Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bug Unidentified


  • Please log in to reply
23 replies to this topic

#1 dawgbyte77

dawgbyte77

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 23 February 2007 - 11:16 PM

Hello. A week ago, when I was browsing, I kept getting forwarded to WordSea.com and other websites that looks like wordsea. After browsing this forum and using HijackThis, I managed to somehow remove some lines and my browser was back to normal. But after a few days, my browser will suddenly freeze and totally unusable until I rebook, sometimes even my explorer also slows down and hang. When I run HijackThis, I can see the line:

O17 - HKLM\System\CCS\Services\Tcpip\..\{4C1A1FB6-55C7-4C14-849F-543BE86511AB}: NameServer = 85.255.116.60 85.255.112.203

I will check and fix this, but after I launch explorer and HijackThis again, the line is back. So far, I have tried Panda Antivirus, Ad-Aware, Spybot Search & Destroy, AShampoo AntiSpyware, Registry Mechanic, BugOff, CWInstall, VunduFix, Stinger, Silent Runner, Webroot Spysweeper. My firewall is also Panda. Needless to say, I am a little desperate. Any help will be greatly appreciated.

-------------------------------------------------------------------------------------------------


Fixwareout Last edited 2/11/2007
Post this report in the forums please
...
»»»»»Prerun check

»»»»» System restarted

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.



Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or http://virusscan.jotti.org/

»»»»» Other



»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"AME_CSA"="rundll32 amecsa.cpl,RUN_DLL"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"NvMediaCenter"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"APVXDWIN"="\"d:\\Program Files\\Panda Software\\Panda Platinum 2006 Internet Security\\APVXDWIN.EXE\" /s"
"SCANINICIO"="\"d:\\Program Files\\Panda Software\\Panda Platinum 2006 Internet Security\\Inicio.exe\""
"nwiz"="\"nwiz.exe\" /install"
"KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\not active]
"Acrobat Assistant 7.0"="\"D:\\Program Files\\Adobe\\Adobe Acrobat 7.0\\Distillr\\Acrotray.exe\""
"EPSON Stylus Photo R210 Series"="\"C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I3H2.EXE\" /P30 \"EPSON Stylus Photo R210 Series\" /O6 \"USB002\" /M \"Stylus Photo R210\""
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\not active]
....
Hosts file was reset, If you use a custom hosts file please replace it
C:\WINDOWS\repair\autoexec.nt missing
C:\WINDOWS\repair\Config.nt missing
C:\WINDOWS\repair\autoexec.nt missing
C:\WINDOWS\repair\Config.nt missing
C:\WINDOWS\repair\autoexec.nt missing
C:\WINDOWS\repair\Config.nt missing
C:\WINDOWS\repair\autoexec.nt missing
C:\WINDOWS\repair\Config.nt missing
C:\WINDOWS\repair\autoexec.nt missing
C:\WINDOWS\repair\Config.nt missing
»»»»» End report »»»»»

-------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------

ComboScan v20070221.16 run by Noname on 2007-02-24 at 12:09:50
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Noname.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:26:07 PM, on 2/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe
d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe
d:\Program Files\BUFFALO\Client Manager 2\bwsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
d:\program files\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe
C:\WINDOWS\Explorer.EXE
d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\psimsvc.exe
d:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
D:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\wscntfy.exe
d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\apvxdwin.exe
d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\SRVLOAD.EXE
d:\program files\panda software\panda platinum 2006 internet security\WebProxy.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\NotifyPhoneBook.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
D:\Program Files\BUFFALO\Client Manager 2\ClientMgr2.exe
D:\Program Files\iPod\bin\iPodService.exe
G:\0 - New Download\hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\avciman.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - d:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [APVXDWIN] "d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: ClientManager2.lnk = D:\Program Files\BUFFALO\Client Manager 2\ClientMgr2.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Noname.XXX\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1168352266625
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://dawgbyte.multiply.com/photos/uploader.cab
O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 6.0 (SP6)) - http://activex.microsoft.com/controls/vb5/comdlg32.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C1A1FB6-55C7-4C14-849F-543BE86511AB}: NameServer = 85.255.116.60 85.255.112.203
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Buffalo Wireless Service (BWSVC) - BUFFALO INC. - d:\Program Files\BUFFALO\Client Manager 2\bwsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Emuclpupahwp - Creative Technology Ltd. - (no file)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - d:\program files\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\psimsvc.exe
O23 - Service: ScsiAccess - Unknown owner - d:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Sound Sservice Driver (Sound Service) - Sonix Co. Ltd. - (no file)
O23 - Service: Speed Disk service - Symantec Corporation - D:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe
O23 - Service: Ulead Sservice System Files (Ulead Service) - Ralink Technology Inc. - (no file)


-- Files created between 2007-01-24 and 2007-02-24 ------------------------------

2007-02-23 23:34:28 0 d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Webroot
2007-02-23 23:31:09 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot
2007-02-23 23:31:04 14848 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-02-23 23:31:04 117248 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-02-23 23:31:04 15360 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-02-23 23:31:04 13824 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2007-02-23 23:31:00 0 d-------- C:\Program Files\Webroot
2007-02-23 23:31:00 0 d-------- C:\Documents and Settings\Noname.XXX\Application Data\Webroot
2007-02-23 23:30:48 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Webroot
2007-02-23 21:43:07 0 d-------- C:\VundoFix Backups<VUNDOF~1>
2007-02-23 20:20:42 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy<SPYBOT~1>
2007-02-23 20:15:06 0 d-------- C:\fixwareout<FIXWAR~1>
2007-02-23 20:06:26 0 d-------- C:\Program Files\InterMute<INTERM~1>
2007-02-20 08:53:20 0 d-------- C:\WINDOWS\BDOSCAN8
2007-02-19 23:41:34 0 d-------- C:\Documents and Settings\Administrator\Application Data\TuneUp Software<TUNEUP~1>
2007-02-19 23:35:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-02-19 20:55:22 0 d-------- C:\Downloads<DOWNLO~1>
2007-02-15 19:31:37 0 d-------- C:\WINDOWS\ShellNew
2007-02-14 07:16:31 24072 --a------ C:\WINDOWS\system32\uxtuneup.dll
2007-02-14 07:16:15 0 d-------- C:\Documents and Settings\Noname.XXX\Application Data\TuneUp Software<TUNEUP~1>
2007-02-04 10:48:39 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sandlot Games<SANDLO~1>
2007-02-03 13:22:04 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\QubeSoft
2007-02-02 23:39:40 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\JollyBear<JOLLYB~1>
2007-01-28 22:43:24 20 ---h----- C:\Documents and Settings\All Users.WINDOWS\Application Data\PKP_DLbz.DAT


-- Find3M Report ----------------------------------------------------------------

2007-02-24 11:53:37 24 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-0000000C-00001102-00000002-80641102}.dat<DVCSTA~2.DAT>
2007-02-24 11:53:37 24 --a------ C:\WINDOWS\system32\DVCState-{00000002-00000000-0000000C-00001102-00000002-80641102}.dat<DVCSTA~1.DAT>
2007-02-24 11:27:22 0 d-------- C:\Program Files\BitLord
2007-02-24 00:35:23 0 d-------- C:\Program Files\iTunes
2007-02-24 00:35:21 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>
2007-02-23 22:10:53 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-02-23 07:41:14 0 d-------- C:\Program Files\UPHClean
2007-02-20 16:17:12 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-02-19 20:55:22 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll<BITCOM~1.DLL>
2007-02-19 10:55:25 0 d-------- C:\Documents and Settings\Noname.XXX\Application Data\Skype
2007-02-14 08:08:20 0 d-------- C:\Program Files\Microsoft ActiveSync<MICROS~2>
2007-02-14 07:15:23 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-02-01 21:48:44 0 d---s---- C:\Documents and Settings\Noname.XXX\Application Data\Microsoft<MICROS~1>
2007-01-28 19:37:55 0 d-------- C:\Program Files\Common Files\ACD Systems<ACDSYS~1>
2007-01-28 15:54:03 0 d-------- C:\Documents and Settings\Noname.XXX\Application Data\Nikon
2007-01-28 15:53:32 0 d-------- C:\Program Files\Common Files\Nikon
2007-01-21 14:15:16 0 d-------- C:\Documents and Settings\Noname.XXX\Application Data\IMVU
2007-01-16 21:03:38 0 d-------- C:\Documents and Settings\Noname.XXX\Application Data\Adobe
2007-01-02 15:20:59 0 d-------- C:\Program Files\Common Files\Panda Software<PANDAS~1>
2007-01-02 15:00:18 0 d--h----- C:\Program Files\WindowsUpdate<WINDOW~3>
2007-01-01 22:49:08 0 d-------- C:\Program Files\ArtMoney
2007-01-01 10:45:37 0 d-------- C:\Program Files\Common Files\Authentium<AUTHEN~1>
2007-01-01 10:45:04 0 d-------- C:\Program Files\iolo
2006-12-25 11:57:55 0 d-------- C:\Program Files\Common Files\Crystal Decisions<CRYSTA~1>
2006-12-17 15:20:27 796672 --a------ C:\WINDOWS\GPInstall.exe<GPINST~1.EXE>
2006-12-11 15:34:48 422504 -----n--- C:\WINDOWS\system32\Incinerator.dll<INCINE~1.DLL>
2006-11-25 16:39:48 25264 --a------ C:\WINDOWS\system32\smrgdf.exe


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\not active]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"AME_CSA"="rundll32 amecsa.cpl,RUN_DLL"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"NvMediaCenter"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"APVXDWIN"="\"d:\\Program Files\\Panda Software\\Panda Platinum 2006 Internet Security\\APVXDWIN.EXE\" /s"
"SCANINICIO"="\"d:\\Program Files\\Panda Software\\Panda Platinum 2006 Internet Security\\Inicio.exe\""
"nwiz"="\"nwiz.exe\" /install"
"KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\not active]
"Acrobat Assistant 7.0"="\"D:\\Program Files\\Adobe\\Adobe Acrobat 7.0\\Distillr\\Acrotray.exe\""
"EPSON Stylus Photo R210 Series"="\"C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I3H2.EXE\" /P30 \"EPSON Stylus Photo R210 Series\" /O6 \"USB002\" /M \"Stylus Photo R210\""
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"rfagent"="\"d:\\Program Files\\RFA Platinum\\rfagent.exe\""



-- End of ComboScan: finished at 2007-02-24 at 12:10:04 -------------------------

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 24 February 2007 - 06:37 AM

Welcome to BC dawgbyte77 :thumbsup:

You've got Panda Platinum 2006 Internet Security,and Norton Antivirus installed,or you've had Norton installed at some point.

Not a good idea to have more than one antivirus program installed on your computer.
Each program may interpret the actions of the other as viral, therefore giving you false virus warnings about virus-related activities.
It could also lead to system slowdowns and other problems within the operating system,due to the two conflicting with each other.
You should uninstall one of them as soon as possible.

Uninstalling Norton,if there’s no uninstaller available in Add\Remove Programs then you’ll need to download and run the Norton Removal Tool:
http://service1.symantec.com/SUPPORT/tsgen...005033108162039
NOTE:
The Norton Removal Tool will remove ALL Symantec products from your pc.

Find and delete:
C:\Program Files\Norton Antivirus.
C:\Program Files\Common Files\Symantec Shared

****************************

Download\install CleanUp.
Launch CleanUp,then click on 'Options'.
Now move the slider on the left up to 'Standard Cleanup!'.
Click 'Ok',now run the program by clicking on the 'Cleanup' button.
Reboot,or log off/log on when it's finished.

Reboot when you've finished,post a new Hijackthis log into your next reply.
There may be the odd Symantec service to remove.
Posted Image
Posted Image

#3 dawgbyte77

dawgbyte77
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 25 February 2007 - 12:20 AM

Hi Richie UK,


Thanks for your very fast reply. Actually I just tried Norton in case it can do what Panda failed to do. I have already removed Norton and run the CleanUp and below is the HijackThis.

I also ran regedit and searched 85.255.116.60 and 85.255.112.203, and aside from the one HijackThis found:

O17 - HKLM\System\CCS\Services\Tcpip\..\{4C1A1FB6-55C7-4C14-849F-543BE86511AB}: NameServer = 85.255.116.60 85.255.112.203

There are also other entries that contain these 2 IP within HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\ :
1. {2F637D06-60FB-44F9-9B5E-EDD4930359E6}
2. {66ABAC23-BB2A-4B4E-8CE0-0A8C4AED24EF}
3. {96B36441-0357-463D-8EA9-07FFA8984268}
4. {9895712D-7E42-4A48-B87E-2336376F53A5}
5. {C6409D5A-CFF8-46DE-8F14-0BB5C463D1F1}
6. {C96640D5-2FE1-4C8F-AAD2-6065B1210551}

They were not included in HijackThis report. I'm not sure if I can manually delete these.

Thanks and regards.




ComboScan v20070221.16 run by Noname on 2007-02-25 at 13:06:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Noname.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:26:07 PM, on 2/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe
d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe
d:\Program Files\BUFFALO\Client Manager 2\bwsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
d:\program files\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe
C:\WINDOWS\Explorer.EXE
d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\psimsvc.exe
d:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
D:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\wscntfy.exe
d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\apvxdwin.exe
d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\SRVLOAD.EXE
d:\program files\panda software\panda platinum 2006 internet security\WebProxy.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\NotifyPhoneBook.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
D:\Program Files\BUFFALO\Client Manager 2\ClientMgr2.exe
D:\Program Files\iPod\bin\iPodService.exe
G:\0 - New Download\hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\avciman.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - d:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [APVXDWIN] "d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: ClientManager2.lnk = D:\Program Files\BUFFALO\Client Manager 2\ClientMgr2.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Noname.XXX\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1168352266625
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://dawgbyte.multiply.com/photos/uploader.cab
O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 6.0 (SP6)) - http://activex.microsoft.com/controls/vb5/comdlg32.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C1A1FB6-55C7-4C14-849F-543BE86511AB}: NameServer = 85.255.116.60 85.255.112.203
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Buffalo Wireless Service (BWSVC) - BUFFALO INC. - d:\Program Files\BUFFALO\Client Manager 2\bwsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Emuclpupahwp - Creative Technology Ltd. - (no file)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - d:\program files\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\psimsvc.exe
O23 - Service: ScsiAccess - Unknown owner - d:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Sound Sservice Driver (Sound Service) - Sonix Co. Ltd. - (no file)
O23 - Service: Speed Disk service - Symantec Corporation - D:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe
O23 - Service: Ulead Sservice System Files (Ulead Service) - Ralink Technology Inc. - (no file)


-- Files created between 2007-01-25 and 2007-02-25 ------------------------------

2007-02-24 22:21:13 24 --a------ C:\Documents and Settings\Noname.XXX\mylist.dat
2007-02-24 20:57:37 129784 -----n--- C:\WINDOWS\system32\pxafs.dll
2007-02-24 20:14:30 0 d-------- C:\Temp
2007-02-23 23:34:28 0 d-------- C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Webroot
2007-02-23 23:31:09 0 d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot
2007-02-23 23:31:04 14848 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-02-23 23:31:04 117248 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-02-23 23:31:04 15360 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-02-23 23:31:04 13824 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2007-02-23 23:31:00 0 d-------- C:\Program Files\Webroot
2007-02-23 23:31:00 0 d-------- C:\Documents and Settings\Noname.XXX\Application Data\Webroot
2007-02-23 23:30:48 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Webroot
2007-02-23 21:43:07 0 d-------- C:\VundoFix Backups<VUNDOF~1>
2007-02-23 20:20:42 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy<SPYBOT~1>
2007-02-23 20:15:06 0 d-------- C:\fixwareout<FIXWAR~1>
2007-02-23 20:06:26 0 d-------- C:\Program Files\InterMute<INTERM~1>
2007-02-20 08:53:20 0 d-------- C:\WINDOWS\BDOSCAN8
2007-02-19 23:41:34 0 d-------- C:\Documents and Settings\Administrator\Application Data\TuneUp Software<TUNEUP~1>
2007-02-19 23:35:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-02-19 20:55:22 0 d-------- C:\Downloads<DOWNLO~1>
2007-02-15 19:31:37 0 d-------- C:\WINDOWS\ShellNew
2007-02-14 07:16:31 24072 --a------ C:\WINDOWS\system32\uxtuneup.dll
2007-02-14 07:16:15 0 d-------- C:\Documents and Settings\Noname.XXX\Application Data\TuneUp Software<TUNEUP~1>
2007-02-04 10:48:39 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sandlot Games<SANDLO~1>
2007-02-03 13:22:04 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\QubeSoft
2007-02-02 23:39:40 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\JollyBear<JOLLYB~1>
2007-01-28 22:43:24 20 ---h----- C:\Documents and Settings\All Users.WINDOWS\Application Data\PKP_DLbz.DAT


-- Find3M Report ----------------------------------------------------------------

2007-02-25 12:58:13 24 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-0000000C-00001102-00000002-80641102}.dat<DVCSTA~2.DAT>
2007-02-25 12:58:13 24 --a------ C:\WINDOWS\system32\DVCState-{00000002-00000000-0000000C-00001102-00000002-80641102}.dat<DVCSTA~1.DAT>
2007-02-25 12:52:17 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-02-25 00:06:43 0 d-------- C:\Program Files\UPHClean
2007-02-25 00:04:23 0 d-------- C:\Program Files\iTunes
2007-02-24 21:08:05 0 d---s---- C:\Documents and Settings\Noname.XXX\Application Data\Microsoft<MICROS~1>
2007-02-24 20:32:06 0 d-------- C:\Program Files\MSN Messenger<MSNMES~1>
2007-02-24 18:54:37 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-02-24 11:27:22 0 d-------- C:\Program Files\BitLord
2007-02-19 20:55:22 2560 --a------ C:\WINDOWS\system32\BitCometRes.dll<BITCOM~1.DLL>
2007-02-19 10:55:25 0 d-------- C:\Documents and Settings\Noname.XXX\Application Data\Skype
2007-02-14 08:08:20 0 d-------- C:\Program Files\Microsoft ActiveSync<MICROS~2>
2007-02-14 07:15:23 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-01-28 19:37:55 0 d-------- C:\Program Files\Common Files\ACD Systems<ACDSYS~1>
2007-01-28 15:54:03 0 d-------- C:\Documents and Settings\Noname.XXX\Application Data\Nikon
2007-01-28 15:53:32 0 d-------- C:\Program Files\Common Files\Nikon
2007-01-21 14:15:16 0 d-------- C:\Documents and Settings\Noname.XXX\Application Data\IMVU
2007-01-16 21:03:38 0 d-------- C:\Documents and Settings\Noname.XXX\Application Data\Adobe
2007-01-02 15:20:59 0 d-------- C:\Program Files\Common Files\Panda Software<PANDAS~1>
2007-01-02 15:00:18 0 d--h----- C:\Program Files\WindowsUpdate<WINDOW~3>
2007-01-01 22:49:08 0 d-------- C:\Program Files\ArtMoney
2007-01-01 10:45:37 0 d-------- C:\Program Files\Common Files\Authentium<AUTHEN~1>
2007-01-01 10:45:04 0 d-------- C:\Program Files\iolo
2006-12-25 11:57:55 0 d-------- C:\Program Files\Common Files\Crystal Decisions<CRYSTA~1>
2006-12-17 15:20:27 796672 --a------ C:\WINDOWS\GPInstall.exe<GPINST~1.EXE>
2006-12-11 15:34:48 422504 -----n--- C:\WINDOWS\system32\Incinerator.dll<INCINE~1.DLL>
2006-11-25 16:39:48 25264 --a------ C:\WINDOWS\system32\smrgdf.exe


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Startup Manager"="C:\\Documents and Settings\\Noname.XXX\\Application Data\\Systweak\\ASO 2\\smstartUp manager.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\not active]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"AME_CSA"="rundll32 amecsa.cpl,RUN_DLL"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"NvMediaCenter"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"APVXDWIN"="\"d:\\Program Files\\Panda Software\\Panda Platinum 2006 Internet Security\\APVXDWIN.EXE\" /s"
"SCANINICIO"="\"d:\\Program Files\\Panda Software\\Panda Platinum 2006 Internet Security\\Inicio.exe\""
"nwiz"="\"nwiz.exe\" /install"
"KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\not active]
"Acrobat Assistant 7.0"="\"D:\\Program Files\\Adobe\\Adobe Acrobat 7.0\\Distillr\\Acrotray.exe\""
"EPSON Stylus Photo R210 Series"="\"C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I3H2.EXE\" /P30 \"EPSON Stylus Photo R210 Series\" /O6 \"USB002\" /M \"Stylus Photo R210\""
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"



-- End of ComboScan: finished at 2007-02-25 at 13:06:47 -------------------------

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 25 February 2007 - 07:06 AM

Download and run Fixwareout from the link below:
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
After the reboot post the contents of the logfile C:\fixwareout\report.txt in your next reply,along with a new Hijackthis log.
Posted Image
Posted Image

#5 dawgbyte77

dawgbyte77
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 25 February 2007 - 07:39 AM

Here is the Fixwareout log:


Fixwareout Last edited 2/11/2007
Post this report in the forums please
...
»»»»»Prerun check

»»»»» System restarted

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.



Click browse, find the file then click submit.
http://www.virustotal.com/flash/index_en.html
Or http://virusscan.jotti.org/

»»»»» Other



»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"AME_CSA"="rundll32 amecsa.cpl,RUN_DLL"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"NvMediaCenter"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"APVXDWIN"="\"d:\\Program Files\\Panda Software\\Panda Platinum 2006 Internet Security\\APVXDWIN.EXE\" /s"
"SCANINICIO"="\"d:\\Program Files\\Panda Software\\Panda Platinum 2006 Internet Security\\Inicio.exe\""
"nwiz"="\"nwiz.exe\" /install"
"KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\not active]
"Acrobat Assistant 7.0"="\"D:\\Program Files\\Adobe\\Adobe Acrobat 7.0\\Distillr\\Acrotray.exe\""
"EPSON Stylus Photo R210 Series"="\"C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I3H2.EXE\" /P30 \"EPSON Stylus Photo R210 Series\" /O6 \"USB002\" /M \"Stylus Photo R210\""
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Startup Manager"="C:\\Documents and Settings\\Noname.XXX\\Application Data\\Systweak\\ASO 2\\smstartUp manager.exe"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\not active]
....
Hosts file was reset, If you use a custom hosts file please replace it
C:\WINDOWS\repair\autoexec.nt missing
C:\WINDOWS\repair\Config.nt missing
C:\WINDOWS\repair\autoexec.nt missing
C:\WINDOWS\repair\Config.nt missing
C:\WINDOWS\repair\autoexec.nt missing
C:\WINDOWS\repair\Config.nt missing
C:\WINDOWS\repair\autoexec.nt missing
C:\WINDOWS\repair\Config.nt missing
C:\WINDOWS\repair\autoexec.nt missing
C:\WINDOWS\repair\Config.nt missing
C:\WINDOWS\repair\autoexec.nt missing
C:\WINDOWS\repair\Config.nt missing
»»»»» End report »»»»»

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 25 February 2007 - 07:55 AM

Can you post the new Hijackthis log as well please.
Posted Image
Posted Image

#7 dawgbyte77

dawgbyte77
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 25 February 2007 - 09:48 AM

Here is the latest HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:46:25 PM, on 2/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe
d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe
d:\Program Files\BUFFALO\Client Manager 2\bwsvc.exe
d:\program files\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe
d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\psimsvc.exe
d:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\BUFFALO\Client Manager 2\ClientMgr2.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\NotifyPhoneBook.exe
D:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\SRVLOAD.EXE
d:\program files\panda software\panda platinum 2006 internet security\WebProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iTunes\iTunes.exe
d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\avciman.exe
d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\psimreal.exe
G:\0 - New Download\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - d:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [APVXDWIN] "d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Startup Manager] C:\Documents and Settings\Noname.XXX\Application Data\Systweak\ASO 2\smstartUp manager.exe
O4 - Global Startup: ClientManager2.lnk = D:\Program Files\BUFFALO\Client Manager 2\ClientMgr2.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Noname.XXX\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1168352266625
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://dawgbyte.multiply.com/photos/uploader.cab
O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 6.0 (SP6)) - http://activex.microsoft.com/controls/vb5/comdlg32.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C1A1FB6-55C7-4C14-849F-543BE86511AB}: NameServer = 85.255.116.60 85.255.112.203
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Buffalo Wireless Service (BWSVC) - BUFFALO INC. - d:\Program Files\BUFFALO\Client Manager 2\bwsvc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Emuclpupahwp - Creative Technology Ltd. - (no file)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - d:\program files\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\psimsvc.exe
O23 - Service: ScsiAccess - Unknown owner - d:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Sound Sservice Driver (Sound Service) - Sonix Co. Ltd. - (no file)
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe
O23 - Service: Ulead Sservice System Files (Ulead Service) - Ralink Technology Inc. - (no file)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 25 February 2007 - 10:16 AM

Download 'e Scan MWAV' from here to your desktop:
http://www.mwti.net/download/tools/mwav.exe
Disconnect from the internet,close all running programs.
Double click on the mwav icon on your desktop.
The program will start,the Licence Agreement will pop up.
Select 'I accept the agreement',then press Ok.
The program will open,leave all the settings as they are.
Now press the 'Scan & Clean' button.
The program will now start scanning your pc.
Once the scan has finished,post the results from the lower window 'Virus Log Information'.

*******************************

Run 'BitDefender Online Scanner' using Internet Explorer:
http://www.bitdefender.com/scan8/ie.html
Read the 'END USER SOFTWARE LICENSE AGREEMENT' then click 'I agree'.
You'll be prompted to install the activex control,please do so.
Once installed click the 'Click here to scan' button.
The virus signatures will then load.
Once loaded the scan will start.
The scan will take quite some time so please be patient.
Once the scan has finished select the 'Detected Problems' tab.
Click on 'Click here to export scan'.
Save the file as an HTML file to your desktop.
Then click on the saved file and allow it to open with your browser.
Go to 'Edit'/'Select All' then copy and paste that log into your next reply.
Posted Image
Posted Image

#9 dawgbyte77

dawgbyte77
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 25 February 2007 - 07:09 PM

It seems MWAV managed to find some bugs and worms. Thank you!
I have not tried BitDefender yet because I am late for work. I'll try that later tonight.
I appreciate the help. I deleted some "scanning" lines so I can fit the log into this window.


Mon Feb 26 07:34:32 2007 => MWAV in SPECIAL PROMOTION MODE.
Mon Feb 26 07:34:32 2007 => **********************************************************
Mon Feb 26 07:34:32 2007 => MicroWorld Anti Virus & Spyware Toolkit Utility.
Mon Feb 26 07:34:32 2007 => Copyright © 2003-2006, MicroWorld Technologies Inc.
Mon Feb 26 07:34:32 2007 => **********************************************************
Mon Feb 26 07:34:32 2007 => Source: G:\0-NEWD~1\HIJACK~1\mwav.exe
Mon Feb 26 07:34:32 2007 => Version 9.1.7 (C:\DOCUME~1\Noname.XXX\LOCALS~1\Temp\mexe.com)
Mon Feb 26 07:34:32 2007 => Log File: C:\DOCUME~1\Noname.XXX\LOCALS~1\Temp\MWAV.LOG
Mon Feb 26 07:34:32 2007 => MWAV Registered: TRUE.
Mon Feb 26 07:34:32 2007 => User Account: Noname
Mon Feb 26 07:34:32 2007 => OS Type: Windows Workstation
Mon Feb 26 07:34:32 2007 => OS: Windows XP
Mon Feb 26 07:34:32 2007 => Ver: Service Pack 2 (Build 2600)
Mon Feb 26 07:34:32 2007 => Windows Root Folder: C:\WINDOWS
Mon Feb 26 07:34:32 2007 => Windows Sys32 Folder: C:\WINDOWS\system32
Mon Feb 26 07:34:32 2007 => Local Fixed Drives: c:\,d:\,e:\,f:\,g:\
Mon Feb 26 07:34:32 2007 => MWAV Mode: Scan and Clean files (for viruses, adware and spyware).
Mon Feb 26 07:34:32 2007 => Latest Date of files inside MWAV: 24 Feb 2007 12:46:3.
Mon Feb 26 07:34:32 2007 => Regvalue RestrictAnonymous Reset. This could be part of a worm!!!
Mon Feb 26 07:34:36 2007 => AV Library Loaded...
Mon Feb 26 07:34:36 2007 => MWAV doing self scanning...
Mon Feb 26 07:34:36 2007 => Scanning File C:\DOCUME~1\Noname.XXX\LOCALS~1\Temp\Getvlist.exe
Mon Feb 26 07:34:36 2007 => Scanning File C:\DOCUME~1\Noname.XXX\LOCALS~1\Temp\main.avi
Mon Feb 26 07:34:36 2007 => Scanning File C:\DOCUME~1\Noname.XXX\LOCALS~1\Temp\virus.avi
Mon Feb 26 07:34:36 2007 => Scanning File C:\DOCUME~1\Noname.XXX\LOCALS~1\Temp\ScanningProcess.exe
Mon Feb 26 07:34:36 2007 => Scanning File C:\DOCUME~1\Noname.XXX\LOCALS~1\Temp\Kave.dll
Mon Feb 26 07:34:36 2007 => Scanning File C:\DOCUME~1\Noname.XXX\LOCALS~1\Temp\prloader.dll
Mon Feb 26 07:34:36 2007 => MWAV files are clean.
Mon Feb 26 07:34:38 2007 => Virus Database Date: 2/24/2007
Mon Feb 26 07:34:38 2007 => Virus Database Count: 273067

Mon Feb 26 07:34:59 2007 => **********************************************************
Mon Feb 26 07:34:59 2007 => MicroWorld Anti Virus & Spyware Toolkit Utility.
Mon Feb 26 07:34:59 2007 => Copyright © 2003-2006, MicroWorld Technologies Inc.
Mon Feb 26 07:34:59 2007 =>
Mon Feb 26 07:34:59 2007 => Support: support@mwti.net
Mon Feb 26 07:34:59 2007 => Web: http://www.mwti.net
Mon Feb 26 07:34:59 2007 => **********************************************************
Mon Feb 26 07:34:59 2007 => Version 9.1.7 (C:\DOCUME~1\Noname.XXX\LOCALS~1\Temp\mexe.com)
Mon Feb 26 07:34:59 2007 => Log File: C:\DOCUME~1\Noname.XXX\LOCALS~1\Temp\MWAV.LOG
Mon Feb 26 07:34:59 2007 => User Account: Noname
Mon Feb 26 07:34:59 2007 => Windows Root Folder: C:\WINDOWS
Mon Feb 26 07:34:59 2007 => Windows Sys32 Folder: C:\WINDOWS\system32
Mon Feb 26 07:34:59 2007 => OS: Windows XP
Mon Feb 26 07:34:59 2007 => Ver: Service Pack 2 (Build 2600)
Mon Feb 26 07:34:59 2007 => Latest Date of files inside MWAV: 24 Feb 2007 12:46:3.

Mon Feb 26 07:34:59 2007 => Options Selected by User:
Mon Feb 26 07:34:59 2007 => Memory Check: Enabled
Mon Feb 26 07:34:59 2007 => Registry Check: Enabled
Mon Feb 26 07:34:59 2007 => StartUp Folder Check: Enabled
Mon Feb 26 07:34:59 2007 => System Folder Check: Enabled
Mon Feb 26 07:34:59 2007 => System Area Check: Disabled
Mon Feb 26 07:34:59 2007 => Services Check: Enabled
Mon Feb 26 07:34:59 2007 => Drive Check Option Disabled
Mon Feb 26 07:34:59 2007 => Folder Check: Disabled

Mon Feb 26 07:35:02 2007 => ***** Scanning Memory Files *****
Mon Feb 26 07:35:02 2007 => Scanning File C:\WINDOWS\System32\smss.exe
Mon Feb 26 07:35:02 2007 => Scanning File C:\WINDOWS\system32\ntdll.dll
Mon Feb 26 07:35:02 2007 => Scanning File C:\WINDOWS\SYSTEM32\CSRSS.EXE
Mon Feb 26 07:35:02 2007 => Scanning File C:\WINDOWS\system32\CSRSRV.dll
Mon Feb 26 07:35:02 2007 => Scanning File C:\WINDOWS\system32\basesrv.dll
Mon Feb 26 07:35:02 2007 => Scanning File C:\WINDOWS\system32\winsrv.dll
Mon Feb 26 07:35:02 2007 => Scanning File C:\WINDOWS\system32\USER32.dll
Mon Feb 26 07:35:02 2007 => Scanning File C:\WINDOWS\system32\KERNEL32.dll
Mon Feb 26 07:35:02 2007 => Scanning File C:\WINDOWS\system32\GDI32.dll
Mon Feb 26 07:35:02 2007 => Scanning File C:\WINDOWS\system32\LPK.DLL
Mon Feb 26 07:35:02 2007 => Scanning File C:\WINDOWS\system32\USP10.dll
Mon Feb 26 07:35:02 2007 => Scanning File C:\WINDOWS\system32\msvcrt.dll
Mon Feb 26 07:35:02 2007 => Scanning File C:\WINDOWS\system32\ADVAPI32.dll
Mon Feb 26 07:35:02 2007 => Scanning File C:\WINDOWS\system32\RPCRT4.dll
Mon Feb 26 07:35:02 2007 => Scanning File C:\WINDOWS\system32\sxs.dll
Mon Feb 26 07:35:02 2007 => Scanning File C:\WINDOWS\system32\Apphelp.dll
Mon Feb 26 07:35:02 2007 => Scanning File C:\WINDOWS\system32\VERSION.dll
Mon Feb 26 07:35:02 2007 => Scanning File C:\WINDOWS\SYSTEM32\WINLOGON.EXE
Mon Feb 26 07:35:02 2007 => Scanning File C:\WINDOWS\system32\AUTHZ.dll
Mon Feb 26 07:35:02 2007 => Scanning File C:\WINDOWS\system32\CRYPT32.dll
Mon Feb 26 07:35:02 2007 => Scanning File C:\WINDOWS\system32\MSASN1.dll
Mon Feb 26 07:35:02 2007 => Scanning File C:\WINDOWS\system32\NDdeApi.dll
Mon Feb 26 07:35:02 2007 => Scanning File C:\WINDOWS\system32\PROFMAP.dll
Mon Feb 26 07:35:02 2007 => Scanning File C:\WINDOWS\system32\NETAPI32.dll
Mon Feb 26 07:35:02 2007 => Scanning File C:\WINDOWS\system32\USERENV.dll
Mon Feb 26 07:35:03 2007 => Scanning File C:\WINDOWS\system32\PSAPI.DLL
Mon Feb 26 07:35:03 2007 => Scanning File C:\WINDOWS\system32\REGAPI.dll
Mon Feb 26 07:35:03 2007 => Scanning File C:\WINDOWS\system32\Secur32.dll
Mon Feb 26 07:35:03 2007 => Scanning File C:\WINDOWS\system32\SETUPAPI.dll
Mon Feb 26 07:35:03 2007 => Scanning File C:\WINDOWS\system32\WINSTA.dll
Mon Feb 26 07:35:03 2007 => Scanning File C:\WINDOWS\system32\WINTRUST.dll
Mon Feb 26 07:35:03 2007 => Scanning File C:\WINDOWS\system32\IMAGEHLP.dll
Mon Feb 26 07:35:03 2007 => Scanning File C:\WINDOWS\system32\WS2_32.dll
Mon Feb 26 07:35:03 2007 => Scanning File C:\WINDOWS\system32\WS2HELP.dll
Mon Feb 26 07:35:03 2007 => Scanning File C:\WINDOWS\system32\IMM32.DLL
Mon Feb 26 07:35:03 2007 => Scanning File C:\WINDOWS\system32\MSGINA.dll
Mon Feb 26 07:35:03 2007 => Scanning File C:\WINDOWS\system32\SHELL32.dll
Mon Feb 26 07:35:03 2007 => Scanning File C:\WINDOWS\system32\SHLWAPI.dll
Mon Feb 26 07:35:03 2007 => Scanning File C:\WINDOWS\system32\COMCTL32.dll
Mon Feb 26 07:35:03 2007 => Scanning File C:\WINDOWS\system32\ODBC32.dll
Mon Feb 26 07:35:03 2007 => Scanning File C:\WINDOWS\system32\comdlg32.dll
Mon Feb 26 07:35:03 2007 => Scanning File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
Mon Feb 26 07:35:03 2007 => Scanning File C:\WINDOWS\system32\odbcint.dll
Mon Feb 26 07:35:03 2007 => Scanning File C:\WINDOWS\system32\SHSVCS.dll
Mon Feb 26 07:35:03 2007 => Scanning File C:\WINDOWS\system32\sfc.dll
Mon Feb 26 07:35:03 2007 => Scanning File C:\WINDOWS\system32\sfc_os.dll
Mon Feb 26 07:35:03 2007 => Scanning File C:\WINDOWS\system32\ole32.dll
Mon Feb 26 07:35:03 2007 => Scanning File C:\WINDOWS\system32\msctfime.ime
Mon Feb 26 07:35:03 2007 => Scanning File C:\WINDOWS\system32\WINSCARD.DLL
Mon Feb 26 07:35:03 2007 => Scanning File C:\WINDOWS\system32\WTSAPI32.dll
Mon Feb 26 07:35:03 2007 => Scanning File C:\WINDOWS\system32\WINMM.dll
Mon Feb 26 07:35:03 2007 => Scanning File C:\WINDOWS\system32\uxtheme.dll
Mon Feb 26 07:35:03 2007 => Scanning File C:\WINDOWS\SYSTEM32\avldr.dll
Mon Feb 26 07:35:03 2007 => Scanning File C:\WINDOWS\SYSTEM32\cscdll.dll
Mon Feb 26 07:35:03 2007 => Scanning File C:\WINDOWS\system32\rsaenh.dll
Mon Feb 26 07:35:03 2007 => Scanning File C:\WINDOWS\SYSTEM32\WlNotify.dll
Mon Feb 26 07:35:03 2007 => Scanning File C:\WINDOWS\system32\WINSPOOL.DRV
Mon Feb 26 07:35:03 2007 => Scanning File C:\WINDOWS\system32\MPR.dll
Mon Feb 26 07:35:03 2007 => Scanning File C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
Mon Feb 26 07:35:03 2007 => Scanning File C:\WINDOWS\system32\oleaut32.dll
Mon Feb 26 07:35:03 2007 => Scanning File C:\WINDOWS\system32\SAMLIB.dll
Mon Feb 26 07:35:03 2007 => Scanning File C:\WINDOWS\system32\msv1_0.dll
Mon Feb 26 07:35:03 2007 => Scanning File C:\WINDOWS\system32\iphlpapi.dll
Mon Feb 26 07:35:03 2007 => Scanning File C:\WINDOWS\system32\wldap32.dll
Mon Feb 26 07:35:03 2007 => Scanning File C:\WINDOWS\system32\RASAPI32.dll
Mon Feb 26 07:35:03 2007 => Scanning File C:\WINDOWS\system32\rasman.dll
Mon Feb 26 07:35:03 2007 => Scanning File C:\WINDOWS\system32\TAPI32.dll
Mon Feb 26 07:35:03 2007 => Scanning File C:\WINDOWS\system32\rtutils.dll
Mon Feb 26 07:35:03 2007 => Scanning File C:\WINDOWS\system32\cscui.dll
Mon Feb 26 07:35:03 2007 => Scanning File C:\WINDOWS\system32\xpsp2res.dll
Mon Feb 26 07:35:04 2007 => Scanning File C:\WINDOWS\system32\COMRes.dll
Mon Feb 26 07:35:04 2007 => Scanning File C:\WINDOWS\system32\CLBCATQ.DLL
Mon Feb 26 07:35:04 2007 => Scanning File C:\WINDOWS\system32\NTMARTA.DLL
Mon Feb 26 07:35:04 2007 => Scanning File C:\WINDOWS\system32\wdmaud.drv
Mon Feb 26 07:35:04 2007 => Scanning File C:\WINDOWS\system32\msacm32.drv
Mon Feb 26 07:35:04 2007 => Scanning File C:\WINDOWS\system32\MSACM32.dll
Mon Feb 26 07:35:04 2007 => Scanning File C:\WINDOWS\system32\midimap.dll
Mon Feb 26 07:35:04 2007 => Scanning File C:\WINDOWS\system32\services.exe
Mon Feb 26 07:35:04 2007 => Scanning File C:\WINDOWS\system32\SCESRV.dll
Mon Feb 26 07:35:04 2007 => Scanning File C:\WINDOWS\system32\umpnpmgr.dll
Mon Feb 26 07:35:04 2007 => Scanning File C:\WINDOWS\system32\NCObjAPI.DLL
Mon Feb 26 07:35:04 2007 => Scanning File C:\WINDOWS\system32\MSVCP60.dll
Mon Feb 26 07:35:04 2007 => Scanning File C:\WINDOWS\system32\ShimEng.dll
Mon Feb 26 07:35:04 2007 => Scanning File C:\WINDOWS\AppPatch\AcGenral.DLL
Mon Feb 26 07:35:04 2007 => Scanning File C:\WINDOWS\system32\eventlog.dll
Mon Feb 26 07:35:04 2007 => Scanning File C:\WINDOWS\system32\lsass.exe
Mon Feb 26 07:35:04 2007 => Scanning File C:\WINDOWS\system32\LSASRV.dll
Mon Feb 26 07:35:04 2007 => Scanning File C:\WINDOWS\system32\SAMSRV.dll
Mon Feb 26 07:35:04 2007 => Scanning File C:\WINDOWS\system32\cryptdll.dll
Mon Feb 26 07:35:04 2007 => Scanning File C:\WINDOWS\system32\DNSAPI.dll
Mon Feb 26 07:35:04 2007 => Scanning File C:\WINDOWS\system32\NTDSAPI.dll
Mon Feb 26 07:35:04 2007 => Scanning File C:\WINDOWS\system32\msprivs.dll
Mon Feb 26 07:35:04 2007 => Scanning File C:\WINDOWS\system32\kerberos.dll
Mon Feb 26 07:35:04 2007 => Scanning File C:\WINDOWS\system32\netlogon.dll
Mon Feb 26 07:35:04 2007 => Scanning File C:\WINDOWS\system32\w32time.dll
Mon Feb 26 07:35:04 2007 => Scanning File C:\WINDOWS\system32\schannel.dll
Mon Feb 26 07:35:04 2007 => Scanning File C:\WINDOWS\system32\wdigest.dll
Mon Feb 26 07:35:04 2007 => Scanning File C:\WINDOWS\system32\scecli.dll
Mon Feb 26 07:35:04 2007 => Scanning File C:\WINDOWS\system32\dssenh.dll
Mon Feb 26 07:35:04 2007 => Scanning File C:\WINDOWS\system32\ipsecsvc.dll
Mon Feb 26 07:35:04 2007 => Scanning File C:\WINDOWS\system32\oakley.DLL
Mon Feb 26 07:35:04 2007 => Scanning File C:\WINDOWS\system32\WINIPSEC.DLL
Mon Feb 26 07:35:04 2007 => Scanning File C:\WINDOWS\system32\pstorsvc.dll
Mon Feb 26 07:35:05 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\pavlsp.dll
Mon Feb 26 07:35:05 2007 => Scanning File C:\WINDOWS\system32\psbase.dll
Mon Feb 26 07:35:05 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\icl_cfg.dll
Mon Feb 26 07:35:05 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\PavTrc.dll
Mon Feb 26 07:35:05 2007 => Scanning File C:\WINDOWS\system32\WSOCK32.dll
Mon Feb 26 07:35:05 2007 => Scanning File C:\WINDOWS\system32\mswsock.dll
Mon Feb 26 07:35:05 2007 => Scanning File C:\WINDOWS\system32\hnetcfg.dll
Mon Feb 26 07:35:05 2007 => Scanning File C:\WINDOWS\System32\wshtcpip.dll
Mon Feb 26 07:35:05 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Mon Feb 26 07:35:05 2007 => Scanning File c:\windows\system32\rpcss.dll
Mon Feb 26 07:35:05 2007 => Scanning File c:\windows\system32\termsrv.dll
Mon Feb 26 07:35:05 2007 => Scanning File c:\windows\system32\ICAAPI.dll
Mon Feb 26 07:35:05 2007 => Scanning File c:\windows\system32\mstlsapi.dll
Mon Feb 26 07:35:05 2007 => Scanning File c:\windows\system32\ACTIVEDS.dll
Mon Feb 26 07:35:05 2007 => Scanning File c:\windows\system32\adsldpc.dll
Mon Feb 26 07:35:05 2007 => Scanning File c:\windows\system32\ATL.DLL
Mon Feb 26 07:35:05 2007 => Scanning File C:\WINDOWS\System32\winrnr.dll
Mon Feb 26 07:35:05 2007 => Scanning File C:\WINDOWS\system32\rasadhlp.dll
Mon Feb 26 07:35:05 2007 => Scanning File C:\WINDOWS\system32\msi.dll
Mon Feb 26 07:35:05 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\pavsrv51.exe
Mon Feb 26 07:35:05 2007 => Scanning File C:\WINDOWS\system32\VDMDBG.dll
Mon Feb 26 07:35:05 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\avengdll.dll
Mon Feb 26 07:35:05 2007 => Scanning File C:\PROGRA~1\COMMON~1\PANDAS~1\PavShld\PAVSHLD.DLL
Mon Feb 26 07:35:05 2007 => Scanning File C:\PROGRA~1\COMMON~1\PANDAS~1\PavShld\PROCPROT.DLL
Mon Feb 26 07:35:05 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\PavCntrs.dll
Mon Feb 26 07:35:05 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\AVENGINE.EXE
Mon Feb 26 07:35:05 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\pskas.dll
Mon Feb 26 07:35:05 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\PSKUTIL.dll
Mon Feb 26 07:35:05 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\PSKVFILE.dll
Mon Feb 26 07:35:05 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\PSKALLOC.dll
Mon Feb 26 07:35:05 2007 => Scanning File C:\WINDOWS\system32\MSVCR71.dll
Mon Feb 26 07:35:05 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\pskvfs.dll
Mon Feb 26 07:35:05 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\PSKCMP.dll
Mon Feb 26 07:35:05 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\PSKPACK.DLL
Mon Feb 26 07:35:05 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\pskvm.dll
Mon Feb 26 07:35:05 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\PSKHTML.dll
Mon Feb 26 07:35:05 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\pskmdfs.dll
Mon Feb 26 07:35:05 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\memvfile.dll
Mon Feb 26 07:35:05 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\pskavs.dll
Mon Feb 26 07:35:05 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\pskscs.dll
Mon Feb 26 07:35:05 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\pskfss.dll
Mon Feb 26 07:35:06 2007 => Scanning File c:\windows\system32\cryptsvc.dll
Mon Feb 26 07:35:06 2007 => Scanning File c:\windows\system32\certcli.dll
Mon Feb 26 07:35:06 2007 => Scanning File C:\WINDOWS\system32\CRYPTUI.dll
Mon Feb 26 07:35:06 2007 => Scanning File C:\WINDOWS\system32\WININET.dll
Mon Feb 26 07:35:06 2007 => Scanning File c:\windows\system32\ESENT.dll
Mon Feb 26 07:35:06 2007 => Scanning File c:\windows\system32\uxtuneup.dll
Mon Feb 26 07:35:06 2007 => Scanning File c:\windows\system32\dbghelp.dll
Mon Feb 26 07:35:06 2007 => Scanning File c:\windows\system32\dhcpcsvc.dll
Mon Feb 26 07:35:06 2007 => Scanning File c:\windows\system32\wzcsvc.dll
Mon Feb 26 07:35:06 2007 => Scanning File c:\windows\system32\WMI.dll
Mon Feb 26 07:35:06 2007 => Scanning File C:\WINDOWS\System32\rastls.dll
Mon Feb 26 07:35:06 2007 => Scanning File C:\WINDOWS\system32\MPRAPI.dll
Mon Feb 26 07:35:06 2007 => Scanning File C:\WINDOWS\System32\raschap.dll
Mon Feb 26 07:35:06 2007 => Scanning File c:\windows\system32\schedsvc.dll
Mon Feb 26 07:35:06 2007 => Scanning File C:\WINDOWS\system32\MSIDLE.DLL
Mon Feb 26 07:35:06 2007 => Scanning File c:\windows\system32\audiosrv.dll
Mon Feb 26 07:35:06 2007 => Scanning File c:\windows\system32\wkssvc.dll
Mon Feb 26 07:35:06 2007 => Scanning File c:\windows\system32\dmserver.dll
Mon Feb 26 07:35:06 2007 => Scanning File c:\windows\system32\es.dll
Mon Feb 26 07:35:06 2007 => Scanning File c:\windows\system32\srvsvc.dll
Mon Feb 26 07:35:06 2007 => Scanning File C:\WINDOWS\system32\comsvcs.dll
Mon Feb 26 07:35:06 2007 => Scanning File C:\WINDOWS\system32\MTXCLU.DLL
Mon Feb 26 07:35:06 2007 => Scanning File C:\WINDOWS\system32\colbact.DLL
Mon Feb 26 07:35:06 2007 => Scanning File C:\WINDOWS\system32\CLUSAPI.DLL
Mon Feb 26 07:35:06 2007 => Scanning File C:\WINDOWS\system32\RESUTILS.DLL
Mon Feb 26 07:35:06 2007 => Scanning File c:\windows\system32\netman.dll
Mon Feb 26 07:35:06 2007 => Scanning File c:\windows\system32\netshell.dll
Mon Feb 26 07:35:06 2007 => Scanning File c:\windows\system32\credui.dll
Mon Feb 26 07:35:07 2007 => Scanning File c:\windows\system32\WZCSAPI.DLL
Mon Feb 26 07:35:07 2007 => Scanning File c:\windows\system32\seclogon.dll
Mon Feb 26 07:35:07 2007 => Scanning File c:\windows\system32\sens.dll
Mon Feb 26 07:35:07 2007 => Scanning File c:\windows\system32\srsvc.dll
Mon Feb 26 07:35:07 2007 => Scanning File c:\windows\system32\POWRPROF.dll
Mon Feb 26 07:35:07 2007 => Scanning File c:\windows\system32\trkwks.dll
Mon Feb 26 07:35:07 2007 => Scanning File c:\windows\system32\wbem\wmisvc.dll
Mon Feb 26 07:35:07 2007 => Scanning File C:\WINDOWS\system32\VSSAPI.DLL
Mon Feb 26 07:35:07 2007 => Scanning File c:\windows\system32\wuauserv.dll
Mon Feb 26 07:35:07 2007 => Scanning File C:\WINDOWS\system32\wuaueng.dll
Mon Feb 26 07:35:07 2007 => Scanning File C:\WINDOWS\system32\ADVPACK.dll
Mon Feb 26 07:35:07 2007 => Scanning File C:\WINDOWS\system32\SHFOLDER.dll
Mon Feb 26 07:35:07 2007 => Scanning File C:\WINDOWS\system32\WINHTTP.dll
Mon Feb 26 07:35:07 2007 => Scanning File C:\WINDOWS\system32\Cabinet.dll
Mon Feb 26 07:35:07 2007 => Scanning File C:\WINDOWS\system32\mspatcha.dll
Mon Feb 26 07:35:07 2007 => Scanning File c:\windows\system32\browser.dll
Mon Feb 26 07:35:07 2007 => Scanning File c:\windows\system32\wscsvc.dll
Mon Feb 26 07:35:07 2007 => Scanning File c:\windows\system32\ipnathlp.dll
Mon Feb 26 07:35:07 2007 => Scanning File C:\WINDOWS\System32\wbem\wbemcomn.dll
Mon Feb 26 07:35:07 2007 => Scanning File C:\WINDOWS\SYSTEM32\WBEM\wbemcore.dll
Mon Feb 26 07:35:07 2007 => Scanning File C:\WINDOWS\SYSTEM32\WBEM\esscli.dll
Mon Feb 26 07:35:07 2007 => Scanning File C:\WINDOWS\SYSTEM32\WBEM\FastProx.dll
Mon Feb 26 07:35:07 2007 => Scanning File C:\WINDOWS\System32\wbem\wmiutils.dll
Mon Feb 26 07:35:07 2007 => Scanning File C:\WINDOWS\System32\wbem\repdrvfs.dll
Mon Feb 26 07:35:07 2007 => Scanning File c:\windows\system32\tapisrv.dll
Mon Feb 26 07:35:07 2007 => Scanning File c:\windows\system32\rasmans.dll
Mon Feb 26 07:35:07 2007 => Scanning File c:\windows\system32\netcfgx.dll
Mon Feb 26 07:35:07 2007 => Scanning File C:\WINDOWS\System32\wbem\wmiprvsd.dll
Mon Feb 26 07:35:07 2007 => Scanning File C:\WINDOWS\system32\rastapi.dll
Mon Feb 26 07:35:07 2007 => Scanning File C:\WINDOWS\System32\wbem\wbemess.dll
Mon Feb 26 07:35:07 2007 => Scanning File C:\WINDOWS\system32\unimdm.tsp
Mon Feb 26 07:35:08 2007 => Scanning File C:\WINDOWS\system32\uniplat.dll
Mon Feb 26 07:35:08 2007 => Scanning File C:\WINDOWS\system32\kmddsp.tsp
Mon Feb 26 07:35:08 2007 => Scanning File C:\WINDOWS\system32\ndptsp.tsp
Mon Feb 26 07:35:08 2007 => Scanning File C:\WINDOWS\system32\ipconf.tsp
Mon Feb 26 07:35:08 2007 => Scanning File C:\WINDOWS\system32\h323.tsp
Mon Feb 26 07:35:08 2007 => Scanning File C:\WINDOWS\system32\hidphone.tsp
Mon Feb 26 07:35:08 2007 => Scanning File C:\WINDOWS\system32\HID.DLL
Mon Feb 26 07:35:08 2007 => Scanning File C:\WINDOWS\system32\rasppp.dll
Mon Feb 26 07:35:08 2007 => Scanning File C:\WINDOWS\system32\ntlsapi.dll
Mon Feb 26 07:35:08 2007 => Scanning File C:\WINDOWS\System32\wbem\ncprov.dll
Mon Feb 26 07:35:08 2007 => Scanning File C:\WINDOWS\system32\wups.dll
Mon Feb 26 07:35:08 2007 => Scanning File C:\WINDOWS\System32\upnp.dll
Mon Feb 26 07:35:08 2007 => Scanning File C:\WINDOWS\System32\SSDPAPI.dll
Mon Feb 26 07:35:08 2007 => Scanning File C:\WINDOWS\system32\RASDLG.dll
Mon Feb 26 07:35:08 2007 => Scanning File C:\WINDOWS\System32\wbem\wbemsvc.dll
Mon Feb 26 07:35:08 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\TPSrv.exe
Mon Feb 26 07:35:08 2007 => Scanning File C:\WINDOWS\system32\pavipc.dll
Mon Feb 26 07:35:08 2007 => Scanning File C:\WINDOWS\system32\TpUtil.dll
Mon Feb 26 07:35:08 2007 => Scanning File C:\WINDOWS\system32\MSVCP71.dll
Mon Feb 26 07:35:08 2007 => Scanning File D:\PROGRA~1\PANDAS~1\PANDAP~1\PavVT.dll
Mon Feb 26 07:35:08 2007 => Scanning File D:\PROGRA~1\PANDAS~1\PANDAP~1\pfsf.dll
Mon Feb 26 07:35:08 2007 => Scanning File C:\WINDOWS\system32\systools.dll
Mon Feb 26 07:35:09 2007 => Scanning File D:\PROGRA~1\PANDAS~1\PANDAP~1\pskudna.dll
Mon Feb 26 07:35:09 2007 => Scanning File D:\PROGRA~1\PANDAS~1\PANDAP~1\PavTPU.dll
Mon Feb 26 07:35:09 2007 => Scanning File D:\PROGRA~1\PANDAS~1\PANDAP~1\PavSRU.dll
Mon Feb 26 07:35:09 2007 => Scanning File d:\PROGRA~1\BUFFALO\CLIENT~1\bwsvc.exe
Mon Feb 26 07:35:09 2007 => Scanning File d:\PROGRA~1\BUFFALO\CLIENT~1\WNetSet.dll
Mon Feb 26 07:35:09 2007 => Scanning File d:\PROGRA~1\BUFFALO\CLIENT~1\WNetProf.dll
Mon Feb 26 07:35:09 2007 => Scanning File d:\PROGRA~1\BUFFALO\CLIENT~1\WNetTag.dll
Mon Feb 26 07:35:09 2007 => Scanning File d:\PROGRA~1\BUFFALO\CLIENT~1\WNetEnc.dll
Mon Feb 26 07:35:09 2007 => Scanning File d:\PROGRA~1\BUFFALO\CLIENT~1\Essidset.dll
Mon Feb 26 07:35:09 2007 => Scanning File C:\WINDOWS\system32\CFGMGR32.DLL
Mon Feb 26 07:35:09 2007 => Scanning File d:\PROGRA~1\BUFFALO\CLIENT~1\BufSupp.dll
Mon Feb 26 07:35:09 2007 => Scanning File d:\PROGRA~1\BUFFALO\CLIENT~1\odSupp_M.dll
Mon Feb 26 07:35:09 2007 => Scanning File d:\PROGRA~1\BUFFALO\CLIENT~1\AossSdk.dll
Mon Feb 26 07:35:09 2007 => Scanning File d:\PROGRA~1\BUFFALO\CLIENT~1\Bufpkt.dll
Mon Feb 26 07:35:09 2007 => Scanning File C:\WINDOWS\system32\ICMP.DLL
Mon Feb 26 07:35:09 2007 => Scanning File c:\windows\system32\dnsrslvr.dll
Mon Feb 26 07:35:09 2007 => Scanning File c:\windows\system32\lmhsvc.dll
Mon Feb 26 07:35:09 2007 => Scanning File c:\windows\system32\webclnt.dll
Mon Feb 26 07:35:09 2007 => Scanning File C:\WINDOWS\system32\urlmon.dll
Mon Feb 26 07:35:09 2007 => Scanning File c:\windows\system32\ssdpsrv.dll
Mon Feb 26 07:35:09 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\firewall\PNMSRV.EXE
Mon Feb 26 07:35:09 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\firewall\netflt.dll
Mon Feb 26 07:35:09 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\firewall\apflctrl.dll
Mon Feb 26 07:35:09 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\firewall\IdsFlt.dll
Mon Feb 26 07:35:09 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\firewall\dsaflt.dll
Mon Feb 26 07:35:09 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\firewall\fnetctrl.dll
Mon Feb 26 07:35:09 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\firewall\smsflt.dll
Mon Feb 26 07:35:10 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\firewall\wnmflt.dll
Mon Feb 26 07:35:10 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\firewall\PNMATDI.dll
Mon Feb 26 07:35:10 2007 => Scanning File C:\WINDOWS\system32\spoolsv.exe
Mon Feb 26 07:35:10 2007 => Scanning File C:\WINDOWS\system32\SPOOLSS.DLL
Mon Feb 26 07:35:10 2007 => Scanning File C:\WINDOWS\system32\localspl.dll
Mon Feb 26 07:35:10 2007 => Scanning File C:\WINDOWS\System32\AdobePDF.dll
Mon Feb 26 07:35:10 2007 => Scanning File D:\PROGRA~1\Adobe\ADOBEA~1.0\Distillr\adistres.dll
Mon Feb 26 07:35:10 2007 => Scanning File C:\WINDOWS\system32\cnbjmon.dll
Mon Feb 26 07:35:10 2007 => Scanning File C:\WINDOWS\system32\E_SL2068.DLL
Mon Feb 26 07:35:10 2007 => Scanning File C:\WINDOWS\system32\EBPMON24.DLL
Mon Feb 26 07:35:10 2007 => Scanning File C:\WINDOWS\system32\pjlmon.dll
Mon Feb 26 07:35:10 2007 => Scanning File C:\WINDOWS\system32\tcpmon.dll
Mon Feb 26 07:35:10 2007 => Scanning File C:\WINDOWS\system32\usbmon.dll
Mon Feb 26 07:35:10 2007 => Scanning File C:\WINDOWS\system32\win32spl.dll
Mon Feb 26 07:35:10 2007 => Scanning File C:\WINDOWS\system32\NETRAP.dll
Mon Feb 26 07:35:10 2007 => Scanning File C:\WINDOWS\system32\ADMWPROX.DLL
Mon Feb 26 07:35:10 2007 => Scanning File C:\WINDOWS\system32\inetpp.dll
Mon Feb 26 07:35:10 2007 => Scanning File C:\PROGRA~1\COMMON~1\AUTHEN~1\ANTIVI~1\dvpapi.exe
Mon Feb 26 07:35:10 2007 => Scanning File C:\WINDOWS\System32\inetsrv\inetinfo.exe
Mon Feb 26 07:35:10 2007 => Scanning File C:\WINDOWS\system32\IisRTL.DLL
Mon Feb 26 07:35:10 2007 => Scanning File C:\WINDOWS\System32\inetsrv\rpcref.dll
Mon Feb 26 07:35:10 2007 => Scanning File C:\WINDOWS\System32\inetsrv\iisadmin.dll
Mon Feb 26 07:35:10 2007 => Scanning File C:\WINDOWS\System32\inetsrv\COADMIN.dll
Mon Feb 26 07:35:10 2007 => Scanning File C:\WINDOWS\System32\inetsrv\metadata.dll
Mon Feb 26 07:35:10 2007 => Scanning File C:\WINDOWS\System32\inetsrv\nsepm.dll
Mon Feb 26 07:35:10 2007 => Scanning File C:\WINDOWS\system32\IISMAP.dll
Mon Feb 26 07:35:10 2007 => Scanning File C:\WINDOWS\System32\inetsrv\wamreg.dll
Mon Feb 26 07:35:10 2007 => Scanning File C:\WINDOWS\System32\inetsrv\admexs.dll
Mon Feb 26 07:35:10 2007 => Scanning File C:\WINDOWS\System32\inetsrv\svcext.dll
Mon Feb 26 07:35:10 2007 => Scanning File C:\WINDOWS\system32\Security.dll
Mon Feb 26 07:35:10 2007 => Scanning File C:\WINDOWS\System32\inetsrv\SMTPSVC.dll
Mon Feb 26 07:35:11 2007 => Scanning File C:\WINDOWS\System32\inetsrv\INFOCOMM.dll
Mon Feb 26 07:35:11 2007 => Scanning File C:\WINDOWS\System32\inetsrv\ISATQ.dll
Mon Feb 26 07:35:11 2007 => Scanning File C:\WINDOWS\System32\inetsrv\IISFECNV.dll
Mon Feb 26 07:35:11 2007 => Scanning File C:\WINDOWS\system32\FCACHDLL.dll
Mon Feb 26 07:35:11 2007 => Scanning File C:\WINDOWS\system32\RWNH.dll
Mon Feb 26 07:35:11 2007 => Scanning File C:\WINDOWS\system32\exstrace.dll
Mon Feb 26 07:35:11 2007 => Scanning File C:\WINDOWS\system32\STAXMEM.dll
Mon Feb 26 07:35:11 2007 => Scanning File C:\WINDOWS\System32\inetsrv\w3svc.dll
Mon Feb 26 07:35:11 2007 => Scanning File C:\WINDOWS\System32\inetsrv\lonsint.dll
Mon Feb 26 07:35:11 2007 => Scanning File C:\WINDOWS\System32\inetsrv\iscomlog.dll
Mon Feb 26 07:35:11 2007 => Scanning File C:\WINDOWS\System32\inetsrv\sspifilt.dll
Mon Feb 26 07:35:11 2007 => Scanning File C:\WINDOWS\System32\inetsrv\compfilt.dll
Mon Feb 26 07:35:11 2007 => Scanning File C:\WINDOWS\system32\inetsrv\gzip.dll
Mon Feb 26 07:35:11 2007 => Scanning File C:\WINDOWS\System32\inetsrv\seo.dll
Mon Feb 26 07:35:11 2007 => Scanning File C:\WINDOWS\System32\inetsrv\pwsdata.dll
Mon Feb 26 07:35:11 2007 => Scanning File C:\WINDOWS\System32\inetsrv\md5filt.dll
Mon Feb 26 07:35:11 2007 => Scanning File C:\PROGRA~1\COMMON~1\MICROS~1\WEBSER~1\40\bin\fpexedll.dll
Mon Feb 26 07:35:11 2007 => Scanning File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
Mon Feb 26 07:35:11 2007 => Scanning File C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll
Mon Feb 26 07:35:11 2007 => Scanning File C:\WINDOWS\System32\inetsrv\aqueue.dll
Mon Feb 26 07:35:11 2007 => Scanning File C:\WINDOWS\System32\inetsrv\httpext.dll
Mon Feb 26 07:35:11 2007 => Scanning File C:\WINDOWS\System32\inetsrv\ntfsdrv.dll
Mon Feb 26 07:35:11 2007 => Scanning File C:\PROGRA~1\COMMON~1\MICROS~1\VS7Debug\mdm.exe
Mon Feb 26 07:35:11 2007 => Scanning File C:\PROGRA~1\COMMON~1\MICROS~1\VS7Debug\csm.dll
Mon Feb 26 07:35:11 2007 => Scanning File C:\PROGRA~1\COMMON~1\MICROS~1\VS7Debug\msdbg2.dll
Mon Feb 26 07:35:11 2007 => Scanning File C:\PROGRA~1\MICROS~4\MSSQL.1\MSSQL\Binn\sqlservr.exe
Mon Feb 26 07:35:13 2007 => Scanning File C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCP80.dll
Mon Feb 26 07:35:13 2007 => Scanning File C:\PROGRA~1\MICROS~4\MSSQL.1\MSSQL\Binn\opends60.dll
Mon Feb 26 07:35:13 2007 => Scanning File C:\PROGRA~1\MICROS~4\90\Shared\instapi.dll
Mon Feb 26 07:35:13 2007 => Scanning File C:\PROGRA~1\MICROS~4\MSSQL.1\MSSQL\Binn\RESOUR~1\1033\sqlevn70.RLL
Mon Feb 26 07:35:13 2007 => Scanning File C:\PROGRA~1\MICROS~4\MSSQL.1\MSSQL\Binn\SQLOS.DLL
Mon Feb 26 07:35:13 2007 => Scanning File C:\WINDOWS\system32\MSCOREE.DLL
Mon Feb 26 07:35:13 2007 => Scanning File C:\WINDOWS\system32\nvsvc32.exe
Mon Feb 26 07:35:13 2007 => Scanning File C:\WINDOWS\system32\nvapi.dll
Mon Feb 26 07:35:13 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\PavFnSvr.exe
Mon Feb 26 07:35:13 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\Plats.dll
Mon Feb 26 07:35:13 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\PROTEXC.DLL
Mon Feb 26 07:35:13 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\libxml2.dll
Mon Feb 26 07:35:13 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\TPConf.dll
Mon Feb 26 07:35:13 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\AVCIC.DLL
Mon Feb 26 07:35:13 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\Psscan.dll
Mon Feb 26 07:35:13 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\ParserFW.dll
Mon Feb 26 07:35:13 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\Firewall\PNMApi.dll
Mon Feb 26 07:35:13 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\firewall\DPIFTran.dll
Mon Feb 26 07:35:13 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\CPDLL.DLL
Mon Feb 26 07:35:13 2007 => Scanning File C:\PROGRA~1\COMMON~1\PANDAS~1\PavShld\pavprsrv.exe
Mon Feb 26 07:35:13 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\AntiSpam\pskmssvc.exe
Mon Feb 26 07:35:13 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\AntiSpam\pskmssrv.dll
Mon Feb 26 07:35:14 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\AntiSpam\WINSPA~1.DLL
Mon Feb 26 07:35:14 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\psimsvc.exe
Mon Feb 26 07:35:14 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\PSImFltr.dll
Mon Feb 26 07:35:14 2007 => Scanning File d:\PROGRA~1\Photodex\PROSHO~1\SCSIAC~1.EXE
Mon Feb 26 07:35:14 2007 => Scanning File c:\windows\system32\wiaservc.dll
Mon Feb 26 07:35:14 2007 => Scanning File c:\windows\system32\mscms.dll
Mon Feb 26 07:35:14 2007 => Scanning File C:\WINDOWS\System32\actxprxy.dll
Mon Feb 26 07:35:14 2007 => Scanning File C:\WINDOWS\System32\sti.dll
Mon Feb 26 07:35:14 2007 => Scanning File C:\PROGRA~1\UPHClean\uphclean.exe
Mon Feb 26 07:35:14 2007 => Scanning File C:\PROGRA~1\Webroot\SPYSWE~1\SPYSWE~2.EXE
Mon Feb 26 07:35:14 2007 => Scanning File C:\PROGRA~1\Webroot\SPYSWE~1\pcre.dll
Mon Feb 26 07:35:14 2007 => Scanning File C:\PROGRA~1\Webroot\SPYSWE~1\ZTVCAB~1.DLL
Mon Feb 26 07:35:14 2007 => Scanning File C:\PROGRA~1\Webroot\SPYSWE~1\ZTVUNR~1.DLL
Mon Feb 26 07:35:14 2007 => Scanning File C:\WINDOWS\system32\olepro32.dll
Mon Feb 26 07:35:14 2007 => Scanning File C:\WINDOWS\System32\alg.exe
Mon Feb 26 07:35:14 2007 => Scanning File C:\WINDOWS\system32\wscntfy.exe
Mon Feb 26 07:35:14 2007 => Scanning File C:\WINDOWS\system32\nview.dll
Mon Feb 26 07:35:14 2007 => Scanning File C:\WINDOWS\system32\MSCTF.dll
Mon Feb 26 07:35:15 2007 => Scanning File C:\WINDOWS\Explorer.EXE
Mon Feb 26 07:35:15 2007 => Scanning File C:\WINDOWS\system32\BROWSEUI.dll
Mon Feb 26 07:35:15 2007 => Scanning File C:\WINDOWS\system32\SHDOCVW.dll
Mon Feb 26 07:35:15 2007 => Scanning File C:\WINDOWS\System32\themeui.dll
Mon Feb 26 07:35:15 2007 => Scanning File C:\WINDOWS\System32\MSIMG32.dll
Mon Feb 26 07:35:15 2007 => Scanning File C:\PROGRA~1\WINDOW~2\wmpband.dll
Mon Feb 26 07:35:15 2007 => Scanning File C:\WINDOWS\System32\msutb.dll
Mon Feb 26 07:35:15 2007 => Scanning File C:\WINDOWS\system32\ntshrui.dll
Mon Feb 26 07:35:15 2007 => Scanning File C:\WINDOWS\system32\LINKINFO.dll
Mon Feb 26 07:35:15 2007 => Scanning File C:\WINDOWS\System32\webcheck.dll
Mon Feb 26 07:35:15 2007 => Scanning File C:\WINDOWS\System32\stobject.dll
Mon Feb 26 07:35:15 2007 => Scanning File C:\WINDOWS\System32\BatMeter.dll
Mon Feb 26 07:35:15 2007 => Scanning File C:\WINDOWS\system32\WPDShServiceObj.dll
Mon Feb 26 07:35:15 2007 => Scanning File C:\WINDOWS\System32\mydocs.dll
Mon Feb 26 07:35:15 2007 => Scanning File C:\WINDOWS\system32\PortableDeviceTypes.dll
Mon Feb 26 07:35:15 2007 => Scanning File C:\WINDOWS\system32\PortableDeviceApi.dll
Mon Feb 26 07:35:15 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\pavoepl.dll
Mon Feb 26 07:35:15 2007 => Scanning File C:\WINDOWS\System32\drprov.dll
Mon Feb 26 07:35:15 2007 => Scanning File C:\WINDOWS\System32\ntlanman.dll
Mon Feb 26 07:35:15 2007 => Scanning File C:\WINDOWS\System32\NETUI0.dll
Mon Feb 26 07:35:15 2007 => Scanning File C:\WINDOWS\System32\NETUI1.dll
Mon Feb 26 07:35:15 2007 => Scanning File C:\WINDOWS\System32\davclnt.dll
Mon Feb 26 07:35:15 2007 => Scanning File D:\PROGRA~1\Adobe\ADOBEA~1.0\ActiveX\PDFShell.dll
Mon Feb 26 07:35:15 2007 => Scanning File C:\WINDOWS\system32\shdoclc.dll
Mon Feb 26 07:35:15 2007 => Scanning File D:\PROGRA~1\Ashampoo\AS7246~1\CONTEX~1.DLL
Mon Feb 26 07:35:15 2007 => Scanning File D:\PROGRA~1\Ashampoo\ASHAMP~4\CONTEX~1.DLL
Mon Feb 26 07:35:15 2007 => Scanning File C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
Mon Feb 26 07:35:15 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\PAVOLE.DLL
Mon Feb 26 07:35:15 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\StoreMan.dll
Mon Feb 26 07:35:15 2007 => Scanning File C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
Mon Feb 26 07:35:15 2007 => Scanning File C:\PROGRA~1\WinRAR\rarext.dll
Mon Feb 26 07:35:15 2007 => Scanning File D:\PROGRA~1\TUNEUP~1\SDSHEL~1.DLL
Mon Feb 26 07:35:15 2007 => Scanning File d:\PROGRA~1\ADVANC~1\ShellExt.dll
Mon Feb 26 07:35:15 2007 => Scanning File C:\WINDOWS\system32\mobsync.dll
Mon Feb 26 07:35:15 2007 => Scanning File C:\WINDOWS\system32\wzcdlg.dll
Mon Feb 26 07:35:15 2007 => Scanning File C:\WINDOWS\system32\browselc.dll
Mon Feb 26 07:35:15 2007 => Scanning File d:\PROGRA~1\SPYBOT~1\SDHelper.dll
Mon Feb 26 07:35:16 2007 => Scanning File C:\WINDOWS\system32\DUSER.dll
Mon Feb 26 07:35:16 2007 => Scanning File D:\PROGRA~1\MICROS~1\Office10\msohev.dll
Mon Feb 26 07:35:16 2007 => Scanning File C:\WINDOWS\system32\nvwddi.dll
Mon Feb 26 07:35:16 2007 => Scanning File C:\WINDOWS\system32\wmpshell.dll
Mon Feb 26 07:35:16 2007 => Scanning File C:\WINDOWS\system32\cryptnet.dll
Mon Feb 26 07:35:16 2007 => Scanning File C:\WINDOWS\system32\SensApi.dll
Mon Feb 26 07:35:16 2007 => Scanning File C:\WINDOWS\system32\rundll32.exe
Mon Feb 26 07:35:16 2007 => Scanning File C:\WINDOWS\system32\amecsa.cpl
Mon Feb 26 07:35:16 2007 => Scanning File C:\WINDOWS\system32\MultLang.dll
Mon Feb 26 07:35:16 2007 => Scanning File C:\PROGRA~1\iTunes\ITUNES~1.EXE
Mon Feb 26 07:35:16 2007 => Scanning File C:\PROGRA~1\iTunes\ITUNES~2.RES\ENBEFF~1.LPR\ITUNES~1.DLL
Mon Feb 26 07:35:16 2007 => Scanning File C:\PROGRA~1\iTunes\ITUNES~2.RES\ITUNES~1.DLL
Mon Feb 26 07:35:16 2007 => Scanning File C:\WINDOWS\system32\NvMcTray.dll
Mon Feb 26 07:35:16 2007 => Scanning File C:\WINDOWS\system32\NotifyPhoneBook.exe
Mon Feb 26 07:35:16 2007 => Scanning File D:\PROGRA~1\PANDAS~1\PANDAP~1\APVXDWIN.EXE
Mon Feb 26 07:35:16 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\BORLNDMM.DLL
Mon Feb 26 07:35:16 2007 => Scanning File D:\PROGRA~1\PANDAS~1\PANDAP~1\PSWLabel.dll
Mon Feb 26 07:35:16 2007 => Scanning File D:\PROGRA~1\PANDAS~1\PANDAP~1\PSWLRes.dll
Mon Feb 26 07:35:16 2007 => Scanning File D:\PROGRA~1\PANDAS~1\PANDAP~1\PAV2WSC.dll
Mon Feb 26 07:35:16 2007 => Scanning File D:\PROGRA~1\PANDAS~1\PANDAP~1\RsdnApi.dll
Mon Feb 26 07:35:16 2007 => Scanning File D:\PROGRA~1\PANDAS~1\PANDAP~1\Icl_mtr.dll
Mon Feb 26 07:35:16 2007 => Scanning File D:\PROGRA~1\PANDAS~1\PANDAP~1\pavexcfg.dll
Mon Feb 26 07:35:16 2007 => Scanning File D:\PROGRA~1\PANDAS~1\PANDAP~1\icl_trf.dll
Mon Feb 26 07:35:16 2007 => Scanning File D:\PROGRA~1\PANDAS~1\PANDAP~1\PAVSRVDL.DLL
Mon Feb 26 07:35:16 2007 => Scanning File D:\PROGRA~1\PANDAS~1\PANDAP~1\Platc.DLL
Mon Feb 26 07:35:16 2007 => Scanning File D:\PROGRA~1\PANDAS~1\PANDAP~1\pavim.dll
Mon Feb 26 07:35:16 2007 => Scanning File C:\WINDOWS\system32\MSXML3.DLL
Mon Feb 26 07:35:16 2007 => Scanning File D:\PROGRA~1\PANDAS~1\PANDAP~1\PavScr.dll
Mon Feb 26 07:35:16 2007 => Scanning File D:\PROGRA~1\PANDAS~1\PANDAP~1\PSAEng.dll
Mon Feb 26 07:35:16 2007 => Scanning File C:\WINDOWS\System32\wbem\wbemprox.dll
Mon Feb 26 07:35:16 2007 => Scanning File C:\WINDOWS\system32\nvshell.dll
Mon Feb 26 07:35:16 2007 => Scanning File C:\WINDOWS\system32\ctfmon.exe
Mon Feb 26 07:35:16 2007 => Scanning File D:\PROGRA~1\BUFFALO\CLIENT~1\CLIENT~1.EXE
Mon Feb 26 07:35:16 2007 => Scanning File d:\PROGRA~1\BUFFALO\CLIENT~1\languege.dll
Mon Feb 26 07:35:16 2007 => Scanning File D:\PROGRA~1\BUFFALO\CLIENT~1\SVCCLI~1.DLL
Mon Feb 26 07:35:16 2007 => Scanning File D:\PROGRA~1\iPod\bin\IPODSE~1.EXE
Mon Feb 26 07:35:17 2007 => Scanning File D:\PROGRA~1\iPod\bin\IPODSE~1.RES\ENBEFF~1.LPR\IPODSE~1.DLL
Mon Feb 26 07:35:17 2007 => Scanning File D:\PROGRA~1\iPod\bin\IPODSE~1.RES\IPODSE~1.DLL
Mon Feb 26 07:35:17 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\SRVLOAD.EXE
Mon Feb 26 07:35:17 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\LocalSrv.dll
Mon Feb 26 07:35:17 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\WebProxy.exe
Mon Feb 26 07:35:17 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\Pavale.dll
Mon Feb 26 07:35:17 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\Pavpop3.dll
Mon Feb 26 07:35:17 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\PavAmw.dll
Mon Feb 26 07:35:17 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\PavMiCli.dll
Mon Feb 26 07:35:17 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\PavSInet.dll
Mon Feb 26 07:35:17 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\PavSmtp.dll
Mon Feb 26 07:35:17 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\PavNntp.dll
Mon Feb 26 07:35:17 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\PavHttp.dll
Mon Feb 26 07:35:17 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\PavWMAIL.dll
Mon Feb 26 07:35:17 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\PavTftp.dll
Mon Feb 26 07:35:17 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\PavFtp.dll
Mon Feb 26 07:35:17 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\pskads.dll
Mon Feb 26 07:35:17 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\pskmfs.dll
Mon Feb 26 07:35:17 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\pskscf.dll
Mon Feb 26 07:35:17 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\tcpvfile.dll
Mon Feb 26 07:35:17 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\CISends.dll
Mon Feb 26 07:35:17 2007 => Scanning File C:\DOCUME~1\Noname.XXX\LOCALS~1\Temp\mexe.com
Mon Feb 26 07:35:17 2007 => Scanning File C:\DOCUME~1\Noname.XXX\LOCALS~1\Temp\msvl64.dll
Mon Feb 26 07:35:17 2007 => Scanning File C:\DOCUME~1\Noname.XXX\LOCALS~1\Temp\kave.dll
Mon Feb 26 07:35:18 2007 => Scanning File C:\WINDOWS\system32\RICHED32.DLL
Mon Feb 26 07:35:18 2007 => Scanning File C:\WINDOWS\system32\RICHED20.dll
Mon Feb 26 07:35:18 2007 => Scanning File C:\DOCUME~1\Noname.XXX\LOCALS~1\Temp\ScanningProcess.exe
Mon Feb 26 07:35:18 2007 => Scanning File C:\DOCUME~1\Noname.XXX\LOCALS~1\Temp\prloader.dll
Mon Feb 26 07:35:18 2007 => Scanning File C:\DOCUME~1\Noname.XXX\LOCALS~1\Temp\prkernel.ppl
Mon Feb 26 07:35:18 2007 => Scanning File c:\docume~1\noname.xxx\locals~1\temp\avpmgr.ppl
Mon Feb 26 07:35:18 2007 => Scanning File c:\docume~1\noname.xxx\locals~1\temp\wdiskio.ppl
Mon Feb 26 07:35:18 2007 => Scanning File c:\docume~1\noname.xxx\locals~1\temp\nfio.ppl
Mon Feb 26 07:35:18 2007 => Scanning File c:\docume~1\noname.xxx\locals~1\temp\avlib.ppl
Mon Feb 26 07:35:18 2007 => Scanning File c:\docume~1\noname.xxx\locals~1\temp\dtreg.ppl
Mon Feb 26 07:35:18 2007 => Scanning File c:\docume~1\noname.xxx\locals~1\temp\prutil.ppl
Mon Feb 26 07:35:18 2007 => Scanning File c:\docume~1\noname.xxx\locals~1\temp\avp1.ppl
Mon Feb 26 07:35:18 2007 => Scanning File c:\docume~1\noname.xxx\locals~1\temp\l_llio.ppl
Mon Feb 26 07:35:18 2007 => Scanning File c:\docume~1\noname.xxx\locals~1\temp\ichk2.ppl
Mon Feb 26 07:35:18 2007 => Scanning File c:\docume~1\noname.xxx\locals~1\temp\sfdb.ppl
Mon Feb 26 07:35:18 2007 => Scanning File c:\docume~1\noname.xxx\locals~1\temp\icheckersa.ppl
Mon Feb 26 07:35:18 2007 => Scanning File c:\docume~1\noname.xxx\locals~1\temp\hashmd5.ppl
Mon Feb 26 07:35:18 2007 => Scanning File c:\docume~1\noname.xxx\locals~1\temp\hashcont.ppl
Mon Feb 26 07:35:18 2007 => Scanning File c:\docume~1\noname.xxx\locals~1\temp\hccmp.ppl
Mon Feb 26 07:35:18 2007 => Scanning File c:\docume~1\noname.xxx\locals~1\temp\iwgen.ppl

Mon Feb 26 07:35:18 2007 => ***** Scanning Registry Files *****

Mon Feb 26 07:35:18 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Mon Feb 26 07:35:18 2007 => Scanning File C:\WINDOWS\system32\SHELL32.dll
Mon Feb 26 07:35:18 2007 => Scanning File C:\WINDOWS\system32\SHELL32.dll
Mon Feb 26 07:35:18 2007 => Scanning File C:\WINDOWS\System32\webcheck.dll
Mon Feb 26 07:35:18 2007 => Scanning File C:\WINDOWS\System32\stobject.dll
Mon Feb 26 07:35:18 2007 => Scanning File C:\WINDOWS\system32\WPDShServiceObj.dll

Mon Feb 26 07:35:18 2007 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

Mon Feb 26 07:35:18 2007 => Scanning HKLM\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension

Mon Feb 26 07:35:18 2007 => Scanning HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar

Mon Feb 26 07:35:18 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
Mon Feb 26 07:35:18 2007 => {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} = D:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
Mon Feb 26 07:35:18 2007 => Scanning File D:\PROGRA~1\BitComet\tools\BITCOM~2.DLL
Mon Feb 26 07:35:18 2007 => {53707962-6F74-2D53-2644-206D7942484F} = d:\Program Files\Spybot - Search & Destroy\SDHelper.dll
Mon Feb 26 07:35:18 2007 => Scanning File d:\PROGRA~1\SPYBOT~1\SDHelper.dll
Mon Feb 26 07:35:18 2007 => {9030D464-4C02-4ABF-8ECC-5164760863C6} = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Mon Feb 26 07:35:18 2007 => Scanning File C:\PROGRA~1\COMMON~1\MICROS~1\WINDOW~1\WINDOW~1.DLL

Mon Feb 26 07:35:18 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler
Mon Feb 26 07:35:18 2007 => Scanning File C:\WINDOWS\System32\browseui.dll

Mon Feb 26 07:35:22 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Mon Feb 26 07:35:22 2007 => Scanning File C:\WINDOWS\Explorer.exe
Mon Feb 26 07:35:22 2007 => Scanning File C:\WINDOWS\system32\userinit.exe
Mon Feb 26 07:35:22 2007 => Scanning File C:\WINDOWS\SYSTEM32\gptext.dll
Mon Feb 26 07:35:22 2007 => Scanning File C:\WINDOWS\SYSTEM32\fdeploy.dll
Mon Feb 26 07:35:22 2007 => Scanning File C:\WINDOWS\SYSTEM32\dskquota.dll
Mon Feb 26 07:35:22 2007 => Scanning File C:\WINDOWS\SYSTEM32\gptext.dll
Mon Feb 26 07:35:22 2007 => Scanning File C:\WINDOWS\SYSTEM32\iedkcs32.dll
Mon Feb 26 07:35:22 2007 => Scanning File C:\WINDOWS\SYSTEM32\scecli.dll
Mon Feb 26 07:35:22 2007 => Scanning File C:\WINDOWS\SYSTEM32\iedkcs32.dll
Mon Feb 26 07:35:22 2007 => Scanning File C:\WINDOWS\SYSTEM32\scecli.dll
Mon Feb 26 07:35:22 2007 => Scanning File C:\WINDOWS\SYSTEM32\appmgmts.dll
Mon Feb 26 07:35:22 2007 => Scanning File C:\WINDOWS\SYSTEM32\gptext.dll
Mon Feb 26 07:35:22 2007 => Scanning File C:\WINDOWS\SYSTEM32\avldr.dll
Mon Feb 26 07:35:22 2007 => Scanning File C:\WINDOWS\SYSTEM32\crypt32.dll
Mon Feb 26 07:35:22 2007 => Scanning File C:\WINDOWS\SYSTEM32\cryptnet.dll
Mon Feb 26 07:35:22 2007 => Scanning File C:\WINDOWS\SYSTEM32\cscdll.dll
Mon Feb 26 07:35:22 2007 => Scanning File C:\WINDOWS\SYSTEM32\wlnotify.dll
Mon Feb 26 07:35:22 2007 => Scanning File C:\WINDOWS\SYSTEM32\sclgntfy.dll
Mon Feb 26 07:35:22 2007 => Scanning File C:\WINDOWS\SYSTEM32\WlNotify.dll
Mon Feb 26 07:35:22 2007 => Scanning File C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

Mon Feb 26 07:35:22 2007 => Scanning HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Mon Feb 26 07:35:22 2007 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

Mon Feb 26 07:35:22 2007 => Scanning HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

Mon Feb 26 07:35:22 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AEDEBUG
Mon Feb 26 07:35:22 2007 => Scanning File C:\PROGRA~1\COMMON~1\MICROS~1\VS7Debug\vs7jit.exe

Mon Feb 26 07:35:22 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
Mon Feb 26 07:35:22 2007 => Scanning File C:\WINDOWS\SYSTEM32\ntsd.exe

Mon Feb 26 07:35:22 2007 => Scanning HKCU\Control Panel\Desktop

Mon Feb 26 07:35:22 2007 => Scanning HKLM\SYSTEM\CurrentControlSet\Control\WOW
Mon Feb 26 07:35:22 2007 => Scanning File C:\WINDOWS\system32\ntvdm.exe
Mon Feb 26 07:35:22 2007 => Scanning File C:\WINDOWS\system32\ntvdm.exe

Mon Feb 26 07:35:22 2007 => Scanning HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
Mon Feb 26 07:35:22 2007 => Scanning File C:\WINDOWS\inf\unregmp2.exe
Mon Feb 26 07:35:22 2007 => Scanning File C:\WINDOWS\system32\shmgrate.exe
Mon Feb 26 07:35:22 2007 => Scanning File C:\WINDOWS\SYSTEM32\RunDLL32.exe
Mon Feb 26 07:35:22 2007 => Scanning File C:\WINDOWS\system32\shmgrate.exe
Mon Feb 26 07:35:22 2007 => Scanning File C:\WINDOWS\system32\regsvr32.exe
Mon Feb 26 07:35:22 2007 => Scanning File C:\PROGRA~1\OUTLOO~1\setup50.exe
Mon Feb 26 07:35:22 2007 => Scanning File C:\WINDOWS\SYSTEM32\rundll32.exe
Mon Feb 26 07:35:22 2007 => Scanning File C:\WINDOWS\System32\rundll32.exe
Mon Feb 26 07:35:22 2007 => Scanning File C:\WINDOWS\SYSTEM32\rundll32.exe
Mon Feb 26 07:35:22 2007 => Scanning File C:\WINDOWS\SYSTEM32\rundll32.exe
Mon Feb 26 07:35:22 2007 => Scanning File C:\PROGRA~1\OUTLOO~1\setup50.exe
Mon Feb 26 07:35:22 2007 => Scanning File C:\WINDOWS\SYSTEM32\regsvr32.exe
Mon Feb 26 07:35:23 2007 => Scanning File C:\WINDOWS\system32\ie4uinit.exe
Mon Feb 26 07:35:23 2007 => Scanning File C:\WINDOWS\system32\Rundll32.exe

Mon Feb 26 07:35:23 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

Mon Feb 26 07:35:23 2007 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

Mon Feb 26 07:35:23 2007 => Scanning HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Run

Mon Feb 26 07:35:23 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Run

Mon Feb 26 07:35:23 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Mon Feb 26 07:35:23 2007 => Scanning File C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
Mon Feb 26 07:35:23 2007 => Scanning File C:\WINDOWS\SYSTEM32\rundll32.exe
Mon Feb 26 07:35:23 2007 => Scanning File C:\PROGRA~1\iTunes\ITUNES~1.EXE
Mon Feb 26 07:35:23 2007 => Scanning File C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
Mon Feb 26 07:35:23 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\APVXDWIN.EXE
Mon Feb 26 07:35:23 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\Inicio.exe
Mon Feb 26 07:35:23 2007 => Scanning File C:\WINDOWS\SYSTEM32\nwiz.exe
Mon Feb 26 07:35:23 2007 => Scanning File C:\WINDOWS\system32\dumprep.exe

Mon Feb 26 07:35:23 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Mon Feb 26 07:35:23 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

Mon Feb 26 07:35:23 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

Mon Feb 26 07:35:23 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce

Mon Feb 26 07:35:23 2007 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Mon Feb 26 07:35:23 2007 => Scanning File C:\WINDOWS\system32\ctfmon.exe
Mon Feb 26 07:35:23 2007 => ERROR!!! Invalid Entry Startup Manager = C:\Documents and Settings\Noname.XXX\Application Data\Systweak\ASO 2\smstartUp manager.exe (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Run). Removing it.

Mon Feb 26 07:35:23 2007 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Mon Feb 26 07:35:23 2007 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

Mon Feb 26 07:35:23 2007 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

Mon Feb 26 07:35:23 2007 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup

Mon Feb 26 07:35:23 2007 => Scanning HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Mon Feb 26 07:35:23 2007 => Scanning HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Mon Feb 26 07:35:23 2007 => Scanning HKCR\txtfile\shell\open\command

Mon Feb 26 07:35:23 2007 => Scanning HKCR\comfile\shell\open\command

Mon Feb 26 07:35:23 2007 => Scanning HKCR\exefile\shell\open\command

Mon Feb 26 07:35:23 2007 => Scanning HKCR\dllfile\shell\open\command

Mon Feb 26 07:35:23 2007 => Scanning HKCR\batfile\shell\open\command

Mon Feb 26 07:35:23 2007 => Scanning HKCR\piffile\shell\open\command

Mon Feb 26 07:35:23 2007 => Scanning HKCR\scrfile\shell\open\command

Mon Feb 26 07:35:23 2007 => Scanning HKCR\scrfile\shell\config\command

Mon Feb 26 07:35:23 2007 => Scanning HKCR\regfile\shell\open\command

Mon Feb 26 07:35:23 2007 => Scanning HKCR\htmlfile\shell\open\command
Mon Feb 26 07:35:23 2007 => Scanning File C:\PROGRA~1\INTERN~1\iexplore.exe

Mon Feb 26 07:

#10 dawgbyte77

dawgbyte77
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 25 February 2007 - 07:10 PM

Cont:

Mon Feb 26 07:35:23 2007 => Scanning HKCR\htafile\shell\open\command
Mon Feb 26 07:35:23 2007 => Scanning File C:\WINDOWS\System32\mshta.exe

Mon Feb 26 07:35:23 2007 => Scanning HKCR\jsfile\shell\open\command
Mon Feb 26 07:35:23 2007 => Scanning File C:\WINDOWS\SYSTEM32\NOTEPAD.EXE
Mon Feb 26 07:35:23 2007 => Scanning File C:\WINDOWS\System32\WScript.exe

Mon Feb 26 07:35:23 2007 => Scanning HKCR\jsefile\shell\open\command
Mon Feb 26 07:35:23 2007 => Scanning File C:\WINDOWS\SYSTEM32\NOTEPAD.EXE
Mon Feb 26 07:35:23 2007 => Scanning File C:\WINDOWS\System32\WScript.exe

Mon Feb 26 07:35:23 2007 => Scanning HKCR\vbsfile\shell\open\command
Mon Feb 26 07:35:23 2007 => Scanning File C:\WINDOWS\SYSTEM32\NOTEPAD.EXE
Mon Feb 26 07:35:23 2007 => Scanning File C:\WINDOWS\System32\WScript.exe

Mon Feb 26 07:35:23 2007 => Scanning HKCR\vbefile\shell\open\command
Mon Feb 26 07:35:23 2007 => Scanning File C:\WINDOWS\SYSTEM32\NOTEPAD.EXE
Mon Feb 26 07:35:23 2007 => Scanning File C:\WINDOWS\System32\WScript.exe

Mon Feb 26 07:35:23 2007 => Scanning HKCR\wshfile\shell\open\command
Mon Feb 26 07:35:23 2007 => Scanning File C:\WINDOWS\SYSTEM32\NOTEPAD.EXE
Mon Feb 26 07:35:23 2007 => Scanning File C:\WINDOWS\System32\WScript.exe

Mon Feb 26 07:35:23 2007 => Scanning HKCR\wsffile\shell\open\command
Mon Feb 26 07:35:23 2007 => Scanning File C:\WINDOWS\SYSTEM32\NOTEPAD.EXE
Mon Feb 26 07:35:23 2007 => Scanning File C:\WINDOWS\System32\WScript.exe

Mon Feb 26 07:35:23 2007 => ***** Scanning StartUp Folders *****

Mon Feb 26 07:35:59 2007 => ***** Scanning C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup Folder *****
Mon Feb 26 07:35:59 2007 => Scanning Folder: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\*.*
Mon Feb 26 07:35:59 2007 => Scanning File C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\ClientManager2.lnk
Mon Feb 26 07:35:59 2007 => Scanning File C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\desktop.ini

Mon Feb 26 07:35:59 2007 => ***** Scanning C:\Documents and Settings\Administrator\Start menu\Programs\Startup Folder *****
Mon Feb 26 07:35:59 2007 => Scanning Folder: C:\DOCUME~1\ADMINI~1\STARTM~1\Programs\Startup\*.*
Mon Feb 26 07:35:59 2007 => Scanning File C:\DOCUME~1\ADMINI~1\STARTM~1\Programs\Startup\desktop.ini

Mon Feb 26 07:35:59 2007 => ***** Scanning Service Files *****
Mon Feb 26 07:35:59 2007 => Scanning HKLM\SYSTEM\CurrentControlSet\Services
Mon Feb 26 07:35:59 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\2WirePCP.sys
Mon Feb 26 07:35:59 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ACPI.sys
Mon Feb 26 07:35:59 2007 => Scanning File C:\PROGRA~1\COMMON~1\ADOBES~1\Service\ADOBEL~1.EXE
Mon Feb 26 07:35:59 2007 => Scanning File C:\WINDOWS\system32\drivers\aec.sys
Mon Feb 26 07:35:59 2007 => Scanning File C:\WINDOWS\System32\drivers\afd.sys
Mon Feb 26 07:35:59 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\agp440.sys
Mon Feb 26 07:35:59 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 26 07:35:59 2007 => Scanning File C:\WINDOWS\System32\alg.exe
Mon Feb 26 07:35:59 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\AmeAtmPc.sys
Mon Feb 26 07:35:59 2007 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\APPFLT.SYS
Mon Feb 26 07:35:59 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Mon Feb 26 07:35:59 2007 => Scanning File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
Mon Feb 26 07:35:59 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\asyncmac.sys
Mon Feb 26 07:35:59 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\atapi.sys
Mon Feb 26 07:35:59 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\atmarpc.sys
Mon Feb 26 07:35:59 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\atmlane.sys
Mon Feb 26 07:35:59 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\atmlane.sys
Mon Feb 26 07:35:59 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\atmuni.sys
Mon Feb 26 07:35:59 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 26 07:35:59 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\audstub.sys
Mon Feb 26 07:35:59 2007 => ERROR!!! Invalid Entry \SystemRoot\system32\drivers\av5flt.sys. Removing SYSTEM\CurrentControlSet\Services\AvFlt...
Mon Feb 26 07:35:59 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 26 07:35:59 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 26 07:35:59 2007 => Scanning File C:\WINDOWS\SYSTEM32\BUFADPT.SYS
Mon Feb 26 07:35:59 2007 => Scanning File d:\PROGRA~1\BUFFALO\CLIENT~1\bwsvc.exe
Mon Feb 26 07:35:59 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
Mon Feb 26 07:35:59 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\cdrom.sys
Mon Feb 26 07:35:59 2007 => Scanning File C:\WINDOWS\system32\cisvc.exe
Mon Feb 26 07:36:00 2007 => Scanning File C:\WINDOWS\system32\clipsrv.exe
Mon Feb 26 07:36:00 2007 => Scanning File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
Mon Feb 26 07:36:00 2007 => Scanning File C:\WINDOWS\System32\dllhost.exe
Mon Feb 26 07:36:00 2007 => Scanning File C:\WINDOWS\system32\drivers\cpoint.sys
Mon Feb 26 07:36:00 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Mon Feb 26 07:36:00 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\css-dvp.sys
Mon Feb 26 07:36:00 2007 => Scanning File C:\WINDOWS\system32\drivers\ctac32k.sys
Mon Feb 26 07:36:00 2007 => Scanning File C:\WINDOWS\system32\drivers\ctaud2k.sys
Mon Feb 26 07:36:00 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ctljystk.sys
Mon Feb 26 07:36:00 2007 => Scanning File C:\WINDOWS\system32\drivers\ctprxy2k.sys
Mon Feb 26 07:36:00 2007 => Scanning File C:\WINDOWS\system32\drivers\ctsfm2k.sys
Mon Feb 26 07:36:00 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Mon Feb 26 07:36:00 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 26 07:36:00 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\disk.sys
Mon Feb 26 07:36:00 2007 => Scanning File C:\WINDOWS\System32\dmadmin.exe
Mon Feb 26 07:36:00 2007 => Scanning File C:\WINDOWS\system32\drivers\dmboot.sys
Mon Feb 26 07:36:00 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\dmio.sys
Mon Feb 26 07:36:00 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 26 07:36:00 2007 => Scanning File C:\WINDOWS\system32\drivers\DMusic.sys
Mon Feb 26 07:36:00 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 26 07:36:00 2007 => Scanning File C:\WINDOWS\system32\drivers\drmkaud.sys
Mon Feb 26 07:36:00 2007 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\DSAFLT.SYS
Mon Feb 26 07:36:00 2007 => ERROR!!! Invalid Entry \??\C:\WINDOWS\system32\drivers\dump_wmimmc.sys. Removing SYSTEM\CurrentControlSet\Services\dump_wmimmc...
Mon Feb 26 07:36:00 2007 => Scanning File C:\PROGRA~1\COMMON~1\AUTHEN~1\ANTIVI~1\dvpapi.exe
Mon Feb 26 07:36:00 2007 => Scanning File C:\WINDOWS\system32\drivers\emu10k1m.sys
Mon Feb 26 07:36:00 2007 => Scanning File C:\WINDOWS\system32\drivers\ctlfacem.sys
Mon Feb 26 07:36:01 2007 => Scanning File C:\WINDOWS\system32\drivers\emupia2k.sys
Mon Feb 26 07:36:01 2007 => Scanning File C:\WINDOWS\system32\drivers\enodpl.sys
Mon Feb 26 07:36:01 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 26 07:36:01 2007 => Scanning File C:\WINDOWS\system32\services.exe
Mon Feb 26 07:36:01 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 26 07:36:01 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 26 07:36:01 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\fdc.sys
Mon Feb 26 07:36:01 2007 => Scanning File C:\WINDOWS\system32\Drivers\V4CB011D.SYS
Mon Feb 26 07:36:01 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Mon Feb 26 07:36:01 2007 => Scanning File C:\WINDOWS\system32\drivers\fltmgr.sys
Mon Feb 26 07:36:01 2007 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\FNETMON.SYS
Mon Feb 26 07:36:01 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\fsvga.sys
Mon Feb 26 07:36:01 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ftdisk.sys
Mon Feb 26 07:36:01 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\gameenum.sys
Mon Feb 26 07:36:01 2007 => Scanning File C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
Mon Feb 26 07:36:01 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\msgpc.sys
Mon Feb 26 07:36:01 2007 => Scanning File C:\WINDOWS\SYSTEM32\GTNDIS5.SYS
Mon Feb 26 07:36:01 2007 => Scanning File C:\WINDOWS\system32\drivers\ha10kx2k.sys
Mon Feb 26 07:36:01 2007 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\HARDLOCK.SYS
Mon Feb 26 07:36:01 2007 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\HASPNT.SYS
Mon Feb 26 07:36:01 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 26 07:36:01 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 26 07:36:01 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\hidusb.sys
Mon Feb 26 07:36:01 2007 => Scanning File C:\WINDOWS\system32\Drivers\HTTP.sys
Mon Feb 26 07:36:01 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 26 07:36:02 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Mon Feb 26 07:36:02 2007 => Scanning File C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriverT.exe
Mon Feb 26 07:36:02 2007 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\IDSFLT.SYS
Mon Feb 26 07:36:02 2007 => Scanning File C:\WINDOWS\System32\inetsrv\inetinfo.exe
Mon Feb 26 07:36:02 2007 => Scanning File C:\WINDOWS\system32\Drivers\imagedrv.sys
Mon Feb 26 07:36:02 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\imagesrv.sys
Mon Feb 26 07:36:02 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\imapi.sys
Mon Feb 26 07:36:02 2007 => Scanning File C:\WINDOWS\System32\imapi.exe
Mon Feb 26 07:36:02 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\intelppm.sys
Mon Feb 26 07:36:02 2007 => Scanning File C:\WINDOWS\system32\drivers\ip6fw.sys
Mon Feb 26 07:36:02 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
Mon Feb 26 07:36:02 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ipinip.sys
Mon Feb 26 07:36:02 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ipnat.sys
Mon Feb 26 07:36:02 2007 => Scanning File D:\PROGRA~1\iPod\bin\IPODSE~1.EXE
Mon Feb 26 07:36:02 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ipsec.sys
Mon Feb 26 07:36:02 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\irenum.sys
Mon Feb 26 07:36:02 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\isapnp.sys
Mon Feb 26 07:36:02 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Mon Feb 26 07:36:02 2007 => Scanning File C:\WINDOWS\system32\drivers\kmixer.sys
Mon Feb 26 07:36:02 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 26 07:36:02 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 26 07:36:02 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 26 07:36:02 2007 => Scanning File C:\PROGRA~1\COMMON~1\MACROM~2\Service\MACROM~1.EXE
Mon Feb 26 07:36:02 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
Mon Feb 26 07:36:02 2007 => Scanning File C:\PROGRA~1\COMMON~1\MICROS~1\VS7Debug\mdm.exe
Mon Feb 26 07:36:02 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 26 07:36:02 2007 => Scanning File C:\WINDOWS\System32\mnmsrvc.exe
Mon Feb 26 07:36:02 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\mouclass.sys
Mon Feb 26 07:36:03 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\mouhid.sys
Mon Feb 26 07:36:03 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Mon Feb 26 07:36:03 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Mon Feb 26 07:36:03 2007 => Scanning File C:\WINDOWS\System32\msdtc.exe
Mon Feb 26 07:36:03 2007 => Scanning File C:\WINDOWS\system32\msiexec.exe
Mon Feb 26 07:36:03 2007 => Scanning File C:\WINDOWS\system32\drivers\MSKSSRV.sys
Mon Feb 26 07:36:03 2007 => Scanning File C:\WINDOWS\system32\drivers\MSPCLOCK.sys
Mon Feb 26 07:36:03 2007 => Scanning File C:\WINDOWS\system32\drivers\MSPQM.sys
Mon Feb 26 07:36:03 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Mon Feb 26 07:36:03 2007 => Scanning File C:\PROGRA~1\MICROS~4\MSSQL.1\MSSQL\Binn\sqlservr.exe
Mon Feb 26 07:36:03 2007 => Scanning File C:\PROGRA~1\MICROS~4\90\Shared\SQLADH~1.EXE
Mon Feb 26 07:36:03 2007 => Scanning File C:\WINDOWS\system32\drivers\MSTEE.sys
Mon Feb 26 07:36:03 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
Mon Feb 26 07:36:03 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\NdisIP.sys
Mon Feb 26 07:36:03 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Mon Feb 26 07:36:03 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Mon Feb 26 07:36:03 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Mon Feb 26 07:36:03 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\netbios.sys
Mon Feb 26 07:36:03 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\netbt.sys
Mon Feb 26 07:36:03 2007 => Scanning File C:\WINDOWS\system32\netdde.exe
Mon Feb 26 07:36:03 2007 => Scanning File C:\WINDOWS\system32\netdde.exe
Mon Feb 26 07:36:03 2007 => Scanning File C:\WINDOWS\system32\drivers\netflt.sys
Mon Feb 26 07:36:03 2007 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\NETFLTDI.SYS
Mon Feb 26 07:36:03 2007 => Scanning File C:\WINDOWS\System32\lsass.exe
Mon Feb 26 07:36:03 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 26 07:36:03 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 26 07:36:03 2007 => Scanning File G:\PROGRA~1\WIZET\MAPLES~1\NPKCRYPT.SYS
Mon Feb 26 07:36:04 2007 => Scanning File C:\WINDOWS\SYSTEM32\NPPTNT2.SYS
Mon Feb 26 07:36:04 2007 => Scanning File C:\WINDOWS\System32\lsass.exe
Mon Feb 26 07:36:04 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Mon Feb 26 07:36:04 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
Mon Feb 26 07:36:04 2007 => Scanning File C:\WINDOWS\system32\nvsvc32.exe
Mon Feb 26 07:36:04 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
Mon Feb 26 07:36:04 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
Mon Feb 26 07:36:04 2007 => Scanning File C:\WINDOWS\system32\drivers\ctoss2k.sys
Mon Feb 26 07:36:04 2007 => Scanning File C:\WINDOWS\System32\Drivers\p1c1394.sys
Mon Feb 26 07:36:04 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\parport.sys
Mon Feb 26 07:36:04 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\pavdrv51.sys
Mon Feb 26 07:36:04 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\PavFnSvr.exe
Mon Feb 26 07:36:04 2007 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\PAVPROC.SYS
Mon Feb 26 07:36:04 2007 => Scanning File C:\PROGRA~1\COMMON~1\PANDAS~1\PavShld\pavprsrv.exe
Mon Feb 26 07:36:04 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\pavsrv51.exe
Mon Feb 26 07:36:04 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\pci.sys
Mon Feb 26 07:36:04 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\pciide.sys
Mon Feb 26 07:36:04 2007 => Scanning File C:\WINDOWS\system32\drivers\pfc.sys
Mon Feb 26 07:36:04 2007 => Scanning File C:\WINDOWS\SYSTEM32\PFMODNT.SYS
Mon Feb 26 07:36:04 2007 => Scanning File C:\WINDOWS\system32\services.exe
Mon Feb 26 07:36:04 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\AntiSpam\pskmssvc.exe
Mon Feb 26 07:36:04 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\firewall\PNMSRV.EXE
Mon Feb 26 07:36:04 2007 => Scanning File C:\WINDOWS\System32\lsass.exe
Mon Feb 26 07:36:04 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\raspptp.sys
Mon Feb 26 07:36:04 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\processr.sys
Mon Feb 26 07:36:04 2007 => Scanning File C:\WINDOWS\system32\lsass.exe
Mon Feb 26 07:36:04 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\psched.sys
Mon Feb 26 07:36:04 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\psimsvc.exe
Mon Feb 26 07:36:04 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ptilink.sys
Mon Feb 26 07:36:04 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
Mon Feb 26 07:36:04 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\rasacd.sys
Mon Feb 26 07:36:05 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 26 07:36:05 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Mon Feb 26 07:36:05 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 26 07:36:05 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Mon Feb 26 07:36:05 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\raspti.sys
Mon Feb 26 07:36:05 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\rawwan.sys
Mon Feb 26 07:36:05 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\rdbss.sys
Mon Feb 26 07:36:05 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
Mon Feb 26 07:36:05 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Mon Feb 26 07:36:05 2007 => Scanning File C:\WINDOWS\system32\sessmgr.exe
Mon Feb 26 07:36:05 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\redbook.sys
Mon Feb 26 07:36:05 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 26 07:36:05 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Mon Feb 26 07:36:05 2007 => Scanning File C:\WINDOWS\System32\locator.exe
Mon Feb 26 07:36:05 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Mon Feb 26 07:36:05 2007 => Scanning File C:\WINDOWS\System32\rsvp.exe
Mon Feb 26 07:36:05 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
Mon Feb 26 07:36:05 2007 => Scanning File C:\WINDOWS\system32\lsass.exe
Mon Feb 26 07:36:05 2007 => Scanning File C:\WINDOWS\System32\SCardSvr.exe
Mon Feb 26 07:36:05 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 26 07:36:05 2007 => Scanning File d:\PROGRA~1\Photodex\PROSHO~1\SCSIAC~1.EXE
Mon Feb 26 07:36:05 2007 => Scanning File C:\WINDOWS\system32\drivers\scsiport.sys
Mon Feb 26 07:36:05 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\secdrv.sys
Mon Feb 26 07:36:05 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 26 07:36:05 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Mon Feb 26 07:36:05 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\serenum.sys
Mon Feb 26 07:36:05 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\serial.sys
Mon Feb 26 07:36:05 2007 => Scanning File C:\WINDOWS\system32\drivers\sfmanm.sys
Mon Feb 26 07:36:05 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 26 07:36:05 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 26 07:36:05 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ShldDrv.sys
Mon Feb 26 07:36:05 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\SLIP.sys
Mon Feb 26 07:36:06 2007 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\SMSFLT.SYS
Mon Feb 26 07:36:06 2007 => Scanning File C:\WINDOWS\System32\inetsrv\inetinfo.exe
Mon Feb 26 07:36:06 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\snpstd3.sys
Mon Feb 26 07:36:06 2007 => Scanning File C:\WINDOWS\system32\drivers\splitter.sys
Mon Feb 26 07:36:06 2007 => Scanning File C:\WINDOWS\system32\spoolsv.exe
Mon Feb 26 07:36:06 2007 => Scanning File C:\PROGRA~1\MICROS~4\90\Shared\SQLBRO~1.EXE
Mon Feb 26 07:36:06 2007 => Scanning File C:\PROGRA~1\MICROS~4\90\Shared\SQLWRI~1.EXE
Mon Feb 26 07:36:06 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\sr.sys
Mon Feb 26 07:36:06 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 26 07:36:06 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\srv.sys
Mon Feb 26 07:36:06 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 26 07:36:06 2007 => Scanning File C:\WINDOWS\system32\Drivers\SSFS0509.SYS
Mon Feb 26 07:36:06 2007 => Scanning File C:\WINDOWS\system32\Drivers\SSHRMD.SYS
Mon Feb 26 07:36:06 2007 => Scanning File C:\WINDOWS\system32\Drivers\SSIDRV.SYS
Mon Feb 26 07:36:06 2007 => Scanning File C:\WINDOWS\system32\Drivers\sskbfd.sys
Mon Feb 26 07:36:06 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 26 07:36:06 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\StreamIP.sys
Mon Feb 26 07:36:06 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\swenum.sys
Mon Feb 26 07:36:06 2007 => Scanning File C:\WINDOWS\system32\drivers\swmidi.sys
Mon Feb 26 07:36:06 2007 => Scanning File C:\WINDOWS\System32\dllhost.exe
Mon Feb 26 07:36:07 2007 => Scanning File C:\WINDOWS\system32\drivers\sysaudio.sys
Mon Feb 26 07:36:07 2007 => Scanning File C:\WINDOWS\system32\smlogsvc.exe
Mon Feb 26 07:36:07 2007 => Scanning File C:\WINDOWS\system32\drivers\tandpl.sys
Mon Feb 26 07:36:07 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 26 07:36:07 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\tcpip.sys
Mon Feb 26 07:36:07 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\termdd.sys
Mon Feb 26 07:36:07 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 26 07:36:07 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 26 07:36:07 2007 => Scanning File C:\WINDOWS\System32\tlntsvr.exe
Mon Feb 26 07:36:07 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\TPSrv.exe
Mon Feb 26 07:36:07 2007 => Scanning File C:\WINDOWS\system32\Drivers\TREKTHXP.sys
Mon Feb 26 07:36:07 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Mon Feb 26 07:36:07 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\rt2500usb.sys
Mon Feb 26 07:36:07 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\update.sys
Mon Feb 26 07:36:07 2007 => Scanning File C:\PROGRA~1\UPHClean\uphclean.exe
Mon Feb 26 07:36:07 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 26 07:36:07 2007 => Scanning File C:\WINDOWS\System32\ups.exe
Mon Feb 26 07:36:07 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\usbehci.sys
Mon Feb 26 07:36:07 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\usbhub.sys
Mon Feb 26 07:36:07 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\usbprint.sys
Mon Feb 26 07:36:07 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\usbscan.sys
Mon Feb 26 07:36:07 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Mon Feb 26 07:36:07 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Mon Feb 26 07:36:07 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Mon Feb 26 07:36:07 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 26 07:36:07 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 26 07:36:07 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\Vax347b.sys
Mon Feb 26 07:36:07 2007 => Scanning File C:\WINDOWS\system32\Drivers\Vax347s.sys
Mon Feb 26 07:36:07 2007 => Scanning File C:\WINDOWS\System32\drivers\vga.sys
Mon Feb 26 07:36:07 2007 => Scanning File C:\WINDOWS\System32\vssvc.exe
Mon Feb 26 07:36:08 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 26 07:36:08 2007 => Scanning File C:\WINDOWS\System32\inetsrv\inetinfo.exe
Mon Feb 26 07:36:08 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\wanarp.sys
Mon Feb 26 07:36:08 2007 => Scanning File C:\WINDOWS\system32\drivers\wdmaud.sys
Mon Feb 26 07:36:08 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 26 07:36:08 2007 => Scanning File C:\PROGRA~1\Webroot\SPYSWE~1\SPYSWE~2.EXE
Mon Feb 26 07:36:08 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Mon Feb 26 07:36:08 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 26 07:36:08 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 26 07:36:08 2007 => Scanning File C:\WINDOWS\System32\wbem\wmiapsrv.exe
Mon Feb 26 07:36:08 2007 => Scanning File C:\PROGRA~1\WINDOW~2\WMPNetwk.exe
Mon Feb 26 07:36:08 2007 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\WNMFLT.SYS
Mon Feb 26 07:36:08 2007 => Scanning File C:\WINDOWS\System32\drivers\ws2ifsl.sys
Mon Feb 26 07:36:08 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 26 07:36:08 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
Mon Feb 26 07:36:08 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Mon Feb 26 07:36:08 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\WudfPf.sys
Mon Feb 26 07:36:08 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Mon Feb 26 07:36:08 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\rt2500usb.sys
Mon Feb 26 07:36:08 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 26 07:36:08 2007 => Scanning File C:\WINDOWS\System32\svchost.exe

Mon Feb 26 07:36:08 2007 => Scanning HKLM\SYSTEM\CurrentControlSet\Services\VxD
Mon Feb 26 07:36:08 2007 => Scanning File C:\WINDOWS\SYSTEM32\JAVASUP.VXD

Mon Feb 26 07:36:08 2007 => ***** Scanning Registry and File system for Adware/Spyware *****
Mon Feb 26 07:36:08 2007 => Loading Spyware Signatures from new External Database [Name: C:\DOCUME~1\Noname.XXX\LOCALS~1\Temp\spydb.avs, Size: 211409].
Mon Feb 26 07:36:11 2007 => Possible Error In InsertIntoDB of value [{661173ee-fa31-4769-97d4-b556b5d09bda}]...
Mon Feb 26 07:36:11 2007 => InsertIntoDBFile Err: the key is unduplicated
Mon Feb 26 07:36:11 2007 => Possible Error In InsertIntoDB of value [spydawn]...
Mon Feb 26 07:36:11 2007 => InsertIntoDBFile Err: the key is unduplicated
Mon Feb 26 07:36:11 2007 => Possible Error In InsertIntoDB of value [%programfiles%\spydawn\spydawn.exe]...
Mon Feb 26 07:36:11 2007 => InsertIntoDBFile Err: the key is unduplicated
Mon Feb 26 07:36:11 2007 => Indexed Spyware Databases Successfully Created...

Mon Feb 26 07:36:15 2007 => Offending Key found: HKLM\Software\magnet !!!
Mon Feb 26 07:36:15 2007 => Deleting Registry Key: HKLM\Software\magnet
Mon Feb 26 07:38:34 2007 => Object "grokster Spyware/Adware" found in File System! Action Taken: Entries Removed.

Mon Feb 26 07:38:35 2007 => Poisoned DNS Server Entry 85.255.112.203 (85.255.112.*) found!!!
Mon Feb 26 07:38:35 2007 => Removed Poisoned DNS Server Entries...
Mon Feb 26 07:38:35 2007 => Object "UnSpyPC adware" found in File System! Action Taken: Entries Removed.

Mon Feb 26 07:38:37 2007 => Offending file found: C:\WINDOWS\gpinstall.exe
Mon Feb 26 07:38:37 2007 => System found infected with conducent flexpak Spyware/Adware (gpinstall.exe)! Action taken: Entries Removed.
Mon Feb 26 07:38:37 2007 => Object "conducent flexpak Spyware/Adware" found in File System! Action Taken: Entries Removed.

Mon Feb 26 07:38:37 2007 => Offending file found: C:\WINDOWS\iun6002ev.exe
Mon Feb 26 07:38:37 2007 => System found infected with proventactics Adware (iun6002ev.exe)! Action taken: Entries Removed.
Mon Feb 26 07:38:37 2007 => Object "proventactics Adware" found in File System! Action Taken: Entries Removed.

Mon Feb 26 07:38:38 2007 => Offending file found: C:\WINDOWS\system32\hsenj.ocx
Mon Feb 26 07:38:38 2007 => System found infected with imesh Spyware/Adware (hsenj.ocx)! Action taken: Entries Removed.
Mon Feb 26 07:38:38 2007 => Object "imesh Spyware/Adware" found in File System! Action Taken: Entries Removed.

Mon Feb 26 07:38:38 2007 => Offending file found: C:\WINDOWS\system32\runsetup.exe
Mon Feb 26 07:38:38 2007 => System found infected with cws Browser Hijacker (runsetup.exe)! Action taken: Entries Removed.
Mon Feb 26 07:38:38 2007 => Object "cws Browser Hijacker" found in File System! Action Taken: Entries Removed.

Mon Feb 26 07:38:39 2007 => Offending Folder found: C:\Documents and Settings\Noname.XXX\Application Data\macromedia\flash player\#sharedobjects\kwgpljv4\static.userplane.com\presence\m
Mon Feb 26 07:38:39 2007 => Deltree of Folder C:\Documents and Settings\Noname.XXX\Application Data\macromedia\flash player\#sharedobjects\kwgpljv4\static.userplane.com\presence\m...
Mon Feb 26 07:38:39 2007 => Object "mooler Worm" found in File System! Action Taken: Entries Removed.

Mon Feb 26 07:38:51 2007 => Offending file found: C:\DOCUME~1\Noname.XXX\FAVORI~1\AMAZON~1.URL
Mon Feb 26 07:38:51 2007 => System found infected with ezula Spyware/Adware (amazon.com.url)! Action taken: Entries Removed.
Mon Feb 26 07:38:51 2007 => Object "ezula Spyware/Adware" found in File System! Action Taken: Entries Removed.

Mon Feb 26 07:38:59 2007 => Offending file found: C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\webroot\SPYSWE~1\install.dat
Mon Feb 26 07:38:59 2007 => System found infected with zlob Trojan-Downloader (install.dat)! Action taken: Entries Removed.
Mon Feb 26 07:38:59 2007 => Object "zlob Trojan-Downloader" found in File System! Action Taken: Entries Removed.

Mon Feb 26 07:39:01 2007 => Offending file found: C:\WINDOWS\unvise32.exe
Mon Feb 26 07:39:02 2007 => System found infected with spylax Corrupted Adware/Spyware (C:\WINDOWS\unvise32.exe)! Action taken: Entries Removed.
Mon Feb 26 07:39:02 2007 => Object "spylax Corrupted Adware/Spyware" found in File System! Action Taken: Entries Removed.

Mon Feb 26 07:39:06 2007 => Checking MountPoints2 Registry Key...
Mon Feb 26 07:39:06 2007 => Checking CLSID Reference Entries...
Mon Feb 26 07:39:08 2007 => Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: Entries Removed.

Mon Feb 26 07:39:08 2007 => Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: Entries Removed.

Mon Feb 26 07:39:08 2007 => Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: Entries Removed.

Mon Feb 26 07:39:11 2007 => Entry "HKCR\SymComponentCategoriesMgr.SymComponentCategoriesMgr" refers to invalid object "{60614411-BCD8-11D1-BC03-00600811C705}". Action Taken: Entries Removed.

Mon Feb 26 07:39:21 2007 => ***** Scanning Registry Files *****

Mon Feb 26 07:39:21 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
Mon Feb 26 07:39:21 2007 => {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} = D:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
Mon Feb 26 07:39:21 2007 => Scanning File D:\PROGRA~1\BitComet\tools\BITCOM~2.DLL
Mon Feb 26 07:39:21 2007 => {53707962-6F74-2D53-2644-206D7942484F} = d:\Program Files\Spybot - Search & Destroy\SDHelper.dll
Mon Feb 26 07:39:21 2007 => Scanning File d:\PROGRA~1\SPYBOT~1\SDHelper.dll
Mon Feb 26 07:39:21 2007 => {9030D464-4C02-4ABF-8ECC-5164760863C6} = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Mon Feb 26 07:39:21 2007 => Scanning File C:\PROGRA~1\COMMON~1\MICROS~1\WINDOW~1\WINDOW~1.DLL

Mon Feb 26 07:39:21 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler
Mon Feb 26 07:39:21 2007 => Scanning File C:\WINDOWS\System32\browseui.dll
Mon Feb 26 07:39:21 2007 => Scanning File C:\WINDOWS\System32\browseui.dll

Mon Feb 26 07:39:21 2007 => Scanning HKCU\Control Panel\Desktop

Mon Feb 26 07:39:21 2007 => Scanning HKLM\SYSTEM\CurrentControlSet\Control\WOW
Mon Feb 26 07:39:21 2007 => Scanning File C:\WINDOWS\system32\ntvdm.exe
Mon Feb 26 07:39:21 2007 => Scanning File C:\WINDOWS\system32\ntvdm.exe

Mon Feb 26 07:39:21 2007 => Scanning HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
Mon Feb 26 07:39:21 2007 => Scanning File C:\WINDOWS\inf\unregmp2.exe
Mon Feb 26 07:39:21 2007 => Scanning File C:\WINDOWS\system32\shmgrate.exe
Mon Feb 26 07:39:21 2007 => Scanning File C:\WINDOWS\SYSTEM32\RunDLL32.exe
Mon Feb 26 07:39:21 2007 => Scanning File C:\WINDOWS\system32\shmgrate.exe
Mon Feb 26 07:39:21 2007 => Scanning File C:\WINDOWS\system32\regsvr32.exe
Mon Feb 26 07:39:21 2007 => Scanning File C:\PROGRA~1\OUTLOO~1\setup50.exe
Mon Feb 26 07:39:21 2007 => Scanning File C:\WINDOWS\SYSTEM32\rundll32.exe
Mon Feb 26 07:39:21 2007 => Scanning File C:\WINDOWS\System32\rundll32.exe
Mon Feb 26 07:39:21 2007 => Scanning File C:\WINDOWS\SYSTEM32\rundll32.exe
Mon Feb 26 07:39:21 2007 => Scanning File C:\WINDOWS\SYSTEM32\rundll32.exe
Mon Feb 26 07:39:21 2007 => Scanning File C:\PROGRA~1\OUTLOO~1\setup50.exe
Mon Feb 26 07:39:21 2007 => Scanning File C:\WINDOWS\SYSTEM32\regsvr32.exe
Mon Feb 26 07:39:21 2007 => Scanning File C:\WINDOWS\system32\ie4uinit.exe
Mon Feb 26 07:39:21 2007 => Scanning File C:\WINDOWS\system32\Rundll32.exe

Mon Feb 26 07:39:21 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Mon Feb 26 07:39:21 2007 => Scanning File C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
Mon Feb 26 07:39:21 2007 => Scanning File C:\WINDOWS\SYSTEM32\rundll32.exe
Mon Feb 26 07:39:21 2007 => Scanning File C:\PROGRA~1\iTunes\ITUNES~1.EXE
Mon Feb 26 07:39:21 2007 => Scanning File C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
Mon Feb 26 07:39:21 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\APVXDWIN.EXE
Mon Feb 26 07:39:21 2007 => Scanning File d:\PROGRA~1\PANDAS~1\PANDAP~1\Inicio.exe
Mon Feb 26 07:39:21 2007 => Scanning File C:\WINDOWS\SYSTEM32\nwiz.exe
Mon Feb 26 07:39:21 2007 => Scanning File C:\WINDOWS\system32\dumprep.exe

Mon Feb 26 07:39:21 2007 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Mon Feb 26 07:39:21 2007 => Scanning File C:\WINDOWS\system32\ctfmon.exe

Mon Feb 26 07:39:21 2007 => Scanning HKCR\htmlfile\shell\open\command
Mon Feb 26 07:39:21 2007 => Scanning File C:\PROGRA~1\INTERN~1\iexplore.exe

Mon Feb 26 07:39:21 2007 => Scanning HKCR\htafile\shell\open\command
Mon Feb 26 07:39:21 2007 => Scanning File C:\WINDOWS\System32\mshta.exe

Mon Feb 26 07:39:21 2007 => Scanning HKCR\jsfile\shell\open\command
Mon Feb 26 07:39:22 2007 => Scanning File C:\WINDOWS\SYSTEM32\NOTEPAD.EXE
Mon Feb 26 07:39:22 2007 => Scanning File C:\WINDOWS\System32\WScript.exe

Mon Feb 26 07:39:22 2007 => Scanning HKCR\jsefile\shell\open\command
Mon Feb 26 07:39:22 2007 => Scanning File C:\WINDOWS\SYSTEM32\NOTEPAD.EXE
Mon Feb 26 07:39:22 2007 => Scanning File C:\WINDOWS\System32\WScript.exe

Mon Feb 26 07:39:22 2007 => Scanning HKCR\vbsfile\shell\open\command
Mon Feb 26 07:39:22 2007 => Scanning File C:\WINDOWS\SYSTEM32\NOTEPAD.EXE
Mon Feb 26 07:39:22 2007 => Scanning File C:\WINDOWS\System32\WScript.exe

Mon Feb 26 07:39:22 2007 => Scanning HKCR\vbefile\shell\open\command
Mon Feb 26 07:39:22 2007 => Scanning File C:\WINDOWS\SYSTEM32\NOTEPAD.EXE
Mon Feb 26 07:39:22 2007 => Scanning File C:\WINDOWS\System32\WScript.exe

Mon Feb 26 07:39:22 2007 => Scanning HKCR\wshfile\shell\open\command
Mon Feb 26 07:39:22 2007 => Scanning File C:\WINDOWS\SYSTEM32\NOTEPAD.EXE
Mon Feb 26 07:39:22 2007 => Scanning File C:\WINDOWS\System32\WScript.exe

Mon Feb 26 07:39:22 2007 => Scanning HKCR\wsffile\shell\open\command
Mon Feb 26 07:39:22 2007 => Scanning File C:\WINDOWS\SYSTEM32\NOTEPAD.EXE
Mon Feb 26 07:39:22 2007 => Scanning File C:\WINDOWS\System32\WScript.exe
Mon Feb 26 07:39:22 2007 => Clearing Internet Cache as Spyware/Adware found in system...
Mon Feb 26 07:39:23 2007 => Clearing Temporary sub-folders as Spyware/Adware found in system...
Mon Feb 26 07:39:23 2007 => ** Value in HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = http://www.msn.com
Mon Feb 26 07:39:24 2007 => ** Value in HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main/Start Page = about:blank
Mon Feb 26 07:39:25 2007 => ** Value in HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\main/Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome

Mon Feb 26 07:41:33 2007 => ***** Checking for specific ITW Viruses *****
Mon Feb 26 07:41:33 2007 => Checking for Welchia Virus...
Mon Feb 26 07:41:33 2007 => Checking for LovGate Virus...
Mon Feb 26 07:41:33 2007 => Checking for CodeRed Virus...
Mon Feb 26 07:41:33 2007 => Checking for OpaServ Virus...
Mon Feb 26 07:41:33 2007 => Checking for Sobig.e Virus...
Mon Feb 26 07:41:33 2007 => Checking for Winupie Virus...
Mon Feb 26 07:41:33 2007 => Checking for Swen Virus...
Mon Feb 26 07:41:33 2007 => Checking for JS.Fortnight Virus...
Mon Feb 26 07:41:33 2007 => Checking for Novarg Virus...
Mon Feb 26 07:41:33 2007 => Checking for Pagabot Virus...
Mon Feb 26 07:41:33 2007 => Checking for Parite.b Virus...
Mon Feb 26 07:41:33 2007 => Checking for Parite.a Virus...
Mon Feb 26 07:41:33 2007 => Checking for Adware.SeekSeek Virus...

Mon Feb 26 07:41:33 2007 => ***** Scanning complete. *****

Mon Feb 26 07:41:33 2007 => Total Objects Scanned: 30095
Mon Feb 26 07:41:33 2007 => Total Critical Objects: 11
Mon Feb 26 07:41:33 2007 => Total Disinfected Objects: 0
Mon Feb 26 07:41:33 2007 => Total Objects Renamed: 0
Mon Feb 26 07:41:33 2007 => Total Deleted Objects: 70
Mon Feb 26 07:41:33 2007 => Total Errors: 66
Mon Feb 26 07:41:33 2007 => Time Elapsed: 00:06:34
Mon Feb 26 07:41:33 2007 => Virus Database Date: 2/24/2007
Mon Feb 26 07:41:33 2007 => Virus Database Count: 273067

Mon Feb 26 07:41:33 2007 => Scan Completed.

#11 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 26 February 2007 - 05:50 AM

Can you post the BitDefender Online Scanner report and a new Hijackthis log into your next reply.
Posted Image
Posted Image

#12 dawgbyte77

dawgbyte77
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 26 February 2007 - 06:30 PM

BitDefender Online Scanner

Scan report generated at: Tue, Feb 27, 2007 - 01:38:13

Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;L:\;

Statistics

Time 02:26:25
Files 727016
Folders 11497
Boot Sectors 7
Archives 7659
Packed Files 69344

Results

Identified Viruses 3
Infected Files 4
Suspect Files 0
Warnings 0
Disinfected 0
Deleted Files 4

Engines Info

Virus Definitions 393581
Engine build AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)
Scan plugins 14
Archive plugins 38
Unpack plugins 6
E-mail plugins 6
System plugins 1

Scan Settings

First Action Disinfect
Second Action Delete
Heuristics Yes
Enable Warnings Yes
Scanned Extensions *;
Exclude Extensions

Scan Emails Yes
Scan Archives Yes
Scan Packed Yes
Scan Files Yes
Scan Boot Yes

Scanned File
Status

C:\System Volume Information\_restore{397EEDA1-F287-4034-BC22-A596A55AA6D8}\RP328\A0177783.exe
Infected with: Trojan.Peed.Gen

C:\System Volume Information\_restore{397EEDA1-F287-4034-BC22-A596A55AA6D8}\RP328\A0177783.exe
Disinfection failed

C:\System Volume Information\_restore{397EEDA1-F287-4034-BC22-A596A55AA6D8}\RP328\A0177783.exe
Deleted

D:\Program Files\Microsoft AntiSpyware\cleaner.log
Infected with: Generic.XPL.MhtRedir.13B74D54

D:\Program Files\Microsoft AntiSpyware\cleaner.log
Disinfection failed

D:\Program Files\Microsoft AntiSpyware\cleaner.log
Deleted

G:\0 - New Download\hijackthis\mwav.exe=>(RAR Sfx o)=>mexe.com
Infected with: BehavesLike:Win32.FileInfector

G:\0 - New Download\hijackthis\mwav.exe=>(RAR Sfx o)=>mexe.com
Disinfection failed

G:\0 - New Download\hijackthis\mwav.exe=>(RAR Sfx o)=>mexe.com
Deleted

G:\0 - New Download\hijackthis\mwav.exe=>(RAR Sfx o)
Update failed

G:\0 - New Download\hijackthis\mwav.exe=>(RAR Sfx o)=>mwavscan.com
Infected with: BehavesLike:Win32.FileInfector

G:\0 - New Download\hijackthis\mwav.exe=>(RAR Sfx o)=>mwavscan.com
Disinfection failed

G:\0 - New Download\hijackthis\mwav.exe=>(RAR Sfx o)=>mwavscan.com
Deleted

G:\0 - New Download\hijackthis\mwav.exe=>(RAR Sfx o)
Update failed















Amd the HijackLog:

Logfile of HijackThis v1.99.1
Scan saved at 7:25:35 AM, on 2/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe
d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe
d:\Program Files\BUFFALO\Client Manager 2\bwsvc.exe
d:\program files\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe
d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\psimsvc.exe
d:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
D:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\NotifyPhoneBook.exe
D:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\BUFFALO\Client Manager 2\ClientMgr2.exe
C:\WINDOWS\system32\rundll32.exe
d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\SRVLOAD.EXE
d:\program files\panda software\panda platinum 2006 internet security\WebProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iTunes\iTunes.exe
G:\0 - New Download\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - d:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [APVXDWIN] "d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: ClientManager2.lnk = D:\Program Files\BUFFALO\Client Manager 2\ClientMgr2.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Noname.XXX\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1168352266625
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://dawgbyte.multiply.com/photos/uploader.cab
O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 6.0 (SP6)) - http://activex.microsoft.com/controls/vb5/comdlg32.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C1A1FB6-55C7-4C14-849F-543BE86511AB}: NameServer = 85.255.116.60 85.255.112.203
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Buffalo Wireless Service (BWSVC) - BUFFALO INC. - d:\Program Files\BUFFALO\Client Manager 2\bwsvc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Emuclpupahwp - Creative Technology Ltd. - (no file)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - d:\program files\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\psimsvc.exe
O23 - Service: ScsiAccess - Unknown owner - d:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Sound Sservice Driver (Sound Service) - Sonix Co. Ltd. - (no file)
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe
O23 - Service: Ulead Sservice System Files (Ulead Service) - Ralink Technology Inc. - (no file)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

#13 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 26 February 2007 - 06:42 PM

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C1A1FB6-55C7-4C14-849F-543BE86511AB}: NameServer = 85.255.116.60 85.255.112.203

Exit Hijackthis,restart your pc.

Rescan with Hijackthis,check to see if the above O17 - has gone or not.
If the entry has sucessfully been removed post a new Hijackthis log please.

If the entry is still there,do the following again please:
Download and run Fixwareout from the link below:
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
After the reboot post the contents of the logfile C:\fixwareout\report.txt in your next reply,along with a new Hijackthis log.
Posted Image
Posted Image

#14 dawgbyte77

dawgbyte77
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 27 February 2007 - 08:24 AM

Hi Richie,

After reading your reply, I rebooted and ran HijackThis and the O17 line was gone.

Logfile of HijackThis v1.99.1
Scan saved at 8:50:43 PM, on 2/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe
d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe
d:\Program Files\BUFFALO\Client Manager 2\bwsvc.exe
d:\program files\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe
C:\WINDOWS\Explorer.EXE
d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\psimsvc.exe
d:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\apvxdwin.exe
D:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\BUFFALO\Client Manager 2\ClientMgr2.exe
d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\SRVLOAD.EXE
d:\program files\panda software\panda platinum 2006 internet security\WebProxy.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcrobatInfo.exe
G:\0 - New Download\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - d:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [APVXDWIN] "d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: ClientManager2.lnk = D:\Program Files\BUFFALO\Client Manager 2\ClientMgr2.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Noname.XXX\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1168352266625
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://dawgbyte.multiply.com/photos/uploader.cab
O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 6.0 (SP6)) - http://activex.microsoft.com/controls/vb5/comdlg32.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Buffalo Wireless Service (BWSVC) - BUFFALO INC. - d:\Program Files\BUFFALO\Client Manager 2\bwsvc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Emuclpupahwp - Creative Technology Ltd. - (no file)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - d:\program files\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\psimsvc.exe
O23 - Service: ScsiAccess - Unknown owner - d:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Sound Sservice Driver (Sound Service) - Sonix Co. Ltd. - (no file)
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe
O23 - Service: Ulead Sservice System Files (Ulead Service) - Ralink Technology Inc. - (no file)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

#15 dawgbyte77

dawgbyte77
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:27 PM

Posted 27 February 2007 - 08:27 AM

I opened my browser to post my reply and ran HijackThis again, and the line was back.
These 2 lines has been added. According to wuauclt.exe, it may or may not be a virus but I don't yet dare delete this.

C:\WINDOWS\system32\wuauclt.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C1A1FB6-55C7-4C14-849F-543BE86511AB}: NameServer = 85.255.116.60 85.255.112.203



Logfile of HijackThis v1.99.1
Scan saved at 8:55:35 PM, on 2/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe
d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe
d:\Program Files\BUFFALO\Client Manager 2\bwsvc.exe
d:\program files\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe
C:\WINDOWS\Explorer.EXE
d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\psimsvc.exe
d:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\apvxdwin.exe
D:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\BUFFALO\Client Manager 2\ClientMgr2.exe
d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\SRVLOAD.EXE
d:\program files\panda software\panda platinum 2006 internet security\WebProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
G:\0 - New Download\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - d:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [APVXDWIN] "d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: ClientManager2.lnk = D:\Program Files\BUFFALO\Client Manager 2\ClientMgr2.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Noname.XXX\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1168352266625
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://dawgbyte.multiply.com/photos/uploader.cab
O16 - DPF: {F9043C85-F6F2-101A-A3C9-08002B2F49FB} (Microsoft Common Dialog Control, version 6.0 (SP6)) - http://activex.microsoft.com/controls/vb5/comdlg32.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C1A1FB6-55C7-4C14-849F-543BE86511AB}: NameServer = 85.255.116.60 85.255.112.203
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Buffalo Wireless Service (BWSVC) - BUFFALO INC. - d:\Program Files\BUFFALO\Client Manager 2\bwsvc.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Emuclpupahwp - Creative Technology Ltd. - (no file)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - d:\program files\panda software\panda platinum 2006 internet security\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\psimsvc.exe
O23 - Service: ScsiAccess - Unknown owner - d:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Sound Sservice Driver (Sound Service) - Sonix Co. Ltd. - (no file)
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - d:\Program Files\Panda Software\Panda Platinum 2006 Internet Security\TPSrv.exe
O23 - Service: Ulead Sservice System Files (Ulead Service) - Ralink Technology Inc. - (no file)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users