Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Logs


  • This topic is locked This topic is locked
22 replies to this topic

#1 elgan

elgan

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 26 May 2007 - 11:50 AM

Logfile of HijackThis v1.99.1
Scan saved at 17:32:38, on 26/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\dennis\My Documents\Hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.iolfree.ie:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Protection Bar - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} - C:\Program Files\Video ActiveX Object\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: ManageEngine NetFlow Analyzer 5 (netflowanalyzer) - Unknown owner - C:\AdventNet\ME\NetFlow\bin\wrapper.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 26 May 2007 - 03:15 PM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum elgan :thumbsup:

Download DelDomains.zip and extract/unzip it to your desktop:
Now right click on Deldomains.inf then click on 'Install'.
After right clicking on Deldomains.inf 'Install' it will have appeared nothing happened,this is normal.
(No need to restart your pc).

*********************

Please download Combofix and save to your desktop:
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.


*********************

Download SmitfraudFix (by S!Ri), to your desktop.
Double click on Smitfraudfix.cmd
Select option #1 – Search, by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy and paste the content of that report into your next reply.

Also post a new Hijackthis log.
Posted Image
Posted Image

#3 elgan

elgan
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 26 May 2007 - 04:55 PM

"dennis" - 2007-05-26 22:27:57 Service Pack 2
ComboFix 07-05.26.3.V - Running from: "C:\Program Files\Mozilla Thunderbird\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


"C:\WINDOWS\NDNuninstall7_48.exe"
"C:\install.log"
"C:\WINDOWS\system32\rlls.dll"
"C:\WINDOWS\system32\rk.bin"
"C:\WINDOWS\system32\rlvknlg.exe"


((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_IPRIP
-------\Iprip
-------\nm


((((((((((((((((((((((((((((((( Files Created from 2007-04-26 to 2007-05-26 ))))))))))))))))))))))))))))))))))


2007-05-26 15:55 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-05-26 15:54 <DIR> d-------- C:\Documents and Settings\dennis\.housecall6.6
2007-05-26 15:54 <DIR> d-------- C:\DOCUME~1\dennis\.housecall6.6
2007-05-26 14:49 <DIR> d-------- C:\DOCUME~1\dennis\APPLIC~1\wsInspector
2007-05-26 14:42 <DIR> d-------- C:\Program Files\Startup Inspector for Windows
2007-05-25 22:25 53,248 --a------ C:\WINDOWS\system32\process.exe
2007-05-25 22:25 126,976 --a------ C:\WINDOWS\system32\zip.exe
2007-05-24 22:08 <DIR> d--hs---- C:\FOUND.032
2007-05-24 21:19 <DIR> d--hs---- C:\FOUND.031
2007-05-24 20:06 <DIR> d--hs---- C:\FOUND.030
2007-05-24 19:47 <DIR> d--hs---- C:\FOUND.029
2007-05-24 19:40 <DIR> d--hs---- C:\FOUND.028
2007-05-23 22:14 6,029,312 --a------ C:\Documents and Settings\dennis\ntuser.dat
2007-05-23 22:14 6,029,312 --a------ C:\DOCUME~1\dennis\ntuser.dat
2007-05-13 21:47 <DIR> d-------- C:\DOCUME~1\dennis\APPLIC~1\Nokia Multimedia Player
2007-05-13 21:38 <DIR> d-------- C:\DOCUME~1\dennis\APPLIC~1\Nokia
2007-05-13 21:22 <DIR> d-------- C:\DOCUME~1\dennis\APPLIC~1\PC Suite
2007-05-13 21:20 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-05-13 21:20 <DIR> d-------- C:\Program Files\Common Files\Nokia
2007-05-08 23:31 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-05 20:17 24 --a------ C:\WINDOWS\system32\msbin.dat


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-04-23 21:30:02 -------- d-----w C:\Program Files\Bmf
2007-04-18 16:12:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 21:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 21:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 21:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 21:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 21:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 21:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 21:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 21:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 21:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2(2).dll
2007-04-16 21:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 21:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-03-31 18:52:48 8,464 ----a-w C:\WINDOWS\system32\sporder.dll
2007-03-31 18:44:12 -------- d-----w C:\Program Files\filesubmit
2007-03-17 13:43:02 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys
2004-08-04 06:56:58 73,728 --sha-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-04-21 15:46]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"none"=C:\Program Files\Video ActiveX Object\pmsngr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=NVDESK32.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
AutoRun\command- G:\LaunchU3.exe


********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-26 22:47:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

disk error: C:\WINDOWS\

please note that you need administrator rights to perform deep scan

********************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\netflowanalyzer]
"ImagePath"="C:\AdventNet\ME\NetFlow\bin\wrapper.exe -s C:\AdventNet\ME\NetFlow\bin\\..\server\default\conf\wrapper.conf"

Completion time: 2007-05-26 22:48:21 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-26 22:47

--- E O F ---

#4 elgan

elgan
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 26 May 2007 - 05:03 PM

SmitFraudFix v2.188

Scan done at 22:54:04.68, 26/05/2007
Run from C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\dennis


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\dennis\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\dennis\FAVORI~1

C:\DOCUME~1\dennis\FAVORI~1\Online Security Test.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="NVDESK32.DLL"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32-xpdt



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.254

Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.254

Description: Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{1960FFD1-0488-401E-9441-A2221C80D546}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{81EFBE6A-A7B0-4597-976E-16E1EA640B66}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{92B76FFC-BC10-49EC-9E82-F3442A643510}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1960FFD1-0488-401E-9441-A2221C80D546}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{81EFBE6A-A7B0-4597-976E-16E1EA640B66}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{92B76FFC-BC10-49EC-9E82-F3442A643510}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{1960FFD1-0488-401E-9441-A2221C80D546}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{81EFBE6A-A7B0-4597-976E-16E1EA640B66}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{92B76FFC-BC10-49EC-9E82-F3442A643510}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

#5 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 26 May 2007 - 05:08 PM

Reboot your computer into SAFE MODE using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Double click on Smitfraudfix.cmd
Select #2 and hit Enter to delete the infected files.
You will be prompted: 'Do you want to clean the registry?' answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): 'Replace infected file ?' answer Y (yes) and hit Enter to restore a clean file.
A reboot may be needed to finish the cleaning process.
The report can be found at the root of the system drive, usually at C:\rapport.txt

Post the smitfraudfix report,and a new Hijack This log into your next reply.
Posted Image
Posted Image

#6 elgan

elgan
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 27 May 2007 - 10:19 AM

SmitFraudFix v2.188

Scan done at 15:35:38.83, 27/05/2007
Run from C:\Documents and Settings\dennis\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\DOCUME~1\dennis\FAVORI~1\Online Security Test.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{1960FFD1-0488-401E-9441-A2221C80D546}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{81EFBE6A-A7B0-4597-976E-16E1EA640B66}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\..\{92B76FFC-BC10-49EC-9E82-F3442A643510}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{1960FFD1-0488-401E-9441-A2221C80D546}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{81EFBE6A-A7B0-4597-976E-16E1EA640B66}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{92B76FFC-BC10-49EC-9E82-F3442A643510}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{1960FFD1-0488-401E-9441-A2221C80D546}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{81EFBE6A-A7B0-4597-976E-16E1EA640B66}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{92B76FFC-BC10-49EC-9E82-F3442A643510}: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

#7 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 27 May 2007 - 10:28 AM

Could you post the new Hijackthis log please.
Let me know how your pc is running now.
Posted Image
Posted Image

#8 elgan

elgan
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 27 May 2007 - 04:19 PM

Logfile of HijackThis v1.99.1
Scan saved at 22:09:47, on 27/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Documents and Settings\dennis\My Documents\Hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.iolfree.ie:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: ManageEngine NetFlow Analyzer 5 (netflowanalyzer) - Unknown owner - C:\AdventNet\ME\NetFlow\bin\wrapper.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

The screen is clean no problems & e-mail is fixed as well. Thank you. It is still slow reacting but that may be somthing else. Once again thanks.

#9 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 27 May 2007 - 04:26 PM

Download\install CleanUp.
Launch CleanUp,then click on 'Options'.
Now move the slider on the left up to 'Standard Cleanup!'.
Click 'Ok',now run the program by clicking on the 'Cleanup' button.
Reboot,or log off/log on when it's finished.

*****************************

Run 'BitDefender Online Scanner' using Internet Explorer:
http://www.bitdefender.com/scan8/ie.html
Read the 'END USER SOFTWARE LICENSE AGREEMENT' then click 'I agree'.
You'll be prompted to install the activex control,please do so.
Once installed,disable your current antivirus program,then click the 'Click here to scan' button.
The virus signatures will then load.
Once loaded the scan will start.
The scan will take quite some time so please be patient.
Once the scan has finished select the 'Detected Problems' tab.
Click on 'Click here to export scan'.
Save the file as an HTML file to your desktop.
Then click on the saved file and allow it to open with your browser.
Go to 'Edit'/'Select All' then copy and paste that log into your next reply.

*Note*
Don't forget to re-enable your antivirus program.

Also let me know how your pc is running now.
Posted Image
Posted Image

#10 elgan

elgan
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 28 May 2007 - 02:55 PM

It took a number of attempts to d/load bitdefender. The system kept crashing. When I try to scan it goes as far as 23% and crashes? Microsoft displayes bdss.exe?
Logfile of HijackThis v1.99.1
Scan saved at 20:50:49, on 28/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\dennis\My Documents\Hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.iolfree.ie:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: ManageEngine NetFlow Analyzer 5 (netflowanalyzer) - Unknown owner - C:\AdventNet\ME\NetFlow\bin\wrapper.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Edited by elgan, 28 May 2007 - 03:22 PM.


#11 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 28 May 2007 - 05:17 PM

You’ve now got BitDefender8 and AVG7 Free antivirus installed.
Not a good idea to have more than one antivirus program installed on your computer.
Each program may interpret the actions of the other as viral, therefore giving you false virus warnings about virus-related activities.
It could also lead to system slowdowns and other problems within the operating system,due to the two conflicting with each other.
You should uninstall one or the other as soon as possible,then restart your pc.

*****************************

Download 'e Scan MWAV' from here to your desktop:
http://www.mwti.net/download/tools/mwav.exe
Disconnect from the internet,close any open programs.
Double click on the mwav icon on your desktop.
The program will start,the Licence Agreement will pop up.
Select 'I accept the agreement',then press Ok.
The program will open,leave all the settings as they are.
Now press the 'Scan & Clean' button.
The program will now start scanning your pc.
Once the scan has finished,post the results from the lower window 'Virus Log Information'.
Posted Image
Posted Image

#12 elgan

elgan
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 29 May 2007 - 05:17 PM

Tue May 29 23:09:14 2007 => **********************************************************
Tue May 29 23:09:14 2007 => MicroWorld Anti Virus & Spyware Toolkit Utility.
Tue May 29 23:09:14 2007 => Copyright © 2003-2006, MicroWorld Technologies Inc.
Tue May 29 23:09:14 2007 => **********************************************************
Tue May 29 23:09:14 2007 => Source: C:\DOCUME~1\dennis\Desktop\mwav.exe
Tue May 29 23:09:14 2007 => Version 9.2.6 (C:\DOCUME~1\dennis\LOCALS~1\Temp\mexe.com)
Tue May 29 23:09:14 2007 => Log File: C:\DOCUME~1\dennis\LOCALS~1\Temp\MWAV.LOG
Tue May 29 23:09:14 2007 => MWAV in SPECIAL PROMOTION MODE.
Tue May 29 23:09:14 2007 => MWAV Registered: TRUE.
Tue May 29 23:09:14 2007 => User Account: dennis
Tue May 29 23:09:14 2007 => OS Type: Windows Workstation
Tue May 29 23:09:14 2007 => OS: Windows XP
Tue May 29 23:09:14 2007 => Ver: Service Pack 2 (Build 2600)
Tue May 29 23:09:14 2007 => Windows Root Folder: C:\WINDOWS
Tue May 29 23:09:14 2007 => Windows Sys32 Folder: C:\WINDOWS\system32
Tue May 29 23:09:14 2007 => DHCP NameServer: 192.168.1.254
Tue May 29 23:09:14 2007 => Interface0 DHCPNameServer: 192.168.1.254
Tue May 29 23:09:14 2007 => Interface1 DHCPNameServer: 192.168.1.254
Tue May 29 23:09:14 2007 => Interface2 DHCPNameServer: 192.168.1.254
Tue May 29 23:09:14 2007 => Local Fixed Drives: c:\
Tue May 29 23:09:14 2007 => MWAV Mode: Scan and Clean files (for viruses, adware and spyware).

Tue May 29 23:09:14 2007 => ********** Files created/modified in last fortnight in Windows Folder **********
Tue May 29 23:09:14 2007 => C:\WINDOWS\win.ini (1064), 28-May-2007
Tue May 29 23:09:14 2007 => C:\WINDOWS\nircmd.exe (49152), 26-May-2007, NirSoft, NirCmd
Tue May 29 23:09:14 2007 => C:\WINDOWS\catchme.exe (87040), 22-May-2007
Tue May 29 23:09:14 2007 => C:\WINDOWS\system32\moveex.exe (38400), 26-May-2007
Tue May 29 23:09:14 2007 => C:\WINDOWS\system32\zip.exe (126976), 25-May-2007
Tue May 29 23:09:14 2007 => C:\WINDOWS\system32\vfind.exe (49152), 26-May-2007
Tue May 29 23:09:14 2007 => ********************************************************************************

Tue May 29 23:09:14 2007 => Latest Date of files inside MWAV: 28 May 2007 11:51:0.
Tue May 29 23:09:20 2007 => AV Library Loaded...
Tue May 29 23:09:20 2007 => MWAV doing self scanning...
Tue May 29 23:09:20 2007 => Scanning File C:\DOCUME~1\dennis\LOCALS~1\Temp\getvlist.exe
Tue May 29 23:09:20 2007 => Scanning File C:\DOCUME~1\dennis\LOCALS~1\Temp\main.avi
Tue May 29 23:09:20 2007 => Scanning File C:\DOCUME~1\dennis\LOCALS~1\Temp\virus.avi
Tue May 29 23:09:20 2007 => Scanning File C:\DOCUME~1\dennis\LOCALS~1\Temp\ScanningProcess.exe
Tue May 29 23:09:20 2007 => Scanning File C:\DOCUME~1\dennis\LOCALS~1\Temp\kave.dll
Tue May 29 23:09:20 2007 => Scanning File C:\DOCUME~1\dennis\LOCALS~1\Temp\prloader.dll
Tue May 29 23:09:20 2007 => MWAV files are clean.
Tue May 29 23:09:54 2007 => Virus Database Date: 5/28/2007
Tue May 29 23:09:54 2007 => Virus Database Count: 332426

Tue May 29 23:10:01 2007 => **********************************************************
Tue May 29 23:10:01 2007 => MicroWorld Anti Virus & Spyware Toolkit Utility.
Tue May 29 23:10:01 2007 => Copyright © 2003-2006, MicroWorld Technologies Inc.
Tue May 29 23:10:01 2007 =>
Tue May 29 23:10:01 2007 => Support: support@mwti.net
Tue May 29 23:10:01 2007 => Web: http://www.mwti.net
Tue May 29 23:10:01 2007 => **********************************************************
Tue May 29 23:10:01 2007 => Version 9.2.6 (C:\DOCUME~1\dennis\LOCALS~1\Temp\mexe.com)
Tue May 29 23:10:01 2007 => Log File: C:\DOCUME~1\dennis\LOCALS~1\Temp\MWAV.LOG
Tue May 29 23:10:01 2007 => User Account: dennis
Tue May 29 23:10:01 2007 => Windows Root Folder: C:\WINDOWS
Tue May 29 23:10:01 2007 => Windows Sys32 Folder: C:\WINDOWS\system32
Tue May 29 23:10:01 2007 => OS: Windows XP
Tue May 29 23:10:01 2007 => Ver: Service Pack 2 (Build 2600)
Tue May 29 23:10:01 2007 => Latest Date of files inside MWAV: 28 May 2007 11:51:0.

Tue May 29 23:10:01 2007 => Options Selected by User:
Tue May 29 23:10:01 2007 => Memory Check: Enabled
Tue May 29 23:10:01 2007 => Registry Check: Enabled
Tue May 29 23:10:01 2007 => StartUp Folder Check: Enabled
Tue May 29 23:10:01 2007 => System Folder Check: Enabled
Tue May 29 23:10:01 2007 => System Area Check: Disabled
Tue May 29 23:10:01 2007 => Services Check: Enabled
Tue May 29 23:10:01 2007 => Drive Check Option Disabled
Tue May 29 23:10:01 2007 => Folder Check: Disabled

Tue May 29 23:10:01 2007 => ***** Scanning Memory Files *****
Tue May 29 23:10:01 2007 => Scanning File C:\WINDOWS\System32\smss.exe
Tue May 29 23:10:02 2007 => Scanning File C:\WINDOWS\system32\ntdll.dll
Tue May 29 23:10:02 2007 => Scanning File C:\WINDOWS\SYSTEM32\CSRSS.EXE
Tue May 29 23:10:02 2007 => Scanning File C:\WINDOWS\system32\CSRSRV.dll
Tue May 29 23:10:02 2007 => Scanning File C:\WINDOWS\system32\basesrv.dll
Tue May 29 23:10:02 2007 => Scanning File C:\WINDOWS\system32\winsrv.dll
Tue May 29 23:10:02 2007 => Scanning File C:\WINDOWS\system32\GDI32.dll
Tue May 29 23:10:02 2007 => Scanning File C:\WINDOWS\system32\KERNEL32.dll
Tue May 29 23:10:02 2007 => Scanning File C:\WINDOWS\system32\USER32.dll
Tue May 29 23:10:02 2007 => Scanning File C:\WINDOWS\system32\sxs.dll
Tue May 29 23:10:02 2007 => Scanning File C:\WINDOWS\system32\ADVAPI32.dll
Tue May 29 23:10:02 2007 => Scanning File C:\WINDOWS\system32\RPCRT4.dll
Tue May 29 23:10:02 2007 => Scanning File C:\WINDOWS\system32\Apphelp.dll
Tue May 29 23:10:02 2007 => Scanning File C:\WINDOWS\system32\VERSION.dll
Tue May 29 23:10:02 2007 => Scanning File C:\WINDOWS\SYSTEM32\WINLOGON.EXE
Tue May 29 23:10:02 2007 => Scanning File C:\WINDOWS\system32\AUTHZ.dll
Tue May 29 23:10:02 2007 => Scanning File C:\WINDOWS\system32\msvcrt.dll
Tue May 29 23:10:02 2007 => Scanning File C:\WINDOWS\system32\CRYPT32.dll
Tue May 29 23:10:02 2007 => Scanning File C:\WINDOWS\system32\MSASN1.dll
Tue May 29 23:10:03 2007 => Scanning File C:\WINDOWS\system32\NDdeApi.dll
Tue May 29 23:10:03 2007 => Scanning File C:\WINDOWS\system32\PROFMAP.dll
Tue May 29 23:10:03 2007 => Scanning File C:\WINDOWS\system32\NETAPI32.dll
Tue May 29 23:10:03 2007 => Scanning File C:\WINDOWS\system32\USERENV.dll
Tue May 29 23:10:03 2007 => Scanning File C:\WINDOWS\system32\PSAPI.DLL
Tue May 29 23:10:03 2007 => Scanning File C:\WINDOWS\system32\REGAPI.dll
Tue May 29 23:10:03 2007 => Scanning File C:\WINDOWS\system32\Secur32.dll
Tue May 29 23:10:03 2007 => Scanning File C:\WINDOWS\system32\SETUPAPI.dll
Tue May 29 23:10:03 2007 => Scanning File C:\WINDOWS\system32\WINSTA.dll
Tue May 29 23:10:03 2007 => Scanning File C:\WINDOWS\system32\WINTRUST.dll
Tue May 29 23:10:03 2007 => Scanning File C:\WINDOWS\system32\IMAGEHLP.dll
Tue May 29 23:10:03 2007 => Scanning File C:\WINDOWS\system32\WS2_32.dll
Tue May 29 23:10:03 2007 => Scanning File C:\WINDOWS\system32\WS2HELP.dll
Tue May 29 23:10:03 2007 => Scanning File C:\WINDOWS\system32\IMM32.DLL
Tue May 29 23:10:03 2007 => Scanning File C:\WINDOWS\system32\NVDESK32.DLL
Tue May 29 23:10:03 2007 => Scanning File C:\WINDOWS\system32\MSGINA.dll
Tue May 29 23:10:03 2007 => Scanning File C:\WINDOWS\system32\SHELL32.dll
Tue May 29 23:10:04 2007 => Scanning File C:\WINDOWS\system32\SHLWAPI.dll
Tue May 29 23:10:04 2007 => Scanning File C:\WINDOWS\system32\COMCTL32.dll
Tue May 29 23:10:04 2007 => Scanning File C:\WINDOWS\system32\ODBC32.dll
Tue May 29 23:10:04 2007 => Scanning File C:\WINDOWS\system32\comdlg32.dll
Tue May 29 23:10:04 2007 => Scanning File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
Tue May 29 23:10:04 2007 => Scanning File C:\WINDOWS\system32\odbcint.dll
Tue May 29 23:10:04 2007 => Scanning File C:\WINDOWS\system32\SHSVCS.dll
Tue May 29 23:10:04 2007 => Scanning File C:\WINDOWS\system32\sfc.dll
Tue May 29 23:10:04 2007 => Scanning File C:\WINDOWS\system32\sfc_os.dll
Tue May 29 23:10:04 2007 => Scanning File C:\WINDOWS\system32\ole32.dll
Tue May 29 23:10:04 2007 => Scanning File C:\WINDOWS\system32\msctfime.ime
Tue May 29 23:10:04 2007 => Scanning File C:\WINDOWS\system32\WINSCARD.DLL
Tue May 29 23:10:04 2007 => Scanning File C:\WINDOWS\system32\WTSAPI32.dll
Tue May 29 23:10:04 2007 => Scanning File C:\WINDOWS\system32\uxtheme.dll
Tue May 29 23:10:04 2007 => Scanning File C:\WINDOWS\system32\WINMM.dll
Tue May 29 23:10:04 2007 => Scanning File C:\WINDOWS\system32\cscdll.dll
Tue May 29 23:10:04 2007 => Scanning File C:\WINDOWS\system32\WlNotify.dll
Tue May 29 23:10:04 2007 => Scanning File C:\WINDOWS\system32\WINSPOOL.DRV
Tue May 29 23:10:04 2007 => Scanning File C:\WINDOWS\system32\MPR.dll
Tue May 29 23:10:04 2007 => Scanning File C:\WINDOWS\system32\rsaenh.dll
Tue May 29 23:10:04 2007 => Scanning File C:\WINDOWS\system32\WgaLogon.dll
Tue May 29 23:10:04 2007 => Scanning File C:\WINDOWS\system32\OLEAUT32.dll
Tue May 29 23:10:05 2007 => Scanning File C:\WINDOWS\system32\NTMARTA.DLL
Tue May 29 23:10:05 2007 => Scanning File C:\WINDOWS\system32\WLDAP32.dll
Tue May 29 23:10:05 2007 => Scanning File C:\WINDOWS\system32\SAMLIB.dll
Tue May 29 23:10:05 2007 => Scanning File C:\WINDOWS\system32\CLBCATQ.DLL
Tue May 29 23:10:05 2007 => Scanning File C:\WINDOWS\system32\COMRes.dll
Tue May 29 23:10:05 2007 => Scanning File C:\WINDOWS\system32\msv1_0.dll
Tue May 29 23:10:05 2007 => Scanning File C:\WINDOWS\system32\iphlpapi.dll
Tue May 29 23:10:05 2007 => Scanning File C:\WINDOWS\system32\cscui.dll
Tue May 29 23:10:05 2007 => Scanning File C:\WINDOWS\system32\xpsp2res.dll
Tue May 29 23:10:06 2007 => Scanning File C:\WINDOWS\system32\wdmaud.drv
Tue May 29 23:10:06 2007 => Scanning File C:\WINDOWS\system32\msacm32.drv
Tue May 29 23:10:06 2007 => Scanning File C:\WINDOWS\system32\MSACM32.dll
Tue May 29 23:10:06 2007 => Scanning File C:\WINDOWS\system32\midimap.dll
Tue May 29 23:10:06 2007 => Scanning File C:\WINDOWS\system32\services.exe
Tue May 29 23:10:06 2007 => Scanning File C:\WINDOWS\system32\SCESRV.dll
Tue May 29 23:10:06 2007 => Scanning File C:\WINDOWS\system32\umpnpmgr.dll
Tue May 29 23:10:06 2007 => Scanning File C:\WINDOWS\system32\NCObjAPI.DLL
Tue May 29 23:10:06 2007 => Scanning File C:\WINDOWS\system32\MSVCP60.dll
Tue May 29 23:10:06 2007 => Scanning File C:\WINDOWS\system32\ShimEng.dll
Tue May 29 23:10:06 2007 => Scanning File C:\WINDOWS\AppPatch\AcAdProc.dll
Tue May 29 23:10:06 2007 => Scanning File C:\WINDOWS\system32\eventlog.dll
Tue May 29 23:10:06 2007 => Scanning File C:\WINDOWS\system32\lsass.exe
Tue May 29 23:10:06 2007 => Scanning File C:\WINDOWS\system32\LSASRV.dll
Tue May 29 23:10:06 2007 => Scanning File C:\WINDOWS\system32\NTDSAPI.dll
Tue May 29 23:10:06 2007 => Scanning File C:\WINDOWS\system32\DNSAPI.dll
Tue May 29 23:10:06 2007 => Scanning File C:\WINDOWS\system32\SAMSRV.dll
Tue May 29 23:10:07 2007 => Scanning File C:\WINDOWS\system32\cryptdll.dll
Tue May 29 23:10:07 2007 => Scanning File C:\WINDOWS\AppPatch\AcGenral.DLL
Tue May 29 23:10:07 2007 => Scanning File C:\WINDOWS\system32\msprivs.dll
Tue May 29 23:10:07 2007 => Scanning File C:\WINDOWS\system32\kerberos.dll
Tue May 29 23:10:07 2007 => Scanning File C:\WINDOWS\system32\netlogon.dll
Tue May 29 23:10:07 2007 => Scanning File C:\WINDOWS\system32\w32time.dll
Tue May 29 23:10:07 2007 => Scanning File C:\WINDOWS\system32\schannel.dll
Tue May 29 23:10:07 2007 => Scanning File C:\WINDOWS\system32\wdigest.dll
Tue May 29 23:10:07 2007 => Scanning File C:\WINDOWS\system32\nwprovau.dll
Tue May 29 23:10:07 2007 => Scanning File C:\WINDOWS\system32\scecli.dll
Tue May 29 23:10:07 2007 => Scanning File C:\WINDOWS\system32\ipsecsvc.dll
Tue May 29 23:10:07 2007 => Scanning File C:\WINDOWS\system32\oakley.DLL
Tue May 29 23:10:07 2007 => Scanning File C:\WINDOWS\system32\WINIPSEC.DLL
Tue May 29 23:10:07 2007 => Scanning File C:\WINDOWS\system32\pstorsvc.dll
Tue May 29 23:10:07 2007 => Scanning File C:\WINDOWS\system32\psbase.dll
Tue May 29 23:10:07 2007 => Scanning File C:\WINDOWS\system32\mswsock.dll
Tue May 29 23:10:07 2007 => Scanning File C:\WINDOWS\system32\hnetcfg.dll
Tue May 29 23:10:07 2007 => Scanning File C:\WINDOWS\System32\wshtcpip.dll
Tue May 29 23:10:07 2007 => Scanning File C:\WINDOWS\system32\dssenh.dll
Tue May 29 23:10:07 2007 => Scanning File C:\WINDOWS\System32\wship6.dll
Tue May 29 23:10:07 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Tue May 29 23:10:07 2007 => Scanning File c:\windows\system32\rpcss.dll
Tue May 29 23:10:07 2007 => Scanning File c:\windows\system32\termsrv.dll
Tue May 29 23:10:07 2007 => Scanning File c:\windows\system32\ICAAPI.dll
Tue May 29 23:10:08 2007 => Scanning File c:\windows\system32\mstlsapi.dll
Tue May 29 23:10:08 2007 => Scanning File c:\windows\system32\ACTIVEDS.dll
Tue May 29 23:10:08 2007 => Scanning File c:\windows\system32\adsldpc.dll
Tue May 29 23:10:08 2007 => Scanning File c:\windows\system32\ATL.DLL
Tue May 29 23:10:08 2007 => Scanning File C:\WINDOWS\System32\wshisn.dll
Tue May 29 23:10:08 2007 => Scanning File C:\WINDOWS\system32\WSOCK32.dll
Tue May 29 23:10:08 2007 => Scanning File C:\WINDOWS\System32\winrnr.dll
Tue May 29 23:10:08 2007 => Scanning File C:\WINDOWS\system32\pnrpnsp.dll
Tue May 29 23:10:08 2007 => Scanning File C:\WINDOWS\system32\rasadhlp.dll
Tue May 29 23:10:08 2007 => Scanning File c:\windows\system32\dhcpcsvc.dll
Tue May 29 23:10:08 2007 => Scanning File c:\windows\system32\wzcsvc.dll
Tue May 29 23:10:08 2007 => Scanning File c:\windows\system32\rtutils.dll
Tue May 29 23:10:08 2007 => Scanning File c:\windows\system32\WMI.dll
Tue May 29 23:10:08 2007 => Scanning File c:\windows\system32\ESENT.dll
Tue May 29 23:10:08 2007 => Scanning File C:\WINDOWS\System32\rastls.dll
Tue May 29 23:10:08 2007 => Scanning File C:\WINDOWS\system32\CRYPTUI.dll
Tue May 29 23:10:08 2007 => Scanning File C:\WINDOWS\system32\WININET.dll
Tue May 29 23:10:08 2007 => Scanning File C:\WINDOWS\system32\Normaliz.dll
Tue May 29 23:10:08 2007 => Scanning File C:\WINDOWS\system32\iertutil.dll
Tue May 29 23:10:08 2007 => Scanning File C:\WINDOWS\System32\MPRAPI.dll
Tue May 29 23:10:08 2007 => Scanning File C:\WINDOWS\System32\RASAPI32.dll
Tue May 29 23:10:08 2007 => Scanning File C:\WINDOWS\System32\rasman.dll
Tue May 29 23:10:08 2007 => Scanning File C:\WINDOWS\System32\TAPI32.dll
Tue May 29 23:10:08 2007 => Scanning File C:\WINDOWS\System32\raschap.dll
Tue May 29 23:10:08 2007 => Scanning File c:\windows\system32\schedsvc.dll
Tue May 29 23:10:08 2007 => Scanning File C:\WINDOWS\System32\MSIDLE.DLL
Tue May 29 23:10:09 2007 => Scanning File c:\windows\system32\audiosrv.dll
Tue May 29 23:10:09 2007 => Scanning File c:\windows\system32\wkssvc.dll
Tue May 29 23:10:09 2007 => Scanning File c:\windows\system32\nwwks.dll
Tue May 29 23:10:09 2007 => Scanning File c:\windows\system32\NWAPI32.dll
Tue May 29 23:10:09 2007 => Scanning File c:\windows\system32\cryptsvc.dll
Tue May 29 23:10:09 2007 => Scanning File c:\windows\system32\certcli.dll
Tue May 29 23:10:09 2007 => Scanning File c:\windows\system32\dmserver.dll
Tue May 29 23:10:09 2007 => Scanning File c:\windows\system32\ersvc.dll
Tue May 29 23:10:09 2007 => Scanning File c:\windows\system32\es.dll
Tue May 29 23:10:09 2007 => Scanning File c:\windows\pchealth\helpctr\binaries\pchsvc.dll
Tue May 29 23:10:09 2007 => Scanning File c:\windows\system32\srvsvc.dll
Tue May 29 23:10:09 2007 => Scanning File c:\windows\system32\netman.dll
Tue May 29 23:10:09 2007 => Scanning File c:\windows\system32\netshell.dll
Tue May 29 23:10:09 2007 => Scanning File c:\windows\system32\credui.dll
Tue May 29 23:10:09 2007 => Scanning File c:\windows\system32\WZCSAPI.DLL
Tue May 29 23:10:09 2007 => Scanning File c:\windows\system32\seclogon.dll
Tue May 29 23:10:09 2007 => Scanning File c:\windows\system32\sens.dll
Tue May 29 23:10:09 2007 => Scanning File c:\windows\system32\srsvc.dll
Tue May 29 23:10:09 2007 => Scanning File c:\windows\system32\POWRPROF.dll
Tue May 29 23:10:09 2007 => Scanning File c:\windows\system32\tapisrv.dll
Tue May 29 23:10:09 2007 => Scanning File c:\windows\system32\wbem\wmisvc.dll
Tue May 29 23:10:09 2007 => Scanning File C:\WINDOWS\system32\VSSAPI.DLL
Tue May 29 23:10:09 2007 => Scanning File c:\windows\system32\trkwks.dll
Tue May 29 23:10:09 2007 => Scanning File c:\windows\system32\wuauserv.dll
Tue May 29 23:10:09 2007 => Scanning File C:\WINDOWS\system32\wuaueng.dll
Tue May 29 23:10:10 2007 => Scanning File C:\WINDOWS\System32\WINHTTP.dll
Tue May 29 23:10:10 2007 => Scanning File C:\WINDOWS\System32\Cabinet.dll
Tue May 29 23:10:10 2007 => Scanning File C:\WINDOWS\System32\mspatcha.dll
Tue May 29 23:10:10 2007 => Scanning File C:\WINDOWS\system32\comsvcs.dll
Tue May 29 23:10:10 2007 => Scanning File C:\WINDOWS\system32\colbact.DLL
Tue May 29 23:10:10 2007 => Scanning File C:\WINDOWS\system32\MTXCLU.DLL
Tue May 29 23:10:10 2007 => Scanning File C:\WINDOWS\System32\CLUSAPI.DLL
Tue May 29 23:10:10 2007 => Scanning File C:\WINDOWS\System32\RESUTILS.DLL
Tue May 29 23:10:10 2007 => Scanning File c:\windows\system32\6to4svc.dll
Tue May 29 23:10:10 2007 => Scanning File c:\windows\system32\ipnathlp.dll
Tue May 29 23:10:10 2007 => Scanning File c:\windows\system32\rasmans.dll
Tue May 29 23:10:10 2007 => Scanning File c:\windows\system32\netcfgx.dll
Tue May 29 23:10:10 2007 => Scanning File c:\windows\system32\browser.dll
Tue May 29 23:10:10 2007 => Scanning File c:\windows\system32\wscsvc.dll
Tue May 29 23:10:10 2007 => Scanning File c:\windows\system32\msi.dll
Tue May 29 23:10:11 2007 => Scanning File C:\WINDOWS\System32\wbem\wbemcomn.dll
Tue May 29 23:10:11 2007 => Scanning File C:\WINDOWS\System32\Wbem\wbemcore.dll
Tue May 29 23:10:11 2007 => Scanning File C:\WINDOWS\System32\Wbem\esscli.dll
Tue May 29 23:10:11 2007 => Scanning File C:\WINDOWS\System32\Wbem\FastProx.dll
Tue May 29 23:10:11 2007 => Scanning File C:\WINDOWS\System32\wbem\wbemsvc.dll
Tue May 29 23:10:11 2007 => Scanning File C:\WINDOWS\System32\wbem\wmiutils.dll
Tue May 29 23:10:11 2007 => Scanning File C:\WINDOWS\System32\wbem\repdrvfs.dll
Tue May 29 23:10:11 2007 => Scanning File C:\WINDOWS\System32\wbem\wmiprvsd.dll
Tue May 29 23:10:11 2007 => Scanning File C:\WINDOWS\System32\wbem\wbemess.dll
Tue May 29 23:10:11 2007 => Scanning File C:\WINDOWS\System32\wbem\ncprov.dll
Tue May 29 23:10:11 2007 => Scanning File C:\WINDOWS\System32\rastapi.dll
Tue May 29 23:10:11 2007 => Scanning File C:\WINDOWS\System32\unimdm.tsp
Tue May 29 23:10:11 2007 => Scanning File C:\WINDOWS\System32\uniplat.dll
Tue May 29 23:10:11 2007 => Scanning File C:\WINDOWS\System32\kmddsp.tsp
Tue May 29 23:10:11 2007 => Scanning File C:\WINDOWS\System32\ndptsp.tsp
Tue May 29 23:10:11 2007 => Scanning File C:\WINDOWS\System32\ipconf.tsp
Tue May 29 23:10:11 2007 => Scanning File C:\WINDOWS\System32\h323.tsp
Tue May 29 23:10:11 2007 => Scanning File C:\WINDOWS\System32\hidphone.tsp
Tue May 29 23:10:11 2007 => Scanning File C:\WINDOWS\System32\HID.DLL
Tue May 29 23:10:11 2007 => Scanning File C:\WINDOWS\System32\rasppp.dll
Tue May 29 23:10:11 2007 => Scanning File C:\WINDOWS\System32\ntlsapi.dll
Tue May 29 23:10:11 2007 => Scanning File C:\WINDOWS\System32\ipxwan.dll
Tue May 29 23:10:12 2007 => Scanning File C:\WINDOWS\System32\adptif.dll
Tue May 29 23:10:12 2007 => Scanning File c:\windows\system32\rasauto.dll
Tue May 29 23:10:12 2007 => Scanning File C:\WINDOWS\System32\icmp.dll
Tue May 29 23:10:12 2007 => Scanning File C:\WINDOWS\System32\upnp.dll
Tue May 29 23:10:12 2007 => Scanning File C:\WINDOWS\System32\SSDPAPI.dll
Tue May 29 23:10:12 2007 => Scanning File C:\WINDOWS\System32\RASDLG.dll
Tue May 29 23:10:12 2007 => Scanning File C:\WINDOWS\system32\urlmon.dll
Tue May 29 23:10:12 2007 => Scanning File C:\WINDOWS\System32\NETRAP.dll
Tue May 29 23:10:12 2007 => Scanning File C:\WINDOWS\system32\wups2.dll
Tue May 29 23:10:12 2007 => Scanning File C:\WINDOWS\system32\advpack.dll
Tue May 29 23:10:12 2007 => Scanning File C:\WINDOWS\System32\dpnhupnp.dll
Tue May 29 23:10:12 2007 => Scanning File C:\WINDOWS\System32\wbem\wbemprox.dll
Tue May 29 23:10:12 2007 => Scanning File c:\windows\system32\dnsrslvr.dll
Tue May 29 23:10:12 2007 => Scanning File c:\windows\system32\lmhsvc.dll
Tue May 29 23:10:12 2007 => Scanning File c:\windows\system32\webclnt.dll
Tue May 29 23:10:12 2007 => Scanning File c:\windows\system32\regsvc.dll
Tue May 29 23:10:12 2007 => Scanning File c:\windows\system32\ssdpsrv.dll
Tue May 29 23:10:12 2007 => Scanning File C:\WINDOWS\System32\httpapi.dll
Tue May 29 23:10:12 2007 => Scanning File C:\WINDOWS\system32\spoolsv.exe
Tue May 29 23:10:12 2007 => Scanning File C:\WINDOWS\system32\SPOOLSS.DLL
Tue May 29 23:10:12 2007 => Scanning File C:\WINDOWS\system32\localspl.dll
Tue May 29 23:10:12 2007 => Scanning File C:\WINDOWS\system32\lxctlmpm.dll
Tue May 29 23:10:12 2007 => Scanning File C:\WINDOWS\system32\cfgMgr32.dll
Tue May 29 23:10:12 2007 => Scanning File C:\WINDOWS\system32\bwprnmon.dll
Tue May 29 23:10:12 2007 => Scanning File C:\WINDOWS\system32\cnbjmon.dll
Tue May 29 23:10:13 2007 => Scanning File C:\WINDOWS\system32\E_SL2302.DLL
Tue May 29 23:10:13 2007 => Scanning File C:\WINDOWS\system32\lxctpmon.dll
Tue May 29 23:10:13 2007 => Scanning File C:\WINDOWS\system32\IMGMAN32.dll
Tue May 29 23:10:13 2007 => Scanning File C:\WINDOWS\system32\IM31IMG.DIL
Tue May 29 23:10:13 2007 => Scanning File C:\PROGRA~1\LEXMAR~1\FxCtrStr.dll
Tue May 29 23:10:13 2007 => Scanning File C:\PROGRA~1\LEXMAR~1\ipcmt.dll
Tue May 29 23:10:13 2007 => Scanning File C:\WINDOWS\system32\lxctpmrc.dll
Tue May 29 23:10:13 2007 => Scanning File C:\WINDOWS\system32\lprmon.dll
Tue May 29 23:10:13 2007 => Scanning File C:\WINDOWS\system32\LPRHELP.dll
Tue May 29 23:10:13 2007 => Scanning File C:\WINDOWS\system32\pjlmon.dll
Tue May 29 23:10:13 2007 => Scanning File C:\WINDOWS\system32\tcpmon.dll
Tue May 29 23:10:13 2007 => Scanning File C:\WINDOWS\system32\usbmon.dll
Tue May 29 23:10:13 2007 => Scanning File C:\WINDOWS\System32\spool\PRTPROCS\W32X86\lxctdrpp.dll
Tue May 29 23:10:13 2007 => Scanning File C:\WINDOWS\system32\win32spl.dll
Tue May 29 23:10:13 2007 => Scanning File C:\WINDOWS\system32\inetpp.dll
Tue May 29 23:10:13 2007 => Scanning File C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxctdrui.dll
Tue May 29 23:10:13 2007 => Scanning File C:\WINDOWS\system32\mscms.dll
Tue May 29 23:10:13 2007 => Scanning File C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxctPRPR.DLL
Tue May 29 23:10:13 2007 => Scanning File C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxctCFG.dll
Tue May 29 23:10:13 2007 => Scanning File C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxctdr.dll
Tue May 29 23:10:13 2007 => Scanning File C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxctHPEC.DLL
Tue May 29 23:10:13 2007 => Scanning File C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxctflib.dll
Tue May 29 23:10:13 2007 => Scanning File C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxcttsfw.dll
Tue May 29 23:10:13 2007 => Scanning File C:\WINDOWS\system32\lxctcomc.dll
Tue May 29 23:10:14 2007 => Scanning File C:\WINDOWS\Explorer.EXE
Tue May 29 23:10:14 2007 => Scanning File C:\WINDOWS\system32\BROWSEUI.dll
Tue May 29 23:10:14 2007 => Scanning File C:\WINDOWS\system32\SHDOCVW.dll
Tue May 29 23:10:14 2007 => Scanning File C:\WINDOWS\System32\themeui.dll
Tue May 29 23:10:14 2007 => Scanning File C:\WINDOWS\System32\MSIMG32.dll
Tue May 29 23:10:14 2007 => Scanning File C:\WINDOWS\system32\actxprxy.dll
Tue May 29 23:10:14 2007 => Scanning File C:\WINDOWS\system32\ieframe.dll
Tue May 29 23:10:14 2007 => Scanning File C:\WINDOWS\system32\mshtml.dll
Tue May 29 23:10:15 2007 => Scanning File C:\WINDOWS\system32\msls31.dll
Tue May 29 23:10:15 2007 => Scanning File C:\WINDOWS\system32\LINKINFO.dll
Tue May 29 23:10:15 2007 => Scanning File C:\WINDOWS\system32\ntshrui.dll
Tue May 29 23:10:15 2007 => Scanning File C:\WINDOWS\system32\MSCTF.dll
Tue May 29 23:10:15 2007 => Scanning File C:\WINDOWS\system32\MLANG.dll
Tue May 29 23:10:15 2007 => Scanning File C:\WINDOWS\system32\sensapi.dll
Tue May 29 23:10:15 2007 => Scanning File C:\WINDOWS\System32\msimtf.dll
Tue May 29 23:10:15 2007 => Scanning File C:\WINDOWS\system32\webcheck.dll
Tue May 29 23:10:15 2007 => Scanning File C:\WINDOWS\System32\stobject.dll
Tue May 29 23:10:15 2007 => Scanning File C:\WINDOWS\System32\BatMeter.dll
Tue May 29 23:10:15 2007 => Scanning File C:\WINDOWS\system32\upnpui.dll
Tue May 29 23:10:15 2007 => Scanning File C:\WINDOWS\system32\WPDShServiceObj.dll
Tue May 29 23:10:15 2007 => Scanning File C:\WINDOWS\System32\mydocs.dll
Tue May 29 23:10:15 2007 => Scanning File C:\PROGRA~1\Nokia\NOKIAP~1\PHONEB~1.DLL
Tue May 29 23:10:15 2007 => Scanning File C:\PROGRA~1\Nokia\NOKIAP~1\PCSCM.dll
Tue May 29 23:10:15 2007 => Scanning File C:\WINDOWS\system32\OLEPRO32.DLL
Tue May 29 23:10:15 2007 => Scanning File C:\WINDOWS\system32\PortableDeviceTypes.dll
Tue May 29 23:10:15 2007 => Scanning File C:\WINDOWS\system32\PortableDeviceApi.dll
Tue May 29 23:10:15 2007 => Scanning File C:\WINDOWS\system32\msxml3.dll
Tue May 29 23:10:15 2007 => Scanning File C:\WINDOWS\System32\drprov.dll
Tue May 29 23:10:15 2007 => Scanning File C:\WINDOWS\System32\ntlanman.dll
Tue May 29 23:10:15 2007 => Scanning File C:\WINDOWS\System32\NETUI0.dll
Tue May 29 23:10:15 2007 => Scanning File C:\WINDOWS\System32\NETUI1.dll
Tue May 29 23:10:16 2007 => Scanning File C:\WINDOWS\System32\davclnt.dll
Tue May 29 23:10:16 2007 => Scanning File C:\WINDOWS\system32\printui.dll
Tue May 29 23:10:16 2007 => Scanning File C:\WINDOWS\system32\wzcdlg.dll
Tue May 29 23:10:16 2007 => Scanning File C:\PROGRA~1\Java\JRE16~1.0_0\bin\jusched.exe
Tue May 29 23:10:16 2007 => Scanning File C:\PROGRA~1\Java\JRE16~1.0_0\bin\MSVCR71.dll
Tue May 29 23:10:16 2007 => Scanning File C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
Tue May 29 23:10:16 2007 => Scanning File C:\PROGRA~1\Softwin\BITDEF~1\bdch.dll
Tue May 29 23:10:16 2007 => Scanning File C:\PROGRA~1\Softwin\BITDEF~1\bdsubmit.dll
Tue May 29 23:10:16 2007 => Scanning File C:\WINDOWS\system32\MSVCP71.dll
Tue May 29 23:10:16 2007 => Scanning File C:\WINDOWS\system32\MSVCR71.dll
Tue May 29 23:10:16 2007 => Scanning File C:\PROGRA~1\Softwin\BITDEF~1\procinf.dll
Tue May 29 23:10:16 2007 => Scanning File C:\WINDOWS\system32\XCOMM.dll
Tue May 29 23:10:16 2007 => Scanning File C:\PROGRA~1\Softwin\BITDEF~1\TxTools.dll
Tue May 29 23:10:16 2007 => Scanning File C:\WINDOWS\system32\MFC71.DLL
Tue May 29 23:10:16 2007 => Scanning File C:\PROGRA~1\Softwin\BITDEF~1\popup.dll
Tue May 29 23:10:16 2007 => Scanning File C:\PROGRA~1\Softwin\BITDEF~1\main.dll
Tue May 29 23:10:16 2007 => Scanning File C:\PROGRA~1\Softwin\BITDEF~1\ANTIVI~1.DLL
Tue May 29 23:10:16 2007 => Scanning File C:\PROGRA~1\Softwin\BITDEF~1\live.dll
Tue May 29 23:10:17 2007 => Scanning File C:\PROGRA~1\Softwin\BITDEF~1\HTTPGETF.dll
Tue May 29 23:10:17 2007 => Scanning File C:\PROGRA~1\Softwin\BITDEF~1\zlib.dll
Tue May 29 23:10:17 2007 => Scanning File C:\WINDOWS\system32\CRTDLL.dll
Tue May 29 23:10:17 2007 => Scanning File C:\PROGRA~1\Softwin\BITDEF~1\getfile.dll
Tue May 29 23:10:17 2007 => Scanning File C:\PROGRA~1\Softwin\BITDEF~1\vscan.dll
Tue May 29 23:10:17 2007 => Scanning File C:\PROGRA~1\Softwin\BITDEF~1\schface.dll
Tue May 29 23:10:17 2007 => Scanning File C:\PROGRA~1\Softwin\BITDEF~1\schcore.dll
Tue May 29 23:10:17 2007 => Scanning File C:\PROGRA~1\Softwin\BITDEF~1\quar.dll
Tue May 29 23:10:17 2007 => Scanning File C:\WINDOWS\system32\URL.dll
Tue May 29 23:10:17 2007 => Scanning File C:\PROGRA~1\Softwin\BITDEF~1\report.dll
Tue May 29 23:10:17 2007 => Scanning File C:\PROGRA~1\Softwin\BITDEF~1\quarcore.dll
Tue May 29 23:10:17 2007 => Scanning File C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
Tue May 29 23:10:17 2007 => Scanning File C:\WINDOWS\system32\ctfmon.exe
Tue May 29 23:10:17 2007 => Scanning File C:\WINDOWS\system32\MSUTB.dll
Tue May 29 23:10:17 2007 => Scanning File C:\PROGRA~1\COMMON~1\EPSON\EBAPI\SAgent2.exe
Tue May 29 23:10:17 2007 => Scanning File C:\WINDOWS\system32\EBAPI2.DLL
Tue May 29 23:10:17 2007 => Scanning File C:\PROGRA~1\COMMON~1\EPSON\EBAPI\EBPLPT.DLL
Tue May 29 23:10:17 2007 => Scanning File C:\WINDOWS\system32\lxctcoms.exe
Tue May 29 23:10:17 2007 => Scanning File C:\WINDOWS\System32\nvsvc32.exe
Tue May 29 23:10:17 2007 => Scanning File C:\WINDOWS\system32\tcpsvcs.exe
Tue May 29 23:10:18 2007 => Scanning File C:\WINDOWS\system32\simptcp.dll
Tue May 29 23:10:18 2007 => Scanning File C:\WINDOWS\System32\snmp.exe
Tue May 29 23:10:18 2007 => Scanning File C:\WINDOWS\System32\snmpapi.dll
Tue May 29 23:10:18 2007 => Scanning File C:\WINDOWS\System32\lmmib2.dll
Tue May 29 23:10:18 2007 => Scanning File C:\WINDOWS\System32\inetmib1.dll
Tue May 29 23:10:18 2007 => Scanning File C:\WINDOWS\System32\hostmib.dll
Tue May 29 23:10:18 2007 => Scanning File C:\WINDOWS\System32\snmpmib.dll
Tue May 29 23:10:18 2007 => Scanning File C:\WINDOWS\System32\evntagnt.dll
Tue May 29 23:10:18 2007 => Scanning File C:\WINDOWS\System32\igmpagnt.dll
Tue May 29 23:10:18 2007 => Scanning File C:\WINDOWS\System32\mcastmib.dll
Tue May 29 23:10:18 2007 => Scanning File C:\WINDOWS\System32\perfos.dll
Tue May 29 23:10:18 2007 => Scanning File C:\WINDOWS\System32\rtipxmib.dll
Tue May 29 23:10:18 2007 => Scanning File c:\windows\system32\wiaservc.dll
Tue May 29 23:10:18 2007 => Scanning File C:\WINDOWS\system32\WIAFBDRV.DLL
Tue May 29 23:10:18 2007 => Scanning File C:\WINDOWS\system32\lxctdrs.dll
Tue May 29 23:10:18 2007 => Scanning File C:\WINDOWS\System32\lxctcfg.dll
Tue May 29 23:10:18 2007 => Scanning File C:\WINDOWS\system32\lxctcaps.dll
Tue May 29 23:10:18 2007 => Scanning File C:\WINDOWS\system32\lxctcnv4.dll
Tue May 29 23:10:18 2007 => Scanning File C:\PROGRA~1\COMMON~1\Softwin\BITDEF~2\xcommsvr.exe
Tue May 29 23:10:18 2007 => Scanning File C:\PROGRA~1\COMMON~1\Softwin\BITDEF~1\bdss.exe
Tue May 29 23:10:18 2007 => Scanning File C:\PROGRA~1\COMMON~1\Softwin\BITDEF~1\bdcore.dll
Tue May 29 23:10:18 2007 => Scanning File C:\PROGRA~1\COMMON~1\Softwin\BITDEF~1\libfn.dll
Tue May 29 23:10:18 2007 => Scanning File C:\PROGRA~1\COMMON~1\Softwin\BITDEF~1\avxdisk.dll
Tue May 29 23:10:18 2007 => Scanning File C:\WINDOWS\System32\alg.exe
Tue May 29 23:10:18 2007 => Scanning File C:\WINDOWS\system32\wscntfy.exe
Tue May 29 23:10:18 2007 => Scanning File c:\windows\system32\w3ssl.dll
Tue May 29 23:10:19 2007 => Scanning File C:\WINDOWS\System32\strmfilt.dll
Tue May 29 23:10:19 2007 => Scanning File C:\DOCUME~1\dennis\LOCALS~1\Temp\mexe.com
Tue May 29 23:10:19 2007 => Scanning File C:\DOCUME~1\dennis\LOCALS~1\Temp\msvl64.dll
Tue May 29 23:10:19 2007 => Scanning File C:\DOCUME~1\dennis\LOCALS~1\Temp\kave.dll
Tue May 29 23:10:19 2007 => Scanning File C:\DOCUME~1\dennis\LOCALS~1\Temp\fssync.dll
Tue May 29 23:10:19 2007 => Scanning File C:\DOCUME~1\dennis\LOCALS~1\Temp\MSVCR80.dll
Tue May 29 23:10:19 2007 => Scanning File C:\DOCUME~1\dennis\LOCALS~1\Temp\MSVCP80.dll
Tue May 29 23:10:19 2007 => Scanning File C:\WINDOWS\system32\RICHED32.DLL
Tue May 29 23:10:19 2007 => Scanning File C:\WINDOWS\system32\RICHED20.dll
Tue May 29 23:10:19 2007 => Scanning File C:\WINDOWS\system32\VDMDBG.DLL
Tue May 29 23:10:19 2007 => Scanning File C:\DOCUME~1\dennis\LOCALS~1\Temp\ScanningProcess.exe
Tue May 29 23:10:19 2007 => Scanning File C:\DOCUME~1\dennis\LOCALS~1\Temp\prloader.dll
Tue May 29 23:10:19 2007 => Scanning File C:\DOCUME~1\dennis\LOCALS~1\Temp\prkernel.ppl
Tue May 29 23:10:19 2007 => Scanning File c:\docume~1\dennis\locals~1\temp\avpmgr.ppl
Tue May 29 23:10:19 2007 => Scanning File c:\docume~1\dennis\locals~1\temp\wdiskio.ppl
Tue May 29 23:10:19 2007 => Scanning File c:\docume~1\dennis\locals~1\temp\nfio.ppl
Tue May 29 23:10:19 2007 => Scanning File c:\docume~1\dennis\locals~1\temp\fsdrvplg.ppl
Tue May 29 23:10:19 2007 => Scanning File c:\docume~1\dennis\locals~1\temp\avlib.ppl
Tue May 29 23:10:19 2007 => Scanning File c:\docume~1\dennis\locals~1\temp\dtreg.ppl
Tue May 29 23:10:19 2007 => Scanning File c:\docume~1\dennis\locals~1\temp\prutil.ppl
Tue May 29 23:10:20 2007 => Scanning File c:\docume~1\dennis\locals~1\temp\avp1.ppl
Tue May 29 23:10:20 2007 => Scanning File c:\docume~1\dennis\locals~1\temp\l_llio.ppl
Tue May 29 23:10:20 2007 => Scanning File c:\docume~1\dennis\locals~1\temp\ichk2.ppl
Tue May 29 23:10:20 2007 => Scanning File c:\docume~1\dennis\locals~1\temp\sfdb.ppl
Tue May 29 23:10:20 2007 => Scanning File c:\docume~1\dennis\locals~1\temp\ichksa.ppl
Tue May 29 23:10:20 2007 => Scanning File c:\docume~1\dennis\locals~1\temp\mkavio.ppl
Tue May 29 23:10:20 2007 => Scanning File c:\docume~1\dennis\locals~1\temp\hashmd5.ppl
Tue May 29 23:10:20 2007 => Scanning File c:\docume~1\dennis\locals~1\temp\hashcont.ppl
Tue May 29 23:10:20 2007 => Scanning File c:\docume~1\dennis\locals~1\temp\hccmp.ppl
Tue May 29 23:10:20 2007 => Scanning File c:\docume~1\dennis\locals~1\temp\iwgen.ppl
Tue May 29 23:10:20 2007 => Scanning File c:\docume~1\dennis\locals~1\temp\uniarc.ppl
Tue May 29 23:10:20 2007 => Scanning File c:\docume~1\dennis\locals~1\temp\minizip.ppl
Tue May 29 23:10:20 2007 => Scanning File c:\docume~1\dennis\locals~1\temp\cab.ppl
Tue May 29 23:10:20 2007 => Scanning File c:\docume~1\dennis\locals~1\temp\arj.ppl
Tue May 29 23:10:20 2007 => Scanning File c:\docume~1\dennis\locals~1\temp\rar.ppl
Tue May 29 23:10:20 2007 => Scanning File c:\docume~1\dennis\locals~1\temp\lha.ppl
Tue May 29 23:10:20 2007 => Scanning File c:\docume~1\dennis\locals~1\temp\mdb.ppl
Tue May 29 23:10:20 2007 => Scanning File C:\WINDOWS\system32\MAPI32.dll
Tue May 29 23:10:20 2007 => Scanning File c:\docume~1\dennis\locals~1\temp\msoe.ppl
Tue May 29 23:10:20 2007 => Scanning File c:\docume~1\dennis\locals~1\temp\tempfile.ppl
Tue May 29 23:10:20 2007 => Scanning File c:\docume~1\dennis\locals~1\temp\avpgs.ppl
Tue May 29 23:10:20 2007 => Scanning File c:\docume~1\dennis\locals~1\temp\thpimpl.ppl
Tue May 29 23:10:20 2007 => Scanning File c:\docume~1\dennis\locals~1\temp\dmap.ppl

Tue May 29 23:10:20 2007 => ***** Scanning Registry Files *****

Tue May 29 23:10:20 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Tue May 29 23:10:20 2007 => ** (PostBootReminder) {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
Tue May 29 23:10:20 2007 => *** File C:\WINDOWS\system32\SHELL32.dll having Size Restriction ***. Filesize 8255 kb > 3072 kb...
Tue May 29 23:10:20 2007 => Scanning File C:\WINDOWS\system32\SHELL32.dll [**]
Tue May 29 23:10:20 2007 => ** (CDBurn) {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
Tue May 29 23:10:20 2007 => *** File C:\WINDOWS\system32\SHELL32.dll having Size Restriction ***. Filesize 8255 kb > 3072 kb...
Tue May 29 23:10:20 2007 => Scanning File C:\WINDOWS\system32\SHELL32.dll [**]
Tue May 29 23:10:20 2007 => ** (WebCheck) {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\system32\webcheck.dll
Tue May 29 23:10:20 2007 => Scanning File C:\WINDOWS\system32\webcheck.dll
Tue May 29 23:10:20 2007 => ** (SysTray) {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
Tue May 29 23:10:20 2007 => Scanning File C:\WINDOWS\System32\stobject.dll
Tue May 29 23:10:20 2007 => ** (UPnPMonitor) {e57ce738-33e8-4c51-8354-bb4de9d215d1} = C:\WINDOWS\system32\upnpui.dll
Tue May 29 23:10:20 2007 => Scanning File C:\WINDOWS\system32\upnpui.dll
Tue May 29 23:10:20 2007 => ** (WPDShServiceObj) {AAA288BA-9A4C-45B0-95D7-94D524869DB5} = C:\WINDOWS\system32\WPDShServiceObj.dll
Tue May 29 23:10:20 2007 => Scanning File C:\WINDOWS\system32\WPDShServiceObj.dll

Tue May 29 23:10:20 2007 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

Tue May 29 23:10:20 2007 => Scanning HKLM\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension

Tue May 29 23:10:20 2007 => Scanning HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
Tue May 29 23:10:48 2007 => **********************************************************
Tue May 29 23:10:48 2007 => MicroWorld Anti Virus & Spyware Toolkit Utility.
Tue May 29 23:10:48 2007 => Copyright © 2003-2006, MicroWorld Technologies Inc.
Tue May 29 23:10:48 2007 => **********************************************************
Tue May 29 23:10:48 2007 => Source: C:\DOCUME~1\dennis\Desktop\mwav.exe
Tue May 29 23:10:48 2007 => Version 9.2.6 (C:\DOCUME~1\dennis\LOCALS~1\Temp\mexe.com)
Tue May 29 23:10:48 2007 => Log File: C:\DOCUME~1\dennis\LOCALS~1\Temp\MWAV.LOG
Tue May 29 23:10:48 2007 => MWAV in SPECIAL PROMOTION MODE.
Tue May 29 23:10:48 2007 => Last Scan Date and Time: 29.05.2007 23:10:01
Tue May 29 23:10:48 2007 => MWAV Registered: TRUE.
Tue May 29 23:10:48 2007 => User Account: dennis
Tue May 29 23:10:48 2007 => OS Type: Windows Workstation
Tue May 29 23:10:48 2007 => OS: Windows XP
Tue May 29 23:10:48 2007 => Ver: Service Pack 2 (Build 2600)
Tue May 29 23:10:48 2007 => Windows Root Folder: C:\WINDOWS
Tue May 29 23:10:48 2007 => Windows Sys32 Folder: C:\WINDOWS\system32
Tue May 29 23:10:48 2007 => Interface0 DHCPNameServer: 192.168.1.254
Tue May 29 23:10:48 2007 => Interface1 DHCPNameServer: 192.168.1.254
Tue May 29 23:10:48 2007 => Local Fixed Drives: c:\
Tue May 29 23:10:48 2007 => MWAV Mode: Scan and Clean files (for viruses, adware and spyware).

Tue May 29 23:10:48 2007 => ********** Files created/modified in last fortnight in Windows Folder **********
Tue May 29 23:10:48 2007 => C:\WINDOWS\win.ini (1064), 28-May-2007
Tue May 29 23:10:48 2007 => C:\WINDOWS\REGEDIT.COM (146432), 29-May-2007, Microsoft Corporation, Microsoft® Windows® Operating System
Tue May 29 23:10:48 2007 => C:\WINDOWS\R.COM (146432), 29-May-2007, Microsoft Corporation, Microsoft® Windows® Operating System
Tue May 29 23:10:48 2007 => C:\WINDOWS\nircmd.exe (49152), 26-May-2007, NirSoft, NirCmd
Tue May 29 23:10:48 2007 => C:\WINDOWS\catchme.exe (87040), 22-May-2007
Tue May 29 23:10:48 2007 => C:\WINDOWS\system32\TASKMGR.COM (135680), 29-May-2007, Microsoft Corporation, Microsoft® Windows® Operating System
Tue May 29 23:10:48 2007 => C:\WINDOWS\system32\T.COM (135680), 29-May-2007, Microsoft Corporation, Microsoft® Windows® Operating System
Tue May 29 23:10:48 2007 => C:\WINDOWS\system32\moveex.exe (38400), 26-May-2007
Tue May 29 23:10:48 2007 => C:\WINDOWS\system32\zip.exe (126976), 25-May-2007
Tue May 29 23:10:48 2007 => C:\WINDOWS\system32\vfind.exe (49152), 26-May-2007
Tue May 29 23:10:48 2007 => ********************************************************************************

Tue May 29 23:10:48 2007 => Latest Date of files inside MWAV: 28 May 2007 11:51:0.
Tue May 29 23:10:50 2007 => AV Library Loaded...
Tue May 29 23:10:50 2007 => MWAV doing self scanning...
Tue May 29 23:10:50 2007 => Scanning File C:\DOCUME~1\dennis\LOCALS~1\Temp\getvlist.exe
Tue May 29 23:10:50 2007 => Scanning File C:\DOCUME~1\dennis\LOCALS~1\Temp\main.avi
Tue May 29 23:10:51 2007 => Scanning File C:\DOCUME~1\dennis\LOCALS~1\Temp\virus.avi
Tue May 29 23:10:51 2007 => Scanning File C:\DOCUME~1\dennis\LOCALS~1\Temp\ScanningProcess.exe
Tue May 29 23:10:51 2007 => Scanning File C:\DOCUME~1\dennis\LOCALS~1\Temp\kave.dll
Tue May 29 23:10:51 2007 => Scanning File C:\DOCUME~1\dennis\LOCALS~1\Temp\prloader.dll
Tue May 29 23:10:51 2007 => MWAV files are clean.
Tue May 29 23:10:51 2007 => Virus Database Date: 5/28/2007
Tue May 29 23:10:51 2007 => Virus Database Count: 332426

#13 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 29 May 2007 - 05:30 PM

Rescan with Hijackthis and post a new log please.
Also let me know how its going now.
Posted Image
Posted Image

#14 elgan

elgan
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 29 May 2007 - 05:45 PM

Logfile of HijackThis v1.99.1
Scan saved at 23:38:24, on 29/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\dennis\My Documents\Hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.iolfree.ie:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: ManageEngine NetFlow Analyzer 5 (netflowanalyzer) - Unknown owner - C:\AdventNet\ME\NetFlow\bin\wrapper.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

I reset and restarted the system. It crashed. When it restarted desktop recovery was displayed
regards

#15 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:03:35 AM

Posted 30 May 2007 - 04:27 AM

Hows your pc running now,exactly whats happening now.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users