf4c964a9-8933-4234-930b-e530c944b017.tmp". The operation completed successfully

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0032m]

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0037i". The operation completed successfully

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0032k]

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0039b". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0037d". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0037b". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr00379". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr00376". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr00374". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr00373". The operation completed successfully

11:47 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0031x]

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr00370". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0036z". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0036y". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0036x". The operation completed successfully

11:47 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr004si". The operation completed successfully

11:47 PM: Warning: Failed to op

Share this post


Link to post
Share on other sites

11:46 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr00344". The operation completed successfully

11:46 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr00341". The operation completed successfully

11:46 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0033v]

11:46 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr00368]

11:46 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr00368". The operation completed successfully

11:46 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0033x]

11:46 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr004db]

11:46 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0033x". The operation completed successfully

11:46 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0033t]

11:46 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0033v". The operation completed successfully

11:46 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0033t". The operation completed successfully

11:46 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0033r]

11:46 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0033r". The operation completed successfully

11:46 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr004de]

11:46 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr004dd]

11:46 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr004dc]

11:46 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr004da]

11:46 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr004d9]

11:46 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr004de". The operation completed successfully

11:46 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr004dd". The operation completed successfully

11:46 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr004dc". The operation completed successfully

11:46 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr004db". The operation completed successfully

11:46 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr004da". The operation completed successfully

11:46 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr004d9". The operation completed successfully

11:46 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0033n]

11:46 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0033n". The operation completed successfully

11:46 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\opcache\opr004d2]

11:46 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\opcache\opr004d2". The operation completed successfully

11:46 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\bhmnxo74\1x1pixel[1].gif]

11:46 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr00367]

11:46 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\bhmnxo74\1x1pixel[1].gif". The operation completed successfully

11:46 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr00367". The operation completed successfully

11:46 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\bhmnxo74\right_just[1].gif]

11:46 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\bhmnxo74\right_just[1].gif". The operation completed successfully

11:46 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr00366]

11:46 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr00366". The operation completed successfully

11:46 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0033j]

11:46 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\opcache\opr004cw]

11:46 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0033j". The operation completed successfully

11:46 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\opcache\opr004cw". The operation completed successfully

11:46 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0033i]

11:46 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0033i". The operation completed successfully

11:46 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0033c]

11:46 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr00333]

11:46 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0033c". The operation completed successfully

11:46 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr00338]

11:46 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr00334]

11:46 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\kcbhgv5n\icon10[1].gif]

11:46 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr00338". The operation completed successfully

11:46 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr00334". The operation completed successfully

11:46 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr00333". The operation completed successfully

11:46 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\z7ijvwca\icon8[1].gif]

11:46 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\kcbhgv5n\icon10[1].gif". The operation completed successfully

11:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\bhmnxo74\icon7[1].gif]

11:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\z7ijvwca\icon8[1].gif". The operation completed successfully

11:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\bhmnxo74\icon7[1].gif". The operation completed successfully

11:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr003dk]

11:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr003dk". The operation completed successfully

11:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr003d1]

11:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr003d1". The operation completed successfully

11:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\cookies\owner@aim[2].txt]

11:45 PM: Warning: Failed to open file "c:\documents and settings\owner\cookies\owner@aim[2].txt". The operation completed successfully

11:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\kcbhgv5n\left_just[1].gif]

11:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\bhmnxo74\numbered_list[1].gif]

11:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\bhmnxo74\numbered_list[1].gif". The operation completed successfully

11:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\kcbhgv5n\left_just[1].gif". The operation completed successfully

11:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\kcbhgv5n\2b0000111b[1]]

11:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\kcbhgv5n\2b0000111b[1]". The operation completed successfully

11:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\bhmnxo74\pa_module[1].php]

11:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\z7ijvwca\loc=300;noperf=1;cfp=1;target=_blank;grp=645124864;misc=645124864[1]]

11:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\1gqxo684\hyperlink[1].gif]

11:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\kcbhgv5n\trace[1].gif]

11:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\bhmnxo74\pa_module[1].php". The operation completed successfully

11:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\z7ijvwca\loc=300;noperf=1;cfp=1;target=_blank;grp=645124864;misc=645124864[1]". The operation completed successfully

11:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\1gqxo684\hyperlink[1].gif". The operation completed successfully

11:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\kcbhgv5n\trace[1].gif". The operation completed successfully

11:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\kcbhgv5n\textcolor[1].gif]

11:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\kcbhgv5n\textcolor[1].gif". The operation completed successfully

11:42 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\windows\system32\config\software]

11:37 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsd89ec5c7-70a3-4f45-9888-bf7395c4a377.tmp]

11:35 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmse1cd5b85-22e6-4589-9ea5-2a06e5cfd964.tmp]

11:34 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms70ee0daa-2304-4489-8298-23182b17260e.tmp]

11:32 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsc0f73d23-67f1-4fc3-bc68-2f7a75f580b5.tmp]

11:32 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0032u]

11:31 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms59f6a302-4b05-422b-9e0c-02f387b1b4c1.tmp]

11:30 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0032p]

11:26 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0032n]

11:22 PM: Warning: AntiVirus engine for IFO returned [Error Code 8000FFFF] on [C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\AIMLOGGER\TINYMUNCHKIN3\IM LOGS\DOCSMILEDOT.HTML]

11:15 PM: Warning: AntiVirus engine for IFO returned [Error Code 8000FFFF] on [C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\AIMLOGGER\TINYMUNCHKIN3\IM LOGS\DOCSMILEDOT.HTML]

11:13 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002xh]

11:11 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr00307]

11:11 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr00306]

11:09 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\windows\system32\config\default]

11:09 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\desktop\alfjd.jpg]

11:06 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [c:\program files\gravity\ro\2007-11-28bgm.rgz]

11:05 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr00388]

11:00 PM: Warning: AntiVirus engine for IFO returned [Error Code 8000FFFF] on [C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\AIMLOGGER\TINYMUNCHKIN3\IM LOGS\DOCSMILEDOT.HTML]

10:59 PM: Warning: AntiVirus engine for IFO returned [Error Code 8000FFFF] on [C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\AIMLOGGER\TINYMUNCHKIN3\IM LOGS\DOCSMILEDOT.HTML]

10:57 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsee7013f0-fec8-450f-a1c2-4c2f7ca96efa.tmp]

10:57 PM: Warning: AntiVirus engine for IFO returned [Error Code 8000FFFF] on [C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\AIMLOGGER\TINYMUNCHKIN3\IM LOGS\YOSHIMAN180.HTML]

10:51 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsdd57834d-d3cf-4e8e-a5fa-2687bf88adc6.tmp]

10:46 PM: C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\Trust first site\OptionRegs.exe.vir (ID = 0)

10:46 PM: C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\Trust first site\qrjklvyx.exe.vir (ID = 0)

10:45 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\pagefile.sys]

10:44 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0034a]

10:42 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002v7]

10:40 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002v6]

10:39 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0036w]

10:35 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [c:\program files\euphro\2007-10-24bgm.rgz]

10:34 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms49e9e6b7-ffda-4d02-ad23-78054529fa59.tmp]

10:33 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\hiberfil.sys]

10:26 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0031h]

10:26 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\windows\system32\config\system]

10:25 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr00355]

10:24 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr00351]

10:24 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002z5]

10:23 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0031p]

10:23 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002z3]

10:19 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002sb]

10:19 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002yy]

10:18 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002yu]

10:18 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002x5]

10:17 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms03f169e0-b6d0-4b6b-9ffe-2dae1e87e3e7.tmp]

10:17 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002ws]

10:16 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002wr]

10:16 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002wq]

10:16 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002xw]

10:15 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002wh]

10:15 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002wg]

10:11 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002we]

10:11 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002wd]

10:11 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002wc]

10:11 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0046l]

10:10 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002x4]

10:10 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr004hq]

10:10 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002wb]

10:10 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002wa]

10:07 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002w9]

10:07 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002qx]

10:07 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr00342]

10:07 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002qu]

10:07 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0030t]

10:06 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\owner\ntuser.dat]

10:06 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002w8]

10:05 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0033z]

10:04 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0030q]

10:04 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr004tt]

10:04 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr0033m]

10:04 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002w6]

10:03 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002wi]

10:03 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002w5]

10:03 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr004tk]

10:02 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002w1]

10:01 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr004sw]

10:01 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr004sv]

10:00 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr004td]

10:00 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr004tc]

10:00 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr004t9]

9:58 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002w2]

9:58 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002w3]

9:49 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002xf]

9:49 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr002x9]

9:39 PM: C:\RECYCLER\S-1-5-21-2393387428-2213101547-2949826486-1005\Dc184.vir (ID = 0)

9:39 PM: Found Mal/Swizzor-D: Mal/Swizzor-D

9:38 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\windows\system32\config\security]

9:36 PM: Starting File Sweep

9:36 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00

9:36 PM: Starting Cookie Sweep

9:36 PM: Registry Sweep Complete, Elapsed Time:00:00:25

9:36 PM: Starting Registry Sweep

9:36 PM: Memory Sweep Complete, Elapsed Time: 00:05:24

9:30 PM: ApplicationMinimized - EXIT

9:30 PM: ApplicationMinimized - ENTER

9:30 PM: Warning: TFileCountEnum.ProcessPartition: TVolumeFAT.IC: invalid Boot Sector. Volume D:

9:30 PM: Starting Memory Sweep

9:30 PM: Start Full Sweep

9:30 PM: Sweep initiated using definitions version 1358

9:30 PM: Informational: Virus infected file C:\RECYCLER\S-1-5-21-2393387428-2213101547-2949826486-1005\DC184.VIR not cleaned.

9:30 PM: Informational: File C:\RECYCLER\S-1-5-21-2393387428-2213101547-2949826486-1005\DC184.VIR still infected with virus Mal/Swizzor-D after 20 rounds of disinfection.

9:30 PM: Informational: File C:\RECYCLER\S-1-5-21-2393387428-2213101547-2949826486-1005\DC184.VIR still infected with virus Mal/Swizzor-D after 19 rounds of disinfection.

9:30 PM: Informational: File C:\RECYCLER\S-1-5-21-2393387428-2213101547-2949826486-1005\DC184.VIR still infected with virus Mal/Swizzor-D after 18 rounds of disinfection.

9:30 PM: Informational: File C:\RECYCLER\S-1-5-21-2393387428-2213101547-2949826486-1005\DC184.VIR still infected with virus Mal/Swizzor-D after 17 rounds of disinfection.

9:30 PM: Informational: File C:\RECYCLER\S-1-5-21-2393387428-2213101547-2949826486-1005\DC184.VIR still infected with virus Mal/Swizzor-D after 16 rounds of disinfection.

9:30 PM: Informational: File C:\RECYCLER\S-1-5-21-2393387428-2213101547-2949826486-1005\DC184.VIR still infected with virus Mal/Swizzor-D after 15 rounds of disinfection.

9:30 PM: Informational: File C:\RECYCLER\S-1-5-21-2393387428-2213101547-2949826486-1005\DC184.VIR still infected with virus Mal/Swizzor-D after 14 rounds of disinfection.

9:30 PM: Informational: File C:\RECYCLER\S-1-5-21-2393387428-2213101547-2949826486-1005\DC184.VIR still infected with virus Mal/Swizzor-D after 13 rounds of disinfection.

9:30 PM: Informational: File C:\RECYCLER\S-1-5-21-2393387428-2213101547-2949826486-1005\DC184.VIR still infected with virus Mal/Swizzor-D after 12 rounds of disinfection.

9:30 PM: Informational: File C:\RECYCLER\S-1-5-21-2393387428-2213101547-2949826486-1005\DC184.VIR still infected with virus Mal/Swizzor-D after 11 rounds of disinfection.

9:30 PM: Informational: File C:\RECYCLER\S-1-5-21-2393387428-2213101547-2949826486-1005\DC184.VIR still infected with virus Mal/Swizzor-D after 10 rounds of disinfection.

9:30 PM: Informational: File C:\RECYCLER\S-1-5-21-2393387428-2213101547-2949826486-1005\DC184.VIR still infected with virus Mal/Swizzor-D after 9 rounds of disinfection.

9:30 PM: Informational: File C:\RECYCLER\S-1-5-21-2393387428-2213101547-2949826486-1005\DC184.VIR still infected with virus Mal/Swizzor-D after 8 rounds of disinfection.

9:30 PM: Informational: File C:\RECYCLER\S-1-5-21-2393387428-2213101547-2949826486-1005\DC184.VIR still infected with virus Mal/Swizzor-D after 7 rounds of disinfection.

9:30 PM: Informational: File C:\RECYCLER\S-1-5-21-2393387428-2213101547-2949826486-1005\DC184.VIR still infected with virus Mal/Swizzor-D after 6 rounds of disinfection.

9:30 PM: Informational: File C:\RECYCLER\S-1-5-21-2393387428-2213101547-2949826486-1005\DC184.VIR still infected with virus Mal/Swizzor-D after 5 rounds of disinfection.

9:30 PM: Informational: File C:\RECYCLER\S-1-5-21-2393387428-2213101547-2949826486-1005\DC184.VIR still infected with virus Mal/Swizzor-D after 4 rounds of disinfection.

9:30 PM: Informational: File C:\RECYCLER\S-1-5-21-2393387428-2213101547-2949826486-1005\DC184.VIR still infected with virus Mal/Swizzor-D after 3 rounds of disinfection.

9:30 PM: Informational: File C:\RECYCLER\S-1-5-21-2393387428-2213101547-2949826486-1005\DC184.VIR still infected with virus Mal/Swizzor-D after 2 rounds of disinfection.

9:30 PM: Informational: File C:\RECYCLER\S-1-5-21-2393387428-2213101547-2949826486-1005\DC184.VIR still infected with virus Mal/Swizzor-D after 1 round of disinfection.

9:30 PM: File System Shield: found: Behavioral: Mal/Swizzor-D, version -- File system Read/Write denied

Keylogger: On

E-mail Attachment: On

9:07 PM: Informational: ShieldEmail: Start monitoring port 25 for mail activities

9:07 PM: Informational: ShieldEmail: Start monitoring port 110 for mail activities

BHO Shield: On

IE Security Shield: On

Alternate Data Stream (ADS) Execution Shield: On

Startup Shield: On

Common Ad Sites: On

Hosts File Shield: On

Internet Communication Shield: On

ActiveX Shield: On

Windows Messenger Service Shield: On

IE Favorites Shield: On

File System Shield: On

Execution Shield: On

System Services Shield: On

IE Hijack Shield: On

IE Tracking Cookies Shield: On

9:07 PM: Shield States

9:07 PM: License Check Status (0): Success

9:07 PM: Spyware Definitions: 1358

9:07 PM: Informational: Loaded AntiVirus Engine: 2.81.2; SDK Version: 4.36E; Virus Definitions: 1/1/2009 8:01:34 PM (GMT)

9:06 PM: Spy Sweeper 5.5.7.48 started

9:06 PM: Spy Sweeper 5.5.7.48 started

9:06 PM: | Start of Session, Thursday, January 01, 2009 |

***************

8:02 PM: Your virus definitions have been updated.

8:02 PM: Informational: Loaded AntiVirus Engine: 2.81.2; SDK Version: 4.36E; Virus Definitions: 1/1/2009 8:01:34 PM (GMT)

8:02 PM: Your spyware definitions have been updated.

8:01 PM: Automated check for program update in progress.

Keylogger: On

E-mail Attachment: On

8:01 PM: Informational: ShieldEmail: Start monitoring port 25 for mail activities

8:01 PM: Informational: ShieldEmail: Start monitoring port 110 for mail activities

BHO Shield: On

IE Security Shield: On

Alternate Data Stream (ADS) Execution Shield: On

Startup Shield: On

Common Ad Sites: On

Hosts File Shield: On

Internet Communication Shield: On

ActiveX Shield: On

Windows Messenger Service Shield: On

IE Favorites Shield: On

File System Shield: On

Execution Shield: On

System Services Shield: On

IE Hijack Shield: On

IE Tracking Cookies Shield: On

8:00 PM: Shield States

8:00 PM: License Check Status (0): Success

8:00 PM: Spyware Definitions: 1356

8:00 PM: Informational: Loaded AntiVirus Engine: 2.81.2; SDK Version: 4.36E; Virus Definitions: 12/29/2008 9:07:02 PM (GMT)

7:59 PM: Spy Sweeper 5.5.7.48 started

7:59 PM: Spy Sweeper 5.5.7.48 started

7:59 PM: | Start of Session, Thursday, January 01, 2009 |

***************

9:04 AM: ApplicationMinimized - EXIT

9:04 AM: ApplicationMinimized - ENTER

8:56 AM: IE Tracking Cookies Shield: Removed yieldmanager cookie

8:56 AM: IE Tracking Cookies Shield: Removed yieldmanager cookie

8:51 AM: Removal process completed. Elapsed time 00:00:36

8:51 AM: Informational: Virus infected file c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir not cleaned.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 20 rounds of disinfection.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 19 rounds of disinfection.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 18 rounds of disinfection.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 17 rounds of disinfection.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 16 rounds of disinfection.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 15 rounds of disinfection.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 14 rounds of disinfection.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 13 rounds of disinfection.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 12 rounds of disinfection.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 11 rounds of disinfection.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 10 rounds of disinfection.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 9 rounds of disinfection.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 8 rounds of disinfection.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 7 rounds of disinfection.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 6 rounds of disinfection.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 5 rounds of disinfection.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 4 rounds of disinfection.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 3 rounds of disinfection.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 2 rounds of disinfection.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 1 round of disinfection.

8:51 AM: Informational: Virus infected file c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir not cleaned.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 20 rounds of disinfection.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 19 rounds of disinfection.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 18 rounds of disinfection.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 17 rounds of disinfection.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 16 rounds of disinfection.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 15 rounds of disinfection.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 14 rounds of disinfection.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 13 rounds of disinfection.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 12 rounds of disinfection.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 11 rounds of disinfection.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 10 rounds of disinfection.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 9 rounds of disinfection.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 8 rounds of disinfection.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 7 rounds of disinfection.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 6 rounds of disinfection.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 5 rounds of disinfection.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 4 rounds of disinfection.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 3 rounds of disinfection.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 2 rounds of disinfection.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 1 round of disinfection.

8:51 AM: Informational: Virus infected file c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir not cleaned.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 20 rounds of disinfection.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 19 rounds of disinfection.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 18 rounds of disinfection.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 17 rounds of disinfection.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 16 rounds of disinfection.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 15 rounds of disinfection.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 14 rounds of disinfection.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 13 rounds of disinfection.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 12 rounds of disinfection.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 11 rounds of disinfection.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 10 rounds of disinfection.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 9 rounds of disinfection.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 8 rounds of disinfection.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 7 rounds of disinfection.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 6 rounds of disinfection.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 5 rounds of disinfection.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 4 rounds of disinfection.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 3 rounds of disinfection.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 2 rounds of disinfection.

8:51 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 1 round of disinfection.

8:51 AM: Quarantining All Traces: Mal/Swizzor-D

8:50 AM: Removal process initiated

11:04 PM: Traces Found: 3

11:04 PM: Full Sweep has completed. Elapsed time 02:27:10

11:04 PM: File Sweep Complete, Elapsed Time: 02:22:16

10:44 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\1gqxo684\2b000003ca[1]]

10:44 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\windows\sf6da12ef.tmp]

10:44 PM: Warning: Failed to open file "c:\windows\sf6da12ef.tmp". The operation completed successfully

10:44 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr001t6]

10:44 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr001u4]

10:44 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr001ty]

10:44 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr003r8]

10:44 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\opcache\opr001eo]

10:44 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\opcache\opr001em]

10:44 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr003of]

10:44 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr001u4". The operation completed successfully

10:44 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr001ty". The operation completed successfully

10:44 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms56485251-ec1d-466d-a5d7-f55a708e7cde.tmp]

10:44 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr001t6". The operation completed successfully

10:44 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr001v2]

10:44 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\opcache\opr001eo". The operation completed successfully

10:44 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\opcache\opr001em". The operation completed successfully

10:44 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms5b4c320e-3326-4727-bb35-d1367bf0f7b7.tmp]

10:44 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr003r8". The o

Share this post


Link to post
Share on other sites

10:44 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr003r8". The operation completed successfully

10:44 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr003of". The operation completed successfully

10:44 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\1gqxo684\2b000003ca[1]". The operation completed successfully

10:44 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms56485251-ec1d-466d-a5d7-f55a708e7cde.tmp". The operation completed successfully

10:44 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr001v2". The operation completed successfully

10:44 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms5b4c320e-3326-4727-bb35-d1367bf0f7b7.tmp". The operation completed successfully

10:44 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms1031a9da-0e3f-4c29-819b-c2f36e502a43.tmp]

10:44 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms3c048124-7f0a-4b55-9f8d-ff4171615b31.tmp]

10:44 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmse8fc41b2-4ce0-4fa7-8262-eca45c5b0683.tmp]

10:44 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms5e2fe7ec-c573-41f1-9202-3dbca2eafd91.tmp]

10:44 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms1031a9da-0e3f-4c29-819b-c2f36e502a43.tmp". The operation completed successfully

10:44 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms3c048124-7f0a-4b55-9f8d-ff4171615b31.tmp". The operation completed successfully

10:44 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmse8fc41b2-4ce0-4fa7-8262-eca45c5b0683.tmp". The operation completed successfully

10:44 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms5e2fe7ec-c573-41f1-9202-3dbca2eafd91.tmp". The operation completed successfully

10:44 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\bhmnxo74\bottomleftcorner_selected[1].gif]

10:44 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\1gqxo684\arrow_descend[1].gif]

10:44 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\bhmnxo74\calltoaction_body[1].gif]

10:44 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\1gqxo684\leftcorner_unselected[1].gif]

10:44 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\kcbhgv5n\bk_primarynav_vertlineactive[1].gif]

10:44 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\z7ijvwca\bk_secondarynav_vertlines[1].gif]

10:44 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\bhmnxo74\bk_primarynav_vertlines[1].gif]

10:44 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\kcbhgv5n\leftcorner_selected[1].gif]

10:44 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\z7ijvwca\help_icon[1].gif]

10:44 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\1gqxo684\solb_arrow_up[1].gif]

10:44 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\bhmnxo74\bottomleftcorner_selected[1].gif". The operation completed successfully

10:44 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\1gqxo684\arrow_descend[1].gif". The operation completed successfully

10:44 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\bhmnxo74\calltoaction_body[1].gif". The operation completed successfully

10:44 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\1gqxo684\leftcorner_unselected[1].gif". The operation completed successfully

10:44 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\z7ijvwca\bk_secondarynav_vertlines[1].gif". The operation completed successfully

10:44 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\bhmnxo74\bk_primarynav_vertlines[1].gif". The operation completed successfully

10:44 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\kcbhgv5n\bk_primarynav_vertlineactive[1].gif". The operation completed successfully

10:44 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\kcbhgv5n\leftcorner_selected[1].gif". The operation completed successfully

10:44 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\z7ijvwca\help_icon[1].gif". The operation completed successfully

10:44 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\1gqxo684\solb_arrow_up[1].gif". The operation completed successfully

10:44 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr000j0]

10:44 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\kcbhgv5n\upsell_arrow[1].gif]

10:44 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr000j0". The operation completed successfully

10:44 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\kcbhgv5n\upsell_arrow[1].gif". The operation completed successfully

10:43 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\opcache\opr003kg]

10:43 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\opcache\opr003kg". The operation completed successfully

10:43 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\1gqxo684\aggregate[1].txt]

10:43 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\1gqxo684\aggregate[1].txt". The operation completed successfully

10:43 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\bhmnxo74\2b0000111b[2]]

10:43 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\bhmnxo74\2b0000111b[2]". The operation completed successfully

10:43 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\bhmnxo74\prog_meter_1_current[1].gif]

10:43 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\bhmnxo74\prog_meter_1_current[1].gif". The operation completed successfully

10:43 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\z7ijvwca\r[1].js]

10:43 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\opcache\opr00330]

10:43 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\opcache\opr00330". The operation completed successfully

10:43 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\z7ijvwca\r[1].js". The operation completed successfully

10:43 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr001ug]

10:43 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr001ug". The operation completed successfully

10:42 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr001u1]

10:42 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr001u1". The operation completed successfully

10:42 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\cookies\owner@aol[1].txt]

10:42 PM: Warning: Failed to open file "c:\documents and settings\owner\cookies\owner@aol[1].txt". The operation completed successfully

10:42 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\1gqxo684\set[1].gif]

10:42 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\kcbhgv5n\background_gradient[1]]

10:42 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\bhmnxo74\unpixel[1].gif]

10:42 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\kcbhgv5n\aggregate[1].txt]

10:42 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\1gqxo684\set[1].gif". The operation completed successfully

10:42 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\bhmnxo74\unpixel[1].gif". The operation completed successfully

10:42 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\kcbhgv5n\aggregate[1].txt". The operation completed successfully

10:42 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\kcbhgv5n\background_gradient[1]". The operation completed successfully

10:42 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\cookies\owner@forums.pcpitstop[2].txt]

10:42 PM: Warning: Failed to open file "c:\documents and settings\owner\cookies\owner@forums.pcpitstop[2].txt". The operation completed successfully

10:42 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\1gqxo684\activityi;src=2044558;type=aolco003;cat=aolho775;ord=1;num=1256983781078[1].htm]

10:42 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\1gqxo684\activityi;src=2044558;type=aolco003;cat=aolho775;ord=1;num=1256983781078[1].htm". The operation completed successfully

10:39 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\windows\system32\config\software]

10:38 PM: Warning: AntiVirus engine for IFO returned [Error Code 8000FFFF] on [C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\AIMLOGGER\TINYMUNCHKIN3\IM LOGS\DOCSMILEDOT.HTML]

10:35 PM: Warning: AntiVirus engine for IFO returned [Error Code 8000FFFF] on [C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\AIMLOGGER\TINYMUNCHKIN3\IM LOGS\DOCSMILEDOT.HTML]

10:27 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr001ts]

10:27 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr001tr]

10:25 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr001to]

10:25 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr001tp]

10:25 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsd9752daf-0207-4550-a38d-01a29f2c9ac0.tmp]

10:25 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr001tn]

10:17 PM: Warning: AntiVirus engine for IFO returned [Error Code 8000FFFF] on [C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\AIMLOGGER\TINYMUNCHKIN3\IM LOGS\DOCSMILEDOT.HTML]

10:14 PM: Warning: AntiVirus engine for IFO returned [Error Code 8000FFFF] on [C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\AIMLOGGER\TINYMUNCHKIN3\IM LOGS\DOCSMILEDOT.HTML]

10:13 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms465dc165-406f-43d8-9d20-9654bdb9d31c.tmp]

10:06 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\windows\system32\config\default]

10:04 PM: Warning: AntiVirus engine for IFO returned [Error Code 8000FFFF] on [C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\AIMLOGGER\TINYMUNCHKIN3\IM LOGS\DOCSMILEDOT.HTML]

10:03 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [c:\program files\gravity\ro\2007-11-28bgm.rgz]

9:56 PM: Warning: AntiVirus engine for IFO returned [Error Code 8000FFFF] on [C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\AIMLOGGER\TINYMUNCHKIN3\IM LOGS\DOCSMILEDOT.HTML]

9:49 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr001s8]

9:47 PM: Warning: AntiVirus engine for IFO returned [Error Code 8000FFFF] on [C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\AIMLOGGER\TINYMUNCHKIN3\IM LOGS\DOCSMILEDOT.HTML]

9:46 PM: C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\Trust first site\OptionRegs.exe.vir (ID = 0)

9:46 PM: C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\Trust first site\qrjklvyx.exe.vir (ID = 0)

9:45 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\pagefile.sys]

9:45 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms073643be-678f-43ee-b871-b8ba95766a90.tmp]

9:43 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms94619915-3fca-438a-8197-686ecb506663.tmp]

9:42 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsaf1056ca-0610-4358-a1ce-64f45708d5a4.tmp]

9:38 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\windows\pchealth\helpctr\datacoll\collecteddata_13602.xml]

9:38 PM: ApplicationMinimized - EXIT

9:38 PM: ApplicationMinimized - ENTER

9:37 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsd0f4b066-7cc6-4e05-ade0-5e7e364b8673.tmp]

9:36 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms5fde0900-7fd7-4955-945d-84bdcfbe12c8.tmp]

9:35 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms2c547275-74e1-4f24-b544-e6b10a7d0c16.tmp]

9:34 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [c:\program files\euphro\2007-10-24bgm.rgz]

9:32 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\hiberfil.sys]

9:25 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\windows\system32\config\system]

9:24 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\application data\opera\opera\profile\cache4\opr001s9]

9:23 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\windows\pchealth\helpctr\datacoll\collecteddata_13598.xml]

9:23 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\windows\pchealth\helpctr\datacoll\collecteddata_13596.xml]

9:23 PM: Warning: Failed to read file "c:\windows\pchealth\helpctr\datacoll\collecteddata_13596.xml". "c:\windows\pchealth\helpctr\datacoll\collecteddata_13596.xml": File not found

9:21 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\bhmnxo74\20081217125409990001[1].htm]

9:21 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\kcbhgv5n\ysc_csc_ymailcg_3.2.2[1].js]

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:20 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:20 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:20 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:20 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:20 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:20 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:20 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:20 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:20 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:20 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:20 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:20 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:20 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:20 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:20 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:20 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:20 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:20 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:20 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:20 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:20 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:20 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:20 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:20 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:20 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:20 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:20 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:20 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:20 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:20 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:20 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:20 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:20 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:20 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:20 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:20 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:20 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:20 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:20 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:20 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:20 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:20 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:20 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:20 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:20 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:20 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:20 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:20 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:20 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:20 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:20 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:20 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:20 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:20 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:20 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:20 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:20 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

9:19 PM: Tamper Detection

9:19 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\kcbhgv5n\9f2502a91a603fe3bde1acfe41304bd8_1[1].png]

9:17 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\1gqxo684\1-tabloid-covers-200lvg121808[1].jpg]

9:15 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsa9ca8e29-1f2b-4892-aa1b-bd4ef198b923.tmp]

9:14 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\bhmnxo74\home_utils[1].js]

9:06 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\owner\ntuser.dat]

8:43 PM: C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\LICENSE ADMIN OPTION BIB\Heck exit.exe.vir (ID = 0)

8:43 PM: Found Mal/Swizzor-D: Mal/Swizzor-D

8:43 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\windows\system32\config\security]

8:42 PM: ApplicationMinimized - EXIT

8:42 PM: ApplicationMinimized - ENTER

8:42 PM: Starting File Sweep

8:42 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00

8:42 PM: Starting Cookie Sweep

8:42 PM: Registry Sweep Complete, Elapsed Time:00:00:12

8:41 PM: Starting Registry Sweep

8:41 PM: Memory Sweep Complete, Elapsed Time: 00:04:36

8:37 PM: ApplicationMinimized - EXIT

8:37 PM: ApplicationMinimized - ENTER

8:37 PM: Warning: TFileCountEnum.ProcessPartition: TVolumeFAT.IC: invalid Boot Sector. Volume D:

8:37 PM: Starting Memory Sweep

8:37 PM: Start Full Sweep

8:37 PM: Sweep initiated using definitions version 1356

8:32 PM: Sweep Status: 1 Item Found

8:32 PM: Traces Found: 1

8:32 PM: File Sweep Complete, Elapsed Time: 00:06:12

8:32 PM: Sweep Canceled

8:28 PM: C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\LICENSE ADMIN OPTION BIB\Heck exit.exe.vir (ID = 0)

8:28 PM: Found Mal/Swizzor-D: Mal/Swizzor-D

8:28 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\windows\system32\config\security]

8:26 PM: Starting File Sweep

8:26 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00

8:26 PM: Starting Cookie Sweep

8:26 PM: Registry Sweep Complete, Elapsed Time:00:00:17

8:26 PM: Starting Registry Sweep

8:26 PM: Memory Sweep Complete, Elapsed Time: 00:05:31

8:20 PM: Starting Memory Sweep

8:20 PM: Warning: TFileCountEnum.ProcessPartition: TVolumeFAT.IC: invalid Boot Sector. Volume D:

8:20 PM: Start Full Sweep

8:20 PM: Sweep initiated using definitions version 1356

8:20 PM: None

8:20 PM: Traces Found: 0

8:20 PM: ApplicationMinimized - EXIT

8:20 PM: ApplicationMinimized - ENTER

8:20 PM: Warning: TFileCountEnum.ProcessPartition: TVolumeFAT.IC: invalid Boot Sector. Volume D:

8:20 PM: Sweep Canceled

8:20 PM: Start Full Sweep

8:20 PM: Sweep initiated using definitions version 1356

8:19 PM: Your virus definitions have been updated.

8:19 PM: Informational: Loaded AntiVirus Engine: 2.81.2; SDK Version: 4.36E; Virus Definitions: 12/29/2008 9:07:02 PM (GMT)

8:18 PM: Your spyware definitions have been updated.

8:17 PM: Automated check for program update in progress.

8:17 PM: ApplicationMinimized - EXIT

8:17 PM: ApplicationMinimized - ENTER

Keylogger: On

8:17 PM: Informational: ShieldEmail: Start monitoring port 25 for mail activities

E-mail Attachment: On

8:17 PM: Informational: ShieldEmail: Start monitoring port 110 for mail activities

BHO Shield: On

IE Security Shield: On

Alternate Data Stream (ADS) Execution Shield: On

Startup Shield: On

Common Ad Sites: On

Hosts File Shield: On

Internet Communication Shield: On

ActiveX Shield: On

Windows Messenger Service Shield: On

IE Favorites Shield: On

File System Shield: On

Execution Shield: On

System Services Shield: On

IE Hijack Shield: On

IE Tracking Cookies Shield: On

8:17 PM: Shield States

8:17 PM: License Check Status (0): Success

8:17 PM: Spyware Definitions: 1355

8:17 PM: Informational: Loaded AntiVirus Engine: 2.81.2; SDK Version: 4.36E; Virus Definitions: 12/27/2008 5:56:28 PM (GMT)

8:15 PM: Spy Sweeper 5.5.7.48 started

8:15 PM: Spy Sweeper 5.5.7.48 started

8:15 PM: | Start of Session, Monday, December 29, 2008 |

***************

4:52 PM: Your virus definitions have been updated.

4:52 PM: Informational: Loaded AntiVirus Engine: 2.81.2; SDK Version: 4.36E; Virus Definitions: 12/27/2008 5:56:28 PM (GMT)

4:52 PM: Your definitions are up to date.

4:51 PM: Automated check for program update in progress.

Keylogger: On

10:25 AM: Informational: ShieldEmail: Start monitoring port 25 for mail activities

E-mail Attachment: On

10:25 AM: Informational: ShieldEmail: Start monitoring port 110 for mail activities

BHO Shield: On

IE Security Shield: On

Alternate Data Stream (ADS) Execution Shield: On

Startup Shield: On

Common Ad Sites: On

Hosts File Shield: On

Internet Communication Shield: On

ActiveX Shield: On

Windows Messenger Service Shield: On

IE Favorites Shield: On

File System Shield: On

Execution Shield: On

System Services Shield: On

IE Hijack Shield: On

IE Tracking Cookies Shield: On

10:25 AM: Shield States

10:25 AM: License Check Status (0): Success

10:25 AM: Spyware Definitions: 1355

10:25 AM: Informational: Loaded AntiVirus Engine: 2.81.2; SDK Version: 4.36E; Virus Definitions: 12/26/2008 2:19:36 PM (GMT)

10:24 AM: Spy Sweeper 5.5.7.48 started

10:24 AM: Spy Sweeper 5.5.7.48 started

10:24 AM: | Start of Session, Saturday, December 27, 2008 |

***************

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.E

Share this post


Link to post
Share on other sites

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:00 PM: Tamper Detection

Operation: File Access

Target:

Source: C:\PROGRAM FILES\MALWAREBYTES' ANTI-MALWARE\MBAM.EXE

6:02 PM: Tamper Detection

4:50 PM: Your virus definitions have been updated.

4:50 PM: Informational: Loaded AntiVirus Engine: 2.81.2; SDK Version: 4.36E; Virus Definitions: 12/25/2008 6:26:38 PM (GMT)

4:49 PM: Your definitions are up to date.

4:49 PM: Automated check for program update in progress.

Keylogger: On

4:49 PM: Informational: ShieldEmail: Start monitoring port 25 for mail activities

E-mail Attachment: On

4:49 PM: Informational: ShieldEmail: Start monitoring port 110 for mail activities

BHO Shield: On

IE Security Shield: On

Alternate Data Stream (ADS) Execution Shield: On

Startup Shield: On

Common Ad Sites: On

Hosts File Shield: On

Internet Communication Shield: On

ActiveX Shield: On

Windows Messenger Service Shield: On

IE Favorites Shield: On

File System Shield: On

Execution Shield: On

System Services Shield: On

IE Hijack Shield: On

IE Tracking Cookies Shield: On

4:49 PM: Shield States

4:49 PM: License Check Status (0): Success

4:49 PM: Spyware Definitions: 1354

4:49 PM: Informational: Loaded AntiVirus Engine: 2.81.2; SDK Version: 4.36E; Virus Definitions: 12/23/2008 9:14:26 PM (GMT)

4:48 PM: Spy Sweeper 5.5.7.48 started

4:48 PM: Spy Sweeper 5.5.7.48 started

4:48 PM: | Start of Session, Thursday, December 25, 2008 |

***************

8:14 PM: Your virus definitions have been updated.

8:14 PM: Informational: Loaded AntiVirus Engine: 2.81.2; SDK Version: 4.36E; Virus Definitions: 12/23/2008 9:14:26 PM (GMT)

8:13 PM: Your spyware definitions have been updated.

8:13 PM: Automated check for program update in progress.

Keylogger: On

E-mail Attachment: On

8:12 PM: Informational: ShieldEmail: Start monitoring port 25 for mail activities

8:12 PM: Informational: ShieldEmail: Start monitoring port 110 for mail activities

BHO Shield: On

IE Security Shield: On

Alternate Data Stream (ADS) Execution Shield: On

Startup Shield: On

Common Ad Sites: On

Hosts File Shield: On

Internet Communication Shield: On

ActiveX Shield: On

Windows Messenger Service Shield: On

IE Favorites Shield: On

File System Shield: On

Execution Shield: On

System Services Shield: On

IE Hijack Shield: On

IE Tracking Cookies Shield: On

8:12 PM: Shield States

8:12 PM: License Check Status (0): Success

8:12 PM: Spyware Definitions: 1353

8:12 PM: Informational: Loaded AntiVirus Engine: 2.81.2; SDK Version: 4.36E; Virus Definitions: 12/22/2008 3:56:32 PM (GMT)

8:11 PM: Spy Sweeper 5.5.7.48 started

8:11 PM: Spy Sweeper 5.5.7.48 started

8:11 PM: | Start of Session, Tuesday, December 23, 2008 |

***************

10:03 PM: IE Favorites Shield: Entry Allowed: http://forums.pcpitstop.com/index.php?showtopic=163623

10:03 PM: IE Favorites Shield: Entry Allowed: http://forums.pcpitstop.com/index.php?showtopic=163623

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:15 PM: Tamper Detection

2:24 PM: Your virus definitions have been updated.

2:24 PM: Informational: Loaded AntiVirus Engine: 2.81.2; SDK Version: 4.36E; Virus Definitions: 12/22/2008 3:56:32 PM (GMT)

2:24 PM: Your spyware definitions have been updated.

2:23 PM: Automated check for program update in progress.

Keylogger: On

2:22 PM: Informational: ShieldEmail: Start monitoring port 25 for mail activities

E-mail Attachment: On

2:22 PM: Informational: ShieldEmail: Start monitoring port 110 for mail activities

BHO Shield: On

IE Security Shield: On

Alternate Data Stream (ADS) Execution Shield: On

Startup Shield: On

Common Ad Sites: On

Hosts File Shield: On

Internet Communication Shield: On

ActiveX Shield: On

Windows Messenger Service Shield: On

IE Favorites Shield: On

File System Shield: On

Execution Shield: On

System Services Shield: On

IE Hijack Shield: On

IE Tracking Cookies Shield: On

2:22 PM: Shield States

2:22 PM: License Check Status (0): Success

2:22 PM: Spyware Definitions: 1352

2:22 PM: Informational: Loaded AntiVirus Engine: 2.81.2; SDK Version: 4.36E; Virus Definitions: 12/21/2008 5:19:24 AM (GMT)

2:21 PM: Spy Sweeper 5.5.7.48 started

2:21 PM: Spy Sweeper 5.5.7.48 started

2:21 PM: | Start of Session, Monday, December 22, 2008 |

***************

4:47 PM: ApplicationMinimized - EXIT

4:47 PM: ApplicationMinimized - ENTER

4:47 PM: Removal process completed. Elapsed time 00:00:32

4:47 PM: Informational: Virus infected file c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir not cleaned.

4:47 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 20 rounds of disinfection.

4:47 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 19 rounds of disinfection.

4:47 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 18 rounds of disinfection.

4:47 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 17 rounds of disinfection.

4:47 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 16 rounds of disinfection.

4:47 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 15 rounds of disinfection.

4:47 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 14 rounds of disinfection.

4:47 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 13 rounds of disinfection.

4:47 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 12 rounds of disinfection.

4:47 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 11 rounds of disinfection.

4:47 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 10 rounds of disinfection.

4:47 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 9 rounds of disinfection.

4:47 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 8 rounds of disinfection.

4:47 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vi

Share this post


Link to post
Share on other sites

4:47 PM: Sweep Canceled

4:19 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\windows\sf6da12ef.tmp]

4:19 PM: Warning: Failed to open file "c:\windows\sf6da12ef.tmp". The operation completed successfully

4:17 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsa8664720-6c13-4bf0-97b2-1e8bf14e94e3.tmp]

4:17 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms8ead6a00-7c07-4387-8aba-c3148af9bcfe.tmp]

4:17 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmse277fa84-1d82-4123-ba15-b857ae380f3d.tmp]

4:17 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsa85c6984-980d-43c4-b912-643264ad77c7.tmp]

4:17 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms3a378c22-1834-4d82-a540-45d05ffe4499.tmp]

4:17 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsd87ca77b-715b-4451-b075-044ab453dd52.tmp]

4:17 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms7b798c3c-3080-493e-9250-c3dd48c08aac.tmp]

4:17 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsb7222477-a0a4-4e5b-82d8-d663a19f5626.tmp]

4:17 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms7b798c3c-3080-493e-9250-c3dd48c08aac.tmp". The operation completed successfully

4:17 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsb7222477-a0a4-4e5b-82d8-d663a19f5626.tmp". The operation completed successfully

4:17 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsa8664720-6c13-4bf0-97b2-1e8bf14e94e3.tmp". The operation completed successfully

4:17 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms8ead6a00-7c07-4387-8aba-c3148af9bcfe.tmp". The operation completed successfully

4:17 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmse277fa84-1d82-4123-ba15-b857ae380f3d.tmp". The operation completed successfully

4:17 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsa85c6984-980d-43c4-b912-643264ad77c7.tmp". The operation completed successfully

4:17 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms3a378c22-1834-4d82-a540-45d05ffe4499.tmp". The operation completed successfully

4:17 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsd87ca77b-715b-4451-b075-044ab453dd52.tmp". The operation completed successfully

4:17 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\pp7ikv78\back2[1].png]

4:17 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\14e3d77r\seedotfive[1].gif]

4:17 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\zwom8qno\journal[1].gif]

4:17 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\wgrygqke\careers[1].gif]

4:17 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\82s1zn5k\headerdotsgray[1].gif]

4:17 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\d6a3jfv9\bkgd_dropshadow_bottom[1].gif]

4:17 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\lfmrhdqk\lab[1].gif]

4:17 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\82s1zn5k\nav_divider_666666[1].gif]

4:17 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\d6a3jfv9\pix[1].gif]

4:17 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\14e3d77r\dropshadow_nav[1].gif]

4:17 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\pp7ikv78\nav_search[1].gif]

4:17 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\14e3d77r\bluepix[1].gif]

4:17 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\pp7ikv78\back2[1].png". The operation completed successfully

4:17 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\zwom8qno\graypix[1].gif]

4:17 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\pp7ikv78\cccccc[1].gif]

4:17 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\82s1zn5k\headerdotsgray[1].gif". The operation completed successfully

4:17 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\lfmrhdqk\td-asktheexperts[1].gif]

4:17 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\d6a3jfv9\bkgd_dropshadow_bottom[1].gif". The operation completed successfully

4:17 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\14e3d77r\seedotfive[1].gif". The operation completed successfully

4:17 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\zwom8qno\journal[1].gif". The operation completed successfully

4:17 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\wgrygqke\careers[1].gif". The operation completed successfully

4:17 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\lfmrhdqk\lab[1].gif". The operation completed successfully

4:17 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\82s1zn5k\nav_divider_666666[1].gif". The operation completed successfully

4:17 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\d6a3jfv9\pix[1].gif". The operation completed successfully

4:17 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\14e3d77r\dropshadow_nav[1].gif". The operation completed successfully

4:17 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\pp7ikv78\nav_search[1].gif". The operation completed successfully

4:17 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\14e3d77r\bluepix[1].gif". The operation completed successfully

4:17 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\zwom8qno\graypix[1].gif". The operation completed successfully

4:17 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\pp7ikv78\cccccc[1].gif". The operation completed successfully

4:17 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\lfmrhdqk\td-asktheexperts[1].gif". The operation completed successfully

4:17 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\82s1zn5k\spacer1[1].gif]

4:17 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\82s1zn5k\menutopdestinations[1].gif]

4:17 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\zwom8qno\1taboff-aboutus[1].gif]

4:17 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\wgrygqke\1taboff-estore[1].gif]

4:17 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\d6a3jfv9\1taboff-community[1].gif]

4:17 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\wgrygqke\tabbottom[1].gif]

4:17 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\54cwcgzi\1taboff-directories[1].gif]

4:17 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\54cwcgzi\1taboff-reference[1].gif]

4:17 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\14e3d77r\1tabon-education[1].gif]

4:17 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\14e3d77r\1taboff-home[1].gif]

4:17 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\82s1zn5k\spacer1[1].gif". The operation completed successfully

4:17 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\82s1zn5k\menutopdestinations[1].gif". The operation completed successfully

4:17 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\zwom8qno\1taboff-aboutus[1].gif". The operation completed successfully

4:17 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\wgrygqke\1taboff-estore[1].gif". The operation completed successfully

4:17 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\d6a3jfv9\1taboff-community[1].gif". The operation completed successfully

4:17 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\wgrygqke\tabbottom[1].gif". The operation completed successfully

4:17 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\54cwcgzi\1taboff-directories[1].gif". The operation completed successfully

4:17 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\54cwcgzi\1taboff-reference[1].gif". The operation completed successfully

4:17 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\14e3d77r\1tabon-education[1].gif". The operation completed successfully

4:17 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\lfmrhdqk\1taboff-fun[1].gif]

4:17 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\14e3d77r\1taboff-home[1].gif". The operation completed successfully

4:17 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\lfmrhdqk\1taboff-fun[1].gif". The operation completed successfully

4:13 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\windows\system32\config\software]

3:23 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\windows\system32\config\default]

3:17 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [c:\program files\gravity\ro\2007-11-28bgm.rgz]

3:12 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms20bca363-2235-4283-9bc8-777569827c19.tmp]

3:03 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsaff2740b-8ed1-4e30-ad3b-d00404a391a4.tmp]

3:00 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms44189b03-8f07-4a10-af34-20a89c13027c.tmp]

2:51 PM: C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\Trust first site\OptionRegs.exe.vir (ID = 0)

2:51 PM: C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\Trust first site\qrjklvyx.exe.vir (ID = 0)

2:50 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\pagefile.sys]

2:47 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsbf051bc7-a849-482f-9830-00bc0e2845c4.tmp]

2:38 PM: Warning: AntiVirus engine for IFO returned [Error Code 8000FFFF] on [C:\DOCUMENTS AND SETTINGS\OWNER\MY DOCUMENTS\AIMLOGGER\TINYMUNCHKIN3\IM LOGS\HALFAZNBUDDHA.HTML]

2:37 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms4a996e05-af49-4a91-9d14-01df8ba7900a.tmp]

2:37 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms5fd70169-11f5-4ec9-89dc-5365fb32b55a.tmp]

2:33 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [c:\program files\euphro\2007-10-24bgm.rgz]

2:33 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsc6d5a198-f4be-4c50-bfea-53117afae875.tmp]

2:29 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\hiberfil.sys]

2:28 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms04cdb425-587d-47c8-a8e4-f00675e00d40.tmp]

2:18 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\d6a3jfv9\profile[1].htm]

2:13 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\windows\system32\config\system]

2:11 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\wgrygqke\lewis04[1].ppt]

2:01 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\WGRYGQKE\LEWIS04[1].PPT]

1:44 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\owner\ntuser.dat]

1:36 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\54cwcgzi\corner_rt_ask[1].gif]

1:21 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsed6fb834-543d-4ec9-9497-c87b6a7c7cef.tmp]

1:07 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\pp7ikv78\album[1].htm]

1:03 PM: C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\LICENSE ADMIN OPTION BIB\Heck exit.exe.vir (ID = 0)

1:03 PM: Found Mal/Swizzor-D: Mal/Swizzor-D

1:02 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\windows\system32\config\security]

12:59 PM: Starting File Sweep

12:59 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00

12:59 PM: Starting Cookie Sweep

12:59 PM: Registry Sweep Complete, Elapsed Time:00:00:30

12:59 PM: Starting Registry Sweep

12:59 PM: Memory Sweep Complete, Elapsed Time: 00:06:42

12:52 PM: ApplicationMinimized - EXIT

12:52 PM: ApplicationMinimized - ENTER

12:52 PM: Starting Memory Sweep

12:52 PM: Warning: TFileCountEnum.ProcessPartition: TVolumeFAT.IC: invalid Boot Sector. Volume D:

12:52 PM: Start Full Sweep

12:52 PM: Sweep initiated using definitions version 1352

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:53 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:53 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:53 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:53 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:53 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:53 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:53 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:53 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:53 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:53 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:53 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:53 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:53 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:53 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:53 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:53 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:53 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:53 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:53 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:53 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:53 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:53 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:53 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:53 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:53 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:53 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

11:52 AM: Tamper Detection

10:21 AM: Your virus definitions have been updated.

10:21 AM: Informational: Loaded AntiVirus Engine: 2.81.2; SDK Version: 4.36E; Virus Definitions: 12/21/2008 5:19:24 AM (GMT)

10:21 AM: Your spyware definitions have been updated.

10:20 AM: Automated check for program update in progress.

Keylogger: On

E-mail Attachment: On

10:20 AM: Informational: ShieldEmail: Start monitoring port 25 for mail activities

10:20 AM: Informational: ShieldEmail: Start monitoring port 110 for mail activities

BHO Shield: On

IE Security Shield: On

Alternate Data Stream (ADS) Execution Shield: On

Startup Shield: On

Common Ad Sites: On

Hosts File Shield: On

Internet Communication Shield: On

ActiveX Shield: On

Windows Messenger Service Shield: On

IE Favorites Shield: On

File System Shield: On

Execution Shield: On

System Services Shield: On

IE Hijack Shield: On

IE Tracking Cookies Shield: On

10:20 AM: Shield States

10:20 AM: License Check Status (0): Success

10:20 AM: Spyware Definitions: 1351

10:20 AM: Informational: Loaded AntiVirus Engine: 2.81.2; SDK Version: 4.36E; Virus Definitions: 12/18/2008 10:22:54 PM (GMT)

10:18 AM: Spy Sweeper 5.5.7.48 started

10:18 AM: Spy Sweeper 5.5.7.48 started

10:18 AM: | Start of Session, Sunday, December 21, 2008 |

***************

12:10 AM: ApplicationMinimized - EXIT

12:10 AM: ApplicationMinimized - ENTER

12:10 AM: Sent error log: C:\Documents and Settings\Owner\Application Data\Webroot\Spy Sweeper\Logs\bugreport.txt

12:10 AM: Removal process completed. Elapsed time 00:00:35

12:10 AM: Informational: Virus infected file c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir not cleaned.

12:10 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 20 rounds of disinfection.

12:10 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 19 rounds of disinfection.

12:10 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 18 rounds of disinfection.

12:10 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 17 rounds of disinfection.

12:10 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 16 rounds of disinfection.

12:10 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 15 rounds of disinfection.

12:10 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 14 rounds of disinfection.

12:10 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 13 rounds of disinfection.

12:10 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 12 rounds of disinfection.

12:09 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 11 rounds of disinfection.

12:09 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 10 rounds of disinfection.

12:09 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 9 rounds of disinfection.

12:09 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 8 rounds of disinfection.

12:09 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 7 rounds of disinfection.

12:09 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 6 rounds of disinfection.

12:09 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 5 rounds of disinfection.

12:09 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 4 rounds of disinfection.

12:09 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 3 rounds of disinfection.

12:09 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 2 rounds of disinfection.

12:09 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 1 round of disinfection.

12:09 AM: Informational: Virus infected file c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir not cleaned.

12:09 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 20 rounds of disinfection.

12:09 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 19 rounds of disinfection.

12:09 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 18 rounds of disinfection.

12:09 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 17 rounds of disinfection.

12:09 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 16 rounds of disinfection.

12:09 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner

Share this post


Link to post
Share on other sites

12:09 AM: Removal process initiated

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:46 PM: Tamper Detection

9:03 PM: Traces Found: 3

9:03 PM: Full Sweep has completed. Elapsed time 04:06:14

9:03 PM: File Sweep Complete, Elapsed Time: 03:59:41

Operation: File Access

Target:

Source: C:\PROGRAM FILES\MALWAREBYTES' ANTI-MALWARE\MBAM.EXE

8:48 PM: Tamper Detection

8:19 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\windows\sf6da12ef.tmp]

8:19 PM: Warning: Failed to open file "c:\windows\sf6da12ef.tmp". The operation completed successfully

8:17 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsadcc49fa-41e9-4ac9-acf1-d3f786c8eea1.tmp]

8:17 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmscb5ee6d0-b4ad-4e01-964c-73700b30d104.tmp]

8:17 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms910ca3a2-d5da-4770-b203-9ce39a212827.tmp]

8:17 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms171a2395-3ba6-4f9e-8bea-83dec6746429.tmp]

8:17 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms16d05e30-22c6-4ad6-8d18-5f3805fa4c04.tmp]

8:17 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms1ec7ece6-b730-4d8b-ac95-3841e2790067.tmp]

8:17 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsadcc49fa-41e9-4ac9-acf1-d3f786c8eea1.tmp". The operation completed successfully

8:17 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmscb5ee6d0-b4ad-4e01-964c-73700b30d104.tmp". The operation completed successfully

8:17 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms910ca3a2-d5da-4770-b203-9ce39a212827.tmp". The operation completed successfully

8:17 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms171a2395-3ba6-4f9e-8bea-83dec6746429.tmp". The operation completed successfully

8:17 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms16d05e30-22c6-4ad6-8d18-5f3805fa4c04.tmp". The operation completed successfully

8:17 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms1ec7ece6-b730-4d8b-ac95-3841e2790067.tmp". The operation completed successfully

8:13 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\windows\system32\config\software]

7:24 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\windows\system32\config\default]

7:17 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [c:\program files\gravity\ro\2007-11-28bgm.rgz]

6:52 PM: C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\Trust first site\OptionRegs.exe.vir (ID = 0)

6:52 PM: C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\Trust first site\qrjklvyx.exe.vir (ID = 0)

6:51 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\pagefile.sys]

6:50 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms09b09a1a-f365-4d8f-8927-e53b9b0deae2.tmp]

6:49 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsc3d83bbe-2739-4169-ae2b-2c89a74bc88f.tmp]

6:43 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsb9a75234-a2de-468b-973f-dc03f856a383.tmp]

6:37 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [c:\program files\euphro\2007-10-24bgm.rgz]

6:36 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsbdebf480-93a0-4bfb-a473-251bb6d71b96.tmp]

6:35 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms421073ad-7f73-4739-9bf9-d38d64ad05c7.tmp]

6:32 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\hiberfil.sys]

6:28 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms6b388699-1d89-44b7-9c9d-51436a4e9e36.tmp]

6:17 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\windows\system32\config\system]

6:15 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\wgrygqke\lewis04[1].ppt]

6:13 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmse2ae9674-0cd4-4082-8606-ac952985715c.tmp]

6:03 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsf640dc37-8b28-483d-b1d2-844d43ff7e9d.tmp]

5:58 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\WGRYGQKE\LEWIS04[1].PPT]

5:49 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\owner\ntuser.dat]

5:46 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsabbf52b0-a011-4403-b96b-468131d5740c.tmp]

5:07 PM: C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\LICENSE ADMIN OPTION BIB\Heck exit.exe.vir (ID = 0)

5:07 PM: Found Mal/Swizzor-D: Mal/Swizzor-D

5:06 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\windows\system32\config\security]

5:03 PM: Starting File Sweep

5:03 PM: Cookie Sweep Complete, Elapsed Time: 00:00:02

5:03 PM: Starting Cookie Sweep

5:03 PM: Registry Sweep Complete, Elapsed Time:00:00:23

5:03 PM: Starting Registry Sweep

5:03 PM: Memory Sweep Complete, Elapsed Time: 00:05:58

4:57 PM: Warning: TFileCountEnum.ProcessPartition: TVolumeFAT.IC: invalid Boot Sector. Volume D:

4:57 PM: Starting Memory Sweep

4:57 PM: Start Full Sweep

4:57 PM: Sweep initiated using definitions version 1351

4:33 PM: IE Tracking Cookies Shield: Removed doubleclick cookie

Keylogger: On

4:33 PM: Informational: ShieldEmail: Start monitoring port 25 for mail activities

E-mail Attachment: On

4:33 PM: Informational: ShieldEmail: Start monitoring port 110 for mail activities

BHO Shield: On

IE Security Shield: On

Alternate Data Stream (ADS) Execution Shield: On

Startup Shield: On

Common Ad Sites: On

Hosts File Shield: On

Internet Communication Shield: On

ActiveX Shield: On

Windows Messenger Service Shield: On

IE Favorites Shield: On

File System Shield: On

Execution Shield: On

System Services Shield: On

IE Hijack Shield: On

IE Tracking Cookies Shield: On

4:33 PM: Shield States

4:33 PM: License Check Status (0): Success

4:33 PM: Spyware Definitions: 1351

4:33 PM: Informational: Loaded AntiVirus Engine: 2.81.2; SDK Version: 4.36E; Virus Definitions: 12/18/2008 10:22:54 PM (GMT)

4:32 PM: Spy Sweeper 5.5.7.48 started

4:32 PM: Spy Sweeper 5.5.7.48 started

4:32 PM: | Start of Session, Friday, December 19, 2008 |

***************

Keylogger: On

E-mail Attachment: On

1:55 PM: Informational: ShieldEmail: Start monitoring port 25 for mail activities

1:55 PM: Informational: ShieldEmail: Start monitoring port 110 for mail activities

BHO Shield: On

IE Security Shield: On

Alternate Data Stream (ADS) Execution Shield: On

Startup Shield: On

Common Ad Sites: On

Hosts File Shield: On

Internet Communication Shield: On

ActiveX Shield: On

Windows Messenger Service Shield: On

IE Favorites Shield: On

File System Shield: On

Execution Shield: On

System Services Shield: On

IE Hijack Shield: On

IE Tracking Cookies Shield: On

1:55 PM: Shield States

1:55 PM: License Check Status (0): Success

1:55 PM: Spyware Definitions: 1350

1:55 PM: Informational: Loaded AntiVirus Engine: 2.81.2; SDK Version: 4.36E; Virus Definitions: 12/16/2008 9:13:40 PM (GMT)

1:54 PM: Spy Sweeper 5.5.7.48 started

1:54 PM: Spy Sweeper 5.5.7.48 started

1:54 PM: | Start of Session, Thursday, December 18, 2008 |

***************

5:27 AM: ApplicationMinimized - EXIT

5:27 AM: ApplicationMinimized - ENTER

5:27 AM: Removal process completed. Elapsed time 00:00:33

5:27 AM: Informational: Virus infected file c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir not cleaned.

5:27 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 20 rounds of disinfection.

5:27 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 19 rounds of disinfection.

5:27 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 18 rounds of disinfection.

5:27 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 17 rounds of disinfection.

5:27 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 16 rounds of disinfection.

5:27 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 15 rounds of disinfection.

5:27 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 14 rounds of disinfection.

5:27 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 13 rounds of disinfection.

5:27 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 12 rounds of disinfection.

5:27 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 11 rounds of disinfection.

5:27 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 10 rounds of disinfection.

5:27 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 9 rounds of disinfection.

5:27 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 8 rounds of disinfection.

5:27 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 7 rounds of disinfection.

5:27 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 6 rounds of disinfection.

5:27 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 5 rounds of disinfection.

5:27 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 4 rounds of disinfection.

5:27 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 3 rounds of disinfection.

5:27 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 2 rounds of disinfection.

5:27 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 1 round of disinfection.

5:27 AM: Informational: Virus infected file c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir not cleaned.

5:27 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 20 rounds of disinfection.

5:27 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 19 rounds of disinfection.

5:27 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 18 rounds of disinfection.

5:27 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 17 rounds of disinfection.

5:27 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 16 rounds of disinfection.

5:27 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 15 rounds of disinfection.

5:27 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 14 rounds of disinfection.

5:27 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 13 rounds of disinfection.

5:27 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 12 rounds of disinfection.

5:27 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 11 rounds of disinfection.

5:27 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 10 rounds of disinfection.

5:27 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 9 rounds of disinfection.

5:27 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 8 rounds of disinfection.

5:27 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 7 rounds of disinfection.

5:27 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 6 rounds of disinfection.

5:27 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 5 rounds of disinfection.

5:27 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 4 rounds of disinfection.

5:27 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 3 rounds of disinfection.

5:27 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 2 rounds of disinfection.

5:27 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 1 round of disinfection.

5:27 AM: Informational: Virus infected file c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir not cleaned.

5:27 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 20 rounds of disinfection.

5:26 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 19 rounds of disinfection.

5:26 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 18 rounds of disinfection.

5:26 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 17 rounds of disinfection.

5:26 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 16 rounds of disinfection.

5:26 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 15 rounds of disinfection.

5:26 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 14 rounds of disinfection.

5:26 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 13 rounds of disinfection.

5:26 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 12 rounds of disinfection.

5:26 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 11 rounds of disinfection.

5:26 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 10 rounds of disinfection.

5:26 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 9 rounds of disinfection.

5:26 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 8 rounds of disinfection.

5:26 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 7 rounds of disinfection.

5:26 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 6 rounds of disinfection.

5:26 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 5 rounds of disinfection.

5:26 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 4 rounds of disinfection.

5:26 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 3 rounds of disinfection.

5:26 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 2 rounds of disinfection.

5:26 AM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 1 round of disinfection.

5:26 AM: Quarantining All Traces: Mal/Swizzor-D

5:26 AM: Removal process initiated

5:15 AM: Traces Found: 3

5:15 AM: Full Sweep has completed. Elapsed time 02:33:30

5:15 AM: File Sweep Complete, Elapsed Time: 02:23:40

4:59 AM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\windows\sf6da12ef.tmp]

4:59 AM: Warning: Failed to open file "c:\windows\sf6da12ef.tmp". The operation completed successfully

4:58 AM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms2e5ad39b-11d5-4d8d-8487-48b7eea21616.tmp]

4:58 AM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms237655f6-b7a4-49b9-9a9e-a76b567dd300.tmp]

4:58 AM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms09ca44c9-6574-4ff0-b466-33a9b3c65dcf.tmp]

4:58 AM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms344424a5-2a14-4a08-9349-6403d429f5d7.tmp]

4:58 AM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms9435b8d3-c3f5-4792-a114-8db07dbb305b.tmp]

4:58 AM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms60525a0e-5218-46bb-b1d6-06e3715e69c9.tmp]

4:58 AM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmseee6e919-e365-4f6c-a3f6-609ddac22735.tmp]

4:58 AM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms3e18ea24-b2b7-494a-b22f-a9129c1f47cc.tmp]

4:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms2e5ad39b-11d5-4d8d-8487-48b7eea21616.tmp". The operation completed successfully

4:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms237655f6-b7a4-49b9-9a9e-a76b567dd300.tmp". The operation completed successfully

4:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms09ca44c9-6574-4ff0-b466-33a9b3c65dcf.tmp". The operation completed successfully

4:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms344424a5-2a14-4a08-9349-6403d429f5d7.tmp". The operation completed successfully

4:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms9435b8d3-c3f5-4792-a114-8db07dbb305b.tmp". The operation completed successfully

4:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms60525a0e-5218-46bb-b1d6-06e3715e69c9.tmp". The operation completed successfully

4:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmseee6e919-e365-4f6c-a3f6-609ddac22735.tmp". The operation completed successfully

4:58 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms3e18ea24-b2b7-494a-b22f-a9129c1f47cc.tmp". The operation completed successfully

4:58 AM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\owner\local settings\

Share this post


Link to post
Share on other sites

4:24 AM: Tamper Detection

4:13 AM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsed0a3d15-498a-47eb-9e0f-1322696ab817.tmp]

4:13 AM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms36188cea-ae3d-4003-aa2a-fa3bee92c65f.tmp]

4:11 AM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\windows\system32\config\default]

4:08 AM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [c:\program files\gravity\ro\2007-11-28bgm.rgz]

4:02 AM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms09afe681-21b0-4c10-9783-0ea9a531b082.tmp]

3:59 AM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms53007bb5-64d1-427b-8554-bb8fbd0d15c7.tmp]

3:59 AM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\owner\local settings\temp\acradef.tmp]

3:59 AM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\WGRYGQKE\LEWIS04[1].PPT]

3:53 AM: C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\Trust first site\OptionRegs.exe.vir (ID = 0)

3:53 AM: C:\QooBox\Quarantine\C\Documents and Settings\Owner\Application Data\Trust first site\qrjklvyx.exe.vir (ID = 0)

3:52 AM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\pagefile.sys]

3:43 AM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsb0fe99cc-840e-4e5f-a105-3d8d3b1191c4.tmp]

3:43 AM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [c:\program files\euphro\2007-10-24bgm.rgz]

3:41 AM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsb1a3be66-920d-45e5-8a27-e9fc84266da8.tmp]

3:41 AM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\hiberfil.sys]

3:37 AM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms7ecdd781-35ee-4934-8c1e-703be7a75058.tmp]

3:35 AM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\owner\local settings\temp\~df7c84.tmp]

3:35 AM: Warning: Failed to read file "c:\documents and settings\owner\local settings\temp\~df7c84.tmp". "c:\documents and settings\owner\local settings\temp\~df7c84.tmp": File not found

3:34 AM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\windows\system32\config\system]

3:30 AM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms38f19992-056d-4296-9e67-c8f19f60ea6e.tmp]

3:21 AM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\lfmrhdqk\sciencebase-header[1].jpg]

3:19 AM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\54cwcgzi\ads[1].htm]

3:19 AM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\lfmrhdqk\ads[1].htm]

3:18 AM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\wgrygqke\ads[1].htm]

3:17 AM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\wgrygqke\ae163[1].htm]

3:17 AM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\owner\ntuser.dat]

3:14 AM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\lfmrhdqk\boiling-point-elevation[1].jpg]

2:54 AM: C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\LICENSE ADMIN OPTION BIB\Heck exit.exe.vir (ID = 0)

2:54 AM: Found Mal/Swizzor-D: Mal/Swizzor-D

2:54 AM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\windows\system32\config\security]

2:52 AM: Starting File Sweep

2:52 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00

2:51 AM: Starting Cookie Sweep

2:51 AM: Registry Sweep Complete, Elapsed Time:00:00:26

2:51 AM: Starting Registry Sweep

2:51 AM: Memory Sweep Complete, Elapsed Time: 00:09:11

2:48 AM: ApplicationMinimized - EXIT

2:48 AM: ApplicationMinimized - ENTER

2:42 AM: ApplicationMinimized - EXIT

2:42 AM: ApplicationMinimized - ENTER

2:42 AM: Starting Memory Sweep

2:42 AM: Warning: TFileCountEnum.ProcessPartition: TVolumeFAT.IC: invalid Boot Sector. Volume D:

2:42 AM: Start Full Sweep

2:42 AM: Sweep initiated using definitions version 1351

2:39 AM: None

2:39 AM: Traces Found: 0

2:39 AM: Memory Sweep Complete, Elapsed Time: 00:00:37

2:39 AM: Sweep Canceled

2:38 AM: Warning: TFileCountEnum.ProcessPartition: TVolumeFAT.IC: invalid Boot Sector. Volume D:

2:38 AM: Starting Memory Sweep

2:38 AM: Informational: Virus infected file C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\PP7IKV78\_FREESCAN[1].HTM not cleaned.

2:38 AM: Informational: File C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\PP7IKV78\_FREESCAN[1].HTM still infected with virus Mal/FakeAvJs-A after 20 rounds of disinfection.

2:38 AM: Informational: File C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\PP7IKV78\_FREESCAN[1].HTM still infected with virus Mal/FakeAvJs-A after 19 rounds of disinfection.

2:38 AM: Informational: File C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\PP7IKV78\_FREESCAN[1].HTM still infected with virus Mal/FakeAvJs-A after 18 rounds of disinfection.

2:38 AM: Informational: File C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\PP7IKV78\_FREESCAN[1].HTM still infected with virus Mal/FakeAvJs-A after 17 rounds of disinfection.

2:38 AM: Start Full Sweep

2:38 AM: Sweep initiated using definitions version 1351

2:38 AM: Informational: File C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\PP7IKV78\_FREESCAN[1].HTM still infected with virus Mal/FakeAvJs-A after 16 rounds of disinfection.

2:38 AM: Informational: File C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\PP7IKV78\_FREESCAN[1].HTM still infected with virus Mal/FakeAvJs-A after 15 rounds of disinfection.

2:38 AM: Informational: File C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\PP7IKV78\_FREESCAN[1].HTM still infected with virus Mal/FakeAvJs-A after 14 rounds of disinfection.

2:38 AM: Informational: File C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\PP7IKV78\_FREESCAN[1].HTM still infected with virus Mal/FakeAvJs-A after 13 rounds of disinfection.

2:38 AM: Informational: File C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\PP7IKV78\_FREESCAN[1].HTM still infected with virus Mal/FakeAvJs-A after 12 rounds of disinfection.

2:38 AM: Informational: File C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\PP7IKV78\_FREESCAN[1].HTM still infected with virus Mal/FakeAvJs-A after 11 rounds of disinfection.

2:38 AM: Informational: File C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\PP7IKV78\_FREESCAN[1].HTM still infected with virus Mal/FakeAvJs-A after 10 rounds of disinfection.

2:38 AM: Informational: File C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\PP7IKV78\_FREESCAN[1].HTM still infected with virus Mal/FakeAvJs-A after 9 rounds of disinfection.

2:38 AM: Informational: File C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\PP7IKV78\_FREESCAN[1].HTM still infected with virus Mal/FakeAvJs-A after 8 rounds of disinfection.

2:38 AM: Informational: File C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\PP7IKV78\_FREESCAN[1].HTM still infected with virus Mal/FakeAvJs-A after 7 rounds of disinfection.

2:38 AM: Informational: File C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\PP7IKV78\_FREESCAN[1].HTM still infected with virus Mal/FakeAvJs-A after 6 rounds of disinfection.

2:38 AM: Informational: File C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\PP7IKV78\_FREESCAN[1].HTM still infected with virus Mal/FakeAvJs-A after 5 rounds of disinfection.

2:38 AM: Informational: File C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\PP7IKV78\_FREESCAN[1].HTM still infected with virus Mal/FakeAvJs-A after 4 rounds of disinfection.

2:38 AM: Informational: File C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\PP7IKV78\_FREESCAN[1].HTM still infected with virus Mal/FakeAvJs-A after 3 rounds of disinfection.

2:38 AM: Informational: File C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\PP7IKV78\_FREESCAN[1].HTM still infected with virus Mal/FakeAvJs-A after 2 rounds of disinfection.

2:38 AM: Informational: File C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\PP7IKV78\_FREESCAN[1].HTM still infected with virus Mal/FakeAvJs-A after 1 round of disinfection.

2:38 AM: File System Shield: found: Behavioral: Mal/FakeAvJs-A, version -- File system Read/Write denied

2:38 AM: ApplicationMinimized - EXIT

2:38 AM: ApplicationMinimized - ENTER

2:38 AM: Informational: Virus infected file C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\ZWOM8QNO\FREESCAN[1].HTM not cleaned.

2:38 AM: Informational: File C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\ZWOM8QNO\FREESCAN[1].HTM still infected with virus Mal/FakeAvJs-A after 20 rounds of disinfection.

2:38 AM: Informational: File C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\ZWOM8QNO\FREESCAN[1].HTM still infected with virus Mal/FakeAvJs-A after 19 rounds of disinfection.

2:38 AM: Informational: File C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\ZWOM8QNO\FREESCAN[1].HTM still infected with virus Mal/FakeAvJs-A after 18 rounds of disinfection.

2:38 AM: Informational: File C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\ZWOM8QNO\FREESCAN[1].HTM still infected with virus Mal/FakeAvJs-A after 17 rounds of disinfection.

2:38 AM: Informational: File C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\ZWOM8QNO\FREESCAN[1].HTM still infected with virus Mal/FakeAvJs-A after 16 rounds of disinfection.

2:38 AM: Informational: File C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\ZWOM8QNO\FREESCAN[1].HTM still infected with virus Mal/FakeAvJs-A after 15 rounds of disinfection.

2:38 AM: Informational: File C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\ZWOM8QNO\FREESCAN[1].HTM still infected with virus Mal/FakeAvJs-A after 14 rounds of disinfection.

2:38 AM: Informational: File C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\ZWOM8QNO\FREESCAN[1].HTM still infected with virus Mal/FakeAvJs-A after 13 rounds of disinfection.

2:38 AM: Informational: File C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\ZWOM8QNO\FREESCAN[1].HTM still infected with virus Mal/FakeAvJs-A after 12 rounds of disinfection.

2:38 AM: Informational: File C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\ZWOM8QNO\FREESCAN[1].HTM still infected with virus Mal/FakeAvJs-A after 11 rounds of disinfection.

2:38 AM: Informational: File C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\ZWOM8QNO\FREESCAN[1].HTM still infected with virus Mal/FakeAvJs-A after 10 rounds of disinfection.

2:38 AM: Informational: File C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\ZWOM8QNO\FREESCAN[1].HTM still infected with virus Mal/FakeAvJs-A after 9 rounds of disinfection.

2:38 AM: Informational: File C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\ZWOM8QNO\FREESCAN[1].HTM still infected with virus Mal/FakeAvJs-A after 8 rounds of disinfection.

2:38 AM: Informational: File C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\ZWOM8QNO\FREESCAN[1].HTM still infected with virus Mal/FakeAvJs-A after 7 rounds of disinfection.

2:38 AM: Informational: File C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\ZWOM8QNO\FREESCAN[1].HTM still infected with virus Mal/FakeAvJs-A after 6 rounds of disinfection.

2:38 AM: Informational: File C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\ZWOM8QNO\FREESCAN[1].HTM still infected with virus Mal/FakeAvJs-A after 5 rounds of disinfection.

2:38 AM: Informational: File C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\ZWOM8QNO\FREESCAN[1].HTM still infected with virus Mal/FakeAvJs-A after 4 rounds of disinfection.

2:38 AM: Informational: File C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\ZWOM8QNO\FREESCAN[1].HTM still infected with virus Mal/FakeAvJs-A after 3 rounds of disinfection.

2:38 AM: Informational: File C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\ZWOM8QNO\FREESCAN[1].HTM still infected with virus Mal/FakeAvJs-A after 2 rounds of disinfection.

2:38 AM: Informational: File C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\ZWOM8QNO\FREESCAN[1].HTM still infected with virus Mal/FakeAvJs-A after 1 round of disinfection.

2:38 AM: File System Shield: found: Behavioral: Mal/FakeAvJs-A, version -- File system Read/Write denied

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:42 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:41 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:41 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:41 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:41 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:41 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:41 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:41 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:41 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:41 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:41 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:41 PM: Tamper Detection

9:16 PM: Your virus definitions have been updated.

9:16 PM: Informational: Loaded AntiVirus Engine: 2.81.2; SDK Version: 4.36E; Virus Definitions: 12/18/2008 10:22:54 PM (GMT)

9:16 PM: Your spyware definitions have been updated.

9:15 PM: Automated check for program update in progress.

7:27 PM: IE Tracking Cookies Shield: Removed stamps.com cookie

7:27 PM: IE Tracking Cookies Shield: Removed stamps.com cookie

7:27 PM: IE Tracking Cookies Shield: Removed stamps.com cookie

7:27 PM: IE Tracking Cookies Shield: Removed stamps.com cookie

7:27 PM: IE Tracking Cookies Shield: Removed stamps.com cookie

7:27 PM: IE Tracking Cookies Shield: Removed stamps.com cookie

7:27 PM: IE Tracking Cookies Shield: Removed stamps.com cookie

7:27 PM: IE Tracking Cookies Shield: Removed stamps.com cookie

7:27 PM: IE Tracking Cookies Shield: Removed stamps.com cookie

7:27 PM: IE Tracking Cookies Shield: Removed stamps.com cookie

7:27 PM: IE Tracking Cookies Shield: Removed stamps.com cookie

7:27 PM: IE Tracking Cookies Shield: Removed stamps.com cookie

7:27 PM: IE Tracking Cookies Shield: Removed stamps.com cookie

7:27 PM: IE Tracking Cookies Shield: Removed stamps.com cookie

7:27 PM: IE Tracking Cookies Shield: Removed stamps.com cookie

7:27 PM: IE Tracking Cookies Shield: Removed stamps.com cookie

7:27 PM: IE Tracking Cookies Shield: Removed stamps.com cookie

7:27 PM: IE Tracking Cookies Shield: Removed stamps.com cookie

7:27 PM: IE Tracking Cookies Shield: Removed stamps.com cookie

7:27 PM: IE Tracking Cookies Shield: Removed stamps.com cookie

7:27 PM: IE Tracking Cookies Shield: Removed stamps.com cookie

7:27 PM: IE Tracking Cookies Shield: Removed stamps.com cookie

7:27 PM: IE Tracking Cookies Shield: Removed stamps.com cookie

7:27 PM: IE Tracking Cookies Shield: Removed stamps.com cookie

Keylogger: On

6:57 PM: Informational: ShieldEmail: Start monitoring port 25 for mail activities

E-mail Attachment: On

6:57 PM: Informational: ShieldEmail: Start monitoring port 110 for mail activities

BHO Shield: On

IE Security Shield: On

Alternate Data Stream (ADS) Execution Shield: On

Startup Shield: On

Common Ad Sites: On

Hosts File Shield: On

Internet Communication Shield: On

ActiveX Shield: On

Windows Messenger Service Shield: On

IE Favorites Shield: On

File System Shield: On

Execution Shield: On

System Services Shield: On

IE Hijack Shield: On

IE Tracking Cookies Shield: On

6:57 PM: Shield States

6:57 PM: License Check Status (0): Success

6:56 PM: Spyware Definitions: 1350

6:56 PM: Informational: Loaded AntiVirus Engine: 2.81.2; SDK Version: 4.36E; Virus Definitions: 12/16/2008 9:13:40 PM (GMT)

6:55 PM: Spy Sweeper 5.5.7.48 started

6:55 PM: Spy Sweeper 5.5.7.48 started

6:55 PM: | Start of Session, Thursday, December 18, 2008 |

***************

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\Driver

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:24 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\Driver

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:24 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\Driver

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:24 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\Driver

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:24 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\Driver

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:23 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\Driver

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:23 AM: Tamper Detection

9:14 PM: Your spyware definitions have been updated.

9:13 PM: Automated check for program update in progress.

8:52 PM: IE Tracking Cookies Shield: Removed angelfire cookie

7:41 PM: IE Tracking Cookies Shield: Removed doubleclick cookie

Keylogger: On

E-mail Attachment: On

7:40 PM: Informational: ShieldEmail: Start monitoring port 25 for mail activities

7:40 PM: Informational: ShieldEmail: Start monitoring port 110 for mail activities

BHO Shield: On

IE Security Shield: On

Alternate Data Stream (ADS) Execution Shield: On

Startup Shield: On

Common Ad Sites: On

Hosts File Shield: On

Internet Communication Shield: On

ActiveX Shield: On

Windows Messenger Service Shield: On

IE Favorites Shield: On

File System Shield: On

Execution Shield: On

System Services Shield: On

IE Hijack Shield: On

IE Tracking Cookies Shield: On

7:39 PM: Shield States

7:39 PM: Spyware Definitions: 1349

7:39 PM: Informational: Loaded AntiVirus Engine: 2.81.2; SDK Version: 4.36E; Virus Definitions: 12/16/2008 9:13:40 PM (GMT)

7:38 PM: Spy Sweeper 5.5.7.48 started

7:38 PM: Spy Sweeper 5.5.7.48 started

7:38 PM: | Start of Session, Wednesday, December 17, 2008 |

***************

5:52 PM: ApplicationMinimized - EXIT

5:52 PM: ApplicationMinimized - ENTER

5:52 PM: ApplicationMinimized - EXIT

5:52 PM: BHO Shield: found: freeze_us.dll-- BHO installation denied at user request

5:52 PM: ApplicationMinimized - ENTER

5:52 PM: BHO Shield: found: freeze_us.dll-- BHO installation denied at user request

5:52 PM: ApplicationMinimized - EXIT

5:52 PM: BHO Shield: found: freeze_us.dll-- BHO installation denied at user request

5:52 PM: ApplicationMinimized - ENTER

5:52 PM: BHO Shield: found: -- BHO installation denied at user request

5:52 PM: Warning: no filename sent to VerifyFileSignature

5:52 PM: ApplicationMinimized - EXIT

5:52 PM: ApplicationMinimized - ENTER

5:52 PM: BHO Shield: found: -- BHO installation denied at user request

5:52 PM: Warning: no filename sent to VerifyFileSignature

5:52 PM: BHO Shield: found: -- BHO installation denied at user request

5:51 PM: Warning: no filename sent to VerifyFileSignature

5:23 PM: IE Tracking Cookies Shield: Removed doubleclick cookie

5:09 PM: IE Tracking Cookies Shield: Removed versiontracker cookie

5:09 PM: IE Tracking Cookies Shield: Removed versiontracker cookie

3:47 PM: IE Tracking Cookies Shield: Removed doubleclick cookie

Keylogger: On

3:46 PM: Informational: ShieldEmail: Start monitoring port 25 for mail activities

E-mail Attachment: On

3:46 PM: Informational: ShieldEmail: Start monitoring port 110 for mail activities

BHO Shield: On

IE Security Shield: On

Alternate Data Stream (ADS) Execution Shield: On

Startup Shield: On

Common Ad Sites: On

Hosts File Shield: On

Internet Communication Shield: On

ActiveX Shield: On

Windows Messenger Service Shield: On

IE Favorites Shield: On

File System Shield: On

Execution Shield: On

System Services Shield: On

IE Hijack Shield: On

IE Tracking Cookies Shield: On

3:46 PM: Shield States

3:46 PM: License Check Status (0): Success

3:46 PM: Spyware Definitions: 1348

3:46 PM: Informational: Loaded AntiVirus Engine: 2.81.2; SDK Version: 4.36E; Virus Definitions: 12/15/2008 5:50:50 PM (GMT)

3:45 PM: Spy Sweeper 5.5.7.48 started

3:45 PM: Spy Sweeper 5.5.7.48 started

3:45 PM: | Start of Session, Tuesday, December 16, 2008 |

***************

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\Driver

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

1:59 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\Driver

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

1:59 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\Driver

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

1:59 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\Driver

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

1:59 AM: Tamper Detection

Share this post


Link to post
Share on other sites

1:52 AM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\PPTAE7.TMP]

1:42 AM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\PPTAE7.TMP]

1:32 AM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\PPTAE7.TMP]

1:29 AM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\PPT848.TMP]

1:22 AM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\PPTAE7.TMP]

1:19 AM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\PPT848.TMP]

1:12 AM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\PPTAE7.TMP]

1:09 AM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\PPT848.TMP]

1:02 AM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\PPTAE7.TMP]

12:59 AM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\PPT848.TMP]

12:52 AM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\PPTAE7.TMP]

12:49 AM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\PPT848.TMP]

12:42 AM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\PPTAE7.TMP]

12:39 AM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\PPT848.TMP]

12:32 AM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\PPTAE7.TMP]

12:29 AM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\PPT848.TMP]

12:22 AM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\PPTAE7.TMP]

12:19 AM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\PPT848.TMP]

12:11 AM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\PPTAE7.TMP]

12:09 AM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\PPT848.TMP]

12:01 AM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\PPTAE7.TMP]

11:59 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\PPT848.TMP]

11:51 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\PPTAE7.TMP]

11:49 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\PPT848.TMP]

11:41 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\PPTAE7.TMP]

11:39 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\PPT848.TMP]

11:31 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\PPTAE7.TMP]

11:29 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\PPT848.TMP]

11:19 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\PPT848.TMP]

11:09 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\PPT588.TMP]

11:08 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\PPT848.TMP]

10:59 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\PPT588.TMP]

10:59 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\PPT848.TMP]

10:48 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\PPT588.TMP]

10:48 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\PPT848.TMP]

10:38 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\PPT588.TMP]

10:38 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\PPT848.TMP]

Operation: File Access

Target:

Source: C:\PROGRAM FILES\MALWAREBYTES' ANTI-MALWARE\MBAM.EXE

10:34 PM: Tamper Detection

10:28 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\PPT588.TMP]

10:28 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\PPT848.TMP]

10:18 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\PPT588.TMP]

10:18 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\PPT848.TMP]

10:08 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\PPT588.TMP]

10:08 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\PPT848.TMP]

10:07 PM: Warning: AntiVirus engine for IFO returned [Error Code 8000FFFF] on [C:\PROGRAM FILES\ARES\ASYNCEX.AX]

9:58 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\PPT588.TMP]

9:58 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\PPT848.TMP]

9:49 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\PPT588.TMP]

9:38 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\PPT588.TMP]

9:36 PM: File System Shield: found: Adware: relevantknowledge marketscore, version 1.0.0.0

9:28 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\PPT588.TMP]

9:26 PM: File System Shield: found: Adware: relevantknowledge marketscore, version 1.0.0.0

9:18 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\PPT588.TMP]

9:16 PM: ApplicationMinimized - EXIT

9:16 PM: ApplicationMinimized - ENTER

9:15 PM: File System Shield: found: Adware: relevantknowledge marketscore, version 1.0.0.0

9:14 PM: ApplicationMinimized - EXIT

9:14 PM: ApplicationMinimized - ENTER

9:13 PM: Your virus definitions have been updated.

9:13 PM: Informational: Loaded AntiVirus Engine: 2.81.2; SDK Version: 4.36E; Virus Definitions: 12/16/2008 9:13:40 PM (GMT)

9:11 PM: Your spyware definitions have been updated.

9:10 PM: Automated check for program update in progress.

9:09 PM: Removal process completed. Elapsed time 00:00:32

9:09 PM: Informational: Virus infected file c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir not cleaned.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 20 rounds of disinfection.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 19 rounds of disinfection.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 18 rounds of disinfection.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 17 rounds of disinfection.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 16 rounds of disinfection.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 15 rounds of disinfection.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 14 rounds of disinfection.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 13 rounds of disinfection.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 12 rounds of disinfection.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 11 rounds of disinfection.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 10 rounds of disinfection.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 9 rounds of disinfection.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 8 rounds of disinfection.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 7 rounds of disinfection.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 6 rounds of disinfection.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 5 rounds of disinfection.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 4 rounds of disinfection.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 3 rounds of disinfection.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 2 rounds of disinfection.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\all users\application data\license admin option bib\heck exit.exe.vir still infected with virus Mal/Swizzor-D after 1 round of disinfection.

9:09 PM: Informational: Virus infected file c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir not cleaned.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 20 rounds of disinfection.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 19 rounds of disinfection.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 18 rounds of disinfection.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 17 rounds of disinfection.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 16 rounds of disinfection.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 15 rounds of disinfection.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 14 rounds of disinfection.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 13 rounds of disinfection.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 12 rounds of disinfection.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 11 rounds of disinfection.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 10 rounds of disinfection.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 9 rounds of disinfection.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 8 rounds of disinfection.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 7 rounds of disinfection.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 6 rounds of disinfection.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 5 rounds of disinfection.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 4 rounds of disinfection.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 3 rounds of disinfection.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 2 rounds of disinfection.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\qrjklvyx.exe.vir still infected with virus Mal/Swizzor-D after 1 round of disinfection.

9:09 PM: Informational: Virus infected file c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir not cleaned.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 20 rounds of disinfection.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 19 rounds of disinfection.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 18 rounds of disinfection.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 17 rounds of disinfection.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 16 rounds of disinfection.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 15 rounds of disinfection.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 14 rounds of disinfection.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 13 rounds of disinfection.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 12 rounds of disinfection.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 11 rounds of disinfection.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 10 rounds of disinfection.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 9 rounds of disinfection.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 8 rounds of disinfection.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 7 rounds of disinfection.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 6 rounds of disinfection.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 5 rounds of disinfection.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 4 rounds of disinfection.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 3 rounds of disinfection.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 2 rounds of disinfection.

9:09 PM: Informational: File c:\qoobox\quarantine\c\documents and settings\owner\application data\trust first site\optionregs.exe.vir still infected with virus Mal/Swizzor-D after 1 round of disinfection.

9:09 PM: Quarantining All Traces: Mal/Swizzor-D

9:09 PM: Removal process initiated

9:09 PM: Traces Found: 3

9:09 PM: Full Sweep has completed. Elapsed time 02:44:34

9:09 PM: File Sweep Complete, Elapsed Time: 02:37:37

9:08 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\PPT588.TMP]

9:04 PM: File System Shield: found: Adware: relevantknowledge marketscore, version 1.0.0.0

9:04 PM: Warning: AntiVirus engine for IFO returned [Error Code 8000FFFF] on [C:\WINDOWS\TEMP\~OS593.TMP\APPINIT.DLL]

8:58 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\PPT588.TMP]

8:53 PM: File System Shield: found: Adware: relevantknowledge marketscore, version 1.0.0.0

8:47 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\windows\sf6da12ef.tmp]

8:47 PM: Warning: Failed to open file "c:\windows\sf6da12ef.tmp". The operation completed successfully

8:46 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms733f605a-d8de-4402-a153-05a8f100f94a.tmp]

8:46 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms5e7eb425-960f-441d-b17f-56f4391b7075.tmp]

8:46 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms31f92bad-784a-4cb6-b850-ac4379b6ea97.tmp]

8:46 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms91ac6d00-9adb-49a2-900e-0d10b2ceee79.tmp]

8:46 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms9e355a10-ef3b-4318-a1c7-66600d11dba7.tmp]

8:46 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms32052ad1-fe34-4eef-a189-7031bb6127b1.tmp]

8:46 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms733f605a-d8de-4402-a153-05a8f100f94a.tmp". The operation completed successfully

8:46 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms5e7eb425-960f-441d-b17f-56f4391b7075.tmp". The operation completed successfully

8:46 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms31f92bad-784a-4cb6-b850-ac4379b6ea97.tmp". The operation completed successfully

8:46 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms91ac6d00-9adb-49a2-900e-0d10b2ceee79.tmp". The operation completed successfully

8:46 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms9e355a10-ef3b-4318-a1c7-66600d11dba7.tmp". The operation completed successfully

8:46 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms32052ad1-fe34-4eef-a189-7031bb6127b1.tmp". The operation completed successfully

8:46 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\vfuwr59d\aggregate[1].txt]

8:46 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\mg6c517x\aggregate[2].txt]

8:46 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\t5jvrcym\aggregate[3].txt]

8:46 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\t6d3kh2r\aggregate[2].txt]

8:46 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\mu2lo39r\aggregate[3].txt]

8:46 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\wmb0aluh\aggregate[2].txt]

8:46 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\k1ca597k\aggregate[4].txt]

8:46 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\cookies\owner@www.yahoo[2].txt]

8:46 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\vfuwr59d\aggregate[1].txt". The operation completed successfully

8:46 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\mg6c517x\aggregate[2].txt". The operation completed successfully

8:46 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\t5jvrcym\aggregate[3].txt". The operation completed successfully

8:46 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\t6d3kh2r\aggregate[2].txt". The operation completed successfully

8:46 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\mu2lo39r\aggregate[3].txt". The operation completed successfully

8:46 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\wmb0aluh\aggregate[2].txt". The operation completed successfully

8:46 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\k1ca597k\aggregate[4].txt". The operation completed successfully

8:46 PM: Warning: Failed to open file "c:\documents and settings\owner\cookies\owner@www.yahoo[2].txt". The operation completed successfully

8:46 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\mu2lo39r\aggregate[2].txt]

8:46 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\mu2lo39r\aggregate[2].txt". The operation completed successfully

8:46 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\mu2lo39r\search[2]]

8:46 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\mu2lo39r\search[2]". The operation completed successfully

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\cookies\owner@caihl2lk.txt]

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\cookies\owner@caihl2lk.txt". The operation completed successfully

8:45 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\t5jvrcym\aggregate[2].txt]

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\t5jvrcym\aggregate[2].txt". The operation completed successfully

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\j4fn1vsx\trace[1].gif]

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\wmb0aluh\afe_specificclick_net[1].htm]

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\k1ca597k\pixel[1].gif]

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\wmb0aluh\contentlink[1].js]

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\wmb0aluh\a6[2].gif]

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\t5jvrcym\coo_link_software[1].js]

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\wmb0aluh\mark[1].js]

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\vfuwr59d\bottom_bg222[1].gif]

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\wmb0aluh\gg_download_center_right[1].js]

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\k1ca597k\loc=300;noperf=1;cfp=1;target=_blank;grp=468743484;misc=468743484[1]]

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\k1ca597k\a73[1].gif]

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\k1ca597k\photograph_graphics_software_center_right[1].js]

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\vfuwr59d\a52[1].gif]

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\mu2lo39r\a18[1].gif]

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\mg6c517x\a26[1].gif]

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\t6d3kh2r\a71[1].gif]

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\mu2lo39r\a75[1].gif]

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\j4fn1vsx\add12[1].gif]

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\j4fn1vsx\add6[1].gif]

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\vfuwr59d\add7[1].gif]

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\mg6c517x\add19[1].gif]

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\t6d3kh2r\add3[1].gif]

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\mu2lo39r\add11[1].gif]

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\j4fn1vsx\add1[1].gif]

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\t5jvrcym\a49[1].gif]

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\mg6c517x\activityi;src=2044558;type=aolco003;cat=aolho775;ord=1;num=6165848917448[1].htm]

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\mu2lo39r\0m4[1].jpg]

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\t5jvrcym\crossdomain[1].xml]

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\k1ca597k\0m3[1].jpg]

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\j4fn1vsx\ad-grey[1].png]

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\t5jvrcym\1m1[1].jpg]

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\mu2lo39r\0blt3[1].jpg]

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\wmb0aluh\numbers_sm_2[1].gif]

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\j4fn1vsx\tab-green-left[1].png]

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\vfuwr59d\bullet-green[1].gif]

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\k1ca597k\numbers_sm_4[1].gif]

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\wmb0aluh\contentlink[1].js". The operation completed successfully

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\wmb0aluh\a6[2].gif". The operation completed successfully

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\t5jvrcym\coo_link_software[1].js". The operation completed successfully

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\wmb0aluh\mark[1].js". The operation completed successfully

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\mg6c517x\switch-tab-left[1].gif]

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\mg6c517x\numbers_sm_5[1].gif]

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\vfuwr59d\bottom_bg222[1].gif". The operation completed successfully

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\mg6c517x\numbers_sm_3[1].gif]

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\vfuwr59d\sg[1]]

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\k1ca597k\c1_br[1].jpg]

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\wmb0aluh\gg_download_center_right[1].js". The operation completed successfully

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\t5jvrcym\main-nav-tier-divider[1].png]

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\k1ca597k\loc=300;noperf=1;cfp=1;target=_blank;grp=468743484;misc=468743484[1]". The operation completed successfully

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\vfuwr59d\c1_bl[1].jpg]

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\k1ca597k\a73[1].gif". The operation completed successfully

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\k1ca597k\photograph_graphics_software_center_right[1].js". The operation completed successfully

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\vfuwr59d\a52[1].gif". The operation completed successfully

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\mu2lo39r\a18[1].gif". The operation completed successfully

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\mg6c517x\a26[1].gif". The operation completed successfully

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\t6d3kh2r\a71[1].gif". The operation completed successfully

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\mu2lo39r\a75[1].gif". The operation completed successfully

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\j4fn1vsx\add12[1].gif". The operation completed successfully

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\j4fn1vsx\add6[1].gif". The operation completed successfully

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\vfuwr59d\add7[1].gif". The operation completed successfully

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\mg6c517x\add19[1].gif". The operation completed successfully

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\t6d3kh2r\add3[1].gif". The operation completed successfully

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\mu2lo39r\add11[1].gif". The operation completed successfully

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\j4fn1vsx\add1[1].gif". The operation completed successfully

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\t5jvrcym\a49[1].gif". The operation completed successfully

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\mg6c517x\activityi;src=2044558;type=aolco003;cat=aolho775;ord=1;num=6165848917448[1].htm". The operation completed successfully

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\mg6c517x\c1_tr[1].jpg]

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\vfuwr59d\main-nav-divider[1].png]

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\mu2lo39r\0m4[1].jpg". The operation completed successfully

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\t5jvrcym\c1_tl[1].jpg]

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\wmb0aluh\tracksimple[1].htm]

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\k1ca597k\0m3[1].jpg". The operation completed successfully

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\j4fn1vsx\ad-grey[1].png". The operation completed successfully

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\t5jvrcym\1m1[1].jpg". The operation completed successfully

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\mu2lo39r\0blt3[1].jpg". The operation completed successfully

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\wmb0aluh\numbers_sm_2[1].gif". The operation completed successfully

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\j4fn1vsx\tab-green-left[1].png". The operation completed successfully

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\vfuwr59d\bullet-green[1].gif". The operation completed successfully

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\k1ca597k\numbers_sm_4[1].gif". The operation completed successfully

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\mg6c517x\switch-tab-left[1].gif". The operation completed successfully

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\mg6c517x\numbers_sm_5[1].gif". The operation completed successfully

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\mg6c517x\numbers_sm_3[1].gif". The operation completed successfully

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\vfuwr59d\sg[1]". The operation completed successfully

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\k1ca597k\preview-br[1].gif]

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\mu2lo39r\c_br[1].jpg]

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\k1ca597k\c1_br[1].jpg". The operation completed successfully

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\mg6c517x\v=5;m=2;l=2718;cxt=;kw=;ts=903865;smuid=96n-uc9rc_[1]]

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\wmb0aluh\c_bl[1].jpg]

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\t5jvrcym\main-nav-tier-divider[1].png". The operation completed successfully

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\vfuwr59d\c1_bl[1].jpg". The operation completed successfully

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\j4fn1vsx\c_tr[1].jpg]

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\mg6c517x\c_tl[1].jpg]

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\vfuwr59d\main-nav-bg[2].png]

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\vfuwr59d\98_136_112_136[1]]

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\t5jvrcym\tail2[1].gif]

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\wmb0aluh\online[1].gif]

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\mg6c517x\c1_tr[1].jpg". The operation completed successfully

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\vfuwr59d\main-nav-divider[1].png". The operation completed successfully

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\t5jvrcym\c1_tl[1].jpg". The operation completed successfully

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\wmb0aluh\tracksimple[1].htm". The operation completed successfully

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\t5jvrcym\afe_specificclick_net[1].htm]

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\mu2lo39r\spacer_1[1].gif]

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\k1ca597k\preview-br[1].gif". The operation completed successfully

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\mu2lo39r\c_br[1].jpg". The operation completed successfully

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\mg6c517x\v=5;m=2;l=2718;cxt=;kw=;ts=903865;smuid=96n-uc9rc_[1]". The operation completed successfully

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\wmb0aluh\c_bl[1].jpg". The operation completed successfully

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\j4fn1vsx\c_tr[1].jpg". The operation completed successfully

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\vfuwr59d\crossdomain[1].xml]

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\mg6c517x\c_tl[1].jpg". The operation completed successfully

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\vfuwr59d\main-nav-bg[2].png". The operation completed successfully

8:45 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\t5jvrcym\aggregate[4].txt]

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\mu2lo39r\spacer[1].gif]

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\vfuwr59d\98_136_112_136[1]". The operation completed successfully

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\t5jvrcym\tail2[1].gif". The operation completed successfully

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\wmb0aluh\online[1].gif". The operation completed successfully

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\wmb0aluh\sub-nav-bg[2].png]

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\t6d3kh2r\search[4]]

8:45 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\vfuwr59d\listener[1].htm]

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\t6d3kh2r\search[3]]

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\j4fn1vsx\search[4]]

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\t5jvrcym\main-nav-tab-special[1].png]

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\k1ca597k\crossdomain[1].xml]

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\t5jvrcym\afe_specificclick_net[1].htm". The operation completed successfully

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\mu2lo39r\spacer_1[1].gif". The operation completed successfully

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\vfuwr59d\crossdomain[1].xml". The operation completed successfully

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\vfuwr59d\online[1].txt]

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\t5jvrcym\aggregate[4].txt". The operation completed successfully

8:45 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\t5jvrcym\pixel[1].gif]

8:45 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\owner\local settings\temporary internet files\content.ie5\j4fn1vsx\aggregate[3].txt]

8:45 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temporary internet files\content.ie5\mu2lo

Share this post


Link to post
Share on other sites

6:16 PM: Processing: ccbill cookie

6:16 PM: Processing: ccbill cookie

6:16 PM: Processing: whenu savenow

6:16 PM: Processing: whenu savenow

6:16 PM: Processing: whenu savenow

6:16 PM: Processing: whenu savenow

6:16 PM: Processing: whenu savenow

6:16 PM: Processing: whenu savenow

6:16 PM: Processing: whenu savenow

6:16 PM: Processing: whenu savenow

6:16 PM: Processing: whenu savenow

6:16 PM: Processing: whenu savenow

6:16 PM: Processing: whenu savenow

6:16 PM: Processing: whenu savenow

6:16 PM: Processing: whenu savenow

6:16 PM: Processing: whenu savenow

6:16 PM: Processing: whenu savenow

6:16 PM: Processing: whenu savenow

6:16 PM: Processing: trafficmp cookie

6:16 PM: Processing: fe.lea.lycos.com cookie

6:16 PM: Processing: stamps.com cookie

6:16 PM: Processing: teenax cookie

6:16 PM: Processing: enhance cookie

6:16 PM: Processing: doubleclick cookie

6:16 PM: Processing: doubleclick cookie

6:16 PM: Processing: doubleclick cookie

6:16 PM: Processing: doubleclick cookie

6:16 PM: Processing: doubleclick cookie

6:16 PM: Processing: doubleclick cookie

6:16 PM: Processing: doubleclick cookie

6:16 PM: Processing: doubleclick cookie

6:16 PM: Processing: yieldmanager cookie

6:16 PM: Processing: yieldmanager cookie

6:16 PM: Processing: yieldmanager cookie

6:16 PM: Processing: yieldmanager cookie

6:16 PM: Processing: yieldmanager cookie

6:16 PM: Processing: yieldmanager cookie

6:16 PM: Processing: yieldmanager cookie

6:16 PM: Processing: yieldmanager cookie

6:16 PM: Processing: yieldmanager cookie

6:16 PM: Processing: yieldmanager cookie

6:16 PM: Processing: yieldmanager cookie

6:16 PM: Processing: yieldmanager cookie

6:16 PM: Processing: yieldmanager cookie

6:16 PM: Processing: yieldmanager cookie

6:16 PM: Processing: yieldmanager cookie

6:16 PM: Processing: yieldmanager cookie

6:16 PM: Processing: yieldmanager cookie

6:16 PM: Processing: yieldmanager cookie

6:16 PM: Processing: yieldmanager cookie

6:16 PM: Processing: yieldmanager cookie

6:16 PM: Processing: yieldmanager cookie

6:16 PM: Processing: yieldmanager cookie

6:16 PM: Processing: yieldmanager cookie

6:16 PM: Processing: yieldmanager cookie

6:16 PM: Processing: yieldmanager cookie

6:16 PM: Processing: yieldmanager cookie

6:16 PM: Processing: videodome cookie

6:16 PM: Processing: primaryads cookie

6:16 PM: Processing: cnt cookie

6:16 PM: Processing: directtrack cookie

6:16 PM: Processing: directtrack cookie

6:16 PM: Processing: directtrack cookie

6:16 PM: Processing: directtrack cookie

6:16 PM: Processing: directtrack cookie

6:16 PM: Processing: directtrack cookie

6:16 PM: Processing: askmen cookie

6:16 PM: Processing: askmen cookie

6:16 PM: Processing: askmen cookie

6:16 PM: Processing: askmen cookie

6:16 PM: Processing: askmen cookie

6:16 PM: Processing: askmen cookie

6:16 PM: Processing: adjuggler cookie

6:16 PM: Processing: adjuggler cookie

6:16 PM: Processing: adjuggler cookie

6:16 PM: Processing: azjmp cookie

6:16 PM: Processing: azjmp cookie

6:16 PM: Processing: azjmp cookie

6:16 PM: Processing: websponsors cookie

6:16 PM: Processing: pub cookie

6:16 PM: Processing: burstbeacon cookie

6:16 PM: Processing: pointroll cookie

6:16 PM: Processing: pointroll cookie

6:16 PM: Processing: pointroll cookie

6:16 PM: Processing: pointroll cookie

6:16 PM: Processing: bs.serving-sys cookie

6:16 PM: Processing: bs.serving-sys cookie

6:16 PM: Processing: bs.serving-sys cookie

6:16 PM: Processing: bs.serving-sys cookie

6:16 PM: Processing: bs.serving-sys cookie

6:16 PM: Processing: bs.serving-sys cookie

6:16 PM: Processing: bs.serving-sys cookie

6:16 PM: Processing: bs.serving-sys cookie

6:16 PM: Processing: bs.serving-sys cookie

6:16 PM: Processing: bs.serving-sys cookie

6:16 PM: Processing: bs.serving-sys cookie

6:16 PM: Processing: bs.serving-sys cookie

6:16 PM: Processing: bs.serving-sys cookie

6:16 PM: Processing: bs.serving-sys cookie

6:16 PM: Processing: bs.serving-sys cookie

6:16 PM: Processing: bs.serving-sys cookie

6:16 PM: Processing: bs.serving-sys cookie

6:16 PM: Processing: bs.serving-sys cookie

6:16 PM: Processing: bs.serving-sys cookie

6:16 PM: Processing: bs.serving-sys cookie

6:16 PM: Processing: bs.serving-sys cookie

6:16 PM: Processing: bs.serving-sys cookie

6:16 PM: Processing: bs.serving-sys cookie

6:16 PM: Processing: bs.serving-sys cookie

6:16 PM: Processing: bs.serving-sys cookie

6:16 PM: Processing: bs.serving-sys cookie

6:16 PM: Processing: bs.serving-sys cookie

6:16 PM: Processing: bs.serving-sys cookie

6:16 PM: Processing: bs.serving-sys cookie

6:16 PM: Processing: bs.serving-sys cookie

6:16 PM: Processing: bs.serving-sys cookie

6:16 PM: Processing: bs.serving-sys cookie

6:16 PM: Processing: bs.serving-sys cookie

6:16 PM: Processing: bs.serving-sys cookie

6:16 PM: Processing: hitbox cookie

6:16 PM: Processing: hitbox cookie

6:16 PM: Processing: hitbox cookie

6:16 PM: Processing: hitbox cookie

6:16 PM: Processing: hitbox cookie

6:16 PM: Processing: atwola cookie

6:16 PM: Processing: atwola cookie

6:16 PM: Processing: ads.tripod.lycos.com cookie

6:16 PM: Processing: apmebf cookie

6:16 PM: Processing: apmebf cookie

6:16 PM: Processing: apmebf cookie

6:16 PM: Processing: apmebf cookie

6:16 PM: Processing: apmebf cookie

6:16 PM: Processing: apmebf cookie

6:16 PM: Processing: apmebf cookie

6:16 PM: Processing: apmebf cookie

6:16 PM: Processing: apmebf cookie

6:16 PM: Processing: apmebf cookie

6:16 PM: Processing: apmebf cookie

6:16 PM: Processing: overture cookie

6:16 PM: Processing: overture cookie

6:16 PM: Processing: overture cookie

6:16 PM: Processing: overture cookie

6:16 PM: Processing: overture cookie

6:16 PM: Processing: overture cookie

6:16 PM: Processing: adrevolver cookie

6:16 PM: Processing: adrevolver cookie

6:16 PM: Processing: adrevolver cookie

6:16 PM: Processing: adrevolver cookie

6:16 PM: Processing: adrevolver cookie

6:16 PM: Processing: adrevolver cookie

6:16 PM: Processing: adrevolver cookie

6:16 PM: Processing: adreactor cookie

6:16 PM: Processing: dealtime cookie

6:16 PM: Processing: dealtime cookie

6:16 PM: Processing: dealtime cookie

6:16 PM: Processing: dealtime cookie

6:16 PM: Processing: adbureau cookie

6:16 PM: Processing: adbureau cookie

6:16 PM: Processing: adbureau cookie

6:16 PM: Processing: adbureau cookie

6:16 PM: Processing: adbureau cookie

6:16 PM: Processing: adbureau cookie

6:16 PM: Processing: adbureau cookie

6:16 PM: Processing: adbureau cookie

6:16 PM: Processing: adbureau cookie

6:16 PM: Processing: adbureau cookie

6:16 PM: Processing: adbureau cookie

6:16 PM: Processing: adbureau cookie

6:16 PM: Processing: adbureau cookie

6:16 PM: Processing: adbureau cookie

6:16 PM: Processing: adbureau cookie

6:16 PM: Processing: adbureau cookie

6:16 PM: Processing: adbureau cookie

6:16 PM: Processing: adbureau cookie

6:16 PM: Processing: adbureau cookie

6:16 PM: Processing: adbureau cookie

6:16 PM: Processing: adbureau cookie

6:16 PM: Processing: adbureau cookie

6:16 PM: Processing: adbureau cookie

6:16 PM: Processing: advertising cookie

6:16 PM: Processing: advertising cookie

6:16 PM: Processing: advertising cookie

6:16 PM: Processing: advertising cookie

6:16 PM: Processing: advertising cookie

6:16 PM: Processing: advertising cookie

6:16 PM: Processing: mediaplex cookie

6:16 PM: Processing: mediaplex cookie

6:16 PM: Processing: tripod cookie

6:16 PM: Processing: tripod cookie

6:16 PM: Processing: tripod cookie

6:16 PM: Processing: tripod cookie

6:16 PM: Processing: tripod cookie

6:16 PM: Processing: tripod cookie

6:16 PM: Processing: tripod cookie

6:16 PM: Processing: tripod cookie

6:16 PM: Processing: tripod cookie

6:16 PM: Processing: tripod cookie

6:16 PM: Processing: tripod cookie

6:16 PM: Processing: tripod cookie

6:16 PM: Processing: tripod cookie

6:16 PM: Processing: go.com cookie

6:16 PM: Processing: go.com cookie

6:16 PM: Processing: go.com cookie

6:16 PM: Processing: go.com cookie

6:16 PM: Processing: go.com cookie

6:16 PM: Processing: go.com cookie

6:16 PM: Processing: go.com cookie

6:16 PM: Processing: go.com cookie

6:16 PM: Processing: go.com cookie

6:16 PM: Processing: go.com cookie

6:16 PM: Processing: go.com cookie

6:16 PM: Processing: go.com cookie

6:16 PM: Processing: go.com cookie

6:16 PM: Processing: go.com cookie

6:16 PM: Processing: go.com cookie

6:16 PM: Processing: go.com cookie

6:16 PM: Processing: go.com cookie

6:16 PM: Processing: go.com cookie

6:16 PM: Processing: realmedia cookie

6:16 PM: Processing: relevantknowledge marketscore

6:16 PM: Processing: relevantknowledge marketscore

6:16 PM: Processing: relevantknowledge marketscore

6:16 PM: Processing: Troj/Forro-Gen

6:16 PM: Processing: Troj/Dloadr-AYQ

6:16 PM: Processing: Troj/Dloadr-AYQ

6:16 PM: Processing: Troj/Dloadr-AYQ

6:16 PM: Processing: Mal/Swizzor-B

6:16 PM: Processing: Mal/Swizzor-B

6:16 PM: Processing: Mal/Swizzor-B

6:16 PM: Processing: Mal/Swizzor-B

6:16 PM: Processing: Mal/Swizzor-B

6:16 PM: Processing: Mal/Swizzor-B

6:16 PM: Processing: Mal/Swizzor-B

6:16 PM: Processing: Mal/Swizzor-B

6:16 PM: Processing: Mal/Swizzor-B

6:16 PM: Processing: Mal/Swizzor-B

6:16 PM: Processing: Mal/Swizzor-B

6:16 PM: Processing: Mal/Swizzor-B

6:16 PM: Processing: Mal/Swizzor-B

6:16 PM: Processing: Mal/Swizzor-B

6:16 PM: Processing: Mal/Swizzor-B

6:16 PM: Processing: Mal/Swizzor-B

6:16 PM: Processing: Mal/Swizzor-B

6:16 PM: Processing: Mal/Swizzor-B

6:16 PM: Processing: Mal/Swizzor-B

6:16 PM: Processing: Mal/Swizzor-B

6:16 PM: Processing: Mal/Swizzor-B

6:16 PM: Processing: Mal/Swizzor-B

6:16 PM: Processing: Mal/Swizzor-B

6:16 PM: Processing: Mal/Swizzor-B

6:16 PM: Processing: Mal/Swizzor-B

6:16 PM: Processing: Mal/Swizzor-B

6:16 PM: Processing: Mal/Swizzor-B

6:16 PM: Processing: Mal/Swizzor-B

6:16 PM: Processing: Mal/Swizzor-B

6:16 PM: Processing: Mal/Swizzor-B

6:16 PM: Processing: Mal/Swizzor-B

6:16 PM: Processing: Mal/Swizzor-B

6:16 PM: Processing: Mal/Swizzor-B

6:16 PM: Processing: Mal/Swizzor-B

6:16 PM: Processing: Mal/Swizzor-B

6:16 PM: Processing: Mal/Swizzor-B

6:16 PM: Processing: Mal/Swizzor-B

6:16 PM: Processing: Mal/Swizzor-B

6:16 PM: Processing: Mal/Swizzor-B

6:16 PM: Processing: Mal/Swizzor-B

6:16 PM: Processing: Mal/Swizzor-B

6:16 PM: Processing: Mal/Swizzor-B

6:16 PM: Processing: Mal/Swizzor-B

6:16 PM: Processing: Mal/ObfJS-C

6:16 PM: Processing: Mal/ObfJS-B

6:16 PM: Processing: Mal/ObfJS-B

6:16 PM: Processing: Mal/ObfJS-B

6:16 PM: Processing: Mal/ObfJS-B

6:16 PM: Processing: Mal/ObfJS-B

6:16 PM: Processing: Mal/ObfJS-B

6:16 PM: Processing: Mal/ObfJS-B

6:16 PM: Processing: Mal/ObfJS-AM

6:16 PM: Processing: Mal/ObfJS-AM

6:16 PM: Processing: Mal/ObfJS-AB

6:16 PM: Processing: Mal/ObfJS-AB

6:16 PM: Processing: Mal/Iframe-F

6:16 PM: Processing: Mal/Generic-A

6:16 PM: Processing: Mal/Generic-A

6:16 PM: Processing: Mal/Generic-A

6:16 PM: Processing: Mal/Generic-A

6:16 PM: Processing: Mal/Generic-A

6:16 PM: Processing: Exp/SWFScene-A

6:16 PM: Processing: EICAR-AV-Test

6:16 PM: Deletion from quarantine initiated

6:15 PM: IE Tracking Cookies Shield: Removed doubleclick cookie

6:15 PM: File System Shield: found: Adware: relevantknowledge marketscore, version 1.0.0.0

Keylogger: On

E-mail Attachment: On

6:14 PM: Informational: ShieldEmail: Start monitoring port 25 for mail activities

6:14 PM: Informational: ShieldEmail: Start monitoring port 110 for mail activities

BHO Shield: On

IE Security Shield: On

Alternate Data Stream (ADS) Execution Shield: On

Startup Shield: On

Common Ad Sites: On

Hosts File Shield: On

Internet Communication Shield: On

ActiveX Shield: On

Windows Messenger Service Shield: On

IE Favorites Shield: On

File System Shield: On

Execution Shield: On

System Services Shield: On

IE Hijack Shield: On

IE Tracking Cookies Shield: On

6:14 PM: Shield States

6:14 PM: License Check Status (0): Success

6:14 PM: Spyware Definitions: 1348

6:14 PM: Informational: Loaded AntiVirus Engine: 2.81.2; SDK Version: 4.36E; Virus Definitions: 12/15/2008 5:50:50 PM (GMT)

6:13 PM: Spy Sweeper 5.5.7.48 started

6:13 PM: Spy Sweeper 5.5.7.48 started

6:13 PM: | Start of Session, Tuesday, December 16, 2008 |

***************

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:38 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:38 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:38 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:38 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:38 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:38 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:38 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:38 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:38 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:38 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:38 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:38 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

Share this post


Link to post
Share on other sites

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:37 PM: Tamper Detection

7:12 PM: Your virus definitions have been updated.

7:12 PM: Informational: Loaded AntiVirus Engine: 2.81.2; SDK Version: 4.36E; Virus Definitions: 12/15/2008 5:50:50 PM (GMT)

7:12 PM: Your spyware definitions have been updated.

7:10 PM: Automated check for program update in progress.

Keylogger: On

E-mail Attachment: On

7:10 PM: Informational: ShieldEmail: Start monitoring port 25 for mail activities

7:10 PM: Informational: ShieldEmail: Start monitoring port 110 for mail activities

BHO Shield: On

IE Security Shield: On

Alternate Data Stream (ADS) Execution Shield: On

Startup Shield: On

Common Ad Sites: On

Hosts File Shield: On

Internet Communication Shield: On

ActiveX Shield: On

Windows Messenger Service Shield: On

IE Favorites Shield: On

File System Shield: On

Execution Shield: On

System Services Shield: On

IE Hijack Shield: On

IE Tracking Cookies Shield: On

7:10 PM: Shield States

7:10 PM: License Check Status (0): Success

7:10 PM: Spyware Definitions: 1347

7:10 PM: Informational: Loaded AntiVirus Engine: 2.81.2; SDK Version: 4.36E; Virus Definitions: 12/14/2008 12:26:06 PM (GMT)

7:08 PM: Spy Sweeper 5.5.7.48 started

7:08 PM: Spy Sweeper 5.5.7.48 started

7:08 PM: | Start of Session, Monday, December 15, 2008 |

***************

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\Driver

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

3:16 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\Driver

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

3:16 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\Driver

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

3:16 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\Driver

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

3:16 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\Driver

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

3:16 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\Driver

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

3:16 AM: Tamper Detection

3:15 AM: IE Tracking Cookies Shield: Removed about cookie

3:15 AM: IE Tracking Cookies Shield: Removed about cookie

3:15 AM: IE Tracking Cookies Shield: Removed about cookie

3:15 AM: IE Tracking Cookies Shield: Removed about cookie

3:15 AM: IE Tracking Cookies Shield: Removed about cookie

3:13 AM: IE Tracking Cookies Shield: Removed about cookie

3:13 AM: IE Tracking Cookies Shield: Removed about cookie

3:13 AM: IE Tracking Cookies Shield: Removed about cookie

3:13 AM: IE Tracking Cookies Shield: Removed about cookie

3:13 AM: IE Tracking Cookies Shield: Removed about cookie

3:13 AM: IE Tracking Cookies Shield: Removed about cookie

3:13 AM: IE Tracking Cookies Shield: Removed about cookie

2:09 AM: IE Tracking Cookies Shield: Removed about cookie

2:09 AM: IE Tracking Cookies Shield: Removed about cookie

2:09 AM: IE Tracking Cookies Shield: Removed about cookie

2:09 AM: IE Tracking Cookies Shield: Removed about cookie

2:09 AM: IE Tracking Cookies Shield: Removed about cookie

2:09 AM: IE Tracking Cookies Shield: Removed about cookie

1:36 AM: IE Tracking Cookies Shield: Removed doubleclick cookie

1:36 AM: IE Tracking Cookies Shield: Removed doubleclick cookie

1:34 AM: IE Tracking Cookies Shield: Removed doubleclick cookie

1:08 AM: IE Tracking Cookies Shield: Removed about cookie

1:08 AM: IE Tracking Cookies Shield: Removed about cookie

1:08 AM: IE Tracking Cookies Shield: Removed about cookie

1:08 AM: IE Tracking Cookies Shield: Removed about cookie

1:08 AM: IE Tracking Cookies Shield: Removed about cookie

1:08 AM: IE Tracking Cookies Shield: Removed about cookie

1:07 AM: IE Tracking Cookies Shield: Removed about cookie

1:07 AM: IE Tracking Cookies Shield: Removed about cookie

1:07 AM: IE Tracking Cookies Shield: Removed about cookie

1:07 AM: IE Tracking Cookies Shield: Removed about cookie

1:07 AM: Warning: Unable to remove cookie c:\documents and settings\owner\cookies\owner@about[1].txt

1:07 AM: IE Tracking Cookies Shield: Removed about cookie

1:07 AM: IE Tracking Cookies Shield: Removed about cookie

1:06 AM: IE Tracking Cookies Shield: Removed about cookie

1:06 AM: IE Tracking Cookies Shield: Removed about cookie

1:06 AM: IE Tracking Cookies Shield: Removed about cookie

1:06 AM: IE Tracking Cookies Shield: Removed about cookie

1:06 AM: IE Tracking Cookies Shield: Removed about cookie

1:06 AM: IE Tracking Cookies Shield: Removed about cookie

1:06 AM: IE Tracking Cookies Shield: Removed about cookie

1:06 AM: IE Tracking Cookies Shield: Removed about cookie

1:06 AM: IE Tracking Cookies Shield: Removed about cookie

1:06 AM: IE Tracking Cookies Shield: Removed about cookie

1:06 AM: IE Tracking Cookies Shield: Removed about cookie

1:06 AM: IE Tracking Cookies Shield: Removed about cookie

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

10:16 PM: Tamper Detection

3:44 PM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\K1CA597K\IB%20MUSICAL%20INVESTIGATION[1].PPT]

12:02 PM: IE Tracking Cookies Shield: Removed doubleclick cookie

12:02 PM: Your virus definitions have been updated.

12:02 PM: Informational: Loaded AntiVirus Engine: 2.81.2; SDK Version: 4.36E; Virus Definitions: 12/14/2008 12:26:06 PM (GMT)

12:01 PM: Your definitions are up to date.

12:01 PM: Automated check for program update in progress.

Keylogger: On

E-mail Attachment: On

12:01 PM: Informational: ShieldEmail: Start monitoring port 25 for mail activities

12:01 PM: Informational: ShieldEmail: Start monitoring port 110 for mail activities

BHO Shield: On

IE Security Shield: On

Alternate Data Stream (ADS) Execution Shield: On

Startup Shield: On

Common Ad Sites: On

Hosts File Shield: On

Internet Communication Shield: On

ActiveX Shield: On

Windows Messenger Service Shield: On

IE Favorites Shield: On

File System Shield: On

Execution Shield: On

System Services Shield: On

IE Hijack Shield: On

IE Tracking Cookies Shield: On

12:01 PM: Shield States

12:01 PM: License Check Status (0): Success

12:00 PM: Spyware Definitions: 1347

12:00 PM: Informational: Loaded AntiVirus Engine: 2.81.2; SDK Version: 4.36E; Virus Definitions: 12/13/2008 3:34:26 AM (GMT)

12:00 PM: Spy Sweeper 5.5.7.48 started

12:00 PM: Spy Sweeper 5.5.7.48 started

12:00 PM: | Start of Session, Sunday, December 14, 2008 |

***************

Operation: Code Injection

Target: C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Source: C:\WINDOWS\system32\csrss.exe

12:55 AM: Tamper Detection

11:44 PM: IE Tracking Cookies Shield: Removed doubleclick cookie

10:19 PM: IE Tracking Cookies Shield: Removed apmebf cookie

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

Share this post


Link to post
Share on other sites

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:52 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:51 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:51 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:51 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:51 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:51 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:51 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:51 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:51 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:51 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:51 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:51 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:51 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:51 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:51 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:51 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:51 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:51 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:51 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:51 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:51 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:51 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:51 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:51 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:51 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:51 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:51 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:51 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:51 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:51 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:51 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:51 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:51 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:51 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:51 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:51 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:51 PM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

7:51 PM: Tamper Detection

7:11 PM: IE Tracking Cookies Shield: Removed doubleclick cookie

1:31 PM: IE Tracking Cookies Shield: Removed doubleclick cookie

12:35 PM: IE Tracking Cookies Shield: Removed doubleclick cookie

11:58 AM: Your virus definitions have been updated.

11:58 AM: Informational: Loaded AntiVirus Engine: 2.81.2; SDK Version: 4.36E; Virus Definitions: 12/13/2008 3:34:26 AM (GMT)

11:58 AM: Your spyware definitions have been updated.

11:57 AM: Automated check for program update in progress.

Keylogger: On

11:57 AM: Informational: ShieldEmail: Start monitoring port 25 for mail activities

E-mail Attachment: On

11:57 AM: Informational: ShieldEmail: Start monitoring port 110 for mail activities

BHO Shield: On

IE Security Shield: On

Alternate Data Stream (ADS) Execution Shield: On

Startup Shield: On

Common Ad Sites: On

Hosts File Shield: On

Internet Communication Shield: On

ActiveX Shield: On

Windows Messenger Service Shield: On

IE Favorites Shield: On

File System Shield: On

Execution Shield: On

System Services Shield: On

IE Hijack Shield: On

IE Tracking Cookies Shield: On

11:56 AM: Shield States

11:56 AM: License Check Status (0): Success

11:56 AM: Spyware Definitions: 1346

11:56 AM: Informational: Loaded AntiVirus Engine: 2.81.2; SDK Version: 4.36E; Virus Definitions: 12/11/2008 7:02:46 PM (GMT)

11:55 AM: Spy Sweeper 5.5.7.48 started

11:55 AM: Spy Sweeper 5.5.7.48 started

11:55 AM: | Start of Session, Saturday, December 13, 2008 |

***************

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\Driver

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:36 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\Driver

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:36 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\Driver

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:36 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\Driver

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:36 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\Driver

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:36 AM: Tamper Detection

Operation: Registry Access

Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\Driver

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE

4:36 AM: Tamper Detection

4:24 AM: IE Tracking Cookies Shield: Removed doubleclick cookie

3:34 AM: IE Tracking Cookies Shield: Removed doubleclick cookie

Keylogger: On

E-mail Attachment: On

3:32 AM: Informational: ShieldEmail: Start monitoring port 25 for mail activities

3:32 AM: Informational: ShieldEmail: Start monitoring port 110 for mail activities

BHO Shield: On

IE Security Shield: On

Alternate Data Stream (ADS) Execution Shield: On

Startup Shield: On

Common Ad Sites: On

Hosts File Shield: On

Internet Communication Shield: On

ActiveX Shield: On

Windows Messenger Service Shield: On

IE Favorites Shield: On

File System Shield: On

Execution Shield: On

System Services Shield: On

IE Hijack Shield: On

IE Tracking Cookies Shield: On

3:32 AM: Shield States

3:32 AM: License Check Status (0): Success

3:32 AM: Spyware Definitions: 1346

3:32 AM: Informational: Loaded AntiVirus Engine: 2.81.2; SDK Version: 4.36E; Virus Definitions: 12/11/2008 7:02:46 PM (GMT)

3:31 AM: Spy Sweeper 5.5.7.48 started

3:31 AM: Spy Sweeper 5.5.7.48 started

3:31 AM: | Start of Session, Friday, December 12, 2008 |

***************

Operation: Code Injection

Target: C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Source: C:\WINDOWS\system32\csrss.exe

10:13 AM: Tamper Detection

9:43 AM: Warning: AntiVirus engine for IFO returned [File Corrupted] on [C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\K1CA597K\SAIGON[1].PPS]

9:36 AM: IE Tracking Cookies Shield: Removed doubleclick cookie

Keylogger: On

9:34 AM: Informational: ShieldEmail: Start monitoring port 25 for mail activities

E-mail Attachment: On

9:34 AM: Informational: ShieldEmail: Start monitoring port 110 for mail activities

BHO Shield: On

IE Security Shield: On

Alternate Data Stream (ADS) Execution Shield: On

Startup Shield: On

Common Ad Sites: On

Hosts File Shield: On

Internet Communication Shield: On

ActiveX Shield: On

Windows Messenger Service Shield: On

IE Favorites Shield: On

File System Shield: On

Execution Shield: On

System Services Shield: On

IE Hijack Shield: On

IE Tracking Cookies Shield: On

9:34 AM: Shield States

9:34 AM: License Check Status (0): Success

9:34 AM: Spyware Definitions: 1345

9:34 AM: Informational: Loaded AntiVirus Engine: 2.81.2; SDK Version: 4.36E; Virus Definitions: 12/10/2008 7:03:02 PM (GMT)

9:33 AM: Spy Sweeper 5.5.7.48 started

9:33 AM: Spy Sweeper 5.5.7.48 started

9:33 AM: | Start of Session, Thursday, December 11, 2008 |

***************

Share this post


Link to post
Share on other sites

Good news! The infected files are all in ComboFix's quarantine folder, and the recycle bin. I don't know when you ran ComboFix, but had it been properly uninstalled you would not have that folder. Lets clean that up. If you still have ComboFix.exe delete it. Download a fresh copy from here, saving the file to your desktop.

 

ComboFix.exe must be on the Desktop for this to work! Highlight and copy the following bolded command.

 

"%userprofile%\desktop\combofix.exe" /u

 

Click Start then Run and paste the command in the Run dialog, then hit Enter. ComboFix will run and uninstall itself removing the files it has quarantined. This action will also reset the System Restore points, removing any infected files there as well.

Verify the C:\Qoobox and C:\ComboFix folders were removed.

 

 

Download ATF Cleaner by Atribune and save it to your Desktop.

  • Double click ATF-Cleaner.exe to run the program.
  • Check the boxes to the left of:

     

  • Windows Temp
Current User Temp All Users Temp Temporary Internet Files Prefetch Java Cache Recycle bin

The rest are optional - if you want it to remove everything check "Select All". Finally, click Empty Selected. When you get the "Done Cleaning" message, click OK.If you use Firefox and/or Opera I recommend you select that option(s) and clean at least the cache.Reboot when complete.

 

 

That should make SpySweeper happy. ;)

Share this post


Link to post
Share on other sites
Sign in to follow this  

×
×
  • Create New...