Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!
3 Pages V  < 1 2 3 >  
 Closed TopicStart new topic
Help with two viruses please-Mal/EncPk-BP & Troj/Zlobar-Fam [Resol, High risk Malware and trojan Zlob infecting my computer
lobster_ear
post Dec 16 2007, 10:14 PM
Post #16


Member
**
Posts: 21
OS: XP
Here it is

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/16/2007 at 11:01 PM

Application Version : 3.9.1008

Core Rules Database Version : 3362
Trace Rules Database Version: 1361

Scan type : Complete Scan
Total Scan Time : 02:03:14

Memory items scanned : 171
Memory threats detected : 0
Registry items scanned : 5323
Registry threats detected : 0
File items scanned : 49143
File threats detected : 1

Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt

And here's the HijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:13:57 PM, on 12/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O8 - Extra context menu item: &Search - ?p=ZK
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O24 - Desktop Component 1: MuggleNet's Deathly Hallows/Order of the Phoenix Countdown - http://www.mugglenet.com/countdown/desktop-dhootp.html

--
End of file - 6146 bytes
Go to the top of the page
 
+Quote Post
kahdah
post Dec 17 2007, 03:48 AM
Post #17


GeekU Teacher
Group Icon
Posts: 13,543
From: Florida
OS: Windows xp,Vista business



  • open SpySweeper, by double-clicking the icon on your desktop.
  • Click Options on the left side.
  • Click the Sweep tab.
  • Under Items to Sweep make sure the following are checked:
    • Windows registry
    • Memory objects
    • Cookies
    • Compressed Files
    • System Restore Folder
  • Under Other Options make sure the following are checked:
    • Sweep all user accounts
    • Enable Direct Disk Sweeping
    • Sweep for rootkits
  • Click the Sweep button on the left side.
  • Click the Start Sweep button.
  • When it's done scanning, make sure everything has a check next to it, then click the Quarantine Selected button.
  • It will quarantine all of the items found.
  • Click View Session Log in the right corner above the box where the items are listed.
  • Click Save to File and save it on your desktop.
  • Exit SpySweeper.
  • Paste the contents of the session log you saved into your next reply (Spy Sweeper Session Log.txt).
  • NOTE: you can get to the log by clicking Options on the left. Then, View Session Log will be listed under Other Options.
Go to the top of the page
 
+Quote Post
lobster_ear
post Dec 17 2007, 03:11 PM
Post #18


Member
**
Posts: 21
OS: XP
Here is the first half (the log was too long for one post). It didn't detect the Zlob this time. I guess we successfully got rid of that. It still detected the mal/enc though

3:39 PM: Removal process completed. Elapsed time 00:02:00
3:39 PM: Quarantining All Traces: server.iad.liveperson cookie
3:39 PM: Quarantining All Traces: imrworldwide.com cookie
3:39 PM: Quarantining All Traces: 2o7.net cookie
3:39 PM: Quarantining All Traces: atlas dmt cookie
3:39 PM: Quarantining All Traces: pointroll cookie
3:38 PM: Informational: Virus infected file c:\documents and settings\administrator\my documents\stuff\sumotori.exe not cleaned.
3:38 PM: Informational: File c:\documents and settings\administrator\my documents\stuff\sumotori.exe still infected with virus Mal/EncPk-BP after 20 rounds of disinfection.
3:38 PM: Informational: File c:\documents and settings\administrator\my documents\stuff\sumotori.exe still infected with virus Mal/EncPk-BP after 19 rounds of disinfection.
3:38 PM: Informational: File c:\documents and settings\administrator\my documents\stuff\sumotori.exe still infected with virus Mal/EncPk-BP after 18 rounds of disinfection.
3:38 PM: Informational: File c:\documents and settings\administrator\my documents\stuff\sumotori.exe still infected with virus Mal/EncPk-BP after 17 rounds of disinfection.
3:38 PM: Informational: File c:\documents and settings\administrator\my documents\stuff\sumotori.exe still infected with virus Mal/EncPk-BP after 16 rounds of disinfection.
3:38 PM: Informational: File c:\documents and settings\administrator\my documents\stuff\sumotori.exe still infected with virus Mal/EncPk-BP after 15 rounds of disinfection.
3:38 PM: Informational: File c:\documents and settings\administrator\my documents\stuff\sumotori.exe still infected with virus Mal/EncPk-BP after 14 rounds of disinfection.
3:38 PM: Informational: File c:\documents and settings\administrator\my documents\stuff\sumotori.exe still infected with virus Mal/EncPk-BP after 13 rounds of disinfection.
3:38 PM: Informational: File c:\documents and settings\administrator\my documents\stuff\sumotori.exe still infected with virus Mal/EncPk-BP after 12 rounds of disinfection.
3:38 PM: Informational: File c:\documents and settings\administrator\my documents\stuff\sumotori.exe still infected with virus Mal/EncPk-BP after 11 rounds of disinfection.
3:38 PM: Informational: File c:\documents and settings\administrator\my documents\stuff\sumotori.exe still infected with virus Mal/EncPk-BP after 10 rounds of disinfection.
3:38 PM: Informational: File c:\documents and settings\administrator\my documents\stuff\sumotori.exe still infected with virus Mal/EncPk-BP after 9 rounds of disinfection.
3:37 PM: Informational: File c:\documents and settings\administrator\my documents\stuff\sumotori.exe still infected with virus Mal/EncPk-BP after 8 rounds of disinfection.
3:37 PM: Informational: File c:\documents and settings\administrator\my documents\stuff\sumotori.exe still infected with virus Mal/EncPk-BP after 7 rounds of disinfection.
3:37 PM: Informational: File c:\documents and settings\administrator\my documents\stuff\sumotori.exe still infected with virus Mal/EncPk-BP after 6 rounds of disinfection.
3:37 PM: Informational: File c:\documents and settings\administrator\my documents\stuff\sumotori.exe still infected with virus Mal/EncPk-BP after 5 rounds of disinfection.
3:37 PM: Informational: File c:\documents and settings\administrator\my documents\stuff\sumotori.exe still infected with virus Mal/EncPk-BP after 4 rounds of disinfection.
3:37 PM: Informational: File c:\documents and settings\administrator\my documents\stuff\sumotori.exe still infected with virus Mal/EncPk-BP after 3 rounds of disinfection.
3:37 PM: Informational: File c:\documents and settings\administrator\my documents\stuff\sumotori.exe still infected with virus Mal/EncPk-BP after 2 rounds of disinfection.
3:37 PM: Informational: File c:\documents and settings\administrator\my documents\stuff\sumotori.exe still infected with virus Mal/EncPk-BP after 1 round of disinfection.
3:37 PM: Quarantining All Traces: Mal/EncPk-BP
3:37 PM: Removal process initiated
3:34 PM: Traces Found: 17
3:34 PM: Custom Sweep has completed. Elapsed time 00:51:31
3:34 PM: File Sweep Complete, Elapsed Time: 00:45:43
3:32 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsaf68c273-7f9c-4f99-9014-b1f726694a52.tmp]
3:32 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms46083859-d3e5-4d43-b3aa-3564b252a4d8.tmp]
3:32 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms1722b610-a9c6-4457-a89b-1d95d91a83af.tmp]
3:32 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms8bfc50da-e365-4ad9-8137-4c6922da4de2.tmp]
3:32 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms18062d1d-a9f8-4860-9233-a2c9d2f32e7e.tmp]
3:32 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms9e23e755-4304-4b4c-a960-32c0383da839.tmp]
3:32 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms98ebffbb-3ab3-4916-a987-0e2475f42486.tmp]
3:32 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms2d834968-23de-412e-8841-3a928c2834b7.tmp]
3:32 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\administrator\application data\mozilla\firefox\profiles\cf6eysbl.default\parent.lock]
3:31 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsaf68c273-7f9c-4f99-9014-b1f726694a52.tmp". The operation completed successfully
3:31 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms46083859-d3e5-4d43-b3aa-3564b252a4d8.tmp". The operation completed successfully
3:31 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms1722b610-a9c6-4457-a89b-1d95d91a83af.tmp". The operation completed successfully
3:31 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms8bfc50da-e365-4ad9-8137-4c6922da4de2.tmp". The operation completed successfully
3:31 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms18062d1d-a9f8-4860-9233-a2c9d2f32e7e.tmp". The operation completed successfully
3:31 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms9e23e755-4304-4b4c-a960-32c0383da839.tmp". The operation completed successfully
3:31 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms98ebffbb-3ab3-4916-a987-0e2475f42486.tmp". The operation completed successfully
3:31 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms2d834968-23de-412e-8841-3a928c2834b7.tmp". The operation completed successfully
3:31 PM: Warning: Failed to open file "c:\documents and settings\administrator\application data\mozilla\firefox\profiles\cf6eysbl.default\parent.lock". The operation completed successfully
3:29 PM: C:\Documents and Settings\Administrator\My Documents\Stuff\sumotori.exe (ID = 0)
3:29 PM: Found Mal/EncPk-BP: Mal/EncPk-BP
3:28 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\windows\system32\config\default]
3:26 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\administrator\ntuser.dat]
3:26 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\ntuser.dat]
3:26 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\networkservice\ntuser.dat]
3:26 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\windows\system32\config\software]
3:26 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\windows\system32\config\system]
3:26 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\pagefile.sys]
3:23 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms59231ab3-05ad-46f2-8f1c-07fe715e55b7.tmp]
3:23 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms0310df2e-9790-4722-a6cd-f1f76e59464c.tmp]
3:16 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms431e3faf-8cba-42be-bdfb-53149b243118.tmp]
3:15 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsa7794f6f-4840-4aa7-8d3b-020e064313b6.tmp]
3:12 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms747b4bc6-e14b-4410-ae9b-4465f0829bdf.tmp]
3:12 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms1d5d2941-e6e5-4796-8779-a7d18afabdd0.tmp]
3:11 PM: Warning: AntiVirus engine for IFO returned [File Encrypted] on [c:\documents and settings\administrator\application data\superantispyware.com\superantispyware\quarantine\quarantine - 12-16-2007 - 23-02-09.sbu]
3:08 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms976b3a4f-9c48-4a75-a746-9a518433f7f8.tmp]
3:05 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms3d9a5212-5ad7-43dd-b54c-8fd32d028e01.tmp]
2:55 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\windows\system32\config\sam]
2:55 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms6f50fe00-7d4e-47cd-8a4e-f61d19b7523a.tmp]
2:52 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\windows\system32\config\security]
2:51 PM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms6c062dc0-21ca-4168-9ad2-93427543f45c.tmp]
2:50 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\windows\system32\config\default.log]
2:49 PM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\documents and settings\administrator\application data\mozilla\firefox\profiles\cf6eysbl.default\cookies-1.txt]
2:48 PM: Starting File Sweep
2:48 PM: Warning: SweepDirectories: Cannot find directory "a:". This directory was not added to the list of paths to be scanned.
2:48 PM: Cookie Sweep Complete, Elapsed Time: 00:00:04
2:48 PM: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cf6eysbl.default\cookies.txt (ID = 3148)
2:48 PM: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cf6eysbl.default\cookies.txt (ID = 3148)
2:48 PM: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cf6eysbl.default\cookies.txt (ID = 3148)
2:48 PM: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cf6eysbl.default\cookies.txt (ID = 3148)
2:48 PM: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cf6eysbl.default\cookies.txt (ID = 3148)
2:48 PM: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cf6eysbl.default\cookies.txt (ID = 3148)
2:48 PM: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cf6eysbl.default\cookies.txt (ID = 3148)
2:48 PM: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cf6eysbl.default\cookies.txt (ID = 3341)
2:48 PM: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cf6eysbl.default\cookies.txt (ID = 3341)
2:48 PM: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cf6eysbl.default\cookies.txt (ID = 3341)
2:48 PM: Found Spy Cookie: server.iad.liveperson cookie
2:48 PM: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cf6eysbl.default\cookies.txt (ID = 2845)
2:48 PM: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cf6eysbl.default\cookies.txt (ID = 2845)
2:48 PM: Found Spy Cookie: imrworldwide.com cookie
2:48 PM: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cf6eysbl.default\cookies.txt (ID = 1957)
2:48 PM: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cf6eysbl.default\cookies.txt (ID = 1957)
2:48 PM: Found Spy Cookie: 2o7.net cookie
2:48 PM: c:\documents and settings\administrator\cookies\administrator@atdmt[1].txt (ID = 2253)
2:48 PM: Found Spy Cookie: atlas dmt cookie
2:48 PM: c:\documents and settings\administrator\cookies\administrator@ads.pointroll[1].txt (ID = 3148)
2:48 PM: Found Spy Cookie: pointroll cookie
2:48 PM: Starting Cookie Sweep
2:48 PM: Registry Sweep Complete, Elapsed Time:00:00:36
2:47 PM: Starting Registry Sweep
2:47 PM: Memory Sweep Complete, Elapsed Time: 00:04:47
2:43 PM: ApplicationMinimized - EXIT
2:43 PM: ApplicationMinimized - ENTER
2:43 PM: Starting Memory Sweep
2:43 PM: Warning: TFileCountEnum.ProcessPartition: TVolumeFAT.IC: invalid Boot Sector. Volume D:
2:42 PM: Start Custom Sweep
2:42 PM: Sweep initiated using definitions version 1051
2:38 PM: ApplicationMinimized - EXIT
2:38 PM: ApplicationMinimized - ENTER
2:37 PM: ApplicationMinimized - EXIT
2:37 PM: ApplicationMinimized - ENTER
2:37 PM: Deletion from quarantine completed. Elapsed time 00:00:00
2:37 PM: Processing: Troj/Zlobar-Fam
2:37 PM: Processing: Mal/EncPk-BP
2:37 PM: Deletion from quarantine initiated
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:48 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:48 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:48 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:48 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:48 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:48 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:48 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:48 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:48 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:48 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:48 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:48 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:48 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:48 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:48 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:48 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:48 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
Go to the top of the page
 
+Quote Post
lobster_ear
post Dec 17 2007, 03:13 PM
Post #19


Member
**
Posts: 21
OS: XP
2nd half

2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:47 AM: Tamper Detection
Keylogger: On
11:09 PM: Informational: ShieldEmail: Start monitoring port 25 for mail activities
E-mail Attachment: On
11:09 PM: Informational: ShieldEmail: Start monitoring port 110 for mail activities
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: On
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
File System Shield: On
Execution Shield: On
System Services Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
11:09 PM: Shield States
11:09 PM: License Check Status (0): Success
11:09 PM: Spyware Definitions: 1051
11:09 PM: Informational: Loaded AntiVirus Engine: 2.52.1; SDK Version: 4.24E; Virus Definitions: 12/16/2007 1:51:18 PM (GMT)
11:07 PM: Spy Sweeper 5.5.7.103 started
11:07 PM: Spy Sweeper 5.5.7.103 started
11:07 PM: | Start of Session, Sunday, December 16, 2007 |
***************
6:46 PM: Your virus definitions have been updated.
6:46 PM: Informational: Loaded AntiVirus Engine: 2.52.1; SDK Version: 4.24E; Virus Definitions: 12/16/2007 1:51:18 PM (GMT)
6:45 PM: Your definitions are up to date.
6:45 PM: Automated check for program update in progress.
Operation: File Access
Target:
Source: C:\WINDOWS\EXPLORER.EXE
12:58 PM: Tamper Detection
11:35 AM: ApplicationMinimized - EXIT
11:35 AM: ApplicationMinimized - ENTER
11:35 AM: ApplicationMinimized - EXIT
11:35 AM: ApplicationMinimized - ENTER
11:35 AM: ApplicationMinimized - EXIT
11:35 AM: ApplicationMinimized - ENTER
11:35 AM: ApplicationMinimized - EXIT
11:35 AM: ApplicationMinimized - ENTER
11:35 AM: ApplicationMinimized - EXIT
11:35 AM: ApplicationMinimized - ENTER
11:35 AM: ApplicationMinimized - EXIT
11:35 AM: ApplicationMinimized - ENTER
11:35 AM: ApplicationMinimized - EXIT
11:35 AM: ApplicationMinimized - ENTER
11:35 AM: ApplicationMinimized - EXIT
11:35 AM: ApplicationMinimized - ENTER
11:35 AM: ApplicationMinimized - EXIT
11:35 AM: ApplicationMinimized - ENTER
11:35 AM: ApplicationMinimized - EXIT
11:35 AM: ApplicationMinimized - ENTER
11:35 AM: ApplicationMinimized - EXIT
11:35 AM: ApplicationMinimized - ENTER
11:35 AM: ApplicationMinimized - EXIT
11:35 AM: ApplicationMinimized - ENTER
11:35 AM: ApplicationMinimized - EXIT
11:35 AM: ApplicationMinimized - ENTER
11:35 AM: ApplicationMinimized - EXIT
11:35 AM: ApplicationMinimized - ENTER
11:35 AM: ApplicationMinimized - EXIT
11:35 AM: ApplicationMinimized - ENTER
11:35 AM: ApplicationMinimized - EXIT
11:35 AM: ApplicationMinimized - ENTER
11:35 AM: ApplicationMinimized - EXIT
11:35 AM: ApplicationMinimized - ENTER
11:35 AM: ApplicationMinimized - EXIT
11:35 AM: ApplicationMinimized - ENTER
11:35 AM: ApplicationMinimized - EXIT
11:35 AM: ApplicationMinimized - ENTER
11:35 AM: ApplicationMinimized - EXIT
11:35 AM: ApplicationMinimized - ENTER
11:35 AM: ApplicationMinimized - EXIT
11:35 AM: ApplicationMinimized - ENTER
11:35 AM: ApplicationMinimized - EXIT
11:35 AM: ApplicationMinimized - ENTER
11:35 AM: ApplicationMinimized - EXIT
11:35 AM: ApplicationMinimized - ENTER
11:35 AM: ApplicationMinimized - EXIT
11:35 AM: ApplicationMinimized - ENTER
11:35 AM: ApplicationMinimized - EXIT
11:35 AM: ApplicationMinimized - ENTER
11:35 AM: ApplicationMinimized - EXIT
11:35 AM: ApplicationMinimized - ENTER
11:35 AM: ApplicationMinimized - EXIT
11:35 AM: ApplicationMinimized - ENTER
11:35 AM: ApplicationMinimized - EXIT
11:35 AM: ApplicationMinimized - ENTER
11:35 AM: ApplicationMinimized - EXIT
11:35 AM: ApplicationMinimized - ENTER
11:35 AM: ApplicationMinimized - EXIT
11:35 AM: ApplicationMinimized - ENTER
11:35 AM: ApplicationMinimized - EXIT
11:35 AM: ApplicationMinimized - ENTER
11:33 AM: ApplicationMinimized - EXIT
11:33 AM: ApplicationMinimized - ENTER
Keylogger: On
E-mail Attachment: On
11:06 AM: Informational: ShieldEmail: Start monitoring port 25 for mail activities
11:06 AM: Informational: ShieldEmail: Start monitoring port 110 for mail activities
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: On
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
File System Shield: On
Execution Shield: On
System Services Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
11:06 AM: Shield States
11:06 AM: License Check Status (0): Success
11:06 AM: Spyware Definitions: 1051
11:06 AM: Informational: Loaded AntiVirus Engine: 2.52.1; SDK Version: 4.24E; Virus Definitions: 12/15/2007 8:30:14 PM (GMT)
11:04 AM: Spy Sweeper 5.5.7.103 started
11:04 AM: Spy Sweeper 5.5.7.103 started
11:04 AM: | Start of Session, Sunday, December 16, 2007 |
***************
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
Go to the top of the page
 
+Quote Post
lobster_ear
post Dec 17 2007, 03:13 PM
Post #20


Member
**
Posts: 21
OS: XP
3rd half

2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:35 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:34 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:34 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:34 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:34 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:34 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:34 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:34 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:34 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:34 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:34 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:34 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:34 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:34 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:34 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
2:34 AM: Tamper Detection
1:04 AM: ApplicationMinimized - EXIT
1:04 AM: ApplicationMinimized - ENTER
7:34 PM: Warning: AntiVirus engine for IFO returned [Error Code 8000FFFF] on [C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CF6EYSBL.DEFAULT\CACHE\9E97BE67D01]
Operation: File Access
Target:
Source: C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
7:26 PM: Tamper Detection
6:44 PM: Your virus definitions have been updated.
6:44 PM: Informational: Loaded AntiVirus Engine: 2.52.1; SDK Version: 4.24E; Virus Definitions: 12/15/2007 8:30:14 PM (GMT)
6:42 PM: Your definitions are up to date.
6:41 PM: Automated check for program update in progress.
6:22 PM: Warning: AntiVirus engine for IFO returned [Error Code 8000FFFF] on [C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CF6EYSBL.DEFAULT\CACHE\4F75112BD01]
3:48 PM: Warning: AntiVirus engine for IFO returned [Error Code 8000FFFF] on [C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CF6EYSBL.DEFAULT\CACHE\0DF59A61D01]
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:32 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:32 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:32 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:32 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:32 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:32 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:32 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:32 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:32 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:32 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:32 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:32 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:32 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:32 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:32 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:32 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:32 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:32 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:32 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:32 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:32 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:32 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:32 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:32 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:32 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:31 AM: Tamper Detection
6:40 PM: Your virus definitions have been updated.
6:40 PM: Informational: Loaded AntiVirus Engine: 2.52.1; SDK Version: 4.24E; Virus Definitions: 12/14/2007 5:14:02 PM (GMT)
6:39 PM: Your spyware definitions have been updated.
6:38 PM: Automated check for program update in progress.
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:45 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:45 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:45 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:45 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:45 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:45 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:45 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:45 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:45 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:45 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:45 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:45 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:45 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:45 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:45 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:45 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:45 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:45 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:45 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:45 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:45 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:45 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:45 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:45 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:45 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:45 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:45 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
Go to the top of the page
 
+Quote Post
lobster_ear
post Dec 17 2007, 03:15 PM
Post #21


Member
**
Posts: 21
OS: XP
4th

11:45 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:45 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:45 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:45 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:45 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:45 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:45 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:45 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:45 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:45 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:44 PM: Tamper Detection
6:38 PM: Your virus definitions have been updated.
6:38 PM: Informational: Loaded AntiVirus Engine: 2.52.1; SDK Version: 4.24E; Virus Definitions: 12/13/2007 3:45:12 PM (GMT)
6:37 PM: Your spyware definitions have been updated.
6:36 PM: Automated check for program update in progress.
Keylogger: On
E-mail Attachment: On
11:06 AM: Informational: ShieldEmail: Start monitoring port 25 for mail activities
11:06 AM: Informational: ShieldEmail: Start monitoring port 110 for mail activities
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: On
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
File System Shield: On
Execution Shield: On
System Services Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
11:06 AM: Shield States
11:06 AM: License Check Status (0): Success
11:06 AM: Spyware Definitions: 1049
11:06 AM: Informational: Loaded AntiVirus Engine: 2.52.1; SDK Version: 4.24E; Virus Definitions: 12/12/2007 3:49:46 PM (GMT)
11:05 AM: Spy Sweeper 5.5.7.103 started
11:05 AM: Spy Sweeper 5.5.7.103 started
11:05 AM: | Start of Session, Thursday, December 13, 2007 |
***************
Operation: Terminate
Target: C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
Source: C:\WINDOWS\system32\csrss.exe
3:11 AM: Tamper Detection
3:00 AM: Warning: AntiVirus engine for IFO returned [Error Code 8000FFFF] on [C:\SYSTEM VOLUME INFORMATION\_RESTORE{845160AC-65F1-4675-A096-1F18FFA3BEBE}\_DRIVER.CFG]
6:36 PM: Your virus definitions have been updated.
6:36 PM: Informational: Loaded AntiVirus Engine: 2.52.1; SDK Version: 4.24E; Virus Definitions: 12/12/2007 3:49:46 PM (GMT)
6:35 PM: Your spyware definitions have been updated.
6:33 PM: Automated check for program update in progress.
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
Go to the top of the page
 
+Quote Post
lobster_ear
post Dec 17 2007, 03:16 PM
Post #22


Member
**
Posts: 21
OS: XP
5th

12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:37 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:36 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:36 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:36 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:36 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:36 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:36 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:36 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:36 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:36 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:36 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:36 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:36 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:36 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:36 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:36 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:36 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:36 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:36 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:36 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:36 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:36 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:36 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:36 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:36 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:36 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:36 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:36 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:36 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:36 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:36 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:36 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:36 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:36 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:36 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:36 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:36 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:36 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:36 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:36 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:36 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:36 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:36 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:36 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:36 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:36 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:36 AM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
12:36 AM: Tamper Detection
6:32 PM: Your virus definitions have been updated.
6:32 PM: Informational: Loaded AntiVirus Engine: 2.52.1; SDK Version: 4.24E; Virus Definitions: 12/11/2007 4:41:40 PM (GMT)
6:31 PM: Your spyware definitions have been updated.
6:30 PM: Automated check for program update in progress.
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:12 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:12 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:12 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:12 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:12 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:12 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:12 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:12 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:12 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:12 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:12 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Go to the top of the page
 
+Quote Post
lobster_ear
post Dec 17 2007, 03:18 PM
Post #23


Member
**
Posts: 21
OS: XP
6th

Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:11 PM: Tamper Detection
6:28 PM: Your virus definitions have been updated.
6:28 PM: Informational: Loaded AntiVirus Engine: 2.52.1; SDK Version: 4.24E; Virus Definitions: 12/10/2007 6:25:42 PM (GMT)
6:27 PM: Your spyware definitions have been updated.
6:26 PM: Automated check for program update in progress.
2:47 PM: Warning: AntiVirus engine for IFO returned [Error Code 8000FFFF] on [C:\WINDOWS\SOFTWAREDISTRIBUTION\DATASTORE\DATASTORE.EDB]
3:11 AM: ApplicationMinimized - EXIT
3:11 AM: ApplicationMinimized - ENTER
2:50 AM: ApplicationMinimized - EXIT
2:50 AM: ApplicationMinimized - ENTER
2:50 AM: Removal process completed. Elapsed time 00:02:05
2:50 AM: Informational: Virus infected file c:\documents and settings\administrator\my documents\stuff\sumotori.exe not cleaned.
2:50 AM: Informational: File c:\documents and settings\administrator\my documents\stuff\sumotori.exe still infected with virus Mal/EncPk-BP after 20 rounds of disinfection.
2:50 AM: Informational: File c:\documents and settings\administrator\my documents\stuff\sumotori.exe still infected with virus Mal/EncPk-BP after 19 rounds of disinfection.
2:50 AM: Informational: File c:\documents and settings\administrator\my documents\stuff\sumotori.exe still infected with virus Mal/EncPk-BP after 18 rounds of disinfection.
2:50 AM: Informational: File c:\documents and settings\administrator\my documents\stuff\sumotori.exe still infected with virus Mal/EncPk-BP after 17 rounds of disinfection.
2:49 AM: Informational: File c:\documents and settings\administrator\my documents\stuff\sumotori.exe still infected with virus Mal/EncPk-BP after 16 rounds of disinfection.
2:49 AM: Informational: File c:\documents and settings\administrator\my documents\stuff\sumotori.exe still infected with virus Mal/EncPk-BP after 15 rounds of disinfection.
2:49 AM: Informational: File c:\documents and settings\administrator\my documents\stuff\sumotori.exe still infected with virus Mal/EncPk-BP after 14 rounds of disinfection.
2:49 AM: Informational: File c:\documents and settings\administrator\my documents\stuff\sumotori.exe still infected with virus Mal/EncPk-BP after 13 rounds of disinfection.
2:49 AM: Informational: File c:\documents and settings\administrator\my documents\stuff\sumotori.exe still infected with virus Mal/EncPk-BP after 12 rounds of disinfection.
2:49 AM: Informational: File c:\documents and settings\administrator\my documents\stuff\sumotori.exe still infected with virus Mal/EncPk-BP after 11 rounds of disinfection.
2:49 AM: Informational: File c:\documents and settings\administrator\my documents\stuff\sumotori.exe still infected with virus Mal/EncPk-BP after 10 rounds of disinfection.
2:49 AM: Informational: File c:\documents and settings\administrator\my documents\stuff\sumotori.exe still infected with virus Mal/EncPk-BP after 9 rounds of disinfection.
2:49 AM: Informational: File c:\documents and settings\administrator\my documents\stuff\sumotori.exe still infected with virus Mal/EncPk-BP after 8 rounds of disinfection.
2:49 AM: Informational: File c:\documents and settings\administrator\my documents\stuff\sumotori.exe still infected with virus Mal/EncPk-BP after 7 rounds of disinfection.
2:49 AM: Informational: File c:\documents and settings\administrator\my documents\stuff\sumotori.exe still infected with virus Mal/EncPk-BP after 6 rounds of disinfection.
2:49 AM: Informational: File c:\documents and settings\administrator\my documents\stuff\sumotori.exe still infected with virus Mal/EncPk-BP after 5 rounds of disinfection.
2:48 AM: Informational: File c:\documents and settings\administrator\my documents\stuff\sumotori.exe still infected with virus Mal/EncPk-BP after 4 rounds of disinfection.
2:48 AM: Informational: File c:\documents and settings\administrator\my documents\stuff\sumotori.exe still infected with virus Mal/EncPk-BP after 3 rounds of disinfection.
2:48 AM: Informational: File c:\documents and settings\administrator\my documents\stuff\sumotori.exe still infected with virus Mal/EncPk-BP after 2 rounds of disinfection.
2:48 AM: Informational: File c:\documents and settings\administrator\my documents\stuff\sumotori.exe still infected with virus Mal/EncPk-BP after 1 round of disinfection.
2:48 AM: Quarantining All Traces: Mal/EncPk-BP
2:48 AM: Informational: Virus infected file c:\documents and settings\administrator\local settings\temp\bxud3wa0.exe not cleaned.
2:48 AM: Informational: File c:\documents and settings\administrator\local settings\temp\bxud3wa0.exe still infected with virus Troj/Zlobar-Fam after 20 rounds of disinfection.
2:48 AM: Informational: File c:\documents and settings\administrator\local settings\temp\bxud3wa0.exe still infected with virus Troj/Zlobar-Fam after 19 rounds of disinfection.
2:48 AM: Informational: File c:\documents and settings\administrator\local settings\temp\bxud3wa0.exe still infected with virus Troj/Zlobar-Fam after 18 rounds of disinfection.
2:48 AM: Informational: File c:\documents and settings\administrator\local settings\temp\bxud3wa0.exe still infected with virus Troj/Zlobar-Fam after 17 rounds of disinfection.
2:48 AM: Informational: File c:\documents and settings\administrator\local settings\temp\bxud3wa0.exe still infected with virus Troj/Zlobar-Fam after 16 rounds of disinfection.
2:48 AM: Informational: File c:\documents and settings\administrator\local settings\temp\bxud3wa0.exe still infected with virus Troj/Zlobar-Fam after 15 rounds of disinfection.
2:48 AM: Informational: File c:\documents and settings\administrator\local settings\temp\bxud3wa0.exe still infected with virus Troj/Zlobar-Fam after 14 rounds of disinfection.
2:48 AM: Informational: File c:\documents and settings\administrator\local settings\temp\bxud3wa0.exe still infected with virus Troj/Zlobar-Fam after 13 rounds of disinfection.
2:48 AM: Informational: File c:\documents and settings\administrator\local settings\temp\bxud3wa0.exe still infected with virus Troj/Zlobar-Fam after 12 rounds of disinfection.
2:48 AM: Informational: File c:\documents and settings\administrator\local settings\temp\bxud3wa0.exe still infected with virus Troj/Zlobar-Fam after 11 rounds of disinfection.
2:48 AM: Informational: File c:\documents and settings\administrator\local settings\temp\bxud3wa0.exe still infected with virus Troj/Zlobar-Fam after 10 rounds of disinfection.
2:48 AM: Informational: File c:\documents and settings\administrator\local settings\temp\bxud3wa0.exe still infected with virus Troj/Zlobar-Fam after 9 rounds of disinfection.
2:48 AM: Informational: File c:\documents and settings\administrator\local settings\temp\bxud3wa0.exe still infected with virus Troj/Zlobar-Fam after 8 rounds of disinfection.
2:48 AM: Informational: File c:\documents and settings\administrator\local settings\temp\bxud3wa0.exe still infected with virus Troj/Zlobar-Fam after 7 rounds of disinfection.
2:48 AM: Informational: File c:\documents and settings\administrator\local settings\temp\bxud3wa0.exe still infected with virus Troj/Zlobar-Fam after 6 rounds of disinfection.
2:48 AM: Informational: File c:\documents and settings\administrator\local settings\temp\bxud3wa0.exe still infected with virus Troj/Zlobar-Fam after 5 rounds of disinfection.
2:48 AM: Informational: File c:\documents and settings\administrator\local settings\temp\bxud3wa0.exe still infected with virus Troj/Zlobar-Fam after 4 rounds of disinfection.
2:48 AM: Informational: File c:\documents and settings\administrator\local settings\temp\bxud3wa0.exe still infected with virus Troj/Zlobar-Fam after 3 rounds of disinfection.
2:48 AM: Informational: File c:\documents and settings\administrator\local settings\temp\bxud3wa0.exe still infected with virus Troj/Zlobar-Fam after 2 rounds of disinfection.
2:48 AM: Informational: File c:\documents and settings\administrator\local settings\temp\bxud3wa0.exe still infected with virus Troj/Zlobar-Fam after 1 round of disinfection.
2:48 AM: Quarantining All Traces: Troj/Zlobar-Fam
2:48 AM: Removal process initiated
2:47 AM: Traces Found: 2
2:47 AM: Full Sweep has completed. Elapsed time 00:44:49
2:47 AM: Warning: AntiVirus engine for IFO returned [Error Code 8000FFFF] on [C:\WINDOWS\SOFTWAREDISTRIBUTION\DATASTORE\LOGS\EDB.CHK]
2:47 AM: File Sweep Complete, Elapsed Time: 00:37:08
2:44 AM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\pagefile.sys]
2:44 AM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms9112c17d-4dbb-4b83-8c98-05120983d485.tmp]
2:44 AM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsd52688ec-bf75-47d0-8e97-c09854a14867.tmp]
2:44 AM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms781c73f9-0f2b-4e34-894c-f7e01ad7203f.tmp]
2:44 AM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms4c57bddc-815a-429f-b47f-994203cb1910.tmp]
2:44 AM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms1d895cd6-8991-4490-8a84-9191e13c8cc1.tmp]
2:44 AM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms436f9dba-5c2e-4178-b11f-ed038aa8526a.tmp]
2:44 AM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms75766f84-2f03-4258-b054-f78a350bcdba.tmp]
2:44 AM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms9384ac42-b8d6-4feb-bd0a-b0e87936156c.tmp]
2:44 AM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms6f170cac-c49d-4562-989a-06e90519c848.tmp]
2:44 AM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms46db8011-5103-40fa-acf3-0a4152c6fe8f.tmp]
2:44 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsd52688ec-bf75-47d0-8e97-c09854a14867.tmp". The operation completed successfully
2:44 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms781c73f9-0f2b-4e34-894c-f7e01ad7203f.tmp". The operation completed successfully
2:44 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms4c57bddc-815a-429f-b47f-994203cb1910.tmp". The operation completed successfully
2:44 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms1d895cd6-8991-4490-8a84-9191e13c8cc1.tmp". The operation completed successfully
2:44 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms436f9dba-5c2e-4178-b11f-ed038aa8526a.tmp". The operation completed successfully
2:44 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms75766f84-2f03-4258-b054-f78a350bcdba.tmp". The operation completed successfully
2:44 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms9384ac42-b8d6-4feb-bd0a-b0e87936156c.tmp". The operation completed successfully
2:44 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms6f170cac-c49d-4562-989a-06e90519c848.tmp". The operation completed successfully
2:44 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms46db8011-5103-40fa-acf3-0a4152c6fe8f.tmp". The operation completed successfully
2:44 AM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms9112c17d-4dbb-4b83-8c98-05120983d485.tmp". The operation completed successfully
2:38 AM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\windows\system32\config\default]
2:37 AM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\administrator\ntuser.dat]
2:37 AM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\ntuser.dat]
2:37 AM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\networkservice\ntuser.dat]
2:36 AM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\windows\system32\config\software]
2:36 AM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\windows\system32\config\system]
2:35 AM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms26cd49fb-97e1-458f-9eb7-a399d1957fd4.tmp]
2:34 AM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms761c2186-66d1-46f4-8fb0-e125cb776ce4.tmp]
2:33 AM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmsc767e008-efa1-42c7-a161-be63b57cc825.tmp]
2:28 AM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms214b4767-e8af-4e65-99eb-9818331b02f5.tmp]
2:27 AM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssmscd64f047-3a32-4ac0-9b83-3df1934c3398.tmp]
2:25 AM: ApplicationMinimized - EXIT
2:25 AM: ApplicationMinimized - ENTER
2:17 AM: C:\Documents and Settings\Administrator\My Documents\Stuff\sumotori.exe (ID = 0)
2:17 AM: Found Mal/EncPk-BP: Mal/EncPk-BP
2:16 AM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms0407ea2e-ea3a-430c-a165-add2997c5227.tmp]
2:16 AM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms7bf1ef72-ed6b-46c1-ad45-91f9e659c499.tmp]
2:16 AM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms3402a2ef-8355-4484-a53d-a348fb0ec79d.tmp]
2:16 AM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\windows\system32\catroot2\tmp.edb]
2:15 AM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\windows\system32\config\sam]
2:13 AM: Warning: AntiVirus engine for IFO returned [Error Code DFFBFDF0] on [c:\windows\system32\config\security]
2:13 AM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms8af783d8-bde1-4aa6-9a65-109cf2db9ad1.tmp]
2:13 AM: C:\Documents and Settings\Administrator\Local Settings\Temp\bxud3wa0.exe (ID = 0)
2:13 AM: Found Troj/Zlobar-Fam: Troj/Zlobar-Fam
2:12 AM: Warning: AntiVirus engine for IFO returned [Access Denied] on [c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\ssms75b90a55-5ae9-4b38-8eec-61f289be6982.tmp]
2:10 AM: ApplicationMinimized - EXIT
2:10 AM: ApplicationMinimized - ENTER
2:10 AM: Starting File Sweep
2:10 AM: Warning: SweepDirectories: Cannot find directory "a:". This directory was not added to the list of paths to be scanned.
2:10 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
2:10 AM: Starting Cookie Sweep
2:10 AM: Registry Sweep Complete, Elapsed Time:00:00:23
2:10 AM: Starting Registry Sweep
2:10 AM: Memory Sweep Complete, Elapsed Time: 00:13:48
2:09 AM: ApplicationMinimized - EXIT
2:09 AM: ApplicationMinimized - ENTER
2:01 AM: ApplicationMinimized - EXIT
2:01 AM: ApplicationMinimized - ENTER
1:56 AM: ApplicationMinimized - EXIT
1:56 AM: ApplicationMinimized - ENTER
1:56 AM: Starting Memory Sweep
1:56 AM: Warning: TFileCountEnum.ProcessPartition: TVolumeFAT.IC: invalid Boot Sector. Volume D:
Go to the top of the page
 
+Quote Post
lobster_ear
post Dec 17 2007, 03:19 PM
Post #24


Member
**
Posts: 21
OS: XP
7th

1:55 AM: Start Full Sweep
1:55 AM: Sweep initiated using definitions version 1046
1:38 AM: ApplicationMinimized - EXIT
1:38 AM: ApplicationMinimized - ENTER
1:37 AM: Deletion from quarantine completed. Elapsed time 00:00:00
1:37 AM: Processing: Troj/Zlobar-Fam
1:37 AM: Processing: Troj/Zlobar-Fam
1:37 AM: Deletion from quarantine initiated
1:36 AM: Informational: Virus infected file C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\BXUD3WA0.EXE not cleaned.
1:36 AM: Informational: File C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\BXUD3WA0.EXE still infected with virus Troj/Zlobar-Fam after 20 rounds of disinfection.
1:36 AM: Informational: File C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\BXUD3WA0.EXE still infected with virus Troj/Zlobar-Fam after 19 rounds of disinfection.
1:36 AM: Informational: File C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\BXUD3WA0.EXE still infected with virus Troj/Zlobar-Fam after 18 rounds of disinfection.
1:36 AM: Informational: File C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\BXUD3WA0.EXE still infected with virus Troj/Zlobar-Fam after 17 rounds of disinfection.
1:36 AM: Informational: File C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\BXUD3WA0.EXE still infected with virus Troj/Zlobar-Fam after 16 rounds of disinfection.
1:36 AM: Informational: File C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\BXUD3WA0.EXE still infected with virus Troj/Zlobar-Fam after 15 rounds of disinfection.
1:36 AM: Informational: File C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\BXUD3WA0.EXE still infected with virus Troj/Zlobar-Fam after 14 rounds of disinfection.
1:36 AM: Informational: File C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\BXUD3WA0.EXE still infected with virus Troj/Zlobar-Fam after 13 rounds of disinfection.
1:36 AM: Informational: File C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\BXUD3WA0.EXE still infected with virus Troj/Zlobar-Fam after 12 rounds of disinfection.
1:36 AM: Informational: File C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\BXUD3WA0.EXE still infected with virus Troj/Zlobar-Fam after 11 rounds of disinfection.
1:36 AM: Informational: File C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\BXUD3WA0.EXE still infected with virus Troj/Zlobar-Fam after 10 rounds of disinfection.
1:36 AM: Informational: File C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\BXUD3WA0.EXE still infected with virus Troj/Zlobar-Fam after 9 rounds of disinfection.
1:36 AM: Informational: File C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\BXUD3WA0.EXE still infected with virus Troj/Zlobar-Fam after 8 rounds of disinfection.
1:36 AM: Informational: File C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\BXUD3WA0.EXE still infected with virus Troj/Zlobar-Fam after 7 rounds of disinfection.
1:36 AM: Informational: File C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\BXUD3WA0.EXE still infected with virus Troj/Zlobar-Fam after 6 rounds of disinfection.
1:36 AM: Informational: File C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\BXUD3WA0.EXE still infected with virus Troj/Zlobar-Fam after 5 rounds of disinfection.
1:36 AM: Informational: File C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\BXUD3WA0.EXE still infected with virus Troj/Zlobar-Fam after 4 rounds of disinfection.
1:36 AM: Informational: File C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\BXUD3WA0.EXE still infected with virus Troj/Zlobar-Fam after 3 rounds of disinfection.
1:36 AM: Informational: File C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\BXUD3WA0.EXE still infected with virus Troj/Zlobar-Fam after 2 rounds of disinfection.
1:36 AM: Informational: File C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\BXUD3WA0.EXE still infected with virus Troj/Zlobar-Fam after 1 round of disinfection.
1:36 AM: Informational: Virus infected file C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CF6EYSBL.DEFAULT\CACHE\B38AB01ED01 not cleaned.
1:36 AM: Informational: File C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CF6EYSBL.DEFAULT\CACHE\B38AB01ED01 still infected with virus Troj/Zlobar-Fam after 20 rounds of disinfection.
1:36 AM: Informational: File C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CF6EYSBL.DEFAULT\CACHE\B38AB01ED01 still infected with virus Troj/Zlobar-Fam after 19 rounds of disinfection.
1:36 AM: Informational: File C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CF6EYSBL.DEFAULT\CACHE\B38AB01ED01 still infected with virus Troj/Zlobar-Fam after 18 rounds of disinfection.
1:36 AM: Informational: File C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CF6EYSBL.DEFAULT\CACHE\B38AB01ED01 still infected with virus Troj/Zlobar-Fam after 17 rounds of disinfection.
1:36 AM: Informational: File C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CF6EYSBL.DEFAULT\CACHE\B38AB01ED01 still infected with virus Troj/Zlobar-Fam after 16 rounds of disinfection.
1:36 AM: Informational: File C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CF6EYSBL.DEFAULT\CACHE\B38AB01ED01 still infected with virus Troj/Zlobar-Fam after 15 rounds of disinfection.
1:36 AM: Informational: File C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CF6EYSBL.DEFAULT\CACHE\B38AB01ED01 still infected with virus Troj/Zlobar-Fam after 14 rounds of disinfection.
1:36 AM: Informational: File C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CF6EYSBL.DEFAULT\CACHE\B38AB01ED01 still infected with virus Troj/Zlobar-Fam after 13 rounds of disinfection.
1:36 AM: Informational: File C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CF6EYSBL.DEFAULT\CACHE\B38AB01ED01 still infected with virus Troj/Zlobar-Fam after 12 rounds of disinfection.
1:36 AM: Informational: File C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CF6EYSBL.DEFAULT\CACHE\B38AB01ED01 still infected with virus Troj/Zlobar-Fam after 11 rounds of disinfection.
1:36 AM: Informational: File C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CF6EYSBL.DEFAULT\CACHE\B38AB01ED01 still infected with virus Troj/Zlobar-Fam after 10 rounds of disinfection.
1:36 AM: Informational: File C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CF6EYSBL.DEFAULT\CACHE\B38AB01ED01 still infected with virus Troj/Zlobar-Fam after 9 rounds of disinfection.
1:36 AM: Informational: File C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CF6EYSBL.DEFAULT\CACHE\B38AB01ED01 still infected with virus Troj/Zlobar-Fam after 8 rounds of disinfection.
1:36 AM: Informational: File C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CF6EYSBL.DEFAULT\CACHE\B38AB01ED01 still infected with virus Troj/Zlobar-Fam after 7 rounds of disinfection.
1:36 AM: Informational: File C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CF6EYSBL.DEFAULT\CACHE\B38AB01ED01 still infected with virus Troj/Zlobar-Fam after 6 rounds of disinfection.
1:36 AM: Informational: File C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CF6EYSBL.DEFAULT\CACHE\B38AB01ED01 still infected with virus Troj/Zlobar-Fam after 5 rounds of disinfection.
1:36 AM: Informational: File C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CF6EYSBL.DEFAULT\CACHE\B38AB01ED01 still infected with virus Troj/Zlobar-Fam after 4 rounds of disinfection.
1:36 AM: Informational: File C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CF6EYSBL.DEFAULT\CACHE\B38AB01ED01 still infected with virus Troj/Zlobar-Fam after 3 rounds of disinfection.
1:36 AM: Informational: File C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CF6EYSBL.DEFAULT\CACHE\B38AB01ED01 still infected with virus Troj/Zlobar-Fam after 2 rounds of disinfection.
1:36 AM: Informational: File C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CF6EYSBL.DEFAULT\CACHE\B38AB01ED01 still infected with virus Troj/Zlobar-Fam after 1 round of disinfection.
1:36 AM: File System Shield: found: Virus: Troj/Zlobar-Fam, version
1:36 AM: File System Shield: found: Virus: Troj/Zlobar-Fam, version
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:20 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:20 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:20 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:20 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:20 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:20 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:20 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:20 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:20 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:20 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:20 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:20 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:20 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:20 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:20 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:20 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:20 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:20 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:20 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:20 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:20 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:20 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:20 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:20 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:20 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:20 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:20 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:20 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:20 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:20 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:20 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:20 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:20 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:20 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:20 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:20 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:20 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:20 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:20 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:20 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:20 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:20 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:20 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:20 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:20 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:20 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:20 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:20 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
11:19 PM: Tamper Detection
7:52 PM: Warning: AntiVirus engine for IFO returned [Error Code 8000FFFF] on [C:\WINDOWS\SOFTWAREDISTRIBUTION\DATASTORE\DATASTORE.EDB]
6:25 PM: Your virus definitions have been updated.
6:25 PM: Informational: Loaded AntiVirus Engine: 2.51.0; SDK Version: 4.23E; Virus Definitions: 12/9/2007 1:46:16 PM (GMT)
6:24 PM: Your definitions are up to date.
6:24 PM: Automated check for program update in progress.
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:56 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:56 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:56 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:56 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:56 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:56 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:56 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:56 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:56 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:56 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:56 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSIDRV\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:56 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:56 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:56 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:56 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:56 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\AllocConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:56 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BootConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:56 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\OverrideConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:56 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\FilteredConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:56 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\BasicConfig
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
10:56 PM: Tamper Detection
Operation: Registry Access
Target: \SYSTEM\ControlSet001\Enum\Root\LEGACY_SSHRMD\0000\LogConf\ForcedConfigVector
Source: C:\WINDOWS\SYSTEM32\SERVICES.EXE
Go to the top of the page
 
+Quote Post
lobster_ear
post Dec 17 2007, 03:22 PM
Post #25


Member
**
Posts: 21
OS: XP
Do you want me to go on?...I mean there is enough of the log left to make at least 20 more posts. It is extremely long, but if you need all of it or a specific part I'll post it.
Go to the top of the page
 
+Quote Post
kahdah
post Dec 17 2007, 05:06 PM
Post #26


GeekU Teacher
Group Icon
Posts: 13,543
From: Florida
OS: Windows xp,Vista business



No I see the files that I need to see I will get back with you tommorrow.
No need to post any more. smile.gif
Go to the top of the page
 
+Quote Post
lobster_ear
post Dec 17 2007, 05:08 PM
Post #27


Member
**
Posts: 21
OS: XP
Ok. Cool. Thanks again for helping.
Go to the top of the page
 
+Quote Post
kahdah
post Dec 18 2007, 04:34 AM
Post #28


GeekU Teacher
Group Icon
Posts: 13,543
From: Florida
OS: Windows xp,Vista business



    Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    c:\documents and settings\administrator\my documents\stuff\sumotori.exe
    c:\documents and settings\administrator\local settings\temp\bxud3wa0.exe

  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
    Click "Exit" to close OTMoveIt.

    **When ready to Reply on the forum, please Paste the content of the latest log which is located at the root of the drive where the OTMoveIt folder is:
    C:\_OTMoveIt\MovedFiles\********_******.log
    (where "********_******" is the "date_time")
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
========================================
Go to the top of the page
 
+Quote Post
lobster_ear
post Dec 18 2007, 11:58 AM
Post #29


Member
**
Posts: 21
OS: XP
Here it is. It didn't find the second file though.

c:\documents and settings\administrator\my documents\stuff\sumotori.exe moved successfully.
File/Folder c:\documents and settings\administrator\local settings\temp\bxud3wa0.exe not found.

Created on 12/18/2007 12:53:43
Go to the top of the page
 
+Quote Post
kahdah
post Dec 18 2007, 05:26 PM
Post #30


GeekU Teacher
Group Icon
Posts: 13,543
From: Florida
OS: Windows xp,Vista business



Copy everything inside the quote box below (starting with dir) and paste it into notepad. Go up to "File > Save As" and click the drop-down box to change the "Save As Type" to "All Files". Save it as findfile.bat on your Desktop.

QUOTE
dir c:\documents and settings\administrator\local settings\temp\bxud3wa0.exe /a h > files.txt
notepad files.txt


Locate findfile.bat on your Desktop and double-click on it. It will open Notepad with some text in it. Please post the contents of that Notepad here along with a new HiJackThis log.
Go to the top of the page
 
+Quote Post
 

3 Pages V  < 1 2 3 >
Closed TopicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 

Collapse

> Similar Topics

    Topic Title Replies / Views Topic Information
No New Posts   8 / 376 8th May 2005 - 11:23 AM
riffmachine started - last by Metallica
No New Posts   0 / 361 2nd September 2007 - 08:37 PM
richbiz84 started - last by richbiz84
No New Posts   1 / 202 25th September 2009 - 11:11 PM
GuyinSweden started - last by Ujavaid
No New Posts   3 / 169 30th September 2009 - 05:40 AM
Rx7_HKS started - last by makai

RSS Time is now: 21st November 2009 - 01:41 AM

Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks mentioned on this page are the property of their respective owners.

© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy | Advertising
Powered By IP.Board © 2009  IPS, Inc.