Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected By Spy Dawn, Smitfraud Didn't Work


  • This topic is locked This topic is locked
24 replies to this topic

#1 kimgeni

kimgeni

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NO
  • Local time:05:14 PM

Posted 04 March 2007 - 04:02 PM

Hello,

my computer has been infected by Spy Dawn for 13h now. I 've tried Ad-Aware free ed, Spybot and Smit fraud and I've unninstald Spy Dawn.
The SmitFraud wiped out the last visible tracks (pop ups and so on), but the free ed of Spyhunter tells me I've still got a lot of zlob trojans and cookies on my computer.
SmitFraud didn't go the way it should according to you. After number 9 ("Do yoy want to clean the registry?" and I pushed y) the Notepad screen poped up and SmitFraud showed a blue screen saying "Close all applications. Computer may reboot". There were also a warning or question from windows, asking me if I wanted to change the Windows OS-settings or if I wanted to continue the safe mode, I chosed the safe mode. Then I waited, but nothing happend, so I closed the notepad and smitFraud and rebooted. The System Alert icon to the right in the system tray had disappered, but as I said there are still a lot of zlob trojans and cookies on my PC (according to SpyHunter).

Im runing the norwegian version of windows xp, so there are a couple of words you might not understand. Here 's a list of them: fellesfiler-common or shared files, programfiler-programfiles, filer-files, midlertidig mappe-temporary folder, koblinger-connections, "E&ksporter til" probably means "eksporter til"-export too, oppslag-poster, automatisk-automatic, planlegger-plan maker or someone who plans to do something.
I hope this doesn't cause problems for you.

Here is my log from hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 21:28:35, on 04.03.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Norton Internet Security\ISSVC.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programfiler\Dell\Media Experience\DMXLauncher.exe
C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programfiler\Dell Photo AIO Printer 924\dlccmon.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programfiler\QuickTime\qttask.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Programfiler\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Programfiler\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\Enigma Software Group\SpyHunter\SpyHunter.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\DOCUME~1\KIMAND~1\LOKALE~1\Temp\Midlertidig mappe 2 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Programfiler\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Programfiler\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1147348959093
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Programfiler\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe


Here 's the list from SmitFraud
Skrivebord means desktop

SmitFraudFix v2.147

Scan done at 20:19:21,09, 04.03.2007
Run from C:\Documents and Settings\Kim Andr‚ Johnsen\Skrivebord\SmitfraudFix
OS: Microsoft Windows XP [Versjon 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{aed6f6a3-183c-488d-9f90-23db99f56e7f}"="apathies"

[HKEY_CLASSES_ROOT\CLSID\{aed6f6a3-183c-488d-9f90-23db99f56e7f}\InProcServer32]
@="C:\WINDOWS\system32\geplxss.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{aed6f6a3-183c-488d-9f90-23db99f56e7f}\InProcServer32]
@="C:\WINDOWS\system32\geplxss.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\geplxss.dll Deleted
C:\DOCUME~1\KIMAND~1\FAVORI~1\Online Security Test.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End


I ran it twice. Here 's number 2

SmitFraudFix v2.147

Scan done at 20:38:57,82, 04.03.2007
Run from C:\Documents and Settings\Kim Andr‚ Johnsen\Skrivebord\SmitfraudFix
OS: Microsoft Windows XP [Versjon 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End


Before i used SmitFraud the first time Norton wanted to stop it but I allowed it.

During both cleaning processes the SmitFraud showed a message including:

Deleting infected files
Systemet finner ikke angitt bane
Deleting temp files

Line 2 means "The system can't find the informed/given path." I am not sure about the translation informed/given, but the point is that it coudn't find the path it was supposed to find. I don't know if it's included in the notepad, so I decided to write it down.

I hope you can help me and that the Norwegian don't cause too many problems.

Thanks.

Kimgeni

Edited by kimgeni, 04 March 2007 - 04:11 PM.


BC AdBot (Login to Remove)

 


#2 kimgeni

kimgeni
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NO
  • Local time:05:14 PM

Posted 06 March 2007 - 03:30 PM

Hey again!

I just wanted to add and specify some info.
I've used the name smitfraud in the headline and in the text, but, as you probably know, I meant smitfraudfix.
I also decided to give you a more accurate description of the situation. When the pop-ups started I scanned my PC with Lavasoft. It found and removed 15 trojans rated 10 (out of ten). Then Norton antivirus full scan, found nothing.
Uninstalled Spy Dawn (why do they include such an option in a Spy program, if their goal is to destroy?), and all the pop ups disappeared. The only visible track was the "System Alert" icon in the system tray.
Downloaded Spybot and scanned, removed several cookies (WinsoftWare, pest trap among others) related to Spy Dawn.
Then the smitfraudfix, which removed the "System Alert!" icon. (I don't know wich files it removed).

Yesterday I downloaded new Lavasoft definitions and SuperAntispyware. They removed more than 20 cookies and 2 trojans related to Spy Dawn.

Today I removed some files I think is related to Spy Dawn with Ace Utilities:
the programs iesuninst, isunst, pmmnt and pmsnrr
iesplugin.dell
(and 2 icons)

I know Spybot (and probably others as well) categorize Spyhunter as a program which reports more errors than it really is on the PC, however all the files I've deleted today and yesterday match files Spyhunter found, so it seems like I can trust it. According to SpyHunter I've still got 50 zlob trojans on my PC and 2 zlob video access trojans. Are these trojans a large threat to me, or can't they do much? I've got a log from SpyHunter, but it contains more than 6000 words, so here's a new from Hijck this. ( I've removed about 30 spyDawn cookies, 4 programs, 1 dll and 2 trojans related to spyDawn since the first Hijack this log).

Logfile of HijackThis v1.99.1
Scan saved at 21:16:20, on 06.03.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Norton Internet Security\ISSVC.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programfiler\Dell\Media Experience\DMXLauncher.exe
C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programfiler\Dell Photo AIO Printer 924\dlccmon.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programfiler\QuickTime\qttask.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\Programfiler\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Programfiler\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Programfiler\Windows Media Player\wmplayer.exe
C:\Programfiler\Enigma Software Group\SpyHunter\SpyHunter.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\Programfiler\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Programfiler\Messenger\msmsgs.exe
C:\DOCUME~1\KIMAND~1\LOKALE~1\Temp\Midlertidig mappe 3 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Programfiler\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Programfiler\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1147348959093
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Programfiler\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe


Thanks

Kimgeni

#3 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:04:14 PM

Posted 07 March 2007 - 10:55 AM

Welcome to BleepingComputer kimgeni :thumbsup:

Please move HijackThis to a permanent folder on the hard drive such as C:\HJT.
Create a new folder and place your HijackThis.exe inside that folder so that the backups of log changes it creates are saved in the same folder and can be used to reverse the line entry deletion if found to be necessary.
If HijackThis is used from a temp folder it is in danger of being accidentally deleted by Disk Cleanup or similar tools.

*****************************

Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1

Double-click ATF-Cleaner.exe to run the program.
Click 'Select All' found at the bottom of the list.
Click the 'Empty Selected' button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

If you use Opera browser,do this also:
Click Opera at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

Click 'Exit' on the Main menu to close the program.

*****************************

Download/install AVG Anti-Spyware 7.5.

Please follow these instructions carefully.

Launch/start up AVG Anti-Spyware.
On the main page click the 'Update' tab,and then 'Start Update'.
Once the updates have been installed,do the following:
Select the 'Scanner' icon at the top of the screen, then select the 'Settings' tab.
Once in the 'Settings' screen,under 'How to act?',then under 'Set default action for detected malware to:', click on 'Recommended actions',then click on 'Quarantine'.
Under 'Reports' select 'Automatically generate report after every scan' and unselect 'Only if threats were found'.
Exit AVG Anti-Spyware,don't run the scan just yet.

You might want to print/copy the following as you need to be in Safe Mode from here on.

Reboot your computer into SAFE MODE" using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Have Hijack This fix the following [If still present], by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:

O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN
O18 - Filter: text/html - (no CLSID) - (no file)


Still in Safe Mode launch AVG Anti-Spyware.
Click the 'Scanner' icon at the top.
To start the scan click on 'Complete System Scan'.
Please be patient,it takes a while for the scan to finish.

Once the scan is complete,do the following.
If AVG Anti-Spyware detected any infected objects:,click on 'Apply All Actions'.

Next click on 'Save Report'.
Copy and paste that report into your next reply.
The report can be found under the 'Reports' tab at the top.
Close AVG Anti-Spyware when you've done.
Reboot normally.

*****************************

Please run this online virus scan:Activescan using Internet Explorer.
Once you are on the Panda site click the Scan your PC button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on Local Disks to start the scan
When the scan completes,click the See Report button, then Save Report, and save it to your desktop.

Restart your pc.
Post the AVG Anti Spyware report,the Activescan report,and a new Hijackthis log into your next reply please.
Posted Image
Posted Image

#4 kimgeni

kimgeni
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NO
  • Local time:05:14 PM

Posted 07 March 2007 - 05:46 PM

Hello

Thanks so far.
I've had the system restore turned off since yesterday, I assume I still should have it turned off? (It was off during the entire process.)
I moved Hijack this, but I forgot that it was the exe and not the zip file I was supposed to move. I moved the exe when I rebooted the PC after using the Safe Mode.

This is the first log, before the removal of 08 need2find and 018 filter.

Logfile of HijackThis v1.99.1
Scan saved at 19:56:32, on 07.03.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\DOCUME~1\KIMAND~1\LOKALE~1\Temp\Midlertidig mappe 5 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Programfiler\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Programfiler\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Programfiler\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: &Search - http://kn.bar.need2find.com/KN/menusearch.html?p=KN
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1147348959093
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Programfiler\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe


Her 's the AVG

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 21:21:49 07.03.2007

+ Scan result:



HKU\S-1-5-21-1222073044-4096117017-1521477425-1006\Software\Kazaa\Promotions\Cydoor -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1222073044-4096117017-1521477425-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329 -> Adware.Cydoor : Cleaned with backup (quarantined).
HKU\S-1-5-21-1222073044-4096117017-1521477425-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4 -> Adware.Cydoor : Cleaned with backup (quarantined).


::Report end



The ActiveScan.
Time for some new norwegian words: lokale innstillinger - local adjustments
(You'll be speaking Norwegian in a couple of days if my problem continues. :thumbsup:)


Incident Status Location

Adware:Adware/VideoActiveXObject Not disinfected C:\Documents and Settings\Kim André Johnsen\Lokale innstillinger\Temp\temp.fr7141\uninst.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Kim André Johnsen\Skrivebord\SmitfraudFix\Process.exe
Potentially unwanted tool:application/bestoffer Not disinfected C:\WINDOWS\smdat32m.sys


The newest Hijack log

Logfile of HijackThis v1.99.1
Scan saved at 23:16:15, on 07.03.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Norton Internet Security\ISSVC.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programfiler\Dell\Media Experience\DMXLauncher.exe
C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programfiler\Dell Photo AIO Printer 924\dlccmon.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programfiler\QuickTime\qttask.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\BillP Studios\WinPatrol\winpatrol.exe
C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programfiler\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Programfiler\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Programfiler\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Programfiler\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Programfiler\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1147348959093
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Programfiler\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe



Thanks

Kimgeni

#5 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:04:14 PM

Posted 07 March 2007 - 06:03 PM

Reboot your computer into SAFE MODE" using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Find and delete:
C:\Documents and Settings\Kim André Johnsen\Lokale innstillinger\Temp<-Delete everything inside this Temp folder.

Still in Safe Mode,click on Start>Run,type cleanmgr then press Enter.
Click on Ok,place checks in all the boxes except 'Compress Old Files'.
Then press Ok.

Reboot normally,post a new Hijackthis log into your next reply.
Let me know how your pc is running now please.
Posted Image
Posted Image

#6 kimgeni

kimgeni
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NO
  • Local time:05:14 PM

Posted 08 March 2007 - 01:33 PM

Hello

I did what you said.
My PC is running as normal as far as I can see, and has done so since I ran Smitfraudfix 4 days ago. (Smitfraudfix removed the last pop-ups). However I don't know if there's something underneeth the surface. Is there a check I can do to tell you how my PC is running? (Spy Hunter still says Im infected with 50 Zlob.trojans and 2 zlob.VideoAccess.)

Here's the new log.

Logfile of HijackThis v1.99.1
Scan saved at 19:17:30, on 08.03.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Norton Internet Security\ISSVC.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe
C:\Programfiler\Dell\Media Experience\DMXLauncher.exe
C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programfiler\Dell Photo AIO Printer 924\dlccmon.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programfiler\QuickTime\qttask.exe
C:\Programfiler\iTunes\iTunesHelper.exe
C:\Programfiler\BillP Studios\WinPatrol\winpatrol.exe
C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programfiler\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Programfiler\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Programfiler\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Programfiler\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Programfiler\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programfiler\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programfiler\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Programfiler\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by12fd.bay12.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1147348959093
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatisk LiveUpdate-planlegging - Symantec Corporation - C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programfiler\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programfiler\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programfiler\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect-tjeneste (navapsvc) - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Programfiler\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programfiler\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programfiler\Fellesfiler\Symantec
Shared\CCPD-LC\symlcsvc.exe



Thanks

Kimgeni

#7 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:04:14 PM

Posted 08 March 2007 - 01:43 PM

Download 'e Scan MWAV' from here to your desktop:
http://www.mwti.net/download/tools/mwav.exe
Disconnect from the internet,close all running programs.
Double click on the mwav icon on your desktop.
The program will start,the Licence Agreement will pop up.
Select 'I accept the agreement',then press Ok.
The program will open,leave all the settings as they are.
Now press the 'Scan & Clean' button.
The program will now start scanning your pc.
Once the scan has finished,post the results from the lower window 'Virus Log Information'.
Also post a new Hijackthis log please.
Posted Image
Posted Image

#8 kimgeni

kimgeni
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NO
  • Local time:05:14 PM

Posted 08 March 2007 - 02:01 PM

Hey

By "close all running programs", do you mean all windows and all the programs to the right in the system tray, or is there something more? Just wanted to be sure.

Thanks

Kimgeni

#9 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:04:14 PM

Posted 08 March 2007 - 02:31 PM

Temporarily disable Norton Antivirus after you've disconnected from the internet,and don't launch any other programs while the scan is running.
Once the scan has finished,don't forget to re-enable Norton Antivirus before reconnecting to the internet.
Posted Image
Posted Image

#10 kimgeni

kimgeni
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NO
  • Local time:05:14 PM

Posted 08 March 2007 - 03:32 PM

Hello

I don't understand this. The log is too long so I'll have to split it, but the last line in the posted post isn't the same as the last line before I post it. Perhaps it's just this post, so I'll start the log in a new one.

Edited by kimgeni, 08 March 2007 - 03:47 PM.


#11 kimgeni

kimgeni
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NO
  • Local time:05:14 PM

Posted 08 March 2007 - 03:50 PM

MWAV Part 1

Thu Mar 08 21:03:04 2007 => MWAV in SPECIAL PROMOTION MODE.
Thu Mar 08 21:03:04 2007 => **********************************************************
Thu Mar 08 21:03:04 2007 => MicroWorld Anti Virus & Spyware Toolkit Utility.
Thu Mar 08 21:03:04 2007 => Copyright © 2003-2006, MicroWorld Technologies Inc.
Thu Mar 08 21:03:04 2007 => **********************************************************
Thu Mar 08 21:03:04 2007 => Source: C:\DOCUME~1\KIMAND~1\SKRIVE~1\ESCANM~1.EXE
Thu Mar 08 21:03:04 2007 => Version 9.1.7 (C:\DOCUME~1\KIMAND~1\LOKALE~1\Temp\mexe.com)
Thu Mar 08 21:03:04 2007 => Log File: C:\DOCUME~1\KIMAND~1\LOKALE~1\Temp\MWAV.LOG
Thu Mar 08 21:03:04 2007 => MWAV Registered: TRUE.
Thu Mar 08 21:03:04 2007 => User Account: Kim André Johnsen
Thu Mar 08 21:03:04 2007 => OS Type: Windows Workstation
Thu Mar 08 21:03:04 2007 => OS: Windows XP
Thu Mar 08 21:03:04 2007 => Ver: Service Pack 2 (Build 2600)
Thu Mar 08 21:03:04 2007 => Windows Root Folder: C:\WINDOWS
Thu Mar 08 21:03:04 2007 => Windows Sys32 Folder: C:\WINDOWS\system32
Thu Mar 08 21:03:04 2007 => Local Fixed Drives: c:\
Thu Mar 08 21:03:04 2007 => MWAV Mode: Scan and Clean files (for viruses, adware and spyware).
Thu Mar 08 21:03:04 2007 => Latest Date of files inside MWAV: 07 Mar 2007 11:59:5.
Thu Mar 08 21:03:07 2007 => AV Library Loaded...
Thu Mar 08 21:03:07 2007 => MWAV doing self scanning...
Thu Mar 08 21:03:07 2007 => Scanning File C:\DOCUME~1\KIMAND~1\LOKALE~1\Temp\Getvlist.exe
Thu Mar 08 21:03:07 2007 => Scanning File C:\DOCUME~1\KIMAND~1\LOKALE~1\Temp\main.avi
Thu Mar 08 21:03:07 2007 => Scanning File C:\DOCUME~1\KIMAND~1\LOKALE~1\Temp\virus.avi
Thu Mar 08 21:03:07 2007 => Scanning File C:\DOCUME~1\KIMAND~1\LOKALE~1\Temp\ScanningProcess.exe
Thu Mar 08 21:03:07 2007 => Scanning File C:\DOCUME~1\KIMAND~1\LOKALE~1\Temp\Kave.dll
Thu Mar 08 21:03:07 2007 => Scanning File C:\DOCUME~1\KIMAND~1\LOKALE~1\Temp\prloader.dll
Thu Mar 08 21:03:07 2007 => MWAV files are clean.
Thu Mar 08 21:03:22 2007 => Virus Database Date: 3/7/2007
Thu Mar 08 21:03:22 2007 => Virus Database Count: 277676

Thu Mar 08 21:03:37 2007 => **********************************************************
Thu Mar 08 21:03:37 2007 => MicroWorld Anti Virus & Spyware Toolkit Utility.
Thu Mar 08 21:03:37 2007 => Copyright © 2003-2006, MicroWorld Technologies Inc.
Thu Mar 08 21:03:37 2007 =>
Thu Mar 08 21:03:37 2007 => Support: support@mwti.net
Thu Mar 08 21:03:37 2007 => Web: http://www.mwti.net
Thu Mar 08 21:03:37 2007 => **********************************************************
Thu Mar 08 21:03:37 2007 => Version 9.1.7 (C:\DOCUME~1\KIMAND~1\LOKALE~1\Temp\mexe.com)
Thu Mar 08 21:03:37 2007 => Log File: C:\DOCUME~1\KIMAND~1\LOKALE~1\Temp\MWAV.LOG
Thu Mar 08 21:03:37 2007 => User Account: Kim André Johnsen
Thu Mar 08 21:03:37 2007 => Windows Root Folder: C:\WINDOWS
Thu Mar 08 21:03:37 2007 => Windows Sys32 Folder: C:\WINDOWS\system32
Thu Mar 08 21:03:37 2007 => OS: Windows XP
Thu Mar 08 21:03:37 2007 => Ver: Service Pack 2 (Build 2600)
Thu Mar 08 21:03:38 2007 => Latest Date of files inside MWAV: 07 Mar 2007 11:59:5.

Thu Mar 08 21:03:38 2007 => Options Selected by User:
Thu Mar 08 21:03:38 2007 => Memory Check: Enabled
Thu Mar 08 21:03:38 2007 => Registry Check: Enabled
Thu Mar 08 21:03:38 2007 => StartUp Folder Check: Enabled
Thu Mar 08 21:03:38 2007 => System Folder Check: Enabled
Thu Mar 08 21:03:38 2007 => System Area Check: Disabled
Thu Mar 08 21:03:38 2007 => Services Check: Enabled
Thu Mar 08 21:03:38 2007 => Drive Check Option Disabled
Thu Mar 08 21:03:38 2007 => Folder Check: Disabled

Thu Mar 08 21:03:39 2007 => ***** Scanning Memory Files *****
Thu Mar 08 21:03:39 2007 => Scanning File C:\WINDOWS\System32\smss.exe
Thu Mar 08 21:03:40 2007 => Scanning File C:\WINDOWS\system32\ntdll.dll
Thu Mar 08 21:03:40 2007 => Scanning File C:\WINDOWS\SYSTEM32\CSRSS.EXE
Thu Mar 08 21:03:40 2007 => Scanning File C:\WINDOWS\system32\CSRSRV.dll
Thu Mar 08 21:03:40 2007 => Scanning File C:\WINDOWS\system32\basesrv.dll
Thu Mar 08 21:03:40 2007 => Scanning File C:\WINDOWS\system32\winsrv.dll
Thu Mar 08 21:03:40 2007 => Scanning File C:\WINDOWS\system32\GDI32.dll
Thu Mar 08 21:03:40 2007 => Scanning File C:\WINDOWS\system32\KERNEL32.dll
Thu Mar 08 21:03:40 2007 => Scanning File C:\WINDOWS\system32\USER32.dll
Thu Mar 08 21:03:40 2007 => Scanning File C:\WINDOWS\system32\sxs.dll
Thu Mar 08 21:03:40 2007 => Scanning File C:\WINDOWS\system32\ADVAPI32.dll
Thu Mar 08 21:03:40 2007 => Scanning File C:\WINDOWS\system32\RPCRT4.dll
Thu Mar 08 21:03:40 2007 => Scanning File C:\WINDOWS\system32\Apphelp.dll
Thu Mar 08 21:03:40 2007 => Scanning File C:\WINDOWS\system32\VERSION.dll
Thu Mar 08 21:03:40 2007 => Scanning File C:\WINDOWS\SYSTEM32\WINLOGON.EXE
Thu Mar 08 21:03:40 2007 => Scanning File C:\WINDOWS\system32\AUTHZ.dll
Thu Mar 08 21:03:40 2007 => Scanning File C:\WINDOWS\system32\msvcrt.dll
Thu Mar 08 21:03:40 2007 => Scanning File C:\WINDOWS\system32\CRYPT32.dll
Thu Mar 08 21:03:40 2007 => Scanning File C:\WINDOWS\system32\MSASN1.dll
Thu Mar 08 21:03:40 2007 => Scanning File C:\WINDOWS\system32\NDdeApi.dll
Thu Mar 08 21:03:40 2007 => Scanning File C:\WINDOWS\system32\PROFMAP.dll
Thu Mar 08 21:03:40 2007 => Scanning File C:\WINDOWS\system32\NETAPI32.dll
Thu Mar 08 21:03:40 2007 => Scanning File C:\WINDOWS\system32\USERENV.dll
Thu Mar 08 21:03:40 2007 => Scanning File C:\WINDOWS\system32\PSAPI.DLL
Thu Mar 08 21:03:40 2007 => Scanning File C:\WINDOWS\system32\REGAPI.dll
Thu Mar 08 21:03:40 2007 => Scanning File C:\WINDOWS\system32\Secur32.dll
Thu Mar 08 21:03:40 2007 => Scanning File C:\WINDOWS\system32\SETUPAPI.dll
Thu Mar 08 21:03:40 2007 => Scanning File C:\WINDOWS\system32\WINSTA.dll
Thu Mar 08 21:03:40 2007 => Scanning File C:\WINDOWS\system32\WINTRUST.dll
Thu Mar 08 21:03:40 2007 => Scanning File C:\WINDOWS\system32\IMAGEHLP.dll
Thu Mar 08 21:03:40 2007 => Scanning File C:\WINDOWS\system32\WS2_32.dll
Thu Mar 08 21:03:40 2007 => Scanning File C:\WINDOWS\system32\WS2HELP.dll
Thu Mar 08 21:03:40 2007 => Scanning File C:\WINDOWS\system32\IMM32.DLL
Thu Mar 08 21:03:40 2007 => Scanning File C:\WINDOWS\system32\MSGINA.dll
Thu Mar 08 21:03:40 2007 => Scanning File C:\WINDOWS\system32\SHELL32.dll
Thu Mar 08 21:03:40 2007 => Scanning File C:\WINDOWS\system32\SHLWAPI.dll
Thu Mar 08 21:03:40 2007 => Scanning File C:\WINDOWS\system32\COMCTL32.dll
Thu Mar 08 21:03:40 2007 => Scanning File C:\WINDOWS\system32\ODBC32.dll
Thu Mar 08 21:03:40 2007 => Scanning File C:\WINDOWS\system32\comdlg32.dll
Thu Mar 08 21:03:40 2007 => Scanning File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
Thu Mar 08 21:03:40 2007 => Scanning File C:\WINDOWS\system32\odbcint.dll
Thu Mar 08 21:03:40 2007 => Scanning File C:\WINDOWS\system32\SHSVCS.dll
Thu Mar 08 21:03:40 2007 => Scanning File C:\WINDOWS\system32\sfc.dll
Thu Mar 08 21:03:40 2007 => Scanning File C:\WINDOWS\system32\sfc_os.dll
Thu Mar 08 21:03:41 2007 => Scanning File C:\WINDOWS\system32\ole32.dll
Thu Mar 08 21:03:41 2007 => Scanning File C:\WINDOWS\system32\msctfime.ime
Thu Mar 08 21:03:41 2007 => Scanning File C:\WINDOWS\system32\WINSCARD.DLL
Thu Mar 08 21:03:41 2007 => Scanning File C:\WINDOWS\system32\WTSAPI32.dll
Thu Mar 08 21:03:41 2007 => Scanning File C:\WINDOWS\system32\uxtheme.dll
Thu Mar 08 21:03:41 2007 => Scanning File C:\WINDOWS\system32\WINMM.dll
Thu Mar 08 21:03:41 2007 => Scanning File C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll
Thu Mar 08 21:03:41 2007 => Scanning File C:\WINDOWS\system32\OLEAUT32.dll
Thu Mar 08 21:03:41 2007 => Scanning File C:\WINDOWS\system32\WININET.dll
Thu Mar 08 21:03:41 2007 => Scanning File C:\WINDOWS\system32\Normaliz.dll
Thu Mar 08 21:03:41 2007 => Scanning File C:\WINDOWS\system32\iertutil.dll
Thu Mar 08 21:03:41 2007 => Scanning File C:\WINDOWS\system32\rsaenh.dll
Thu Mar 08 21:03:41 2007 => Scanning File C:\WINDOWS\system32\cscdll.dll
Thu Mar 08 21:03:41 2007 => Scanning File C:\WINDOWS\system32\WlNotify.dll
Thu Mar 08 21:03:41 2007 => Scanning File C:\WINDOWS\system32\WINSPOOL.DRV
Thu Mar 08 21:03:41 2007 => Scanning File C:\WINDOWS\system32\MPR.dll
Thu Mar 08 21:03:41 2007 => Scanning File C:\WINDOWS\system32\WgaLogon.dll
Thu Mar 08 21:03:41 2007 => Scanning File C:\WINDOWS\system32\NTMARTA.DLL
Thu Mar 08 21:03:41 2007 => Scanning File C:\WINDOWS\system32\WLDAP32.dll
Thu Mar 08 21:03:41 2007 => Scanning File C:\WINDOWS\system32\SAMLIB.dll
Thu Mar 08 21:03:41 2007 => Scanning File C:\WINDOWS\system32\CLBCATQ.DLL
Thu Mar 08 21:03:41 2007 => Scanning File C:\WINDOWS\system32\COMRes.dll
Thu Mar 08 21:03:41 2007 => Scanning File C:\WINDOWS\system32\cscui.dll
Thu Mar 08 21:03:42 2007 => Scanning File C:\WINDOWS\system32\msv1_0.dll
Thu Mar 08 21:03:42 2007 => Scanning File C:\WINDOWS\system32\iphlpapi.dll
Thu Mar 08 21:03:42 2007 => Scanning File C:\WINDOWS\system32\xpsp2res.dll
Thu Mar 08 21:03:42 2007 => Scanning File C:\WINDOWS\system32\wdmaud.drv
Thu Mar 08 21:03:42 2007 => Scanning File C:\WINDOWS\system32\msacm32.drv
Thu Mar 08 21:03:42 2007 => Scanning File C:\WINDOWS\system32\MSACM32.dll
Thu Mar 08 21:03:42 2007 => Scanning File C:\WINDOWS\system32\midimap.dll
Thu Mar 08 21:03:42 2007 => Scanning File C:\WINDOWS\system32\services.exe
Thu Mar 08 21:03:42 2007 => Scanning File C:\WINDOWS\system32\SCESRV.dll
Thu Mar 08 21:03:42 2007 => Scanning File C:\WINDOWS\system32\umpnpmgr.dll
Thu Mar 08 21:03:42 2007 => Scanning File C:\WINDOWS\system32\NCObjAPI.DLL
Thu Mar 08 21:03:42 2007 => Scanning File C:\WINDOWS\system32\MSVCP60.dll
Thu Mar 08 21:03:42 2007 => Scanning File C:\WINDOWS\system32\ShimEng.dll
Thu Mar 08 21:03:42 2007 => Scanning File C:\WINDOWS\AppPatch\AcGenral.DLL
Thu Mar 08 21:03:42 2007 => Scanning File C:\WINDOWS\system32\eventlog.dll
Thu Mar 08 21:03:42 2007 => Scanning File C:\WINDOWS\system32\lsass.exe
Thu Mar 08 21:03:43 2007 => Scanning File C:\WINDOWS\system32\LSASRV.dll
Thu Mar 08 21:03:43 2007 => Scanning File C:\WINDOWS\system32\NTDSAPI.dll
Thu Mar 08 21:03:43 2007 => Scanning File C:\WINDOWS\system32\DNSAPI.dll
Thu Mar 08 21:03:43 2007 => Scanning File C:\WINDOWS\system32\SAMSRV.dll
Thu Mar 08 21:03:43 2007 => Scanning File C:\WINDOWS\system32\cryptdll.dll
Thu Mar 08 21:03:43 2007 => Scanning File C:\WINDOWS\system32\msprivs.dll
Thu Mar 08 21:03:43 2007 => Scanning File C:\WINDOWS\system32\kerberos.dll
Thu Mar 08 21:03:43 2007 => Scanning File C:\WINDOWS\system32\netlogon.dll
Thu Mar 08 21:03:43 2007 => Scanning File C:\WINDOWS\system32\w32time.dll
Thu Mar 08 21:03:43 2007 => Scanning File C:\WINDOWS\system32\schannel.dll
Thu Mar 08 21:03:43 2007 => Scanning File C:\WINDOWS\system32\wdigest.dll
Thu Mar 08 21:03:43 2007 => Scanning File C:\WINDOWS\system32\scecli.dll
Thu Mar 08 21:03:43 2007 => Scanning File C:\WINDOWS\system32\ipsecsvc.dll
Thu Mar 08 21:03:43 2007 => Scanning File C:\WINDOWS\system32\oakley.DLL
Thu Mar 08 21:03:43 2007 => Scanning File C:\WINDOWS\system32\WINIPSEC.DLL
Thu Mar 08 21:03:43 2007 => Scanning File C:\WINDOWS\system32\mswsock.dll
Thu Mar 08 21:03:43 2007 => Scanning File C:\WINDOWS\system32\hnetcfg.dll
Thu Mar 08 21:03:43 2007 => Scanning File C:\WINDOWS\System32\wshtcpip.dll
Thu Mar 08 21:03:43 2007 => Scanning File C:\WINDOWS\system32\pstorsvc.dll
Thu Mar 08 21:03:43 2007 => Scanning File C:\WINDOWS\system32\psbase.dll
Thu Mar 08 21:03:43 2007 => Scanning File C:\WINDOWS\system32\dssenh.dll
Thu Mar 08 21:03:44 2007 => Scanning File C:\WINDOWS\system32\Ati2evxx.exe
Thu Mar 08 21:03:44 2007 => Scanning File C:\WINDOWS\system32\Ati2edxx.dll
Thu Mar 08 21:03:44 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Mar 08 21:03:44 2007 => Scanning File c:\windows\system32\rpcss.dll
Thu Mar 08 21:03:44 2007 => Scanning File C:\WINDOWS\system32\msi.dll
Thu Mar 08 21:03:44 2007 => Scanning File c:\windows\system32\termsrv.dll
Thu Mar 08 21:03:44 2007 => Scanning File c:\windows\system32\ICAAPI.dll
Thu Mar 08 21:03:44 2007 => Scanning File c:\windows\system32\mstlsapi.dll
Thu Mar 08 21:03:44 2007 => Scanning File c:\windows\system32\ACTIVEDS.dll
Thu Mar 08 21:03:44 2007 => Scanning File c:\windows\system32\adsldpc.dll
Thu Mar 08 21:03:44 2007 => Scanning File c:\windows\system32\ATL.DLL
Thu Mar 08 21:03:44 2007 => Scanning File C:\WINDOWS\System32\winrnr.dll
Thu Mar 08 21:03:44 2007 => Scanning File C:\WINDOWS\system32\rasadhlp.dll
Thu Mar 08 21:03:44 2007 => Scanning File c:\windows\system32\dhcpcsvc.dll
Thu Mar 08 21:03:44 2007 => Scanning File c:\windows\system32\schedsvc.dll
Thu Mar 08 21:03:44 2007 => Scanning File C:\WINDOWS\System32\MSIDLE.DLL
Thu Mar 08 21:03:44 2007 => Scanning File c:\windows\system32\audiosrv.dll
Thu Mar 08 21:03:44 2007 => Scanning File c:\windows\system32\wkssvc.dll
Thu Mar 08 21:03:44 2007 => Scanning File c:\windows\system32\cryptsvc.dll
Thu Mar 08 21:03:44 2007 => Scanning File c:\windows\system32\certcli.dll
Thu Mar 08 21:03:44 2007 => Scanning File C:\WINDOWS\system32\CRYPTUI.dll
Thu Mar 08 21:03:44 2007 => Scanning File c:\windows\system32\ESENT.dll
Thu Mar 08 21:03:44 2007 => Scanning File c:\windows\system32\es.dll
Thu Mar 08 21:03:44 2007 => Scanning File c:\windows\system32\hidserv.dll
Thu Mar 08 21:03:44 2007 => Scanning File c:\windows\system32\HID.DLL
Thu Mar 08 21:03:44 2007 => Scanning File c:\windows\system32\netman.dll
Thu Mar 08 21:03:44 2007 => Scanning File c:\windows\system32\MPRAPI.dll
Thu Mar 08 21:03:44 2007 => Scanning File c:\windows\system32\rtutils.dll
Thu Mar 08 21:03:44 2007 => Scanning File c:\windows\system32\netshell.dll
Thu Mar 08 21:03:44 2007 => Scanning File c:\windows\system32\credui.dll
Thu Mar 08 21:03:44 2007 => Scanning File c:\windows\system32\RASAPI32.dll
Thu Mar 08 21:03:44 2007 => Scanning File c:\windows\system32\rasman.dll
Thu Mar 08 21:03:44 2007 => Scanning File c:\windows\system32\TAPI32.dll
Thu Mar 08 21:03:44 2007 => Scanning File c:\windows\system32\WZCSAPI.DLL
Thu Mar 08 21:03:44 2007 => Scanning File c:\windows\system32\WZCSvc.DLL
Thu Mar 08 21:03:44 2007 => Scanning File c:\windows\system32\WMI.dll
Thu Mar 08 21:03:44 2007 => Scanning File c:\windows\system32\ersvc.dll
Thu Mar 08 21:03:44 2007 => Scanning File c:\windows\system32\srvsvc.dll
Thu Mar 08 21:03:44 2007 => Scanning File c:\windows\pchealth\helpctr\binaries\pchsvc.dll
Thu Mar 08 21:03:44 2007 => Scanning File c:\windows\system32\seclogon.dll
Thu Mar 08 21:03:44 2007 => Scanning File c:\windows\system32\sens.dll
Thu Mar 08 21:03:44 2007 => Scanning File c:\windows\system32\srsvc.dll
Thu Mar 08 21:03:44 2007 => Scanning File c:\windows\system32\POWRPROF.dll
Thu Mar 08 21:03:44 2007 => Scanning File c:\windows\system32\tapisrv.dll
Thu Mar 08 21:03:44 2007 => Scanning File c:\windows\system32\trkwks.dll
Thu Mar 08 21:03:44 2007 => Scanning File c:\windows\system32\wbem\wmisvc.dll
Thu Mar 08 21:03:44 2007 => Scanning File C:\WINDOWS\system32\VSSAPI.DLL
Thu Mar 08 21:03:44 2007 => Scanning File c:\windows\system32\wuauserv.dll
Thu Mar 08 21:03:45 2007 => Scanning File C:\WINDOWS\system32\wuaueng.dll
Thu Mar 08 21:03:45 2007 => Scanning File C:\WINDOWS\System32\ADVPACK.dll
Thu Mar 08 21:03:45 2007 => Scanning File C:\WINDOWS\System32\SHFOLDER.dll
Thu Mar 08 21:03:45 2007 => Scanning File C:\WINDOWS\System32\WINHTTP.dll
Thu Mar 08 21:03:45 2007 => Scanning File C:\WINDOWS\System32\Cabinet.dll
Thu Mar 08 21:03:45 2007 => Scanning File C:\WINDOWS\System32\mspatcha.dll
Thu Mar 08 21:03:45 2007 => Scanning File c:\windows\system32\browser.dll
Thu Mar 08 21:03:45 2007 => Scanning File c:\windows\system32\ipnathlp.dll
Thu Mar 08 21:03:45 2007 => Scanning File C:\WINDOWS\system32\comsvcs.dll
Thu Mar 08 21:03:45 2007 => Scanning File C:\WINDOWS\system32\colbact.DLL
Thu Mar 08 21:03:45 2007 => Scanning File C:\WINDOWS\system32\MTXCLU.DLL
Thu Mar 08 21:03:45 2007 => Scanning File C:\WINDOWS\system32\WSOCK32.dll
Thu Mar 08 21:03:45 2007 => Scanning File C:\WINDOWS\System32\CLUSAPI.DLL
Thu Mar 08 21:03:45 2007 => Scanning File C:\WINDOWS\System32\RESUTILS.DLL
Thu Mar 08 21:03:45 2007 => Scanning File C:\WINDOWS\system32\upnp.dll
Thu Mar 08 21:03:45 2007 => Scanning File C:\WINDOWS\system32\SSDPAPI.dll
Thu Mar 08 21:03:45 2007 => Scanning File C:\WINDOWS\system32\netcfgx.dll
Thu Mar 08 21:03:45 2007 => Scanning File C:\WINDOWS\system32\wbem\wbemcomn.dll
Thu Mar 08 21:03:45 2007 => Scanning File C:\WINDOWS\System32\Wbem\wbemcore.dll
Thu Mar 08 21:03:45 2007 => Scanning File C:\WINDOWS\System32\Wbem\esscli.dll
Thu Mar 08 21:03:45 2007 => Scanning File C:\WINDOWS\System32\Wbem\FastProx.dll
Thu Mar 08 21:03:45 2007 => Scanning File C:\WINDOWS\System32\rasmans.dll
Thu Mar 08 21:03:45 2007 => Scanning File C:\WINDOWS\system32\wbem\wmiutils.dll
Thu Mar 08 21:03:45 2007 => Scanning File C:\WINDOWS\system32\wbem\repdrvfs.dll
Thu Mar 08 21:03:45 2007 => Scanning File C:\WINDOWS\System32\rastapi.dll
Thu Mar 08 21:03:45 2007 => Scanning File C:\WINDOWS\System32\unimdm.tsp
Thu Mar 08 21:03:45 2007 => Scanning File C:\WINDOWS\System32\uniplat.dll
Thu Mar 08 21:03:45 2007 => Scanning File C:\WINDOWS\system32\wbem\wmiprvsd.dll
Thu Mar 08 21:03:45 2007 => Scanning File C:\WINDOWS\system32\wbem\wbemess.dll
Thu Mar 08 21:03:45 2007 => Scanning File C:\WINDOWS\System32\kmddsp.tsp
Thu Mar 08 21:03:45 2007 => Scanning File C:\WINDOWS\System32\ndptsp.tsp
Thu Mar 08 21:03:45 2007 => Scanning File C:\WINDOWS\System32\ipconf.tsp
Thu Mar 08 21:03:45 2007 => Scanning File C:\WINDOWS\System32\h323.tsp
Thu Mar 08 21:03:45 2007 => Scanning File C:\WINDOWS\System32\hidphone.tsp
Thu Mar 08 21:03:45 2007 => Scanning File C:\WINDOWS\System32\rasppp.dll
Thu Mar 08 21:03:45 2007 => Scanning File C:\WINDOWS\System32\ntlsapi.dll
Thu Mar 08 21:03:45 2007 => Scanning File C:\WINDOWS\System32\raschap.dll
Thu Mar 08 21:03:45 2007 => Scanning File C:\WINDOWS\System32\rastls.dll
Thu Mar 08 21:03:45 2007 => Scanning File C:\WINDOWS\System32\RASDLG.dll
Thu Mar 08 21:03:45 2007 => Scanning File C:\WINDOWS\system32\wups.dll
Thu Mar 08 21:03:45 2007 => Scanning File C:\WINDOWS\system32\wbem\ncprov.dll
Thu Mar 08 21:03:45 2007 => Scanning File c:\windows\system32\dnsrslvr.dll
Thu Mar 08 21:03:45 2007 => Scanning File c:\windows\system32\lmhsvc.dll
Thu Mar 08 21:03:45 2007 => Scanning File c:\windows\system32\webclnt.dll
Thu Mar 08 21:03:45 2007 => Scanning File c:\windows\system32\ssdpsrv.dll
Thu Mar 08 21:03:45 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\ccProxy.exe
Thu Mar 08 21:03:45 2007 => Scanning File C:\WINDOWS\system32\SYMREDIR.dll
Thu Mar 08 21:03:45 2007 => Scanning File C:\WINDOWS\system32\SymNeti.DLL
Thu Mar 08 21:03:45 2007 => Scanning File C:\WINDOWS\system32\MSVCP71.dll
Thu Mar 08 21:03:45 2007 => Scanning File C:\WINDOWS\system32\MSVCR71.dll
Thu Mar 08 21:03:45 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\ccL30.dll
Thu Mar 08 21:03:45 2007 => Scanning File C:\WINDOWS\system32\DBGHELP.DLL
Thu Mar 08 21:03:45 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\ccVrTrst.dll
Thu Mar 08 21:03:45 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\ccSet.dll
Thu Mar 08 21:03:45 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\DPHTML.dll
Thu Mar 08 21:03:45 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\DPJS.dll
Thu Mar 08 21:03:45 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\DPVBS.dll
Thu Mar 08 21:03:45 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\PFPriv.dll
Thu Mar 08 21:03:45 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\PFRes.dll
Thu Mar 08 21:03:46 2007 => Scanning File C:\PROGRA~1\NORTON~1\SYMURL.DLL
Thu Mar 08 21:03:46 2007 => Scanning File C:\PROGRA~1\NORTON~1\NISRES.DLL
Thu Mar 08 21:03:46 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\PFSec.dll
Thu Mar 08 21:03:46 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\ccProSub.dll
Thu Mar 08 21:03:46 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\PFAdBlk.dll
Thu Mar 08 21:03:46 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\ccSetEvt.dll
Thu Mar 08 21:03:46 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\PFMisc.dll
Thu Mar 08 21:03:46 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\PxyHTTP.dll
Thu Mar 08 21:03:46 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\DPHTTP.dll
Thu Mar 08 21:03:46 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\PxyIM.dll
Thu Mar 08 21:03:46 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\PxyNNTP.dll
Thu Mar 08 21:03:46 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\ccPxyEvt.dll
Thu Mar 08 21:03:46 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\ccLogin.dll
Thu Mar 08 21:03:46 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\ccSetMgr.exe
Thu Mar 08 21:03:46 2007 => Scanning File C:\PROGRA~1\NORTON~1\ISSVC.exe
Thu Mar 08 21:03:46 2007 => Scanning File C:\PROGRA~1\NORTON~1\ObrkData.dll
Thu Mar 08 21:03:46 2007 => Scanning File C:\WINDOWS\system32\wbem\wbemprox.dll
Thu Mar 08 21:03:46 2007 => Scanning File C:\WINDOWS\system32\wbem\wbemsvc.dll
Thu Mar 08 21:03:46 2007 => Scanning File C:\WINDOWS\system32\sensapi.dll
Thu Mar 08 21:03:46 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\SNDSrvc.exe
Thu Mar 08 21:03:46 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\SPBBC\SPBBCSvc.exe
Thu Mar 08 21:03:46 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\SPBBC\SPBBCEvt.dll
Thu Mar 08 21:03:46 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\ccEvtMgr.exe
Thu Mar 08 21:03:46 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\ANTISPAM\ASSPMEVT.DLL
Thu Mar 08 21:03:46 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\SPBBC\SPBBCEVT.DLL
Thu Mar 08 21:03:46 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\CCLOGIN.DLL
Thu Mar 08 21:03:46 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\CCPXYEVT.DLL
Thu Mar 08 21:03:46 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\CCSETEVT.DLL
Thu Mar 08 21:03:46 2007 => Scanning File C:\PROGRA~1\NORTON~1\NORTON~1\NAVEVENT.DLL
Thu Mar 08 21:03:46 2007 => Scanning File C:\WINDOWS\system32\spoolsv.exe
Thu Mar 08 21:03:46 2007 => Scanning File C:\WINDOWS\system32\SPOOLSS.DLL
Thu Mar 08 21:03:46 2007 => Scanning File C:\WINDOWS\system32\localspl.dll
Thu Mar 08 21:03:46 2007 => Scanning File C:\WINDOWS\system32\cnbjmon.dll
Thu Mar 08 21:03:46 2007 => Scanning File C:\WINDOWS\system32\dlcclmpm.DLL
Thu Mar 08 21:03:46 2007 => Scanning File C:\WINDOWS\system32\mdimon.dll
Thu Mar 08 21:03:46 2007 => Scanning File C:\WINDOWS\system32\FXSMON.DLL
Thu Mar 08 21:03:46 2007 => Scanning File C:\WINDOWS\system32\FXSEVENT.dll
Thu Mar 08 21:03:46 2007 => Scanning File C:\WINDOWS\system32\pjlmon.dll
Thu Mar 08 21:03:46 2007 => Scanning File C:\WINDOWS\system32\Primomonnt.dll
Thu Mar 08 21:03:46 2007 => Scanning File C:\WINDOWS\system32\tcpmon.dll
Thu Mar 08 21:03:46 2007 => Scanning File C:\WINDOWS\system32\usbmon.dll
Thu Mar 08 21:03:46 2007 => Scanning File C:\WINDOWS\System32\spool\PRTPROCS\W32X86\dlccPP5C.dll
Thu Mar 08 21:03:46 2007 => Scanning File C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll
Thu Mar 08 21:03:46 2007 => Scanning File C:\WINDOWS\system32\win32spl.dll
Thu Mar 08 21:03:46 2007 => Scanning File C:\WINDOWS\system32\NETRAP.dll
Thu Mar 08 21:03:46 2007 => Scanning File C:\WINDOWS\system32\inetpp.dll
Thu Mar 08 21:03:46 2007 => Scanning File C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe
Thu Mar 08 21:03:46 2007 => Scanning File C:\Programfiler\Symantec\LiveUpdate\MSVCP71.dll
Thu Mar 08 21:03:46 2007 => Scanning File C:\Programfiler\Symantec\LiveUpdate\MSVCR71.dll
Thu Mar 08 21:03:46 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGANT~1.5\guard.exe
Thu Mar 08 21:03:46 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGANT~1.5\engine.dll
Thu Mar 08 21:03:46 2007 => Scanning File C:\PROGRA~1\FELLES~1\MICROS~1\VS7DEBUG\MDM.EXE
Thu Mar 08 21:03:46 2007 => Scanning File C:\PROGRA~1\FELLES~1\MICROS~1\VS7DEBUG\MSDBG2.DLL
Thu Mar 08 21:03:46 2007 => Scanning File C:\PROGRA~1\NORTON~1\NORTON~1\navapsvc.exe
Thu Mar 08 21:03:46 2007 => Scanning File C:\PROGRA~1\NORTON~1\NORTON~1\SAVRT32.DLL
Thu Mar 08 21:03:46 2007 => Scanning File c:\windows\system32\wiaservc.dll
Thu Mar 08 21:03:46 2007 => Scanning File c:\windows\system32\CFGMGR32.dll
Thu Mar 08 21:03:46 2007 => Scanning File c:\windows\system32\mscms.dll
Thu Mar 08 21:03:46 2007 => Scanning File C:\WINDOWS\system32\actxprxy.dll
Thu Mar 08 21:03:46 2007 => Scanning File C:\WINDOWS\system32\sti.dll
Thu Mar 08 21:03:47 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\CCPD-LC\symlcsvc.exe
Thu Mar 08 21:03:47 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\CCPD-LC\symlcnet.dll
Thu Mar 08 21:03:47 2007 => Scanning File C:\WINDOWS\system32\wdfmgr.exe
Thu Mar 08 21:03:47 2007 => Scanning File C:\WINDOWS\Explorer.EXE
Thu Mar 08 21:03:47 2007 => Scanning File C:\WINDOWS\system32\BROWSEUI.dll
Thu Mar 08 21:03:47 2007 => Scanning File C:\WINDOWS\system32\SHDOCVW.dll
Thu Mar 08 21:03:47 2007 => Scanning File C:\WINDOWS\system32\themeui.dll
Thu Mar 08 21:03:47 2007 => Scanning File C:\WINDOWS\system32\MSIMG32.dll
Thu Mar 08 21:03:47 2007 => Scanning File C:\WINDOWS\system32\msutb.dll
Thu Mar 08 21:03:47 2007 => Scanning File C:\WINDOWS\system32\MSCTF.dll
Thu Mar 08 21:03:47 2007 => Scanning File C:\WINDOWS\system32\MLANG.dll
Thu Mar 08 21:03:47 2007 => Scanning File C:\WINDOWS\system32\LINKINFO.dll
Thu Mar 08 21:03:47 2007 => Scanning File C:\WINDOWS\system32\ntshrui.dll
Thu Mar 08 21:03:47 2007 => Scanning File C:\WINDOWS\system32\ieframe.dll
Thu Mar 08 21:03:47 2007 => Scanning File C:\WINDOWS\system32\urlmon.dll
Thu Mar 08 21:03:47 2007 => Scanning File C:\WINDOWS\system32\webcheck.dll
Thu Mar 08 21:03:47 2007 => Scanning File C:\WINDOWS\system32\stobject.dll
Thu Mar 08 21:03:47 2007 => Scanning File C:\WINDOWS\system32\BatMeter.dll
Thu Mar 08 21:03:47 2007 => Scanning File C:\WINDOWS\system32\fxsst.dll
Thu Mar 08 21:03:47 2007 => Scanning File C:\WINDOWS\system32\FXSAPI.dll
Thu Mar 08 21:03:47 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\ANTISPAM\asOEHook.dll
Thu Mar 08 21:03:47 2007 => Scanning File C:\WINDOWS\System32\drprov.dll
Thu Mar 08 21:03:47 2007 => Scanning File C:\WINDOWS\System32\ntlanman.dll
Thu Mar 08 21:03:47 2007 => Scanning File C:\WINDOWS\System32\NETUI0.dll
Thu Mar 08 21:03:47 2007 => Scanning File C:\WINDOWS\System32\NETUI1.dll
Thu Mar 08 21:03:47 2007 => Scanning File C:\WINDOWS\System32\davclnt.dll
Thu Mar 08 21:03:47 2007 => Scanning File C:\PROGRA~1\Adobe\ACROBA~2.0\ActiveX\PDFShell.dll
Thu Mar 08 21:03:47 2007 => Scanning File C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL
Thu Mar 08 21:03:47 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGANT~1.5\SHELLE~1.DLL
Thu Mar 08 21:03:47 2007 => Scanning File C:\WINDOWS\system32\cryptnet.dll
Thu Mar 08 21:03:47 2007 => Scanning File C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe
Thu Mar 08 21:03:47 2007 => Scanning File C:\WINDOWS\stsystra.exe
Thu Mar 08 21:03:47 2007 => Scanning File C:\WINDOWS\system32\stacapi.dll
Thu Mar 08 21:03:47 2007 => Scanning File C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe
Thu Mar 08 21:03:47 2007 => Scanning File C:\WINDOWS\system32\MFC42.DLL
Thu Mar 08 21:03:47 2007 => Scanning File C:\WINDOWS\system32\MFC42LOC.DLL
Thu Mar 08 21:03:47 2007 => Scanning File C:\PROGRA~1\Dell\MEDIAE~1\DMXLAU~1.EXE
Thu Mar 08 21:03:47 2007 => Scanning File C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe
Thu Mar 08 21:03:47 2007 => Scanning File C:\WINDOWS\system32\dla\tfswctrl.exe
Thu Mar 08 21:03:47 2007 => Scanning File C:\WINDOWS\system32\tfswapi.dll
Thu Mar 08 21:03:47 2007 => Scanning File C:\WINDOWS\system32\dla\tfswcres.dll
Thu Mar 08 21:03:47 2007 => Scanning File C:\PROGRA~1\DELLPH~1\dlccmon.exe
Thu Mar 08 21:03:47 2007 => Scanning File C:\PROGRA~1\DELLPH~1\dlccscw.dll
Thu Mar 08 21:03:47 2007 => Scanning File C:\PROGRA~1\DELLPH~1\dlcccfg.dll
Thu Mar 08 21:03:47 2007 => Scanning File C:\PROGRA~1\DELLPH~1\dlcctsfw.dll
Thu Mar 08 21:03:47 2007 => Scanning File C:\PROGRA~1\DELLPH~1\dlccdrec.dll
Thu Mar 08 21:03:47 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\ccApp.exe
Thu Mar 08 21:03:47 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\ANTISPAM\ASADIPLG.DLL
Thu Mar 08 21:03:47 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\ANTISPAM\ASAEMSCN.DLL
Thu Mar 08 21:03:47 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\ANTISPAM\ASLOADER.DLL
Thu Mar 08 21:03:47 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\CCALERT.DLL
Thu Mar 08 21:03:48 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\CCEMLPXY.DLL
Thu Mar 08 21:03:48 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\AntiSpam\asSetHlp.dll
Thu Mar 08 21:03:48 2007 => Scanning File C:\PROGRA~1\NORTON~1\ISLALERT.DLL
Thu Mar 08 21:03:48 2007 => Scanning File C:\PROGRA~1\NORTON~1\NISRES.DLL
Thu Mar 08 21:03:48 2007 => Scanning File C:\PROGRA~1\NORTON~1\NISPROD.DLL
Thu Mar 08 21:03:48 2007 => Scanning File C:\PROGRA~1\NORTON~1\NISTRAY.DLL
Thu Mar 08 21:03:48 2007 => Scanning File C:\PROGRA~1\NORTON~1\NISALERT.DLL
Thu Mar 08 21:03:48 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\AntiSpam\asAuAdIm.dll
Thu Mar 08 21:03:48 2007 => Scanning File C:\PROGRA~1\NORTON~1\NORTON~1\CCIMSCAN.DLL
Thu Mar 08 21:03:48 2007 => Scanning File C:\WINDOWS\system32\ATL71.DLL
Thu Mar 08 21:03:48 2007 => Scanning File C:\PROGRA~1\NORTON~1\NORTON~1\DEFALERT.DLL
Thu Mar 08 21:03:48 2007 => Scanning File C:\PROGRA~1\NORTON~1\NORTON~1\NAVAPW32.DLL
Thu Mar 08 21:03:48 2007 => Scanning File C:\PROGRA~1\NORTON~1\NORTON~1\apwutil.dll
Thu Mar 08 21:03:48 2007 => Scanning File C:\PROGRA~1\NORTON~1\NORTON~1\SAVRT32.DLL
Thu Mar 08 21:03:48 2007 => Scanning File C:\PROGRA~1\NORTON~1\NISLCOM.dll
Thu Mar 08 21:03:48 2007 => Scanning File C:\PROGRA~1\NORTON~1\NORTON~1\NAVOPTRF.DLL
Thu Mar 08 21:03:48 2007 => Scanning File C:\PROGRA~1\NORTON~1\NORTON~1\STATUSHP.DLL
Thu Mar 08 21:03:48 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\AntiSpam\asFilter.dll
Thu Mar 08 21:03:48 2007 => Scanning File C:\Programfiler\Symantec\LiveUpdate\NetDetectController_3_0.DLL
Thu Mar 08 21:03:48 2007 => Scanning File C:\Programfiler\Symantec\LiveUpdate\MFC71.DLL
Thu Mar 08 21:03:48 2007 => Scanning File C:\PROGRA~1\NORTON~1\NORTON~1\NAVTasks.dll
Thu Mar 08 21:03:48 2007 => Scanning File C:\PROGRA~1\NORTON~1\NORTON~1\NAVAPSCR.dll
Thu Mar 08 21:03:48 2007 => Scanning File C:\PROGRA~1\NORTON~1\NORTON~1\NAVError.dll
Thu Mar 08 21:03:48 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\AntiSpam\asUniPlg.dll
Thu Mar 08 21:03:48 2007 => Scanning File C:\WINDOWS\system32\MAPI32.dll
Thu Mar 08 21:03:48 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\AntiSpam\asRes.dll
Thu Mar 08 21:03:48 2007 => Scanning File C:\PROGRA~1\NORTON~1\NORTON~1\apwcmdnt.dll
Thu Mar 08 21:03:48 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\AntiSpam\asSpmEvt.dll
Thu Mar 08 21:03:48 2007 => Scanning File C:\PROGRA~1\NORTON~1\ObrkAV.dll
Thu Mar 08 21:03:48 2007 => Scanning File C:\PROGRA~1\NORTON~1\NORTON~1\NAVSTATS.dll
Thu Mar 08 21:03:48 2007 => Scanning File C:\PROGRA~1\NORTON~1\NORTON~1\ccAVMail.dll
Thu Mar 08 21:03:48 2007 => Scanning File C:\PROGRA~1\NORTON~1\ccEmlflt.dll
Thu Mar 08 21:03:48 2007 => Scanning File C:\PROGRA~1\NORTON~1\ObrkIDS.dll
Thu Mar 08 21:03:48 2007 => Scanning File C:\PROGRA~1\NORTON~1\SymFWAgt.dll
Thu Mar 08 21:03:48 2007 => Scanning File C:\PROGRA~1\NORTON~1\SFWAlert.dll
Thu Mar 08 21:03:48 2007 => Scanning File C:\PROGRA~1\NORTON~1\ccFWSetg.dll
Thu Mar 08 21:03:48 2007 => Scanning File C:\PROGRA~1\NORTON~1\TLevel.dll
Thu Mar 08 21:03:48 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\ccPwd.dll
Thu Mar 08 21:03:48 2007 => Scanning File C:\WINDOWS\system32\msxml3.dll
Thu Mar 08 21:03:48 2007 => Scanning File C:\WINDOWS\system32\hhctrl.ocx
Thu Mar 08 21:03:48 2007 => Scanning File C:\WINDOWS\system32\mui\0014\hhctrlui.dll
Thu Mar 08 21:03:48 2007 => Scanning File C:\WINDOWS\system32\itss.dll
Thu Mar 08 21:03:48 2007 => Scanning File C:\WINDOWS\system32\itircl.dll
Thu Mar 08 21:03:48 2007 => Scanning File C:\WINDOWS\system32\mshtml.dll
Thu Mar 08 21:03:48 2007 => Scanning File C:\WINDOWS\system32\msls31.dll
Thu Mar 08 21:03:48 2007 => Scanning File C:\PROGRA~1\FELLES~1\MICROS~1\VS7DEBUG\PDM.DLL
Thu Mar 08 21:03:48 2007 => Scanning File C:\WINDOWS\system32\msimtf.dll
Thu Mar 08 21:03:48 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\scrauth.dll
Thu Mar 08 21:03:48 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\ScrBlock.dll
Thu Mar 08 21:03:48 2007 => Scanning File c:\windows\system32\jscript.dll
Thu Mar 08 21:03:48 2007 => Scanning File C:\PROGRA~1\Adobe\PHOTOS~1\3.0\Apps\apdproxy.exe
Thu Mar 08 21:03:48 2007 => Scanning File C:\PROGRA~1\Adobe\PHOTOS~1\3.0\Apps\apdboot.dll
Thu Mar 08 21:03:48 2007 => Scanning File C:\PROGRA~1\Adobe\PHOTOS~1\3.0\Apps\MSVCP71.dll
Thu Mar 08 21:03:48 2007 => Scanning File C:\PROGRA~1\Adobe\PHOTOS~1\3.0\Apps\MSVCR71.dll
Thu Mar 08 21:03:48 2007 => Scanning File C:\WINDOWS\system32\DSOUND.dll
Thu Mar 08 21:03:49 2007 => Scanning File C:\Programfiler\QuickTime\qttask.exe
Thu Mar 08 21:03:49 2007 => Scanning File C:\Programfiler\iTunes\iTunesHelper.exe
Thu Mar 08 21:03:49 2007 => Scanning File C:\Programfiler\iTunes\iTunesHelper.Resources\nb.lproj\iTunesHelperLocalized.DLL
Thu Mar 08 21:03:49 2007 => Scanning File C:\Programfiler\iTunes\iTunesHelper.Resources\iTunesHelper.DLL
Thu Mar 08 21:03:49 2007 => Scanning File C:\WINDOWS\system32\ctfmon.exe
Thu Mar 08 21:03:49 2007 => Scanning File C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
Thu Mar 08 21:03:49 2007 => Scanning File C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\res_en.dll
Thu Mar 08 21:03:49 2007 => Scanning File C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\swg.dll
Thu Mar 08 21:03:49 2007 => Scanning File C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~3\SonyTray.exe
Thu Mar 08 21:03:49 2007 => Scanning File C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~3\SonyTray.dll
Thu Mar 08 21:03:49 2007 => Scanning File C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~3\Events\iLINK.dll
Thu Mar 08 21:03:49 2007 => Scanning File C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~3\Events\MASSST~1.DLL
Thu Mar 08 21:03:49 2007 => Scanning File C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~3\Events\USB_ST~1.DLL
Thu Mar 08 21:03:49 2007 => Scanning File C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~3\SonyMS.dll
Thu Mar 08 21:03:49 2007 => Scanning File C:\WINDOWS\system32\msdmo.dll
Thu Mar 08 21:03:49 2007 => Scanning File C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~1\RESIDE~1.EXE
Thu Mar 08 21:03:49 2007 => Scanning File C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~1\RESIDE~1.DLL
Thu Mar 08 21:03:49 2007 => Scanning File C:\WINDOWS\system32\devenum.dll
Thu Mar 08 21:03:49 2007 => Scanning File C:\Programfiler\iPod\bin\iPodService.exe
Thu Mar 08 21:03:49 2007 => Scanning File C:\Programfiler\iPod\bin\iPodService.Resources\nb.lproj\iPodServiceLocalized.DLL
Thu Mar 08 21:03:49 2007 => Scanning File C:\Programfiler\iPod\bin\iPodService.Resources\iPodService.DLL
Thu Mar 08 21:03:49 2007 => Scanning File C:\WINDOWS\system32\dlcccoms.exe
Thu Mar 08 21:03:49 2007 => Scanning File C:\WINDOWS\system32\dlccprox.dll
Thu Mar 08 21:03:49 2007 => Scanning File C:\WINDOWS\system32\dlccserv.dll
Thu Mar 08 21:03:49 2007 => Scanning File C:\WINDOWS\system32\dlccusb1.dll
Thu Mar 08 21:03:49 2007 => Scanning File C:\WINDOWS\System32\alg.exe
Thu Mar 08 21:03:49 2007 => Scanning File C:\WINDOWS\system32\wuauclt.exe
Thu Mar 08 21:03:49 2007 => Scanning File C:\WINDOWS\system32\wuaucpl.cpl
Thu Mar 08 21:03:49 2007 => Scanning File C:\Programfiler\Messenger\msmsgs.exe
Thu Mar 08 21:03:49 2007 => Scanning File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
Thu Mar 08 21:03:49 2007 => Scanning File C:\Programfiler\Messenger\custsat.dll
Thu Mar 08 21:03:49 2007 => Scanning File C:\WINDOWS\system32\XPOB2RES.DLL
Thu Mar 08 21:03:49 2007 => Scanning File C:\DOCUME~1\KIMAND~1\LOKALE~1\Temp\mexe.com
Thu Mar 08 21:03:49 2007 => Scanning File C:\DOCUME~1\KIMAND~1\LOKALE~1\Temp\msvl64.dll
Thu Mar 08 21:03:49 2007 => Scanning File C:\DOCUME~1\KIMAND~1\LOKALE~1\Temp\kave.dll
Thu Mar 08 21:03:49 2007 => Scanning File C:\WINDOWS\system32\RICHED32.DLL
Thu Mar 08 21:03:49 2007 => Scanning File C:\WINDOWS\system32\RICHED20.dll
Thu Mar 08 21:03:50 2007 => Scanning File C:\WINDOWS\system32\VDMDBG.DLL
Thu Mar 08 21:03:50 2007 => Scanning File C:\DOCUME~1\KIMAND~1\LOKALE~1\Temp\ScanningProcess.exe
Thu Mar 08 21:03:50 2007 => Scanning File C:\DOCUME~1\KIMAND~1\LOKALE~1\Temp\prloader.dll
Thu Mar 08 21:03:50 2007 => Scanning File C:\DOCUME~1\KIMAND~1\LOKALE~1\Temp\prkernel.ppl
Thu Mar 08 21:03:50 2007 => Scanning File c:\docume~1\kimand~1\lokale~1\temp\avpmgr.ppl
Thu Mar 08 21:03:50 2007 => Scanning File c:\docume~1\kimand~1\lokale~1\temp\wdiskio.ppl
Thu Mar 08 21:03:50 2007 => Scanning File c:\docume~1\kimand~1\lokale~1\temp\nfio.ppl
Thu Mar 08 21:03:50 2007 => Scanning File c:\docume~1\kimand~1\lokale~1\temp\avlib.ppl
Thu Mar 08 21:03:50 2007 => Scanning File c:\docume~1\kimand~1\lokale~1\temp\dtreg.ppl
Thu Mar 08 21:03:50 2007 => Scanning File c:\docume~1\kimand~1\lokale~1\temp\prutil.ppl
Thu Mar 08 21:03:50 2007 => Scanning File c:\docume~1\kimand~1\lokale~1\temp\avp1.ppl
Thu Mar 08 21:03:50 2007 => Scanning File c:\docume~1\kimand~1\lokale~1\temp\l_llio.ppl
Thu Mar 08 21:03:50 2007 => Scanning File c:\docume~1\kimand~1\lokale~1\temp\ichk2.ppl
Thu Mar 08 21:03:50 2007 => Scanning File c:\docume~1\kimand~1\lokale~1\temp\sfdb.ppl
Thu Mar 08 21:03:50 2007 => Scanning File c:\docume~1\kimand~1\lokale~1\temp\icheckersa.ppl
Thu Mar 08 21:03:50 2007 => Scanning File c:\docume~1\kimand~1\lokale~1\temp\hashmd5.ppl
Thu Mar 08 21:03:50 2007 => Scanning File c:\docume~1\kimand~1\lokale~1\temp\hashcont.ppl
Thu Mar 08 21:03:50 2007 => Scanning File c:\docume~1\kimand~1\lokale~1\temp\hccmp.ppl
Thu Mar 08 21:03:50 2007 => Scanning File c:\docume~1\kimand~1\lokale~1\temp\iwgen.ppl

Thu Mar 08 21:03:50 2007 => ***** Scanning Registry Files *****

Thu Mar 08 21:03:50 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Thu Mar 08 21:03:50 2007 => *** File C:\WINDOWS\system32\SHELL32.dll having Size Restriction ***. Filesize 8261 kb > 3072 kb...
Thu Mar 08 21:03:50 2007 => Scanning File C:\WINDOWS\system32\SHELL32.dll [**]
Thu Mar 08 21:03:50 2007 => *** File C:\WINDOWS\system32\SHELL32.dll having Size Restriction ***. Filesize 8261 kb > 3072 kb...
Thu Mar 08 21:03:50 2007 => Scanning File C:\WINDOWS\system32\SHELL32.dll [**]
Thu Mar 08 21:03:50 2007 => Scanning File C:\WINDOWS\system32\webcheck.dll
Thu Mar 08 21:03:50 2007 => Scanning File C:\WINDOWS\system32\stobject.dll

Thu Mar 08 21:03:50 2007 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

Thu Mar 08 21:03:50 2007 => Scanning HKLM\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension

Thu Mar 08 21:03:50 2007 => Scanning HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
Thu Mar 08 21:03:50 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\ADBLOC~1\NISShExt.dll
Thu Mar 08 21:03:50 2007 => Scanning File C:\PROGRA~1\NORTON~1\NORTON~1\NavShExt.dll
Thu Mar 08 21:03:50 2007 => Scanning File c:\programfiler\google\googletoolbar3.dll

Thu Mar 08 21:03:50 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
Thu Mar 08 21:03:50 2007 => {53707962-6F74-2D53-2644-206D7942484F} = C:\PROGRA~1\SPYBOT~1\SDHelper.dll
Thu Mar 08 21:03:50 2007 => Scanning File C:\PROGRA~1\SPYBOT~1\SDHelper.dll
Thu Mar 08 21:03:50 2007 => {5CA3D70E-1895-11CF-8E15-001234567890} = C:\WINDOWS\system32\dla\tfswshx.dll
Thu Mar 08 21:03:50 2007 => Scanning File C:\WINDOWS\system32\dla\tfswshx.dll
Thu Mar 08 21:03:50 2007 => {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} = C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll
Thu Mar 08 21:03:50 2007 => Scanning File C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll
Thu Mar 08 21:03:50 2007 => {9030D464-4C02-4ABF-8ECC-5164760863C6} = C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Thu Mar 08 21:03:50 2007 => Scanning File C:\PROGRA~1\FELLES~1\MICROS~1\WINDOW~1\WINDOW~1.DLL
Thu Mar 08 21:03:50 2007 => {9ECB9560-04F9-4bbc-943D-298DDF1699E1} = C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
Thu Mar 08 21:03:50 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\ADBLOC~1\NISShExt.dll
Thu Mar 08 21:03:50 2007 => {AA58ED58-01DD-4d91-8333-CF10577473F7} = c:\programfiler\google\googletoolbar3.dll
Thu Mar 08 21:03:50 2007 => Scanning File c:\programfiler\google\googletoolbar3.dll
Thu Mar 08 21:03:50 2007 => {BDF3E430-B101-42AD-A544-FADC6B084872} = C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
Thu Mar 08 21:03:50 2007 => Scanning File C:\PROGRA~1\NORTON~1\NORTON~1\NavShExt.dll

Thu Mar 08 21:03:50 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler
Thu Mar 08 21:03:50 2007 => Scanning File C:\WINDOWS\system32\browseui.dll
Thu Mar 08 21:03:50 2007 => Scanning File C:\WINDOWS\system32\browseui.dll

Edited by kimgeni, 08 March 2007 - 04:00 PM.


#12 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:04:14 PM

Posted 08 March 2007 - 04:02 PM

Hows your pc running now please.
Posted Image
Posted Image

#13 kimgeni

kimgeni
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NO
  • Local time:05:14 PM

Posted 08 March 2007 - 04:02 PM

Part 2


Thu Mar 08 21:03:50 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Thu Mar 08 21:03:50 2007 => Scanning File C:\WINDOWS\system32\mmsys.cpl
Thu Mar 08 21:03:50 2007 => Scanning File C:\WINDOWS\system32\icmui.dll
Thu Mar 08 21:03:50 2007 => Scanning File C:\WINDOWS\system32\rshx32.dll
Thu Mar 08 21:03:50 2007 => Scanning File C:\WINDOWS\system32\docprop.dll
Thu Mar 08 21:03:50 2007 => Scanning File C:\WINDOWS\system32\ntshrui.dll
Thu Mar 08 21:03:50 2007 => Scanning File C:\WINDOWS\system32\themeui.dll
Thu Mar 08 21:03:50 2007 => Scanning File C:\WINDOWS\system32\deskadp.dll
Thu Mar 08 21:03:50 2007 => Scanning File C:\WINDOWS\system32\deskmon.dll
Thu Mar 08 21:03:50 2007 => Scanning File C:\WINDOWS\system32\dssec.dll
Thu Mar 08 21:03:50 2007 => Scanning File C:\WINDOWS\system32\SlayerXP.dll
Thu Mar 08 21:03:50 2007 => Scanning File C:\WINDOWS\system32\shscrap.dll
Thu Mar 08 21:03:50 2007 => Scanning File C:\WINDOWS\system32\diskcopy.dll
Thu Mar 08 21:03:50 2007 => Scanning File C:\WINDOWS\system32\ntlanui2.dll
Thu Mar 08 21:03:50 2007 => Scanning File C:\WINDOWS\System32\icmui.dll
Thu Mar 08 21:03:50 2007 => Scanning File C:\WINDOWS\system32\icmui.dll
Thu Mar 08 21:03:50 2007 => Scanning File C:\WINDOWS\system32\printui.dll
Thu Mar 08 21:03:50 2007 => Scanning File C:\WINDOWS\system32\dskquoui.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\syncui.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\hticons.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\fontext.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\icmui.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\rshx32.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\ntshrui.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\deskperf.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\cryptext.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\cryptext.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\NETSHELL.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\NETSHELL.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\wiashext.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\wiashext.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\wiashext.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\wiashext.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\wiashext.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\remotepg.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\wshext.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\PROGRA~1\FELLES~1\System\OLEDB~1\oledb32.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\mstask.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\mstask.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\mstask.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\wuaucpl.cpl
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\twext.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\twext.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\shmedia.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\shmedia.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\shmedia.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\shmedia.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\shmedia.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\shmedia.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\browseui.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\browseui.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\browseui.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\browseui.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\browseui.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\browseui.dll
Thu Mar 08 21:03:51 2007 => *** File C:\WINDOWS\system32\ieframe.dll having Size Restriction ***. Filesize 5912 kb > 3072 kb...
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\ieframe.dll [**]
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\browseui.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\browseui.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\browseui.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\browseui.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\browseui.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\browseui.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\browseui.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\browseui.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\browseui.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\browseui.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\browseui.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\browseui.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\browseui.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\browseui.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\browseui.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\browseui.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\browseui.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\browseui.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\browseui.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\browseui.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Thu Mar 08 21:03:51 2007 => *** File C:\WINDOWS\system32\ieframe.dll having Size Restriction ***. Filesize 5912 kb > 3072 kb...
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\ieframe.dll [**]
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Thu Mar 08 21:03:51 2007 => *** File C:\WINDOWS\system32\ieframe.dll having Size Restriction ***. Filesize 5912 kb > 3072 kb...
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\ieframe.dll [**]
Thu Mar 08 21:03:51 2007 => *** File C:\WINDOWS\system32\ieframe.dll having Size Restriction ***. Filesize 5912 kb > 3072 kb...
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\ieframe.dll [**]
Thu Mar 08 21:03:51 2007 => *** File C:\WINDOWS\system32\ieframe.dll having Size Restriction ***. Filesize 5912 kb > 3072 kb...
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\ieframe.dll [**]
Thu Mar 08 21:03:51 2007 => *** File C:\WINDOWS\system32\ieframe.dll having Size Restriction ***. Filesize 5912 kb > 3072 kb...
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\ieframe.dll [**]
Thu Mar 08 21:03:51 2007 => *** File C:\WINDOWS\system32\ieframe.dll having Size Restriction ***. Filesize 5912 kb > 3072 kb...
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\ieframe.dll [**]
Thu Mar 08 21:03:51 2007 => *** File C:\WINDOWS\system32\ieframe.dll having Size Restriction ***. Filesize 5912 kb > 3072 kb...
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\ieframe.dll [**]
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Thu Mar 08 21:03:51 2007 => *** File C:\WINDOWS\system32\ieframe.dll having Size Restriction ***. Filesize 5912 kb > 3072 kb...
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\ieframe.dll [**]
Thu Mar 08 21:03:51 2007 => *** File C:\WINDOWS\system32\ieframe.dll having Size Restriction ***. Filesize 5912 kb > 3072 kb...
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\ieframe.dll [**]
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\sendmail.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\sendmail.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\occache.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\webcheck.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\webcheck.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\webcheck.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\webcheck.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\webcheck.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\webcheck.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\webcheck.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\webcheck.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\webcheck.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\webcheck.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\appwiz.cpl
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\appwiz.cpl
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\appwiz.cpl
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\shimgvw.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\shimgvw.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\shimgvw.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\shimgvw.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\shimgvw.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\shimgvw.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\netplwiz.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\netplwiz.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\netplwiz.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\netplwiz.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\zipfldr.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\zipfldr.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\zipfldr.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\extmgr.dll
Thu Mar 08 21:03:51 2007 => Scanning File C:\WINDOWS\system32\msieftp.dll
Thu Mar 08 21:03:52 2007 => Scanning File C:\WINDOWS\system32\docprop2.dll
Thu Mar 08 21:03:52 2007 => Scanning File C:\WINDOWS\system32\docprop2.dll
Thu Mar 08 21:03:52 2007 => Scanning File C:\WINDOWS\system32\docprop2.dll
Thu Mar 08 21:03:52 2007 => Scanning File C:\WINDOWS\system32\docprop2.dll
Thu Mar 08 21:03:52 2007 => Scanning File C:\WINDOWS\system32\docprop2.dll
Thu Mar 08 21:03:52 2007 => Scanning File C:\WINDOWS\system32\docprop2.dll
Thu Mar 08 21:03:52 2007 => Scanning File C:\WINDOWS\system32\dsquery.dll
Thu Mar 08 21:03:52 2007 => Scanning File C:\WINDOWS\system32\dsquery.dll
Thu Mar 08 21:03:52 2007 => Scanning File C:\WINDOWS\system32\dsquery.dll
Thu Mar 08 21:03:52 2007 => Scanning File C:\WINDOWS\system32\dsquery.dll
Thu Mar 08 21:03:52 2007 => Scanning File C:\WINDOWS\system32\dsuiext.dll
Thu Mar 08 21:03:52 2007 => Scanning File C:\WINDOWS\system32\dsuiext.dll
Thu Mar 08 21:03:52 2007 => Scanning File C:\WINDOWS\system32\mydocs.dll
Thu Mar 08 21:03:52 2007 => Scanning File C:\WINDOWS\system32\mydocs.dll
Thu Mar 08 21:03:52 2007 => Scanning File C:\WINDOWS\system32\mydocs.dll
Thu Mar 08 21:03:52 2007 => Scanning File C:\WINDOWS\System32\cscui.dll
Thu Mar 08 21:03:52 2007 => Scanning File C:\WINDOWS\System32\cscui.dll
Thu Mar 08 21:03:52 2007 => Scanning File C:\WINDOWS\System32\cscui.dll
Thu Mar 08 21:03:52 2007 => Scanning File C:\WINDOWS\msagent\agentpsh.dll
Thu Mar 08 21:03:52 2007 => Scanning File C:\WINDOWS\system32\dfsshlex.dll
Thu Mar 08 21:03:52 2007 => Scanning File C:\WINDOWS\system32\photowiz.dll
Thu Mar 08 21:03:52 2007 => Scanning File C:\WINDOWS\System32\mmcshext.dll
Thu Mar 08 21:03:52 2007 => Scanning File C:\WINDOWS\system32\cabview.dll
Thu Mar 08 21:03:52 2007 => Scanning File C:\PROGRA~1\OUTLOO~1\wabfind.dll
Thu Mar 08 21:03:52 2007 => Scanning File C:\WINDOWS\system32\wmpshell.dll
Thu Mar 08 21:03:52 2007 => Scanning File C:\WINDOWS\system32\wmpshell.dll
Thu Mar 08 21:03:52 2007 => Scanning File C:\WINDOWS\system32\wmpshell.dll
Thu Mar 08 21:03:52 2007 => Scanning File C:\WINDOWS\system32\mscoree.dll
Thu Mar 08 21:03:52 2007 => Scanning File C:\PROGRA~1\FELLES~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
Thu Mar 08 21:03:52 2007 => Scanning File C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL
Thu Mar 08 21:03:52 2007 => Scanning File C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL
Thu Mar 08 21:03:52 2007 => Scanning File C:\PROGRA~1\MICROS~3\OFFICE11\msohev.dll
Thu Mar 08 21:03:52 2007 => Scanning File C:\WINDOWS\system32\browseui.dll
Thu Mar 08 21:03:52 2007 => Scanning File C:\WINDOWS\system32\dla\tfswshx.dll
Thu Mar 08 21:03:52 2007 => Scanning File C:\WINDOWS\system32\Audiodev.dll
Thu Mar 08 21:03:52 2007 => Scanning File C:\WINDOWS\system32\Audiodev.dll
Thu Mar 08 21:03:52 2007 => Scanning File C:\PROGRA~1\MSNMES~1\FSSHEX~1.DLL
Thu Mar 08 21:03:52 2007 => Scanning File C:\WINDOWS\system32\dfshim.dll
Thu Mar 08 21:03:52 2007 => Scanning File C:\WINDOWS\system32\dfshim.dll
Thu Mar 08 21:03:52 2007 => Scanning File C:\Programfiler\iTunes\iTunesMiniPlayer.dll
Thu Mar 08 21:03:52 2007 => Scanning File C:\Programfiler\JetAudio\JetFlExt.dll
Thu Mar 08 21:03:53 2007 => *** File C:\WINDOWS\system32\ieframe.dll having Size Restriction ***. Filesize 5912 kb > 3072 kb...
Thu Mar 08 21:03:53 2007 => Scanning File C:\WINDOWS\system32\ieframe.dll [**]
Thu Mar 08 21:03:53 2007 => *** File C:\WINDOWS\system32\ieframe.dll having Size Restriction ***. Filesize 5912 kb > 3072 kb...
Thu Mar 08 21:03:53 2007 => Scanning File C:\WINDOWS\system32\ieframe.dll [**]
Thu Mar 08 21:03:53 2007 => *** File C:\WINDOWS\system32\ieframe.dll having Size Restriction ***. Filesize 5912 kb > 3072 kb...
Thu Mar 08 21:03:53 2007 => Scanning File C:\WINDOWS\system32\ieframe.dll [**]
Thu Mar 08 21:03:53 2007 => *** File C:\WINDOWS\system32\ieframe.dll having Size Restriction ***. Filesize 5912 kb > 3072 kb...
Thu Mar 08 21:03:53 2007 => Scanning File C:\WINDOWS\system32\ieframe.dll [**]
Thu Mar 08 21:03:53 2007 => *** File C:\WINDOWS\system32\ieframe.dll having Size Restriction ***. Filesize 5912 kb > 3072 kb...
Thu Mar 08 21:03:53 2007 => Scanning File C:\WINDOWS\system32\ieframe.dll [**]
Thu Mar 08 21:03:53 2007 => *** File C:\WINDOWS\system32\ieframe.dll having Size Restriction ***. Filesize 5912 kb > 3072 kb...
Thu Mar 08 21:03:53 2007 => Scanning File C:\WINDOWS\system32\ieframe.dll [**]
Thu Mar 08 21:03:53 2007 => *** File C:\WINDOWS\system32\ieframe.dll having Size Restriction ***. Filesize 5912 kb > 3072 kb...
Thu Mar 08 21:03:53 2007 => Scanning File C:\WINDOWS\system32\ieframe.dll [**]
Thu Mar 08 21:03:53 2007 => *** File C:\WINDOWS\system32\ieframe.dll having Size Restriction ***. Filesize 5912 kb > 3072 kb...
Thu Mar 08 21:03:53 2007 => Scanning File C:\WINDOWS\system32\ieframe.dll [**]
Thu Mar 08 21:03:53 2007 => *** File C:\WINDOWS\system32\ieframe.dll having Size Restriction ***. Filesize 5912 kb > 3072 kb...
Thu Mar 08 21:03:53 2007 => Scanning File C:\WINDOWS\system32\ieframe.dll [**]
Thu Mar 08 21:03:53 2007 => *** File C:\WINDOWS\system32\ieframe.dll having Size Restriction ***. Filesize 5912 kb > 3072 kb...
Thu Mar 08 21:03:53 2007 => Scanning File C:\WINDOWS\system32\ieframe.dll [**]
Thu Mar 08 21:03:53 2007 => *** File C:\WINDOWS\system32\ieframe.dll having Size Restriction ***. Filesize 5912 kb > 3072 kb...
Thu Mar 08 21:03:53 2007 => Scanning File C:\WINDOWS\system32\ieframe.dll [**]
Thu Mar 08 21:03:53 2007 => *** File C:\WINDOWS\system32\ieframe.dll having Size Restriction ***. Filesize 5912 kb > 3072 kb...
Thu Mar 08 21:03:53 2007 => Scanning File C:\WINDOWS\system32\ieframe.dll [**]
Thu Mar 08 21:03:53 2007 => *** File C:\WINDOWS\system32\ieframe.dll having Size Restriction ***. Filesize 5912 kb > 3072 kb...
Thu Mar 08 21:03:53 2007 => Scanning File C:\WINDOWS\system32\ieframe.dll [**]
Thu Mar 08 21:03:53 2007 => *** File C:\WINDOWS\system32\ieframe.dll having Size Restriction ***. Filesize 5912 kb > 3072 kb...
Thu Mar 08 21:03:53 2007 => Scanning File C:\WINDOWS\system32\ieframe.dll [**]
Thu Mar 08 21:03:53 2007 => *** File C:\WINDOWS\system32\ieframe.dll having Size Restriction ***. Filesize 5912 kb > 3072 kb...
Thu Mar 08 21:03:53 2007 => Scanning File C:\WINDOWS\system32\ieframe.dll [**]
Thu Mar 08 21:03:53 2007 => *** File C:\WINDOWS\system32\ieframe.dll having Size Restriction ***. Filesize 5912 kb > 3072 kb...
Thu Mar 08 21:03:53 2007 => Scanning File C:\WINDOWS\system32\ieframe.dll [**]
Thu Mar 08 21:03:53 2007 => *** File C:\WINDOWS\system32\ieframe.dll having Size Restriction ***. Filesize 5912 kb > 3072 kb...
Thu Mar 08 21:03:53 2007 => Scanning File C:\WINDOWS\system32\ieframe.dll [**]
Thu Mar 08 21:03:53 2007 => *** File C:\WINDOWS\system32\ieframe.dll having Size Restriction ***. Filesize 5912 kb > 3072 kb...
Thu Mar 08 21:03:53 2007 => Scanning File C:\WINDOWS\system32\ieframe.dll [**]
Thu Mar 08 21:03:53 2007 => *** File C:\WINDOWS\system32\ieframe.dll having Size Restriction ***. Filesize 5912 kb > 3072 kb...
Thu Mar 08 21:03:53 2007 => Scanning File C:\WINDOWS\system32\ieframe.dll [**]
Thu Mar 08 21:03:53 2007 => *** File C:\WINDOWS\system32\ieframe.dll having Size Restriction ***. Filesize 5912 kb > 3072 kb...
Thu Mar 08 21:03:53 2007 => Scanning File C:\WINDOWS\system32\ieframe.dll [**]
Thu Mar 08 21:03:53 2007 => *** File C:\WINDOWS\system32\ieframe.dll having Size Restriction ***. Filesize 5912 kb > 3072 kb...
Thu Mar 08 21:03:53 2007 => Scanning File C:\WINDOWS\system32\ieframe.dll [**]
Thu Mar 08 21:03:53 2007 => *** File C:\WINDOWS\system32\ieframe.dll having Size Restriction ***. Filesize 5912 kb > 3072 kb...
Thu Mar 08 21:03:53 2007 => Scanning File C:\WINDOWS\system32\ieframe.dll [**]
Thu Mar 08 21:03:53 2007 => Scanning File C:\PROGRA~1\ACEUTI~1\wipext.dll
Thu Mar 08 21:03:53 2007 => Scanning File C:\PROGRA~1\SPYWAR~2\SPTCON~1.DLL

Thu Mar 08 21:03:53 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

Thu Mar 08 21:03:53 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Thu Mar 08 21:03:53 2007 => Scanning File C:\WINDOWS\Explorer.exe
Thu Mar 08 21:03:53 2007 => Scanning File C:\WINDOWS\system32\userinit.exe
Thu Mar 08 21:03:53 2007 => Scanning File C:\WINDOWS\system32\dskquota.dll
Thu Mar 08 21:03:53 2007 => Scanning File C:\WINDOWS\system32\iedkcs32.dll
Thu Mar 08 21:03:53 2007 => Scanning File C:\WINDOWS\system32\scecli.dll
Thu Mar 08 21:03:53 2007 => Scanning File C:\WINDOWS\system32\iedkcs32.dll
Thu Mar 08 21:03:53 2007 => Scanning File C:\WINDOWS\system32\scecli.dll
Thu Mar 08 21:03:53 2007 => Scanning File C:\WINDOWS\System32\cscui.dll
Thu Mar 08 21:03:53 2007 => Invalid Entry DllName = appmgmts.dll (in key SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}). Deleting Registry Key {c6dc5466-785a-11d2-84d0-00c04fb169f7}...
Thu Mar 08 21:03:53 2007 => Scanning File C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll
Thu Mar 08 21:03:53 2007 => Scanning File C:\WINDOWS\system32\crypt32.dll
Thu Mar 08 21:03:53 2007 => Scanning File C:\WINDOWS\system32\cryptnet.dll
Thu Mar 08 21:03:53 2007 => Scanning File C:\WINDOWS\system32\cscdll.dll
Thu Mar 08 21:03:53 2007 => Scanning File C:\WINDOWS\system32\wlnotify.dll
Thu Mar 08 21:03:53 2007 => Scanning File C:\WINDOWS\system32\wlnotify.dll
Thu Mar 08 21:03:53 2007 => Scanning File C:\WINDOWS\system32\sclgntfy.dll
Thu Mar 08 21:03:53 2007 => Scanning File C:\WINDOWS\system32\WlNotify.dll
Thu Mar 08 21:03:53 2007 => Scanning File C:\WINDOWS\system32\wlnotify.dll
Thu Mar 08 21:03:53 2007 => Scanning File C:\WINDOWS\system32\WgaLogon.dll
Thu Mar 08 21:03:53 2007 => Scanning File C:\WINDOWS\system32\wlnotify.dll

Thu Mar 08 21:03:53 2007 => Scanning HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Thu Mar 08 21:03:53 2007 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

Thu Mar 08 21:03:53 2007 => Scanning HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

Thu Mar 08 21:03:53 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AEDEBUG
Thu Mar 08 21:03:53 2007 => Scanning File C:\WINDOWS\system32\drwtsn32.exe

Thu Mar 08 21:03:53 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
Thu Mar 08 21:03:53 2007 => Scanning File C:\WINDOWS\system32\ntsd.exe

Thu Mar 08 21:03:53 2007 => Scanning HKCU\Control Panel\Desktop
Thu Mar 08 21:03:53 2007 => Scanning File C:\WINDOWS\System32\logon.scr

Thu Mar 08 21:03:53 2007 => Scanning HKLM\SYSTEM\CurrentControlSet\Control\WOW
Thu Mar 08 21:03:53 2007 => Scanning File C:\WINDOWS\system32\ntvdm.exe
Thu Mar 08 21:03:53 2007 => Scanning File C:\WINDOWS\system32\ntvdm.exe

Thu Mar 08 21:03:53 2007 => Scanning HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
Thu Mar 08 21:03:53 2007 => Scanning File C:\WINDOWS\system32\ieudinit.exe
Thu Mar 08 21:03:53 2007 => Scanning File C:\WINDOWS\inf\unregmp2.exe
Thu Mar 08 21:03:53 2007 => Scanning File C:\WINDOWS\system32\ie4uinit.exe
Thu Mar 08 21:03:53 2007 => Scanning File C:\WINDOWS\system32\RunDLL32.exe
Thu Mar 08 21:03:53 2007 => Scanning File C:\WINDOWS\system32\RunDLL32.exe
Thu Mar 08 21:03:53 2007 => Scanning File C:\WINDOWS\system32\shmgrate.exe
Thu Mar 08 21:03:53 2007 => Scanning File C:\WINDOWS\system32\regsvr32.exe
Thu Mar 08 21:03:53 2007 => Scanning File C:\PROGRA~1\OUTLOO~1\setup50.exe
Thu Mar 08 21:03:53 2007 => Scanning File C:\WINDOWS\system32\rundll32.exe
Thu Mar 08 21:03:53 2007 => Scanning File C:\WINDOWS\system32\rundll32.exe
Thu Mar 08 21:03:53 2007 => Scanning File C:\WINDOWS\system32\rundll32.exe
Thu Mar 08 21:03:53 2007 => Scanning File C:\PROGRA~1\OUTLOO~1\setup50.exe
Thu Mar 08 21:03:53 2007 => Scanning File C:\WINDOWS\system32\regsvr32.exe
Thu Mar 08 21:03:53 2007 => Scanning File C:\WINDOWS\system32\ie4uinit.exe
Thu Mar 08 21:03:53 2007 => Scanning File C:\WINDOWS\system32\Rundll32.exe
Thu Mar 08 21:03:53 2007 => Scanning File C:\WINDOWS\system32\rundll32.exe

Thu Mar 08 21:03:54 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

Thu Mar 08 21:03:54 2007 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

Thu Mar 08 21:03:54 2007 => Scanning HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Run

Thu Mar 08 21:03:54 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Run

Thu Mar 08 21:03:54 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Thu Mar 08 21:03:54 2007 => Scanning File C:\Programfiler\Java\jre1.5.0_11\bin\jusched.exe
Thu Mar 08 21:03:54 2007 => Scanning File C:\WINDOWS\stsystra.exe
Thu Mar 08 21:03:54 2007 => Scanning File C:\PROGRA~1\ATITEC~1\ATICON~1\atiptaxx.exe
Thu Mar 08 21:03:54 2007 => Scanning File C:\Programfiler\filer\CyberLink\PowerDVD\DVDLauncher.exe
Thu Mar 08 21:03:54 2007 => Scanning File C:\PROGRA~1\Dell\MEDIAE~1\DMXLAU~1.EXE
Thu Mar 08 21:03:54 2007 => Scanning File C:\PROGRA~1\FELLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe
Thu Mar 08 21:03:54 2007 => Scanning File C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe
Thu Mar 08 21:03:54 2007 => Scanning File C:\WINDOWS\system32\dla\tfswctrl.exe
Thu Mar 08 21:03:54 2007 => Scanning File C:\WINDOWS\system32\rundll32.exe
Thu Mar 08 21:03:54 2007 => Scanning File C:\PROGRA~1\DELLPH~1\dlccmon.exe
Thu Mar 08 21:03:54 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\ccApp.exe
Thu Mar 08 21:03:54 2007 => Scanning File C:\PROGRA~1\SYMNET~1\SNDMon.exe
Thu Mar 08 21:03:54 2007 => Scanning File C:\PROGRA~1\Adobe\PHOTOS~1\3.0\Apps\apdproxy.exe
Thu Mar 08 21:03:54 2007 => Scanning File C:\Programfiler\QuickTime\qttask.exe
Thu Mar 08 21:03:54 2007 => Scanning File C:\Programfiler\iTunes\iTunesHelper.exe
Thu Mar 08 21:03:54 2007 => Scanning File C:\PROGRA~1\BILLPS~1\WINPAT~1\WINPAT~1.EXE
Thu Mar 08 21:03:54 2007 => *** File C:\PROGRA~1\Grisoft\AVGANT~1.5\avgas.exe having Size Restriction ***. Filesize 6120 kb > 3072 kb...
Thu Mar 08 21:03:54 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGANT~1.5\avgas.exe [**]

Thu Mar 08 21:03:54 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Thu Mar 08 21:03:54 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

Thu Mar 08 21:03:54 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

Thu Mar 08 21:03:54 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce

Thu Mar 08 21:03:54 2007 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Thu Mar 08 21:03:54 2007 => Scanning File C:\WINDOWS\system32\ctfmon.exe
Thu Mar 08 21:03:54 2007 => Scanning File C:\Programfiler\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

Thu Mar 08 21:03:54 2007 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Thu Mar 08 21:03:54 2007 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

Thu Mar 08 21:03:54 2007 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

Thu Mar 08 21:03:54 2007 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup

Thu Mar 08 21:03:54 2007 => Scanning HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Thu Mar 08 21:03:54 2007 => Scanning File C:\WINDOWS\system32\CTFMON.EXE

Thu Mar 08 21:03:54 2007 => Scanning HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Thu Mar 08 21:03:54 2007 => Scanning HKCR\txtfile\shell\open\command

Thu Mar 08 21:03:54 2007 => Scanning HKCR\comfile\shell\open\command

Thu Mar 08 21:03:54 2007 => Scanning HKCR\exefile\shell\open\command

Thu Mar 08 21:03:54 2007 => Scanning HKCR\dllfile\shell\open\command

Thu Mar 08 21:03:54 2007 => Scanning HKCR\batfile\shell\open\command

Thu Mar 08 21:03:54 2007 => Scanning HKCR\piffile\shell\open\command

Thu Mar 08 21:03:54 2007 => Scanning HKCR\scrfile\shell\open\command

Thu Mar 08 21:03:54 2007 => Scanning HKCR\scrfile\shell\config\command

Thu Mar 08 21:03:54 2007 => Scanning HKCR\regfile\shell\open\command

Thu Mar 08 21:03:54 2007 => Scanning HKCR\htmlfile\shell\open\command
Thu Mar 08 21:03:54 2007 => Scanning File C:\PROGRA~1\INTERN~1\IEXPLORE.EXE

Thu Mar 08 21:03:54 2007 => Scanning HKCR\htafile\shell\open\command
Thu Mar 08 21:03:54 2007 => Scanning File C:\WINDOWS\system32\mshta.exe

Thu Mar 08 21:03:54 2007 => Scanning HKCR\jsfile\shell\open\command
Thu Mar 08 21:03:54 2007 => Scanning File C:\WINDOWS\System32\WScript.exe

Thu Mar 08 21:03:54 2007 => Scanning HKCR\jsefile\shell\open\command
Thu Mar 08 21:03:54 2007 => Scanning File C:\WINDOWS\System32\WScript.exe

Thu Mar 08 21:03:54 2007 => Scanning HKCR\vbsfile\shell\open\command
Thu Mar 08 21:03:54 2007 => Scanning File C:\WINDOWS\System32\WScript.exe

Thu Mar 08 21:03:54 2007 => Scanning HKCR\vbefile\shell\open\command
Thu Mar 08 21:03:54 2007 => Scanning File C:\WINDOWS\System32\WScript.exe

Thu Mar 08 21:03:54 2007 => Scanning HKCR\wshfile\shell\open\command
Thu Mar 08 21:03:54 2007 => Scanning File C:\WINDOWS\System32\WScript.exe

Thu Mar 08 21:03:54 2007 => Scanning HKCR\wsffile\shell\open\command
Thu Mar 08 21:03:54 2007 => Scanning File C:\WINDOWS\System32\WScript.exe

Thu Mar 08 21:03:54 2007 => ***** Scanning StartUp Folders *****

#14 kimgeni

kimgeni
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NO
  • Local time:05:14 PM

Posted 08 March 2007 - 04:04 PM

Part 3


Thu Mar 08 21:03:54 2007 => ***** Scanning C:\Documents and Settings\Kim André Johnsen\Start-meny\Programmer\Oppstart Folder *****
Thu Mar 08 21:03:54 2007 => Scanning Folder: C:\Documents and Settings\Kim André Johnsen\Start-meny\Programmer\Oppstart\*.*
Thu Mar 08 21:03:54 2007 => Scanning File C:\Documents and Settings\Kim André Johnsen\Start-meny\Programmer\Oppstart\desktop.ini [**]

Thu Mar 08 21:03:54 2007 => ***** Scanning C:\Documents and Settings\Kim André Johnsen\Skrivebord Folder *****
Thu Mar 08 21:03:54 2007 => Scanning Folder: C:\Documents and Settings\Kim André Johnsen\Skrivebord\*.*
Thu Mar 08 21:03:54 2007 => Scanning File C:\Documents and Settings\Kim André Johnsen\Skrivebord\50 FREE MP3s from eMusic!.lnk
Thu Mar 08 21:03:54 2007 => Scanning File C:\Documents and Settings\Kim André Johnsen\Skrivebord\Ace Utilities.lnk
Thu Mar 08 21:03:54 2007 => Scanning File C:\Documents and Settings\Kim André Johnsen\Skrivebord\Activescan.txt [**]
Thu Mar 08 21:03:54 2007 => Scanning File C:\Documents and Settings\Kim André Johnsen\Skrivebord\Audacity.lnk
Thu Mar 08 21:03:54 2007 => Scanning File C:\Documents and Settings\Kim André Johnsen\Skrivebord\Casino Poker.lnk
Thu Mar 08 21:03:54 2007 => Scanning File C:\Documents and Settings\Kim André Johnsen\Skrivebord\CCleaner.lnk
Thu Mar 08 21:03:54 2007 => Scanning File C:\Documents and Settings\Kim André Johnsen\Skrivebord\DFX for Windows Media Player.lnk
Thu Mar 08 21:03:54 2007 => Scanning File C:\Documents and Settings\Kim André Johnsen\Skrivebord\dvdSanta.lnk
Thu Mar 08 21:03:54 2007 => Scanning File C:\Documents and Settings\Kim André Johnsen\Skrivebord\dxva_sig.txt [**]
Thu Mar 08 21:03:54 2007 => *** File C:\Documents and Settings\Kim André Johnsen\Skrivebord\e Scan mwav.exe having Size Restriction ***. Filesize 14059 kb > 3072 kb...
Thu Mar 08 21:03:54 2007 => Scanning File C:\Documents and Settings\Kim André Johnsen\Skrivebord\e Scan mwav.exe [**]
Thu Mar 08 21:03:54 2007 => Scanning File C:\Documents and Settings\Kim André Johnsen\Skrivebord\Football Manager 2006.lnk
Thu Mar 08 21:03:54 2007 => Scanning File C:\Documents and Settings\Kim André Johnsen\Skrivebord\GameCenter.lnk
Thu Mar 08 21:03:54 2007 => Scanning File C:\Documents and Settings\Kim André Johnsen\Skrivebord\GameSpy Arcade.lnk
Thu Mar 08 21:03:54 2007 => Scanning File C:\Documents and Settings\Kim André Johnsen\Skrivebord\hs_err_pid3568.log [**]
Thu Mar 08 21:03:54 2007 => Scanning File C:\Documents and Settings\Kim André Johnsen\Skrivebord\LimeWire 4.12.6.lnk
Thu Mar 08 21:03:54 2007 => Scanning Folder: C:\Documents and Settings\Kim André Johnsen\Skrivebord\Logs\*.*
Thu Mar 08 21:03:54 2007 => Scanning File C:\Documents and Settings\Kim André Johnsen\Skrivebord\Logs\cpu.log [**]
Thu Mar 08 21:03:54 2007 => Scanning File C:\Documents and Settings\Kim André Johnsen\Skrivebord\MadTracker 2.lnk
Thu Mar 08 21:03:54 2007 => Scanning File C:\Documents and Settings\Kim André Johnsen\Skrivebord\Microsoft Office Excel 2003.lnk
Thu Mar 08 21:03:54 2007 => Scanning File C:\Documents and Settings\Kim André Johnsen\Skrivebord\Microsoft Office PowerPoint 2003.lnk
Thu Mar 08 21:03:54 2007 => Scanning File C:\Documents and Settings\Kim André Johnsen\Skrivebord\Microsoft Office Word 2003.lnk
Thu Mar 08 21:03:54 2007 => Scanning File C:\Documents and Settings\Kim André Johnsen\Skrivebord\Microsoft Works.LNK
Thu Mar 08 21:03:54 2007 => Scanning File C:\Documents and Settings\Kim André Johnsen\Skrivebord\MP3 Remix Player.lnk
Thu Mar 08 21:03:54 2007 => Scanning File C:\Documents and Settings\Kim André Johnsen\Skrivebord\Nedlastete programoppdateringer.lnk
Thu Mar 08 21:03:54 2007 => Scanning File C:\Documents and Settings\Kim André Johnsen\Skrivebord\Play The Phantom Menace.lnk
Thu Mar 08 21:03:54 2007 => Scanning File C:\Documents and Settings\Kim André Johnsen\Skrivebord\Pro Cycling Manager - Saison 2006.lnk
Thu Mar 08 21:03:54 2007 => Scanning File C:\Documents and Settings\Kim André Johnsen\Skrivebord\Shortcut to Mp3MyMp3 2.0.exe.lnk
Thu Mar 08 21:03:54 2007 => Scanning Folder: C:\Documents and Settings\Kim André Johnsen\Skrivebord\SmitfraudFix\*.*
Thu Mar 08 21:03:54 2007 => Scanning File C:\Documents and Settings\Kim André Johnsen\Skrivebord\SmitfraudFix\dumphive.exe
Thu Mar 08 21:03:54 2007 => Scanning File C:\Documents and Settings\Kim André Johnsen\Skrivebord\SmitfraudFix\GenericRenosFix.exe
Thu Mar 08 21:03:55 2007 => Scanning File C:\Documents and Settings\Kim André Johnsen\Skrivebord\SmitfraudFix\Process.exe
Thu Mar 08 21:03:55 2007 => Scanning File C:\Documents and Settings\Kim André Johnsen\Skrivebord\SmitfraudFix\Reboot.exe
Thu Mar 08 21:03:55 2007 => File C:\Documents and Settings\Kim André Johnsen\Skrivebord\SmitfraudFix\Reboot.exe tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: File Deleted.

Thu Mar 08 21:03:55 2007 => Scanning File C:\Documents and Settings\Kim André Johnsen\Skrivebord\SmitfraudFix\restart.exe
Thu Mar 08 21:03:55 2007 => Scanning File C:\Documents and Settings\Kim André Johnsen\Skrivebord\SmitfraudFix\SmitfraudFix.cmd
Thu Mar 08 21:03:55 2007 => Scanning File C:\Documents and Settings\Kim André Johnsen\Skrivebord\SmitfraudFix\SmiUpdate.exe
Thu Mar 08 21:03:55 2007 => Scanning File C:\Documents and Settings\Kim André Johnsen\Skrivebord\SmitfraudFix\SrchSTS.exe
Thu Mar 08 21:03:55 2007 => Scanning File C:\Documents and Settings\Kim André Johnsen\Skrivebord\SmitfraudFix\swreg.exe
Thu Mar 08 21:03:55 2007 => Scanning File C:\Documents and Settings\Kim André Johnsen\Skrivebord\SmitfraudFix\swsc.exe
Thu Mar 08 21:03:55 2007 => Scanning File C:\Documents and Settings\Kim André Johnsen\Skrivebord\SmitfraudFix\swxcacls.exe
Thu Mar 08 21:03:55 2007 => Scanning File C:\Documents and Settings\Kim André Johnsen\Skrivebord\SmitfraudFix\unzip.exe
Thu Mar 08 21:03:55 2007 => Scanning File C:\Documents and Settings\Kim André Johnsen\Skrivebord\SmitfraudFix.exe
Thu Mar 08 21:03:57 2007 => File C:\Documents and Settings\Kim André Johnsen\Skrivebord\SmitfraudFix.exe//PE_Patch.UPX//SmitfraudFix/Reboot.exe tagged as "not-a-virus:RiskTool.Win32.Reboot.f". Action Taken: File Deleted.

Thu Mar 08 21:03:57 2007 => Scanning File C:\Documents and Settings\Kim André Johnsen\Skrivebord\Snarvei til mplayerc.lnk
Thu Mar 08 21:03:57 2007 => Scanning File C:\Documents and Settings\Kim André Johnsen\Skrivebord\Springdale.lnk
Thu Mar 08 21:03:57 2007 => Scanning File C:\Documents and Settings\Kim André Johnsen\Skrivebord\Spybot - Search & Destroy.lnk
Thu Mar 08 21:03:57 2007 => Scanning File C:\Documents and Settings\Kim André Johnsen\Skrivebord\SpywareBlaster.lnk
Thu Mar 08 21:03:57 2007 => Scanning File C:\Documents and Settings\Kim André Johnsen\Skrivebord\Windows Live Messenger.lnk
Thu Mar 08 21:03:57 2007 => Scanning File C:\Documents and Settings\Kim André Johnsen\Skrivebord\µTorrent.lnk

Thu Mar 08 21:03:57 2007 => ***** Scanning C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart Folder *****
Thu Mar 08 21:03:57 2007 => Scanning Folder: C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\*.*
Thu Mar 08 21:03:57 2007 => Scanning File C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Adobe Reader Speed Launch.lnk
Thu Mar 08 21:03:57 2007 => Scanning File C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\desktop.ini [**]
Thu Mar 08 21:03:57 2007 => Scanning File C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Picture Package Menu.lnk
Thu Mar 08 21:03:57 2007 => Scanning File C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\Picture Package VCD Maker.lnk

Thu Mar 08 21:03:57 2007 => ***** Scanning Service Files *****
Thu Mar 08 21:03:57 2007 => Scanning HKLM\SYSTEM\CurrentControlSet\Services
Thu Mar 08 21:03:57 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
Thu Mar 08 21:03:57 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ACPI.sys
Thu Mar 08 21:03:57 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\adpu160m.sys
Thu Mar 08 21:03:57 2007 => Scanning File C:\WINDOWS\system32\drivers\aec.sys
Thu Mar 08 21:03:57 2007 => Scanning File C:\WINDOWS\System32\drivers\afd.sys
Thu Mar 08 21:03:57 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\agp440.sys
Thu Mar 08 21:03:57 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
Thu Mar 08 21:03:57 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\aha154x.sys
Thu Mar 08 21:03:57 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\aic78u2.sys
Thu Mar 08 21:03:58 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\aic78xx.sys
Thu Mar 08 21:03:58 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Mar 08 21:03:58 2007 => Scanning File C:\WINDOWS\System32\alg.exe
Thu Mar 08 21:03:58 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\aliide.sys
Thu Mar 08 21:03:58 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\alim1541.sys
Thu Mar 08 21:03:58 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\amdagp.sys
Thu Mar 08 21:03:58 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\amsint.sys
Thu Mar 08 21:03:58 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Mar 08 21:03:58 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\asc.sys
Thu Mar 08 21:03:58 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\asc3350p.sys
Thu Mar 08 21:03:58 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\asc3550.sys
Thu Mar 08 21:03:58 2007 => Scanning File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
Thu Mar 08 21:03:58 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\asyncmac.sys
Thu Mar 08 21:03:58 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\atapi.sys
Thu Mar 08 21:03:58 2007 => Scanning File C:\WINDOWS\system32\Ati2evxx.exe
Thu Mar 08 21:03:58 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Thu Mar 08 21:03:58 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\atmarpc.sys
Thu Mar 08 21:03:58 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Mar 08 21:03:58 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\audstub.sys
Thu Mar 08 21:03:58 2007 => Scanning File C:\Programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe
Thu Mar 08 21:03:58 2007 => Scanning File C:\PROGRA~1\GRISOFT\AVGANT~1.5\GUARD.SYS
Thu Mar 08 21:03:58 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGANT~1.5\guard.exe
Thu Mar 08 21:03:58 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\AvgAsCln.sys
Thu Mar 08 21:03:58 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Mar 08 21:03:58 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Mar 08 21:03:58 2007 => ERROR!!! Invalid Entry \??\D:\INSTAL~E\Core\BVRPMPR5.SYS. Removing SYSTEM\CurrentControlSet\Services\BVRPMPR5...
Thu Mar 08 21:03:58 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
Thu Mar 08 21:03:58 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
Thu Mar 08 21:03:58 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\ccEvtMgr.exe
Thu Mar 08 21:03:58 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\ccProxy.exe
Thu Mar 08 21:03:58 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\ccPwdSvc.exe
Thu Mar 08 21:03:58 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\ccSetMgr.exe
Thu Mar 08 21:03:58 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
Thu Mar 08 21:03:58 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\cdrom.sys
Thu Mar 08 21:03:58 2007 => Scanning File C:\WINDOWS\system32\cisvc.exe
Thu Mar 08 21:03:58 2007 => Scanning File C:\WINDOWS\system32\clipsrv.exe
Thu Mar 08 21:03:58 2007 => Scanning File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
Thu Mar 08 21:03:58 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\cmdide.sys
Thu Mar 08 21:03:58 2007 => Scanning File C:\WINDOWS\system32\dllhost.exe
Thu Mar 08 21:03:58 2007 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\CO_MON.SYS
Thu Mar 08 21:03:59 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\cpqarray.sys
Thu Mar 08 21:03:59 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Mar 08 21:03:59 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
Thu Mar 08 21:03:59 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\dac960nt.sys
Thu Mar 08 21:03:59 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Mar 08 21:03:59 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Mar 08 21:03:59 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\disk.sys
Thu Mar 08 21:03:59 2007 => Scanning File C:\WINDOWS\system32\dlcccoms.exe
Thu Mar 08 21:03:59 2007 => Scanning File C:\WINDOWS\System32\dmadmin.exe
Thu Mar 08 21:03:59 2007 => Scanning File C:\WINDOWS\system32\drivers\dmboot.sys
Thu Mar 08 21:03:59 2007 => Scanning File C:\WINDOWS\system32\drivers\dmio.sys
Thu Mar 08 21:03:59 2007 => Scanning File C:\WINDOWS\system32\drivers\dmload.sys
Thu Mar 08 21:03:59 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Mar 08 21:03:59 2007 => Scanning File C:\WINDOWS\system32\drivers\DMusic.sys
Thu Mar 08 21:03:59 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Mar 08 21:03:59 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\dpti2o.sys
Thu Mar 08 21:03:59 2007 => Scanning File C:\WINDOWS\system32\drivers\drmkaud.sys
Thu Mar 08 21:03:59 2007 => Scanning File C:\WINDOWS\system32\drivers\drvmcdb.sys
Thu Mar 08 21:03:59 2007 => Scanning File C:\WINDOWS\system32\drivers\drvnddm.sys
Thu Mar 08 21:03:59 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\e100b325.sys
Thu Mar 08 21:03:59 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
Thu Mar 08 21:03:59 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Mar 08 21:03:59 2007 => Scanning File C:\WINDOWS\system32\services.exe
Thu Mar 08 21:03:59 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Mar 08 21:03:59 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Mar 08 21:03:59 2007 => Scanning File C:\WINDOWS\system32\fxssvc.exe
Thu Mar 08 21:03:59 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\fdc.sys
Thu Mar 08 21:03:59 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Thu Mar 08 21:03:59 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\fltMgr.sys
Thu Mar 08 21:03:59 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ftdisk.sys
Thu Mar 08 21:03:59 2007 => Scanning File C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
Thu Mar 08 21:03:59 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\msgpc.sys
Thu Mar 08 21:03:59 2007 => Scanning File C:\PROGRA~1\Google\Common\GOOGLE~1\GOOGLE~1.EXE
Thu Mar 08 21:03:59 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Thu Mar 08 21:03:59 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Mar 08 21:03:59 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Mar 08 21:03:59 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\hidusb.sys
Thu Mar 08 21:03:59 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\hpn.sys
Thu Mar 08 21:03:59 2007 => Scanning File C:\WINDOWS\system32\Drivers\HTTP.sys
Thu Mar 08 21:03:59 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Mar 08 21:03:59 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\i2omp.sys
Thu Mar 08 21:03:59 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Thu Mar 08 21:03:59 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\imapi.sys
Thu Mar 08 21:03:59 2007 => Scanning File C:\WINDOWS\system32\imapi.exe
Thu Mar 08 21:03:59 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ini910u.sys
Thu Mar 08 21:03:59 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\intelide.sys
Thu Mar 08 21:03:59 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\intelppm.sys
Thu Mar 08 21:04:00 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
Thu Mar 08 21:04:00 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
Thu Mar 08 21:04:00 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ipinip.sys
Thu Mar 08 21:04:00 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ipnat.sys
Thu Mar 08 21:04:00 2007 => Scanning File C:\Programfiler\iPod\bin\iPodService.exe
Thu Mar 08 21:04:00 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ipsec.sys
Thu Mar 08 21:04:00 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\irenum.sys
Thu Mar 08 21:04:00 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\isapnp.sys
Thu Mar 08 21:04:00 2007 => Scanning File C:\PROGRA~1\NORTON~1\ISSVC.exe
Thu Mar 08 21:04:00 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Thu Mar 08 21:04:00 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\kbdhid.sys
Thu Mar 08 21:04:00 2007 => Scanning File C:\WINDOWS\system32\drivers\kmixer.sys
Thu Mar 08 21:04:00 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Mar 08 21:04:00 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Mar 08 21:04:00 2007 => Scanning File C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
Thu Mar 08 21:04:00 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Mar 08 21:04:00 2007 => Scanning File C:\PROGRA~1\FELLES~1\MICROS~1\VS7DEBUG\MDM.EXE
Thu Mar 08 21:04:00 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Mar 08 21:04:00 2007 => Scanning File C:\WINDOWS\system32\mnmsrvc.exe
Thu Mar 08 21:04:00 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\mouclass.sys
Thu Mar 08 21:04:00 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\mouhid.sys
Thu Mar 08 21:04:00 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\mraid35x.sys
Thu Mar 08 21:04:00 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Thu Mar 08 21:04:00 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Thu Mar 08 21:04:00 2007 => Scanning File C:\WINDOWS\system32\msdtc.exe
Thu Mar 08 21:04:00 2007 => Scanning File C:\WINDOWS\system32\msiexec.exe
Thu Mar 08 21:04:00 2007 => Scanning File C:\WINDOWS\system32\drivers\MSKSSRV.sys
Thu Mar 08 21:04:00 2007 => Scanning File C:\WINDOWS\system32\drivers\MSPCLOCK.sys
Thu Mar 08 21:04:00 2007 => Scanning File C:\WINDOWS\system32\drivers\MSPQM.sys
Thu Mar 08 21:04:00 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Thu Mar 08 21:04:00 2007 => Scanning File C:\WINDOWS\system32\drivers\MSTEE.sys
Thu Mar 08 21:04:00 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
Thu Mar 08 21:04:00 2007 => Scanning File C:\PROGRA~1\NORTON~1\NORTON~1\navapsvc.exe
Thu Mar 08 21:04:00 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\VIRUSD~1\20070307.037\NAVENG.SYS
Thu Mar 08 21:04:00 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\VIRUSD~1\20070307.037\NAVEX15.SYS
Thu Mar 08 21:04:00 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\NdisIP.sys
Thu Mar 08 21:04:00 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Thu Mar 08 21:04:01 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Thu Mar 08 21:04:01 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Thu Mar 08 21:04:01 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\netbios.sys
Thu Mar 08 21:04:01 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\netbt.sys
Thu Mar 08 21:04:01 2007 => Scanning File C:\WINDOWS\system32\netdde.exe
Thu Mar 08 21:04:01 2007 => Scanning File C:\WINDOWS\system32\netdde.exe
Thu Mar 08 21:04:01 2007 => Scanning File C:\WINDOWS\system32\lsass.exe
Thu Mar 08 21:04:01 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Mar 08 21:04:01 2007 => Scanning File C:\Programfiler\Intel\PROSetWired\NCS\Sync\NetSvc.exe
Thu Mar 08 21:04:01 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Mar 08 21:04:01 2007 => Scanning File C:\WINDOWS\system32\lsass.exe
Thu Mar 08 21:04:01 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Mar 08 21:04:01 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
Thu Mar 08 21:04:01 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
Thu Mar 08 21:04:01 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
Thu Mar 08 21:04:01 2007 => Scanning File C:\PROGRA~1\FELLES~1\MICROS~1\SOURCE~1\OSE.EXE
Thu Mar 08 21:04:01 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\parport.sys
Thu Mar 08 21:04:01 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\pci.sys
Thu Mar 08 21:04:01 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\pciide.sys
Thu Mar 08 21:04:01 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\perc2.sys
Thu Mar 08 21:04:01 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\perc2hib.sys
Thu Mar 08 21:04:01 2007 => Scanning File C:\WINDOWS\system32\services.exe
Thu Mar 08 21:04:01 2007 => Scanning File C:\WINDOWS\system32\lsass.exe
Thu Mar 08 21:04:01 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\raspptp.sys
Thu Mar 08 21:04:01 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\processr.sys
Thu Mar 08 21:04:01 2007 => Scanning File C:\WINDOWS\system32\lsass.exe
Thu Mar 08 21:04:01 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\psched.sys
Thu Mar 08 21:04:01 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ptilink.sys
Thu Mar 08 21:04:01 2007 => Scanning File C:\WINDOWS\system32\Drivers\PxHelp20.sys
Thu Mar 08 21:04:01 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ql1080.sys
Thu Mar 08 21:04:01 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
Thu Mar 08 21:04:01 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ql12160.sys
Thu Mar 08 21:04:01 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ql1240.sys
Thu Mar 08 21:04:01 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ql1280.sys
Thu Mar 08 21:04:01 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\rasacd.sys
Thu Mar 08 21:04:01 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Mar 08 21:04:01 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Thu Mar 08 21:04:02 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Mar 08 21:04:02 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Thu Mar 08 21:04:02 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\raspti.sys
Thu Mar 08 21:04:02 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\rdbss.sys
Thu Mar 08 21:04:02 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
Thu Mar 08 21:04:02 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Thu Mar 08 21:04:02 2007 => Scanning File C:\WINDOWS\system32\sessmgr.exe
Thu Mar 08 21:04:02 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\redbook.sys
Thu Mar 08 21:04:02 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Mar 08 21:04:02 2007 => Scanning File C:\WINDOWS\system32\locator.exe
Thu Mar 08 21:04:02 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Mar 08 21:04:02 2007 => Scanning File C:\WINDOWS\system32\rsvp.exe
Thu Mar 08 21:04:02 2007 => Scanning File C:\WINDOWS\system32\lsass.exe
Thu Mar 08 21:04:02 2007 => Scanning File C:\PROGRAMFILER\SUPERANTISPYWARE\SASDIFSV.SYS
Thu Mar 08 21:04:02 2007 => Scanning File C:\PROGRAMFILER\SUPERANTISPYWARE\SASENUM.SYS
Thu Mar 08 21:04:02 2007 => Scanning File C:\PROGRAMFILER\SUPERANTISPYWARE\SASKUTIL.SYS
Thu Mar 08 21:04:02 2007 => Scanning File C:\PROGRA~1\NORTON~1\NORTON~1\SAVRT.SYS
Thu Mar 08 21:04:02 2007 => Scanning File C:\PROGRA~1\NORTON~1\NORTON~1\SAVRTPEL.SYS
Thu Mar 08 21:04:02 2007 => Scanning File C:\PROGRA~1\NORTON~1\NORTON~1\SAVScan.exe
Thu Mar 08 21:04:02 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\SCRIPT~1\SBServ.exe
Thu Mar 08 21:04:02 2007 => Scanning File C:\WINDOWS\System32\SCardSvr.exe
Thu Mar 08 21:04:02 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Mar 08 21:04:02 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\secdrv.sys
Thu Mar 08 21:04:02 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Mar 08 21:04:02 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Mar 08 21:04:02 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\serenum.sys
Thu Mar 08 21:04:02 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\serial.sys
Thu Mar 08 21:04:02 2007 => Scanning File C:\WINDOWS\system32\drivers\sfdrv01.sys
Thu Mar 08 21:04:02 2007 => Scanning File C:\WINDOWS\system32\drivers\sfhlp02.sys
Thu Mar 08 21:04:02 2007 => Scanning File C:\WINDOWS\system32\drivers\sfsync04.sys
Thu Mar 08 21:04:02 2007 => Scanning File C:\WINDOWS\system32\drivers\sfvfs02.sys
Thu Mar 08 21:04:02 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Mar 08 21:04:02 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Mar 08 21:04:02 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\sisagp.sys
Thu Mar 08 21:04:02 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\SLIP.sys
Thu Mar 08 21:04:02 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\SNDSrvc.exe
Thu Mar 08 21:04:02 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\sonypvs1.sys
Thu Mar 08 21:04:02 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\sparrow.sys
Thu Mar 08 21:04:03 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\SPBBC\SPBBCDRV.SYS
Thu Mar 08 21:04:03 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\SPBBC\SPBBCSvc.exe
Thu Mar 08 21:04:03 2007 => Scanning File C:\WINDOWS\system32\drivers\splitter.sys
Thu Mar 08 21:04:03 2007 => Scanning File C:\WINDOWS\system32\spoolsv.exe
Thu Mar 08 21:04:03 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\sr.sys
Thu Mar 08 21:04:03 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Mar 08 21:04:03 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\srv.sys
Thu Mar 08 21:04:03 2007 => Scanning File C:\WINDOWS\system32\drivers\sscdbhk5.sys
Thu Mar 08 21:04:03 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Mar 08 21:04:03 2007 => Scanning File C:\WINDOWS\system32\drivers\ssrtln.sys
Thu Mar 08 21:04:03 2007 => Scanning File C:\WINDOWS\system32\drivers\sthda.sys
Thu Mar 08 21:04:03 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Mar 08 21:04:03 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\StreamIP.sys
Thu Mar 08 21:04:03 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\swenum.sys
Thu Mar 08 21:04:03 2007 => Scanning File C:\WINDOWS\system32\drivers\swmidi.sys
Thu Mar 08 21:04:03 2007 => Scanning File C:\WINDOWS\system32\dllhost.exe
Thu Mar 08 21:04:03 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\CCPD-LC\symlcsvc.exe
Thu Mar 08 21:04:03 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\symc810.sys
Thu Mar 08 21:04:03 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\symc8xx.sys
Thu Mar 08 21:04:03 2007 => Scanning File C:\WINDOWS\System32\Drivers\SYMDNS.SYS
Thu Mar 08 21:04:03 2007 => Scanning File C:\PROGRAMFILER\SYMANTEC\SYMEVENT.SYS
Thu Mar 08 21:04:03 2007 => Scanning File C:\WINDOWS\System32\Drivers\SYMFW.SYS
Thu Mar 08 21:04:03 2007 => Scanning File C:\WINDOWS\System32\Drivers\SYMIDS.SYS
Thu Mar 08 21:04:03 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\SYMCDATA\IDSDEFS\20070302.001\SYMIDSCO.SYS
Thu Mar 08 21:04:03 2007 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\SYMLCBRD.SYS
Thu Mar 08 21:04:03 2007 => Scanning File C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
Thu Mar 08 21:04:03 2007 => Scanning File C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
Thu Mar 08 21:04:03 2007 => Scanning File C:\WINDOWS\System32\Drivers\SYMTDI.SYS
Thu Mar 08 21:04:03 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\sym_hi.sys
Thu Mar 08 21:04:03 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\sym_u3.sys
Thu Mar 08 21:04:03 2007 => Scanning File C:\WINDOWS\system32\drivers\sysaudio.sys
Thu Mar 08 21:04:03 2007 => Scanning File C:\WINDOWS\system32\smlogsvc.exe
Thu Mar 08 21:04:03 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Mar 08 21:04:03 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\tcpip.sys
Thu Mar 08 21:04:03 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\termdd.sys
Thu Mar 08 21:04:03 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Mar 08 21:04:03 2007 => Scanning File C:\WINDOWS\system32\dla\tfsnboio.sys
Thu Mar 08 21:04:03 2007 => Scanning File C:\WINDOWS\system32\dla\tfsncofs.sys
Thu Mar 08 21:04:03 2007 => Scanning File C:\WINDOWS\system32\dla\tfsndrct.sys
Thu Mar 08 21:04:03 2007 => Scanning File C:\WINDOWS\system32\dla\tfsndres.sys
Thu Mar 08 21:04:03 2007 => Scanning File C:\WINDOWS\system32\dla\tfsnifs.sys
Thu Mar 08 21:04:03 2007 => Scanning File C:\WINDOWS\system32\dla\tfsnopio.sys
Thu Mar 08 21:04:03 2007 => Scanning File C:\WINDOWS\system32\dla\tfsnpool.sys
Thu Mar 08 21:04:03 2007 => Scanning File C:\WINDOWS\system32\dla\tfsnudf.sys
Thu Mar 08 21:04:04 2007 => Scanning File C:\WINDOWS\system32\dla\tfsnudfa.sys
Thu Mar 08 21:04:04 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Mar 08 21:04:04 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\tj2knd5.sys
Thu Mar 08 21:04:04 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\tj2kunic.sys
Thu Mar 08 21:04:04 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\toside.sys
Thu Mar 08 21:04:04 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Mar 08 21:04:04 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ultra.sys
Thu Mar 08 21:04:04 2007 => Scanning File C:\WINDOWS\system32\wdfmgr.exe
Thu Mar 08 21:04:04 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\update.sys
Thu Mar 08 21:04:04 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Mar 08 21:04:04 2007 => Scanning File C:\WINDOWS\System32\ups.exe
Thu Mar 08 21:04:04 2007 => Scanning File C:\WINDOWS\system32\drivers\usbaudio.sys
Thu Mar 08 21:04:04 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Thu Mar 08 21:04:04 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\usbehci.sys
Thu Mar 08 21:04:04 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\usbhub.sys
Thu Mar 08 21:04:04 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\usbprint.sys
Thu Mar 08 21:04:04 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\usbscan.sys
Thu Mar 08 21:04:04 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Thu Mar 08 21:04:04 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Thu Mar 08 21:04:04 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Mar 08 21:04:04 2007 => Scanning File C:\WINDOWS\System32\drivers\vga.sys
Thu Mar 08 21:04:04 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\viaagp.sys
Thu Mar 08 21:04:04 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\viaide.sys
Thu Mar 08 21:04:04 2007 => Scanning File C:\WINDOWS\System32\vssvc.exe
Thu Mar 08 21:04:04 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Mar 08 21:04:04 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\wanarp.sys
Thu Mar 08 21:04:04 2007 => Scanning File C:\WINDOWS\system32\drivers\wdmaud.sys
Thu Mar 08 21:04:04 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Mar 08 21:04:04 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Mar 08 21:04:04 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Mar 08 21:04:04 2007 => Scanning File C:\WINDOWS\system32\wbem\wmiapsrv.exe
Thu Mar 08 21:04:04 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Mar 08 21:04:04 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
Thu Mar 08 21:04:04 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Mar 08 21:04:04 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Mar 08 21:04:04 2007 => Scanning File C:\WINDOWS\System32\svchost.exe

Thu Mar 08 21:04:04 2007 => Scanning HKLM\SYSTEM\CurrentControlSet\Services\VxD

Thu Mar 08 21:04:04 2007 => ***** Scanning Registry and File system for Adware/Spyware *****
Thu Mar 08 21:04:04 2007 => Loading Spyware Signatures from new External Database [Name: C:\DOCUME~1\KIMAND~1\LOKALE~1\Temp\spydb.avs, Size: 212325].
Thu Mar 08 21:04:07 2007 => Indexed Spyware Databases Successfully Created...

Thu Mar 08 21:04:09 2007 => Offending Key found: HKLM\Software\kazaa !!!
Thu Mar 08 21:04:09 2007 => Deleting Registry Key: HKLM\Software\kazaa
Thu Mar 08 21:04:48 2007 => Object "kazaa Spyware/Adware" found in File System! Action Taken: Entries Removed.

Thu Mar 08 21:04:48 2007 => Offending Key found: HKLM\Software\magnet !!!
Thu Mar 08 21:04:48 2007 => Deleting Registry Key: HKLM\Software\magnet
Thu Mar 08 21:04:48 2007 => Object "grokster Spyware/Adware" found in File System! Action Taken: Entries Removed.

Thu Mar 08 21:04:48 2007 => Offending Key found: HKCU\Software\kazaa !!!
Thu Mar 08 21:04:48 2007 => Deleting Registry Key: HKCU\Software\kazaa
Thu Mar 08 21:04:48 2007 => Object "kazaa Spyware/Adware" found in File System! Action Taken: Entries Removed.

Thu Mar 08 21:04:49 2007 => Offending Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gator.com !!!
Thu Mar 08 21:04:49 2007 => Deleting Registry Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\gator.com
Thu Mar 08 21:04:49 2007 => Object "gain.gator Spyware/Adware" found in File System! Action Taken: Entries Removed.

Thu Mar 08 21:04:49 2007 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\p3p\history\gator.com !!!
Thu Mar 08 21:04:49 2007 => Deleting Registry Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\p3p\history\gator.com
Thu Mar 08 21:04:49 2007 => Object "gain.gator Spyware/Adware" found in File System! Action Taken: Entries Removed.

Thu Mar 08 21:04:49 2007 => Offending Key found: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\p3p\history\gator.com !!!
Thu Mar 08 21:04:49 2007 => Deleting Registry Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\p3p\history\gator.com
Thu Mar 08 21:04:49 2007 => Object "gain.gator Spyware/Adware" found in File System! Action Taken: Entries Removed.

Thu Mar 08 21:04:49 2007 => Offending Key found: HKCU\\magnet !!!
Thu Mar 08 21:04:49 2007 => Deleting Registry Key: HKCU\\magnet
Thu Mar 08 21:04:49 2007 => Object "grokster Spyware/Adware" found in File System! Action Taken: Entries Removed.

Thu Mar 08 21:05:02 2007 => Offending file found: C:\DOCUME~1\KIMAND~1\MINEDO~1\limewire\music\MAGIXM~1\explore.exe
Thu Mar 08 21:05:02 2007 => System found infected with cws.smartsearch Browser Hijacker (explore.exe)! Action taken: Entries Removed.
Thu Mar 08 21:05:02 2007 => Object "cws.smartsearch Browser Hijacker" found in File System! Action Taken: Entries Removed.

Thu Mar 08 21:05:02 2007 => Offending file found: C:\DOCUME~1\KIMAND~1\MINEDO~1\limewire\music\MAGIXM~1\MAGIXM~1\explore.exe
Thu Mar 08 21:05:02 2007 => System found infected with cws.smartsearch Browser Hijacker (explore.exe)! Action taken: Entries Removed.
Thu Mar 08 21:05:02 2007 => Object "cws.smartsearch Browser Hijacker" found in File System! Action Taken: Entries Removed.

Thu Mar 08 21:05:11 2007 => Offending Folder found: C:\Documents and Settings\Kim André Johnsen\Mine dokumenter\programvare\antispyware
Thu Mar 08 21:05:11 2007 => Deltree of Folder C:\Documents and Settings\Kim André Johnsen\Mine dokumenter\programvare\antispyware...
Thu Mar 08 21:05:12 2007 => Object "2antispyware Corrupted Adware/Spyware" found in File System! Action Taken: Entries Removed.

Thu Mar 08 21:05:12 2007 => Offending file found: C:\DOCUME~1\KIMAND~1\Siste\ANTISP~1.LNK
Thu Mar 08 21:05:12 2007 => System found infected with 2antispyware Corrupted Adware/Spyware (antispyware.lnk)! Action taken: Entries Removed.
Thu Mar 08 21:05:12 2007 => Object "2antispyware Corrupted Adware/Spyware" found in File System! Action Taken: Entries Removed.

Thu Mar 08 21:05:17 2007 => Offending file found: C:\WINDOWS\unvise32.exe
Thu Mar 08 21:05:17 2007 => System found infected with spylax Corrupted Adware/Spyware (C:\WINDOWS\unvise32.exe)! Action taken: Entries Removed.
Thu Mar 08 21:05:17 2007 => Object "spylax Corrupted Adware/Spyware" found in File System! Action Taken: Entries Removed.

Thu Mar 08 21:05:21 2007 => Checking MountPoints2 Registry Key...
Thu Mar 08 21:05:21 2007 => Invalid Command Found in {5a2162fc-7a60-11da-8dbc-00e06facc0cd}\Shell\Autoplay\DropTarget\AutoRun\command: I:\setupSNK.exe
Thu Mar 08 21:05:21 2007 => Offending Key found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a2162fc-7a60-11da-8dbc-00e06facc0cd} !!!
Thu Mar 08 21:05:21 2007 => Deleting Registry Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5a2162fc-7a60-11da-8dbc-00e06facc0cd}
Thu Mar 08 21:05:21 2007 => Object "Possible Fujacks-type Worm" found in File System! Action Taken: Entries Removed.

Thu Mar 08 21:05:21 2007 => Checking CLSID Reference Entries...
Thu Mar 08 21:05:22 2007 => Entry "HKCR\DirectAnimation.PathControl" refers to invalid object "{D7A7D7C3-D47F-11D0-89D3-00A0C90833E6}". Action Taken: Entries Removed.

Thu Mar 08 21:05:22 2007 => Entry "HKCR\DirectAnimation.Sequence" refers to invalid object "{4F241DB1-EE9F-11D0-9824-006097C99E51}". Action Taken: Entries Removed.

Thu Mar 08 21:05:22 2007 => Entry "HKCR\DirectAnimation.SequencerControl" refers to invalid object "{B0A6BAE2-AAF0-11D0-A152-00A0C908DB96}". Action Taken: Entries Removed.

Thu Mar 08 21:05:22 2007 => Entry "HKCR\DirectAnimation.SpriteControl" refers to invalid object "{FD179533-D86E-11D0-89D6-00A0C90833E6}". Action Taken: Entries Removed.

Thu Mar 08 21:05:22 2007 => Entry "HKCR\DirectAnimation.StructuredGraphicsControl" refers to invalid object "{369303C2-D7AC-11D0-89D5-00A0C90833E6}". Action Taken: Entries Removed.

Thu Mar 08 21:05:23 2007 => Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: Entries Removed.

Thu Mar 08 21:05:23 2007 => Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: Entries Removed.

Thu Mar 08 21:05:25 2007 => Entry "HKCR\WholeSecurity.CATEEAx" refers to invalid object "{3ba494b1-d507-4c11-9bda-d47e1a65dfcf}". Action Taken: Entries Removed.

Thu Mar 08 21:05:25 2007 => Checking Module Usage Entries...
Thu Mar 08 21:05:25 2007 => Checking User Trusted External App Entries...
Thu Mar 08 21:05:25 2007 => Checking Shared DLL Entries...
Thu Mar 08 21:05:26 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\unvise32.exe". Action Taken: Entries Removed.

Thu Mar 08 21:05:27 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Windows.Forms.tlb". Action Taken: Entries Removed.

Thu Mar 08 21:05:27 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.EnterpriseServices.tlb". Action Taken: Entries Removed.

Thu Mar 08 21:05:27 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.JScript.tlb". Action Taken: Entries Removed.

Thu Mar 08 21:05:27 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.Vsa.tlb". Action Taken: Entries Removed.

Thu Mar 08 21:05:27 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Drawing.tlb". Action Taken: Entries Removed.

Thu Mar 08 21:05:27 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscoree.tlb". Action Taken: Entries Removed.

Thu Mar 08 21:05:27 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorlib.tlb". Action Taken: Entries Removed.

Thu Mar 08 21:05:27 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.tlb". Action Taken: Entries Removed.

Thu Mar 08 21:05:27 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.Vsa.Vb.CodeDOMProcessor.tlb". Action Taken: Entries Removed.

Thu Mar 08 21:05:28 2007 => Checking Installer Entries...
Thu Mar 08 21:05:28 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\Plug-in\". Action Taken: Entries Removed.

Thu Mar 08 21:05:28 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Eier\Programdata\Jasc Software Inc\Paint Shop Pro Studio\". Action Taken: Entries Removed.

Thu Mar 08 21:05:28 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Eier\Programdata\Jasc Software Inc\". Action Taken: Entries Removed.

Thu Mar 08 21:05:29 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programfiler\Sports Interactive\Football Manager 2006\data\skins\chameleon2006_right\graphics\". Action Taken: Entries Removed.

Thu Mar 08 21:05:29 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programfiler\Sports Interactive\Football Manager 2006\data\skins\chameleon2006_right\graphics\navigation\". Action Taken: Entries Removed.

Thu Mar 08 21:05:31 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\WINDOWS\winsxs\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\". Action Taken: Entries Removed.

Thu Mar 08 21:05:33 2007 => Checking Shared Tools Entries...
Thu Mar 08 21:05:33 2007 => Checking File Extension Entries...
Thu Mar 08 21:05:33 2007 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".5". Action Taken: Entries Removed.

Thu Mar 08 21:05:33 2007 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".bak". Action Taken: Entries Removed.

Thu Mar 08 21:05:33 2007 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".PDD". Action Taken: Entries Removed.

Thu Mar 08 21:05:33 2007 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pf". Action Taken: Entries Removed.

Thu Mar 08 21:05:33 2007 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".php_infohash=4a58adbb9187a3566b5c336e139ed23e9da54b06". Action Taken: Entries Removed.

Thu Mar 08 21:05:33 2007 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".r07". Action Taken: Entries Removed.

Thu Mar 08 21:05:33 2007 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sln". Action Taken: Entries Removed.

Thu Mar 08 21:05:33 2007 => Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "._Lawrence%2C_Canada". Action Taken: Entries Removed.

Thu Mar 08 21:05:33 2007 => Checking Application Cache Entries...
Thu Mar 08 21:05:33 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{01D2D18F-B421-4D45-9668-3BC302A91ACD}". Action Taken: Entries Removed.

Thu Mar 08 21:05:33 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{02BE569D-7BBD-4451-A955-C0CDFB0695F1}". Action Taken: Entries Removed.

Thu Mar 08 21:05:33 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{2AFBAC85-8F32-4EDB-AF56-D68239DAFF7D}". Action Taken: Entries Removed.

Thu Mar 08 21:05:33 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{2C9BFB0F-8242-4BAB-9B77-46C19191B403}". Action Taken: Entries Removed.

Thu Mar 08 21:05:33 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{3A494A73-0731-48A6-B705-3965382F86D6}". Action Taken: Entries Removed.

Thu Mar 08 21:05:33 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{3D65BA49-E991-493F-B572-10A25FC4E11B}". Action Taken: Entries Removed.

Thu Mar 08 21:05:33 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{4031623D-AC43-4B41-A0DF-584797918684}". Action Taken: Entries Removed.

Thu Mar 08 21:05:33 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{5BE15A25-87DC-4D86-9F5B-3424181FC0DC}". Action Taken: Entries Removed.

Thu Mar 08 21:05:33 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{691E8ABA-4D04-4389-8738-692BF5E426C5}". Action Taken: Entries Removed.

Thu Mar 08 21:05:33 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{6EE34979-0355-44EB-8761-21D32B1CE4AB}". Action Taken: Entries Removed.

Thu Mar 08 21:05:33 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{76293753-2D0D-408B-8472-32A11DE77CC6}". Action Taken: Entries Removed.

Thu Mar 08 21:05:33 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{893D1B86-5CAA-4F51-854F-C1B444C61CBD}". Action Taken: Entries Removed.

Thu Mar 08 21:05:33 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{9F931B29-A990-47A8-AC1C-C3AA70A5BB5F}". Action Taken: Entries Removed.

Thu Mar 08 21:05:33 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{C6F1E87D-F3E1-4874-97EC-F87DAB6D6878}". Action Taken: Entries Removed.

Thu Mar 08 21:05:33 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{CE80F122-71C4-48F4-9BFE-0A49BEF050A6}". Action Taken: Entries Removed.

Thu Mar 08 21:05:33 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{DD0CF6CB-ADBC-4062-B30C-D53B21A83AFB}". Action Taken: Entries Removed.

Thu Mar 08 21:05:33 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{EE5B8E34-973C-4FBE-AC83-99F064009FC7}". Action Taken: Entries Removed.

Thu Mar 08 21:05:33 2007 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{F0EDE60D-BD69-4351-81BA-706E51179F7E}". Action Taken: Entries Removed.


Thu Mar 08 21:05:33 2007 => ***** Scanning Registry Files *****

Thu Mar 08 21:05:33 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Thu Mar 08 21:05:33 2007 => *** File C:\WINDOWS\system32\SHELL32.dll having Size Restriction ***. Filesize 8261 kb > 3072 kb...
Thu Mar 08 21:05:33 2007 => Scanning File C:\WINDOWS\system32\SHELL32.dll [**]
Thu Mar 08 21:05:33 2007 => *** File C:\WINDOWS\system32\SHELL32.dll having Size Restriction ***. Filesize 8261 kb > 3072 kb...
Thu Mar 08 21:05:33 2007 => Scanning File C:\WINDOWS\system32\SHELL32.dll [**]
Thu Mar 08 21:05:33 2007 => Scanning File C:\WINDOWS\system32\webcheck.dll
Thu Mar 08 21:05:33 2007 => Scanning File C:\WINDOWS\system32\stobject.dll

Thu Mar 08 21:05:33 2007 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

Thu Mar 08 21:05:33 2007 => Scanning HKLM\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension

Thu Mar 08 21:05:33 2007 => Scanning HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
Thu Mar 08 21:05:33 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\ADBLOC~1\NISShExt.dll
Thu Mar 08 21:05:33 2007 => Scanning File C:\PROGRA~1\NORTON~1\NORTON~1\NavShExt.dll
Thu Mar 08 21:05:33 2007 => Scanning File c:\programfiler\google\googletoolbar3.dll

Thu Mar 08 21:05:33 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
Thu Mar 08 21:05:33 2007 => {53707962-6F74-2D53-2644-206D7942484F} = C:\PROGRA~1\SPYBOT~1\SDHelper.dll
Thu Mar 08 21:05:33 2007 => Scanning File C:\PROGRA~1\SPYBOT~1\SDHelper.dll
Thu Mar 08 21:05:33 2007 => {5CA3D70E-1895-11CF-8E15-001234567890} = C:\WINDOWS\system32\dla\tfswshx.dll
Thu Mar 08 21:05:33 2007 => Scanning File C:\WINDOWS\system32\dla\tfswshx.dll
Thu Mar 08 21:05:33 2007 => {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} = C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll
Thu Mar 08 21:05:33 2007 => Scanning File C:\Programfiler\Java\jre1.5.0_11\bin\ssv.dll
Thu Mar 08 21:05:33 2007 => {9030D464-4C02-4ABF-8ECC-5164760863C6} = C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Thu Mar 08 21:05:33 2007 => Scanning File C:\PROGRA~1\FELLES~1\MICROS~1\WINDOW~1\WINDOW~1.DLL
Thu Mar 08 21:05:33 2007 => {9ECB9560-04F9-4bbc-943D-298DDF1699E1} = C:\Programfiler\Fellesfiler\Symantec Shared\AdBlocking\NISShExt.dll
Thu Mar 08 21:05:33 2007 => Scanning File C:\PROGRA~1\FELLES~1\SYMANT~1\ADBLOC~1\NISShExt.dll
Thu Mar 08 21:05:33 2007 => {AA58ED58-01DD-4d91-8333-CF10577473F7} = c:\programfiler\google\googletoolbar3.dll
Thu Mar 08 21:05:33 2007 => Scanning File c:\programfiler\google\googletoolbar3.dll
Thu Mar 08 21:05:33 2007 => {BDF3E430-B101-42AD-A544-FADC6B084872} = C:\Programfiler\Norton Internet Security\Norton AntiVirus\NavShExt.dll
Thu Mar 08 21:05:33 2007 => Scanning File C:\PROGRA~1\NORTON~1\NORTON~1\NavShExt.dll

Thu Mar 08 21:05:33 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler
Thu Mar 08 21:05:33 2007 => Scanning File C:\WINDOWS\system32\browseui.dll
Thu Mar 08 21:05:33 2007 => Scanning File C:\WINDOWS\system32\browseui.dll

#15 kimgeni

kimgeni
  • Topic Starter

  • Members
  • 104 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NO
  • Local time:05:14 PM

Posted 08 March 2007 - 04:12 PM

I think my PC is running as normal, but I haven't tested any programs. There are 2 others on my network, so my internet is slow right now. Could possibly cause a time problem when Im trying to post. I'll see if I they can log of.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users