Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

backdoor, shift.exe


  • Please log in to reply

#1
kathy4u2nv

kathy4u2nv

    Member

  • Member
  • PipPip
  • 16 posts
Okay, i am hoping someone can help me out with this. I have been working on this for a couple days now, and it seems that every AVS i try catches some but not all issues, or catches all but doesnt deal with all issues.

so far i have saved reports from hijack this, AVG, combofix, DRweb, and mwav for your review....any help with what else to try or do would be greatly appreciated...I am hoping to not have to wipe it out and start over....the mwav report WILL BE IN SEPERATE POSTS, AS IT IS A LARGE FILE

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:06:42 AM, on 2/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\toshiba\ivp\ism\pinger.exe
C:\toshiba\sysstability\tsyssmon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\ohtnyn.exe
C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aimpages....ke/profile.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2E19EC38-382E-45AA-8EAA-AF3876B93878} - C:\WINDOWS\system32\ciod.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [Pinger] C:\toshiba\ivp\ism\pinger.exe
O4 - HKLM\..\Run: [TSysSMon] c:\toshiba\sysstability\tsyssmon.exe /detect
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [drmsrv32] C:\ohtnyn.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Iomega Active Disk] C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZUxdm486YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {1169E0CD-9E76-11D7-B1D8-FB63945DE96D} (VintaSoftTwain Class) - http://www.efitnesst...com/VSTwain.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1153779408093
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1157108437390
O16 - DPF: {98BFD494-F6AD-4794-9038-832C0654CC43} (AOL YGP UPF Ctrl) - http://pak04.picture...-US.9.2.4.0.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} (Hangman Control) - http://www.worldwinn...man/hangman.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3866FD2E-6002-45C7-BDED-7FA5D76E31E2}: NameServer = 202.139.2.60
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Iomega Activity Disk2 - Iomega Corporation - C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
O23 - Service: IomegaAccess - Iomega Corporation - (no file)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~2\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Radialpoint Unicorn Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Verizon\PC Security Checkup\rpsupdaterR.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10407 bytes

COMBOFIX:

C.bat;C:\ComboFix[1];Probably BATCH.Virus;Incurable.Deleted.;
psexec.cfexe;C:\ComboFix[1];Program.PsExec.171;Incurable.Deleted.;
1202386548.dll.vir;C:\RECYCLER\S-1-5-21-2267283539-1635408369-3223663487-1005\Dc18\Quarantine\C\Program Files\Helper;Adware.Nopage;Deleted.;
1202386553.dll.vir.vir;C:\RECYCLER\S-1-5-21-2267283539-1635408369-3223663487-1005\Dc18\Quarantine\C\Program Files\Helper;Adware.Nopage;Deleted.;
msimg32.dll.vir;C:\RECYCLER\S-1-5-21-2267283539-1635408369-3223663487-1005\Dc18\Quarantine\C\Program Files\Internet Explorer;Adware.Funweb;Incurable.Deleted.;
F3BROVLY.DLL.vir;C:\RECYCLER\S-1-5-21-2267283539-1635408369-3223663487-1005\Dc18\Quarantine\C\Program Files\MyWebSearch\bar\2.bin;Adware.Websearch;Incurable.Deleted.;
F3DTACTL.DLL.vir;C:\RECYCLER\S-1-5-21-2267283539-1635408369-3223663487-1005\Dc18\Quarantine\C\Program Files\MyWebSearch\bar\2.bin;Adware.Funweb;Incurable.Deleted.;
F3HISTSW.DLL.vir;C:\RECYCLER\S-1-5-21-2267283539-1635408369-3223663487-1005\Dc18\Quarantine\C\Program Files\MyWebSearch\bar\2.bin;Adware.Msearch;Incurable.Deleted.;
F3HTTPCT.DLL.vir;C:\RECYCLER\S-1-5-21-2267283539-1635408369-3223663487-1005\Dc18\Quarantine\C\Program Files\MyWebSearch\bar\2.bin;Trojan.Isbar.438;Deleted.;
F3IMSTUB.DLL.vir;C:\RECYCLER\S-1-5-21-2267283539-1635408369-3223663487-1005\Dc18\Quarantine\C\Program Files\MyWebSearch\bar\2.bin;Adware.Funweb;Incurable.Deleted.;
F3POPSWT.DLL.vir;C:\RECYCLER\S-1-5-21-2267283539-1635408369-3223663487-1005\Dc18\Quarantine\C\Program Files\MyWebSearch\bar\2.bin;Adware.Funweb;Incurable.Deleted.;
F3PSSAVR.SCR.vir;C:\RECYCLER\S-1-5-21-2267283539-1635408369-3223663487-1005\Dc18\Quarantine\C\Program Files\MyWebSearch\bar\2.bin;Adware.Msearch;Incurable.Deleted.;
F3REPROX.DLL.vir;C:\RECYCLER\S-1-5-21-2267283539-1635408369-3223663487-1005\Dc18\Quarantine\C\Program Files\MyWebSearch\bar\2.bin;Adware.Funweb;Incurable.Deleted.;
F3RESTUB.DLL.vir;C:\RECYCLER\S-1-5-21-2267283539-1635408369-3223663487-1005\Dc18\Quarantine\C\Program Files\MyWebSearch\bar\2.bin;Adware.Msearch;Incurable.Deleted.;
F3SCHMON.EXE.vir;C:\RECYCLER\S-1-5-21-2267283539-1635408369-3223663487-1005\Dc18\Quarantine\C\Program Files\MyWebSearch\bar\2.bin;Adware.Msearch;Incurable.Deleted.;
F3SCRCTR.DLL.vir;C:\RECYCLER\S-1-5-21-2267283539-1635408369-3223663487-1005\Dc18\Quarantine\C\Program Files\MyWebSearch\bar\2.bin;Trojan.DownLoader.7028;Deleted.;
F3SHLLVW.DLL.vir;C:\RECYCLER\S-1-5-21-2267283539-1635408369-3223663487-1005\Dc18\Quarantine\C\Program Files\MyWebSearch\bar\2.bin;Adware.Funweb;Incurable.Deleted.;
F3WPHOOK.DLL.vir;C:\RECYCLER\S-1-5-21-2267283539-1635408369-3223663487-1005\Dc18\Quarantine\C\Program Files\MyWebSearch\bar\2.bin;Adware.Msearch;Incurable.Deleted.;
M3HTML.DLL.vir;C:\RECYCLER\S-1-5-21-2267283539-1635408369-3223663487-1005\Dc18\Quarantine\C\Program Files\MyWebSearch\bar\2.bin;Adware.Websearch;Incurable.Deleted.;
M3IDLE.DLL.vir;C:\RECYCLER\S-1-5-21-2267283539-1635408369-3223663487-1005\Dc18\Quarantine\C\Program Files\MyWebSearch\bar\2.bin;Adware.MWS;Incurable.Deleted.;
M3MSG.DLL.vir;C:\RECYCLER\S-1-5-21-2267283539-1635408369-3223663487-1005\Dc18\Quarantine\C\Program Files\MyWebSearch\bar\2.bin;Adware.Websearch;Incurable.Deleted.;
M3OUTLCN.DLL.vir;C:\RECYCLER\S-1-5-21-2267283539-1635408369-3223663487-1005\Dc18\Quarantine\C\Program Files\MyWebSearch\bar\2.bin;Adware.Msearch;Incurable.Deleted.;
M3PLUGIN.DLL.vir;C:\RECYCLER\S-1-5-21-2267283539-1635408369-3223663487-1005\Dc18\Quarantine\C\Program Files\MyWebSearch\bar\2.bin;Adware.Msearch;Incurable.Deleted.;
M3SKIN.DLL.vir;C:\RECYCLER\S-1-5-21-2267283539-1635408369-3223663487-1005\Dc18\Quarantine\C\Program Files\MyWebSearch\bar\2.bin;Adware.Websearch;Incurable.Deleted.;
M3SLSRCH.EXE.vir;C:\RECYCLER\S-1-5-21-2267283539-1635408369-3223663487-1005\Dc18\Quarantine\C\Program Files\MyWebSearch\bar\2.bin;Adware.Websearch;Incurable.Deleted.;
M3SRCHMN.EXE.vir;C:\RECYCLER\S-1-5-21-2267283539-1635408369-3223663487-1005\Dc18\Quarantine\C\Program Files\MyWebSearch\bar\2.bin;Adware.Websearch;Incurable.Deleted.;
MWSBAR.DLL.vir;C:\RECYCLER\S-1-5-21-2267283539-1635408369-3223663487-1005\Dc18\Quarantine\C\Program Files\MyWebSearch\bar\2.bin;Adware.Websearch;Incurable.Deleted.;
MWSOEMON.EXE.vir;C:\RECYCLER\S-1-5-21-2267283539-1635408369-3223663487-1005\Dc18\Quarantine\C\Program Files\MyWebSearch\bar\2.bin;Adware.Websearch;Incurable.Deleted.;
MWSOEPLG.DLL.vir;C:\RECYCLER\S-1-5-21-2267283539-1635408369-3223663487-1005\Dc18\Quarantine\C\Program Files\MyWebSearch\bar\2.bin;Adware.Websearch;Incurable.Deleted.;
MWSOESTB.DLL.vir;C:\RECYCLER\S-1-5-21-2267283539-1635408369-3223663487-1005\Dc18\Quarantine\C\Program Files\MyWebSearch\bar\2.bin;Adware.MWS;Incurable.Deleted.;
NPMYWEBS.DLL.vir;C:\RECYCLER\S-1-5-21-2267283539-1635408369-3223663487-1005\Dc18\Quarantine\C\Program Files\MyWebSearch\bar\2.bin;Adware.Websearch;Incurable.Deleted.;
MWSSRCAS.DLL.vir;C:\RECYCLER\S-1-5-21-2267283539-1635408369-3223663487-1005\Dc18\Quarantine\C\Program Files\MyWebSearch\SrchAstt\2.bin;Adware.Websearch;Incurable.Deleted.;
f3PSSavr.scr.vir;C:\RECYCLER\S-1-5-21-2267283539-1635408369-3223663487-1005\Dc18\Quarantine\C\WINDOWS\system32;Adware.Msearch;Incurable.Deleted.;
A0072784.dll;C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP553;Adware.Nopage;;
A0072798.dll;C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP553;Trojan.Fakealert.386;Deleted.;
A0072799.dll;C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP553;Adware.Cinmus;Incurable.Deleted.;
A0072800.dll;C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP553;Trojan.Fakealert.386;Deleted.;
A0073863.dll;C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554;Trojan.Fakealert.386;Deleted.;
A0073864.dll;C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554;Adware.Cinmus;Incurable.Deleted.;
A0073865.dll;C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554;Trojan.Fakealert.386;Deleted.;
A0073868.dll;C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554;Adware.Nopage;;
A0073869.DLL;C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554;Adware.Websearch;Incurable.Deleted.;
A0073871.DLL;C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554;Adware.Funweb;Incurable.Deleted.;
A0073872.DLL;C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554;Adware.Msearch;Incurable.Deleted.;
A0073873.DLL;C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554;Trojan.Isbar.438;Deleted.;
A0073874.DLL;C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554;Adware.Funweb;Incurable.Deleted.;
A0073875.DLL;C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554;Adware.Funweb;Incurable.Deleted.;
A0073876.SCR;C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554;Adware.Msearch;Incurable.Deleted.;
A0073877.DLL;C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554;Adware.Funweb;Incurable.Deleted.;
A0073878.DLL;C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554;Adware.Msearch;Incurable.Deleted.;
A0073879.EXE;C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554;Adware.Msearch;Incurable.Deleted.;
A0073880.DLL;C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554;Trojan.DownLoader.7028;Deleted.;
A0073881.DLL;C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554;Adware.Funweb;Incurable.Deleted.;
A0073882.DLL;C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554;Adware.Msearch;Incurable.Deleted.;
A0073884.DLL;C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554;Adware.Websearch;Incurable.Deleted.;
A0073885.DLL;C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554;Adware.MWS;Incurable.Deleted.;
A0073887.DLL;C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554;Adware.Websearch;Incurable.Deleted.;
A0073889.DLL;C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554;Adware.Msearch;Incurable.Deleted.;
A0073890.DLL;C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554;Adware.Msearch;Incurable.Deleted.;
A0073891.DLL;C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554;Adware.Websearch;Incurable.Deleted.;
A0073893.EXE;C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554;Adware.Websearch;Incurable.Deleted.;
A0073894.EXE;C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554;Adware.Websearch;Incurable.Deleted.;
A0073895.DLL;C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554;Adware.Websearch;Incurable.Deleted.;
A0073896.EXE;C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554;Adware.Websearch;Incurable.Deleted.;
A0073897.DLL;C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554;Adware.Websearch;Incurable.Deleted.;
A0073898.DLL;C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554;Adware.MWS;Incurable.Deleted.;
A0073899.DLL;C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554;Adware.Websearch;Incurable.Deleted.;
A0073907.DLL;C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554;Adware.Websearch;Incurable.Deleted.;
A0073911.dll;C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554;Adware.Funweb;Incurable.Deleted.;
A0073912.scr;C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554;Adware.Msearch;Incurable.Deleted.;
A0073993.bat;C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554;Probably BATCH.Virus;Incurable.Deleted.;
A0073994.DLL;C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554;Adware.Websearch;Incurable.Deleted.;
A0074064.exe;C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554;Trojan.LowZones.706;Deleted.;
A0074115.exe;C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554;Dialer.Maxd;Deleted.;
A0074117.dll;C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554;Trojan.Fakealert.386;Deleted.;
A0074118.dll;C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554;Trojan.Fakealert.386;Deleted.;
A0074119.dll;C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554;Adware.Cinmus;Incurable.Deleted.;


ESCAN REPORT:


File C:\WINDOWS\system32\n2ewma1xxsv234.exe infected by "Packed.Win32.Tibs.ib" Virus. Action Taken: File Renamed.
File C:\WINDOWS\taskmon.exe infected by "Trojan-Downloader.Win32.Tibs.uo" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\runtime.exe infected by "Trojan-Spy.Win32.BZub.bxp" Virus. Action Taken: File Deleted.
File C:\WINDOWS\SYSTEM32\BURITO4271-108.SYS infected by "Email-Worm.Win32.Zhelatin.sd" Virus. Action Taken: File Deleted.
File C:\WINDOWS\SYSTEM32\BURITOAA3-4D6.SYS infected by "Email-Worm.Win32.Zhelatin.sd" Virus. Action Taken: File Deleted.
File C:\WINDOWS\ifmtirop.exe infected by "not-virus:Hoax.Win32.Renos.asa" Virus. Action Taken: File Renamed.
File C:\WINDOWS\mrofinu27.exe.tmp infected by "Trojan-Downloader.Win32.Agent.iug" Virus. Action Taken: File Deleted.
File C:\WINDOWS\taskmon.exe~ infected by "Trojan-Downloader.Win32.Tibs.uo" Virus. Action Taken: File Deleted.
File C:\WINDOWS\xpupdate.exe.vir infected by "Packed.Win32.Tibs.ib" Virus. Action Taken: File Renamed.
File C:\WINDOWS\system32\apiuser32.dll infected by "Trojan-PSW.Win32.Delf.aox" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe~ infected by "Trojan-Downloader.Win32.Agent.itg" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\dllgh8jkd1q1.exe~ infected by "Packed.Win32.Tibs.ib" Virus. Action Taken: File Renamed.
File C:\WINDOWS\system32\dllgh8jkd1q2.exe~ infected by "Packed.Win32.Tibs.ib" Virus. Action Taken: File Renamed.
File C:\WINDOWS\system32\dllgh8jkd1q5.exe~ infected by "Packed.Win32.Tibs.ib" Virus. Action Taken: File Renamed.
File C:\WINDOWS\system32\m1ax1d12132116143v.exe tagged as not-a-virus:Porn-Dialer.Win32.GBDialer.j. No Action Taken.
File C:\WINDOWS\system32\rxjddnvj.exe.vir infected by "not-virus:Hoax.Win32.Renos.asa" Virus. Action Taken: File Renamed.
File C:\WINDOWS\system32\taskmon.sys infected by "Trojan-Proxy.Win32.Agent.xo" Virus. Action Taken: File Deleted.
File C:\WINDOWS\system32\vedxg4am1et2.exe~ infected by "Packed.Win32.Tibs.ib" Virus. Action Taken: File Renamed.
File C:\WINDOWS\system32\vedxga1me4t1.exe~ infected by "Packed.Win32.Tibs.ib" Virus. Action Taken: File Renamed.
File C:\WINDOWS\system32\wind32.exe infected by "Packed.Win32.Tibs.ib" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\Katheryn Rollinson\Local Settings\Temp\ma11x1dd121111v.game tagged as not-a-virus:Porn-Dialer.Win32.GBDialer.j. No Action Taken.
File C:\Documents and Settings\Katheryn Rollinson\tmp.exe infected by "Trojan-Spy.Win32.BZub.bxp" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton AntiVirus\Quarantine\11872734.dll tagged as not-a-virus:FraudTool.Win32.BraveSentry.b. No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\556A416D.txt infected by "Trojan-Downloader.Win32.Small.iaw" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton AntiVirus\Quarantine\5E81506F.dll tagged as not-a-virus:FraudTool.Win32.BraveSentry.f. No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\5E857A6C.dll tagged as not-a-virus:FraudTool.Win32.BraveSentry.b. No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\5E882468.dll tagged as not-a-virus:FraudTool.Win32.AntiVirPro.c. No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\74636F36.g3a infected by "Trojan-Downloader.Win32.VB.cga" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton AntiVirus\Quarantine\74661933.ga2 infected by "Trojan-Downloader.Win32.Small.iaw" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton AntiVirus\Quarantine\74661933.txt infected by "Trojan-Downloader.Win32.VB.cga" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton AntiVirus\Quarantine\746A432F.txt infected by "Trojan-Downloader.Win32.Small.iaw" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton AntiVirus\Quarantine\74A860EB.gam infected by "Trojan-Proxy.Win32.Saturn.ag" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton AntiVirus\Quarantine\74A860EB.txt infected by "Trojan-Proxy.Win32.Saturn.ag" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton AntiVirus\Quarantine\74C230CE.g3a infected by "Trojan-Downloader.Win32.VB.cga" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton AntiVirus\Quarantine\74C230CE.ga2 infected by "Trojan-Downloader.Win32.Small.iaw" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton AntiVirus\Quarantine\74C55ACB.txt infected by "Trojan-Downloader.Win32.VB.cga" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton AntiVirus\Quarantine\74C804C7.exe infected by "Trojan.Win32.Agent.dqx" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton AntiVirus\Quarantine\74CF58C0.exe infected by "Email-Worm.Win32.Zhelatin.uq" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton AntiVirus\Quarantine\74FD248E.exe infected by "Trojan.Win32.Qhost.aes" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton AntiVirus\Quarantine\750A4C7F.dll infected by "Trojan.Win32.Qhost.abh" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton AntiVirus\Quarantine\75241C62.exe infected by "Trojan.Win32.Agent.evx" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton AntiVirus\Quarantine\75411642.exe infected by "Trojan-Clicker.Win32.Small.pe" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton AntiVirus\Quarantine\75411642.sys infected by "Trojan-Proxy.Win32.Agent.xo" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton AntiVirus\Quarantine\7544403E.exe infected by "Trojan-Dropper.Win32.Agent.ol" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton AntiVirus\Quarantine\758607F7.exe tagged as not-a-virus:FraudTool.Win32.EasySpywareCleaner.a. No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\76153F59.exe infected by "Trojan-Downloader.Win32.Agent.hyy" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton AntiVirus\Quarantine\76153F59.txt infected by "Trojan-Downloader.Win32.Agent.hyy" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton AntiVirus\Quarantine\76196955.exe infected by "Trojan-Downloader.Win32.Agent.hyy" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton AntiVirus\Quarantine\76196955.txt infected by "Trojan-Downloader.Win32.Agent.hyy" Virus. Action Taken: File Deleted.
File C:\Program Files\Norton AntiVirus\Quarantine(2)\03463638.htm infected by "Trojan-PSW.Win32.Magania.os" Virus. Action Taken: File Deleted.
File C:\Program Files\Spy-Rid\krnl.dll tagged as not-a-virus:FraudTool.Win32.AntiVirPro.c. No Action Taken.
File C:\QooBox\Quarantine\C\Program Files\BraveSentry\BraveSentry.exe.vir tagged as not-a-virus:FraudTool.Win32.BraveSentry.b. No Action Taken.
File C:\QooBox\Quarantine\C\Program Files\BraveSentry\BraveSentry0.dll.vir tagged as not-a-virus:FraudTool.Win32.BraveSentry.f. No Action Taken.
File C:\QooBox\Quarantine\C\Program Files\BraveSentry\BraveSentry2.dll.vir tagged as not-a-virus:FraudTool.Win32.BraveSentry.b. No Action Taken.
File C:\QooBox\Quarantine\C\Program Files\BraveSentry\BraveSentry3.dll.vir tagged as not-a-virus:FraudTool.Win32.BraveSentry.b. No Action Taken.
File C:\QooBox\Quarantine\C\Program Files\Helper\1202386548.dll.vir tagged as not-a-virus:AdWare.Win32.E404.a. No Action Taken.
File C:\QooBox\Quarantine\C\Program Files\Helper\1202386553.dll.vir.vir tagged as not-a-virus:AdWare.Win32.E404.a. No Action Taken.
File C:\QooBox\Quarantine\C\Program Files\Internet Explorer\msimg32.dll.vir tagged as not-a-virus:AdTool.Win32.MyWebSearch.au. No Action Taken.
File C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3BROVLY.DLL.vir tagged as not-a-virus:AdTool.Win32.MyWebSearch.at. No Action Taken.
File C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3DTACTL.DLL.vir tagged as not-a-virus:AdTool.Win32.MyWebSearch.bc. No Action Taken.
File C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL.vir tagged as not-a-virus:AdTool.Win32.MyWebSearch. No Action Taken.
File C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL.vir tagged as not-a-virus:AdTool.Win32.MyWebSearch.af. No Action Taken.
File C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL.vir tagged as not-a-virus:AdTool.Win32.MyWebSearch.au. No Action Taken.
File C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL.vir tagged as not-a-virus:AdTool.Win32.MyWebSearch.au. No Action Taken.
File C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR.vir tagged as not-a-virus:AdTool.Win32.MyWebSearch. No Action Taken.
File C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL.vir tagged as not-a-virus:AdTool.Win32.MyWebSearch.au. No Action Taken.
File C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL.vir tagged as not-a-virus:AdTool.Win32.MyWebSearch. No Action Taken.
File C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE.vir tagged as not-a-virus:AdTool.Win32.MyWebSearch.a. No Action Taken.
File C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL.vir tagged as not-a-virus:AdTool.Win32.MyWebSearch.an. No Action Taken.
File C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3SHLLVW.DLL.vir tagged as not-a-virus:AdTool.Win32.MyWebSearch.aq. No Action Taken.
File C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL.vir tagged as not-a-virus:AdTool.Win32.MyWebSearch.bh. No Action Taken.
File C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL.vir tagged as not-a-virus:AdTool.Win32.MyWebSearch.bc. No Action Taken.
File C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL.vir tagged as not-a-virus:AdTool.Win32.MyWebSearch.ax. No Action Taken.
File C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3MSG.DLL.vir tagged as not-a-virus:AdTool.Win32.MyWebSearch.bc. No Action Taken.
File C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL.vir tagged as not-a-virus:AdTool.Win32.MyWebSearch. No Action Taken.
File C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL.vir tagged as not-a-virus:AdTool.Win32.MyWebSearch.as. No Action Taken.
File C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL.vir tagged as not-a-virus:AdTool.Win32.MyWebSearch.ad. No Action Taken.
File C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE.vir tagged as not-a-virus:AdTool.Win32.MyWebSearch.au. No Action Taken.
File C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE.vir tagged as not-a-virus:AdTool.Win32.MyWebSearch.au. No Action Taken.
File C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL.vir tagged as not-a-virus:AdTool.Win32.MyWebSearch.bc. No Action Taken.
File C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE.vir tagged as not-a-virus:AdTool.Win32.MyWebSearch. No Action Taken.
File C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL.vir tagged as not-a-virus:AdTool.Win32.MyWebSearch.au. No Action Taken.
File C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL.vir tagged as not-a-virus:AdTool.Win32.MyWebSearch. No Action Taken.
File C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL.vir tagged as not-a-virus:AdTool.Win32.MyWebSearch.i. No Action Taken.
File C:\QooBox\Quarantine\C\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL.vir tagged as not-a-virus:AdTool.Win32.MyWebSearch.as. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\desktop.html.vir infected by "not-virus:Hoax.Win32.Renos.cy" Virus. Action Taken: File Renamed.
File C:\QooBox\Quarantine\C\WINDOWS\mrofinu27.exe.vir infected by "Trojan-Downloader.Win32.Agent.iug" Virus. Action Taken: File Deleted.
File C:\QooBox\Quarantine\C\WINDOWS\system32\dllgh8jkd1q1.exe.vir infected by "Packed.Win32.Tibs.ib" Virus. Action Taken: File Renamed.
File C:\QooBox\Quarantine\C\WINDOWS\system32\dllgh8jkd1q2.exe.vir infected by "Packed.Win32.Tibs.ib" Virus. Action Taken: File Renamed.
File C:\QooBox\Quarantine\C\WINDOWS\system32\dllgh8jkd1q5.exe.vir infected by "Packed.Win32.Tibs.ib" Virus. Action Taken: File Renamed.
File C:\QooBox\Quarantine\C\WINDOWS\system32\dllgh8jkd1q6.exe.vir infected by "Packed.Win32.Tibs.ib" Virus. Action Taken: File Renamed.
File C:\QooBox\Quarantine\C\WINDOWS\system32\dllgh8jkd1q7.exe.vir infected by "Packed.Win32.Tibs.ib" Virus. Action Taken: File Renamed.
File C:\QooBox\Quarantine\C\WINDOWS\system32\f3PSSavr.scr.vir tagged as not-a-virus:AdTool.Win32.MyWebSearch. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\m1ax1d1213216143v.exe.vir infected by "Trojan-Downloader.Win32.Obfuscated.n" Virus. Action Taken: File Deleted.
File C:\QooBox\Quarantine\C\WINDOWS\system32\newmaxxsv234.exe.vir infected by "Packed.Win32.Tibs.ib" Virus. Action Taken: File Renamed.
File C:\QooBox\Quarantine\C\WINDOWS\system32\shift.exe.exe.vir infected by "Email-Worm.Win32.Zhelatin.uq" Virus. Action Taken: File Deleted.
File C:\QooBox\Quarantine\C\WINDOWS\system32\vedxg3am1et3.exe.vir infected by "Trojan-Proxy.Win32.Saturn.ag" Virus. Action Taken: File Deleted.
File C:\QooBox\Quarantine\C\WINDOWS\system32\vedxg6ame4.exe.vir infected by "Trojan-Downloader.Win32.Small.cxx" Virus. Action Taken: File Deleted.
File C:\QooBox\Quarantine\C\WINDOWS\system32\vedxga3me2.exe.vir infected by "Trojan-Downloader.Win32.VB.cga" Virus. Action Taken: File Deleted.
File C:\QooBox\Quarantine\C\WINDOWS\system32\vedxga4m1et4.exe.vir infected by "Trojan-Downloader.Win32.Tibs.uo" Virus. Action Taken: File Deleted.
File C:\QooBox\Quarantine\C\WINDOWS\system32\vedxga4me1.exe.vir infected by "Trojan-Downloader.Win32.Small.cxx" Virus. Action Taken: File Deleted.
File C:\QooBox\Quarantine\C\WINDOWS\xpupdate.exe.vir infected by "Packed.Win32.Tibs.ib" Virus. Action Taken: File Renamed.
File C:\QooBox\Quarantine\catchme2008-02-07_104722.28.zip infected by "Email-Worm.Win32.Zhelatin.sd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP553\A0071786.exe infected by "Trojan-Downloader.Win32.Agent.itg" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP553\A0072782.exe infected by "not-virus:Hoax.Win32.Renos.asa" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP553\A0072783.exe infected by "Packed.Win32.Tibs.ib" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP553\A0072784.dll tagged as not-a-virus:AdWare.Win32.E404.a. No Action Taken.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP553\A0072798.dll tagged as not-a-virus:FraudTool.Win32.BraveSentry.f. No Action Taken.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP553\A0072799.dll tagged as not-a-virus:FraudTool.Win32.BraveSentry.b. No Action Taken.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP553\A0072800.dll tagged as not-a-virus:FraudTool.Win32.BraveSentry.b. No Action Taken.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP553\A0072801.dll tagged as not-a-virus:FraudTool.Win32.AntiVirPro.c. No Action Taken.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP553\A0072804.exe infected by "Trojan-Downloader.Win32.Small.cxx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP553\A0072805.exe infected by "Trojan-Downloader.Win32.Small.cxx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP553\A0072812.exe infected by "Trojan-Proxy.Win32.Saturn.ag" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP553\A0072813.exe infected by "Packed.Win32.Tibs.ib" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP553\A0072821.exe infected by "Packed.Win32.Tibs.ib" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP553\A0072867.sys infected by "Trojan-Proxy.Win32.Agent.xo" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP553\A0072869.exe infected by "Trojan-Downloader.Win32.Small.cxx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP553\A0072870.exe infected by "Packed.Win32.Tibs.ib" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP553\A0072871.exe infected by "Trojan-Downloader.Win32.VB.cga" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP553\A0072872.exe infected by "Trojan-Downloader.Win32.Small.iaw" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP553\A0072873.exe infected by "Packed.Win32.Tibs.ib" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP553\A0072874.exe infected by "Trojan-Downloader.Win32.Small.cxx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP553\A0072875.exe infected by "Trojan-Spy.Win32.BZub.bxp" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP553\A0072876.exe infected by "Trojan-Downloader.Win32.Tibs.uo" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP553\A0072881.exe infected by "Email-Worm.Win32.Zhelatin.uq" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP553\A0072883.exe infected by "Trojan-Downloader.Win32.Agent.iug" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP553\A0073812.exe infected by "Trojan-Proxy.Win32.Saturn.ag" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP553\A0073819.sys infected by "Trojan-Proxy.Win32.Agent.xo" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP553\A0073824.exe infected by "Trojan-Downloader.Win32.Small.cxx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP553\A0073826.exe infected by "Trojan-Downloader.Win32.VB.cga" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP553\A0073828.exe infected by "Trojan-Downloader.Win32.Small.cxx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP553\A0073829.exe infected by "Trojan-Downloader.Win32.Tibs.uo" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP553\A0073837.exe infected by "Email-Worm.Win32.Zhelatin.uq" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP553\A0073838.exe infected by "Trojan-Spy.Win32.BZub.bxp" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP553\A0073839.exe infected by "Trojan-Downloader.Win32.Agent.iug" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP553\A0073840.exe infected by "Trojan-Spy.Win32.BZub.bxp" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0073861.exe tagged as not-a-virus:FraudTool.Win32.BraveSentry.b. No Action Taken.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0073863.dll tagged as not-a-virus:FraudTool.Win32.BraveSentry.f. No Action Taken.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0073864.dll tagged as not-a-virus:FraudTool.Win32.BraveSentry.b. No Action Taken.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0073865.dll tagged as not-a-virus:FraudTool.Win32.BraveSentry.b. No Action Taken.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0073868.dll tagged as not-a-virus:AdWare.Win32.E404.a. No Action Taken.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0073869.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch.at. No Action Taken.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0073871.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch.bc. No Action Taken.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0073872.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch. No Action Taken.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0073873.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch.af. No Action Taken.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0073874.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch.au. No Action Taken.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0073875.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch.au. No Action Taken.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0073876.SCR tagged as not-a-virus:AdTool.Win32.MyWebSearch. No Action Taken.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0073877.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch.au. No Action Taken.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0073878.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch. No Action Taken.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0073879.EXE tagged as not-a-virus:AdTool.Win32.MyWebSearch.a. No Action Taken.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0073880.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch.an. No Action Taken.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0073881.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch.aq. No Action Taken.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0073882.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch.bh. No Action Taken.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0073884.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch.bc. No Action Taken.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0073885.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch.ax. No Action Taken.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0073887.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch.bc. No Action Taken.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0073889.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch. No Action Taken.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0073890.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch.as. No Action Taken.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0073891.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch.ad. No Action Taken.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0073893.EXE tagged as not-a-virus:AdTool.Win32.MyWebSearch.au. No Action Taken.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0073894.EXE tagged as not-a-virus:AdTool.Win32.MyWebSearch.au. No Action Taken.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0073895.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch.bc. No Action Taken.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0073896.EXE tagged as not-a-virus:AdTool.Win32.MyWebSearch. No Action Taken.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0073897.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch.au. No Action Taken.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0073898.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch. No Action Taken.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0073899.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch.i. No Action Taken.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0073907.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch.as. No Action Taken.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0073911.dll tagged as not-a-virus:AdTool.Win32.MyWebSearch.au. No Action Taken.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0073912.scr tagged as not-a-virus:AdTool.Win32.MyWebSearch. No Action Taken.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0073915.exe infected by "Packed.Win32.Tibs.ib" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0073958.exe infected by "Trojan-Downloader.Win32.Obfuscated.n" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0073959.exe infected by "Packed.Win32.Tibs.ib" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0073968.exe infected by "Email-Worm.Win32.Zhelatin.uq" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0073969.exe infected by "Trojan-Proxy.Win32.Saturn.ag" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0073971.exe infected by "Trojan-Downloader.Win32.Small.cxx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0073973.exe infected by "Trojan-Downloader.Win32.VB.cga" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0073974.exe infected by "Trojan-Downloader.Win32.Tibs.uo" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0073975.exe infected by "Trojan-Downloader.Win32.Small.cxx" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0073976.exe infected by "Trojan-Downloader.Win32.Agent.iug" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0073977.exe infected by "Packed.Win32.Tibs.ib" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0073978.exe infected by "Packed.Win32.Tibs.ib" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0073979.exe infected by "Packed.Win32.Tibs.ib" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0073980.exe infected by "Packed.Win32.Tibs.ib" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0073981.exe infected by "Packed.Win32.Tibs.ib" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0073994.DLL tagged as not-a-virus:AdTool.Win32.MyWebSearch.l. No Action Taken.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0074007.sys infected by "Trojan-Proxy.Win32.Agent.xo" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0074044.exe infected by "Packed.Win32.Tibs.ib" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0074045.exe infected by "Trojan-Downloader.Win32.Tibs.uo" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0074046.exe infected by "Trojan-Spy.Win32.BZub.bxp" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0074047.sys infected by "Email-Worm.Win32.Zhelatin.sd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0074048.sys infected by "Email-Worm.Win32.Zhelatin.sd" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0074049.exe infected by "not-virus:Hoax.Win32.Renos.asa" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0074050.dll infected by "Trojan-PSW.Win32.Delf.aox" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0074051.sys infected by "Trojan-Proxy.Win32.Agent.xo" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0074052.exe infected by "Packed.Win32.Tibs.ib" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3EC48D37B729}\RP554\A0074053.exe infected by "Trojan-Spy.Win32.BZub.bxp" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{C1CCD08C-8F31-41E2-AD90-3
  • 0

Advertisements


#2
kathy4u2nv

kathy4u2nv

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
MWAV Report part 1

Thu Feb 07 12:06:04 2008 => **********************************************************
Thu Feb 07 12:06:04 2008 => eScan AntiVirus Toolkit Utility.
Thu Feb 07 12:06:04 2008 => Copyright © 2003-2004, MicroWorld Technologies Inc.
Thu Feb 07 12:06:04 2008 => **********************************************************
Thu Feb 07 12:06:04 2008 => Version 4.4.7
Thu Feb 07 12:06:04 2008 => Log File: C:\KASPER~1\mwav.log
Thu Feb 07 12:06:05 2008 => Latest Date of files inside MWAV: 11 Jan 2008 17:54:58.
Thu Feb 07 12:06:09 2008 => AV Library Loaded...
Thu Feb 07 12:06:09 2008 => Scanning File C:\KASPER~1\kavss.exe
Thu Feb 07 12:06:09 2008 => Scanning File C:\KASPER~1\Getvlist.exe
Thu Feb 07 12:06:09 2008 => Scanning File C:\KASPER~1\kavss.dll
Thu Feb 07 12:06:09 2008 => Scanning File C:\KASPER~1\kavssdi.dll
Thu Feb 07 12:06:09 2008 => Scanning File C:\KASPER~1\kavssi.dll
Thu Feb 07 12:06:09 2008 => Scanning File C:\KASPER~1\kavvlg.dll
Thu Feb 07 12:06:10 2008 => Scanning File C:\KASPER~1\msvlclnt.dll
Thu Feb 07 12:06:10 2008 => Scanning File C:\KASPER~1\ipc.dll
Thu Feb 07 12:06:10 2008 => Scanning File C:\KASPER~1\main.avi
Thu Feb 07 12:06:10 2008 => Scanning File C:\KASPER~1\virus.avi
Thu Feb 07 12:06:10 2008 => Virus Database Date: 2008/01/11
Thu Feb 07 12:06:10 2008 => Virus Database Count: 507730
Thu Feb 07 12:06:17 2008 => AV Library Unloaded (3)...
Thu Feb 07 12:32:45 2008 => **********************************************************
Thu Feb 07 12:32:45 2008 => eScan AntiVirus Toolkit Utility.
Thu Feb 07 12:32:45 2008 => Copyright © 2003-2004, MicroWorld Technologies Inc.
Thu Feb 07 12:32:45 2008 => **********************************************************
Thu Feb 07 12:32:45 2008 => Version 4.4.7
Thu Feb 07 12:32:45 2008 => Log File: C:\KASPER~1\mwav.log
Thu Feb 07 12:32:53 2008 => Latest Date of files inside MWAV: 07 Feb 2008 15:58:58.
Thu Feb 07 12:33:06 2008 => AV Library Loaded...
Thu Feb 07 12:33:06 2008 => Scanning File C:\KASPER~1\kavss.exe
Thu Feb 07 12:33:06 2008 => Scanning File C:\KASPER~1\Getvlist.exe
Thu Feb 07 12:33:06 2008 => Scanning File C:\KASPER~1\kavss.dll
Thu Feb 07 12:33:07 2008 => Scanning File C:\KASPER~1\kavssdi.dll
Thu Feb 07 12:33:07 2008 => Scanning File C:\KASPER~1\kavssi.dll
Thu Feb 07 12:33:07 2008 => Scanning File C:\KASPER~1\kavvlg.dll
Thu Feb 07 12:33:07 2008 => Scanning File C:\KASPER~1\msvlclnt.dll
Thu Feb 07 12:33:07 2008 => Scanning File C:\KASPER~1\ipc.dll
Thu Feb 07 12:33:07 2008 => Scanning File C:\KASPER~1\main.avi
Thu Feb 07 12:33:07 2008 => Scanning File C:\KASPER~1\virus.avi
Thu Feb 07 12:33:08 2008 => Virus Database Date: 2008/02/07
Thu Feb 07 12:33:08 2008 => Virus Database Count: 553461

Thu Feb 07 12:34:48 2008 => **********************************************************
Thu Feb 07 12:34:48 2008 => eScan AntiVirus Toolkit Utility.
Thu Feb 07 12:34:48 2008 => Copyright © 2003-2004, MicroWorld Technologies Inc.
Thu Feb 07 12:34:48 2008 =>
Thu Feb 07 12:34:48 2008 => Support: support@mwti.net
Thu Feb 07 12:34:48 2008 => Web: http://www.mwti.net
Thu Feb 07 12:34:48 2008 => **********************************************************
Thu Feb 07 12:34:48 2008 => Version 4.4.7
Thu Feb 07 12:34:48 2008 => Log File: C:\KASPER~1\mwav.log
Thu Feb 07 12:34:48 2008 => Latest Date of files inside MWAV: 07 Feb 2008 15:58:58.

Thu Feb 07 12:34:48 2008 => Options Selected by User:
Thu Feb 07 12:34:48 2008 => Memory Check: Enabled
Thu Feb 07 12:34:48 2008 => Registry Check: Enabled
Thu Feb 07 12:34:48 2008 => StartUp Folder Check: Enabled
Thu Feb 07 12:34:48 2008 => System Folder Check: Enabled
Thu Feb 07 12:34:48 2008 => System Area Check: Disabled
Thu Feb 07 12:34:48 2008 => Services Check: Enabled
Thu Feb 07 12:34:48 2008 => Drive Check: Disabled
Thu Feb 07 12:34:48 2008 => All Drive Check :Enabled
Thu Feb 07 12:34:48 2008 => Scanning Type: Scan And Clean
Thu Feb 07 12:34:48 2008 => Folder Check: Disabled

Thu Feb 07 12:34:48 2008 => ***** Scanning Memory Files *****
Thu Feb 07 12:34:48 2008 => Scanning File C:\WINDOWS\system32\services.exe
Thu Feb 07 12:34:48 2008 => Scanning File C:\WINDOWS\system32\lsass.exe
Thu Feb 07 12:34:48 2008 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Feb 07 12:34:48 2008 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Feb 07 12:34:49 2008 => Scanning File C:\WINDOWS\Explorer.EXE
Thu Feb 07 12:34:49 2008 => Scanning File C:\Kaspersky\mwavscan.com
Thu Feb 07 12:34:49 2008 => Scanning File C:\Kaspersky\kavss.exe

Thu Feb 07 12:34:49 2008 => ***** Scanning Registry Files *****

Thu Feb 07 12:34:49 2008 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Thu Feb 07 12:34:49 2008 => *** File C:\WINDOWS\system32\SHELL32.dll having Size Restriction ***
Thu Feb 07 12:34:49 2008 => Scanning File C:\WINDOWS\system32\SHELL32.dll [**]
Thu Feb 07 12:34:49 2008 => *** File C:\WINDOWS\system32\SHELL32.dll having Size Restriction ***
Thu Feb 07 12:34:49 2008 => Scanning File C:\WINDOWS\system32\SHELL32.dll [**]
Thu Feb 07 12:34:49 2008 => Scanning File C:\WINDOWS\system32\webcheck.dll
Thu Feb 07 12:34:49 2008 => Scanning File C:\WINDOWS\System32\stobject.dll
  • 0

#3
kathy4u2nv

kathy4u2nv

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
MWAV Report part 2

Thu Feb 07 12:34:49 2008 => Scanning File C:\WINDOWS\system32\upnpui.dll
Thu Feb 07 12:34:49 2008 => Scanning File C:\WINDOWS\system32\WPDShServiceObj.dll

Thu Feb 07 12:34:49 2008 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
Thu Feb 07 12:34:49 2008 => {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
Thu Feb 07 12:34:49 2008 => Scanning File C:\PROGRA~1\Adobe\ACROBA~2.0\ActiveX\ACROIE~1.DLL
Thu Feb 07 12:34:49 2008 => {2E19EC38-382E-45AA-8EAA-AF3876B93878} = C:\WINDOWS\system32\ciod.dll
Thu Feb 07 12:34:49 2008 => Scanning File C:\WINDOWS\system32\ciod.dll
Thu Feb 07 12:34:50 2008 => {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} = C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
Thu Feb 07 12:34:50 2008 => Scanning File C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
Thu Feb 07 12:34:50 2008 => {BDF3E430-B101-42AD-A544-FADC6B084872} = C:\Program Files\Norton AntiVirus\NavShExt.dll
Thu Feb 07 12:34:50 2008 => Scanning File C:\PROGRA~1\NORTON~1\NavShExt.dll

Thu Feb 07 12:34:50 2008 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Thu Feb 07 12:34:50 2008 => Scanning File C:\WINDOWS\Explorer.exe
Thu Feb 07 12:34:50 2008 => Scanning File C:\WINDOWS\system32\userinit.exe

Thu Feb 07 12:34:50 2008 => Scanning HKCU\Control Panel\Desktop

Thu Feb 07 12:34:50 2008 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Thu Feb 07 12:34:50 2008 => Scanning File C:\WINDOWS\System32\igfxtray.exe
Thu Feb 07 12:34:50 2008 => Scanning File C:\WINDOWS\System32\hkcmd.exe
Thu Feb 07 12:34:51 2008 => Scanning File C:\PROGRA~1\Apoint2K\Apoint.exe
Thu Feb 07 12:34:51 2008 => Scanning File C:\PROGRA~1\TOSHIBA\POWERM~1\CePMTray.exe
Thu Feb 07 12:34:51 2008 => Scanning File C:\PROGRA~1\TOSHIBA\E-KEY\CeEKey.exe
Thu Feb 07 12:34:51 2008 => Scanning File C:\WINDOWS\System32\ezSP_Px.exe
Thu Feb 07 12:34:51 2008 => Scanning File C:\PROGRA~1\TOSHIBA\TouchPad\TPTray.exe
Thu Feb 07 12:34:51 2008 => Scanning File C:\toshiba\ivp\ism\pinger.exe
Thu Feb 07 12:34:51 2008 => Scanning File c:\toshiba\sysstability\tsyssmon.exe
Thu Feb 07 12:34:51 2008 => Scanning File C:\PROGRA~1\Iomega\Common\ImgStart.exe
Thu Feb 07 12:34:51 2008 => Scanning File C:\PROGRA~1\Iomega\DRIVEI~1\ImgIcon.exe
Thu Feb 07 12:34:52 2008 => Scanning File C:\PROGRA~1\Java\JRE16~2.0_0\bin\jusched.exe
Thu Feb 07 12:34:52 2008 => ERROR!!! Invalid Entry AOLDialer = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe. Removing it.
Thu Feb 07 12:34:52 2008 => Scanning File C:\PROGRA~1\Verizon\MCCITR~1.EXE
Thu Feb 07 12:34:52 2008 => Scanning File C:\PROGRA~1\Verizon\VSP\VERIZO~1.EXE
Thu Feb 07 12:34:53 2008 => ERROR!!! Invalid Entry BluetoothAuthorizationAgent = C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe. Removing it.
Thu Feb 07 12:34:53 2008 => Scanning File C:\PROGRA~1\SYMNET~1\SNDMon.exe
Thu Feb 07 12:34:53 2008 => ERROR!!! Invalid Entry My Web Search Bar Search Scope Monitor = "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w. Removing it.
Thu Feb 07 12:34:53 2008 => Scanning File C:\WINDOWS\system32\n2ewma1xxsv234.exe
Thu Feb 07 12:34:53 2008 => File C:\WINDOWS\system32\n2ewma1xxsv234.exe infected by "Packed.Win32.Tibs.ib" Virus. Action Taken: File Renamed.

Thu Feb 07 12:34:53 2008 => *** SOFTWARE\Microsoft\Windows\CurrentVersion\Run has RunningProcess defined as C:\WINDOWS\system32\n2ewma1xxsv234.exe (which is infected)!
Thu Feb 07 12:34:53 2008 => *** Reg Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SystemSv121 deleted because it is infected by a Virus
Thu Feb 07 12:34:53 2008 => Scanning File C:\WINDOWS\taskmon.exe
Thu Feb 07 12:34:54 2008 => File C:\WINDOWS\taskmon.exe infected by "Trojan-Downloader.Win32.Tibs.uo" Virus. Action Taken: File Deleted.

Thu Feb 07 12:34:54 2008 => *** SOFTWARE\Microsoft\Windows\CurrentVersion\Run has RunningProcess defined as C:\WINDOWS\taskmon.exe (which is infected)!
Thu Feb 07 12:34:54 2008 => *** Reg Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run\taskmon deleted because it is infected by a Virus
Thu Feb 07 12:34:54 2008 => Scanning File C:\ohtnyn.exe
Thu Feb 07 12:34:54 2008 => Scanning File C:\WINDOWS\system32\runtime.exe
Thu Feb 07 12:34:54 2008 => File C:\WINDOWS\system32\runtime.exe infected by "Trojan-Spy.Win32.BZub.bxp" Virus. Action Taken: File Deleted.

Thu Feb 07 12:34:54 2008 => *** SOFTWARE\Microsoft\Windows\CurrentVersion\Run has RunningProcess defined as C:\WINDOWS\system32\runtime.exe (which is infected)!
Thu Feb 07 12:34:54 2008 => *** Reg Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run\runtime.exe deleted because it is infected by a Virus

Thu Feb 07 12:34:54 2008 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Thu Feb 07 12:34:54 2008 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

Thu Feb 07 12:34:54 2008 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

Thu Feb 07 12:34:54 2008 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Thu Feb 07 12:34:55 2008 => Scanning File C:\PROGRA~1\Iomega\AutoDisk\AD2KCL~1.EXE
Thu Feb 07 12:34:55 2008 => Scanning File C:\WINDOWS\system32\ctfmon.exe

Thu Feb 07 12:34:55 2008 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Thu Feb 07 12:34:55 2008 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

Thu Feb 07 12:34:55 2008 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

Thu Feb 07 12:34:55 2008 => Scanning HKCR\txtfile\shell\open\command

Thu Feb 07 12:34:55 2008 => Scanning HKCR\comfile\shell\open\command

Thu Feb 07 12:34:55 2008 => Scanning HKCR\exefile\shell\open\command

Thu Feb 07 12:34:55 2008 => Scanning HKCR\dllfile\shell\open\command

Thu Feb 07 12:34:55 2008 => Scanning HKCR\batfile\shell\open\command

Thu Feb 07 12:34:55 2008 => Scanning HKCR\piffile\shell\open\command

Thu Feb 07 12:34:55 2008 => Scanning HKCR\scrfile\shell\open\command

Thu Feb 07 12:34:55 2008 => Scanning HKCR\scrfile\shell\config\command

Thu Feb 07 12:34:55 2008 => Scanning HKCR\regfile\shell\open\command

Thu Feb 07 12:34:55 2008 => ***** Scanning StartUp Folders *****

Thu Feb 07 12:34:55 2008 => ***** Scanning C:\Documents and Settings\Katheryn Rollinson\Start Menu\Programs\Startup Folder *****
Thu Feb 07 12:34:55 2008 => Scanning Folder: C:\Documents and Settings\Katheryn Rollinson\Start Menu\Programs\Startup\*.*
Thu Feb 07 12:34:55 2008 => Scanning File C:\Documents and Settings\Katheryn Rollinson\Start Menu\Programs\Startup\desktop.ini

Thu Feb 07 12:34:55 2008 => ***** Scanning C:\Documents and Settings\All Users\Start Menu\Programs\Startup Folder *****
Thu Feb 07 12:34:55 2008 => Scanning Folder: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\*.*
Thu Feb 07 12:34:55 2008 => Scanning File C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
Thu Feb 07 12:34:55 2008 => Scanning File C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk

Thu Feb 07 12:34:55 2008 => ***** Scanning C:\Documents and Settings\Default User\Start menu\Programs\Startup Folder *****
Thu Feb 07 12:34:55 2008 => Scanning Folder: C:\DOCUME~1\DEFAUL~1\STARTM~1\Programs\Startup\*.*
Thu Feb 07 12:34:55 2008 => Scanning File C:\DOCUME~1\DEFAUL~1\STARTM~1\Programs\Startup\desktop.ini

Thu Feb 07 12:34:55 2008 => ***** Scanning Service Files *****
Thu Feb 07 12:34:55 2008 => Scanning HKLM\SYSTEM\CurrentControlSet\Services
Thu Feb 07 12:34:55 2008 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Feb 07 12:34:55 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\ACPI.sys
Thu Feb 07 12:34:56 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
Thu Feb 07 12:34:56 2008 => Scanning File C:\WINDOWS\system32\drivers\aec.sys
Thu Feb 07 12:34:56 2008 => Scanning File C:\WINDOWS\System32\drivers\afd.sys
Thu Feb 07 12:34:56 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\AGRSM.sys
Thu Feb 07 12:34:56 2008 => Scanning File C:\WINDOWS\system32\drivers\ALCXWDM.SYS
Thu Feb 07 12:34:56 2008 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Feb 07 12:34:56 2008 => Scanning File C:\WINDOWS\System32\alg.exe
Thu Feb 07 12:34:56 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
Thu Feb 07 12:34:56 2008 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Feb 07 12:34:56 2008 => Scanning File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
  • 0

#4
kathy4u2nv

kathy4u2nv

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
MWAV Report part 3

Thu Feb 07 12:34:57 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\asyncmac.sys
Thu Feb 07 12:34:57 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\atapi.sys
Thu Feb 07 12:34:57 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\atmarpc.sys
Thu Feb 07 12:34:57 2008 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Feb 07 12:34:57 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\audstub.sys
Thu Feb 07 12:34:57 2008 => Scanning File C:\PROGRA~1\Symantec\LIVEUP~2\ALUSCH~1.EXE
Thu Feb 07 12:34:57 2008 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Feb 07 12:34:57 2008 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Feb 07 12:34:57 2008 => Scanning File C:\WINDOWS\SYSTEM32\BURITO4271-108.SYS
Thu Feb 07 12:34:57 2008 => File C:\WINDOWS\SYSTEM32\BURITO4271-108.SYS infected by "Email-Worm.Win32.Zhelatin.sd" Virus. Action Taken: File Deleted.

Thu Feb 07 12:34:57 2008 => *** SYSTEM\CurrentControlSet\Services\burito4271-108 has RunningProcess defined as C:\WINDOWS\SYSTEM32\BURITO4271-108.SYS (which is infected)!
Thu Feb 07 12:34:57 2008 => *** Reg Value SYSTEM\CurrentControlSet\Services\burito4271-108\ImagePath deleted because it is infected by a Virus
Thu Feb 07 12:34:57 2008 => *** Reg Key SYSTEM\CurrentControlSet\Services\burito4271-108 deleted because ImagePath file infected by a Virus
Thu Feb 07 12:34:57 2008 => Scanning File C:\WINDOWS\SYSTEM32\BURITOAA3-4D6.SYS
Thu Feb 07 12:34:57 2008 => File C:\WINDOWS\SYSTEM32\BURITOAA3-4D6.SYS infected by "Email-Worm.Win32.Zhelatin.sd" Virus. Action Taken: File Deleted.

Thu Feb 07 12:34:57 2008 => *** SYSTEM\CurrentControlSet\Services\buritoaa3-4d6 has RunningProcess defined as C:\WINDOWS\SYSTEM32\BURITOAA3-4D6.SYS (which is infected)!
Thu Feb 07 12:34:57 2008 => *** Reg Value SYSTEM\CurrentControlSet\Services\buritoaa3-4d6\ImagePath deleted because it is infected by a Virus
Thu Feb 07 12:34:57 2008 => *** Reg Key SYSTEM\CurrentControlSet\Services\buritoaa3-4d6 deleted because ImagePath file infected by a Virus
Thu Feb 07 12:34:57 2008 => ERROR!!! Invalid Entry \??\C:\DOCUME~1\KATHER~1\LOCALS~1\Temp\catchme.sys in SYSTEM\CurrentControlSet\Services\catchme...
Thu Feb 07 12:34:58 2008 => Scanning File C:\PROGRA~1\COMMON~1\SYMANT~1\ccEvtMgr.exe
Thu Feb 07 12:34:58 2008 => Scanning File C:\PROGRA~1\COMMON~1\SYMANT~1\ccPwdSvc.exe
Thu Feb 07 12:34:58 2008 => Scanning File C:\PROGRA~1\COMMON~1\SYMANT~1\ccSetMgr.exe
Thu Feb 07 12:34:58 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\cdrom.sys
Thu Feb 07 12:34:58 2008 => Scanning File C:\WINDOWS\system32\cisvc.exe
Thu Feb 07 12:34:58 2008 => Scanning File C:\WINDOWS\system32\clipsrv.exe
Thu Feb 07 12:34:58 2008 => Scanning File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
Thu Feb 07 12:34:58 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\CmBatt.sys
Thu Feb 07 12:34:58 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\compbatt.sys
Thu Feb 07 12:34:59 2008 => Scanning File C:\WINDOWS\System32\dllhost.exe
Thu Feb 07 12:34:59 2008 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\CO_MON.SYS
Thu Feb 07 12:34:59 2008 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Feb 07 12:34:59 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\css-dvp.sys
Thu Feb 07 12:34:59 2008 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Feb 07 12:34:59 2008 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Feb 07 12:34:59 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\disk.sys
Thu Feb 07 12:34:59 2008 => Scanning File C:\WINDOWS\System32\dmadmin.exe
Thu Feb 07 12:34:59 2008 => Scanning File C:\WINDOWS\system32\drivers\dmboot.sys
Thu Feb 07 12:35:00 2008 => Scanning File C:\WINDOWS\system32\drivers\dmio.sys
Thu Feb 07 12:35:00 2008 => Scanning File C:\WINDOWS\system32\drivers\dmload.sys
Thu Feb 07 12:35:00 2008 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Feb 07 12:35:00 2008 => Scanning File C:\WINDOWS\system32\drivers\DMusic.sys
Thu Feb 07 12:35:00 2008 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Feb 07 12:35:00 2008 => Scanning File C:\WINDOWS\system32\drivers\drmkaud.sys
Thu Feb 07 12:35:00 2008 => Scanning File C:\PROGRA~1\COMMON~1\AUTHEN~1\ANTIVI~1\dvpapi.exe
Thu Feb 07 12:35:00 2008 => Scanning File C:\WINDOWS\system32\Drivers\hkdrv.sys
Thu Feb 07 12:35:00 2008 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Feb 07 12:35:00 2008 => Scanning File C:\WINDOWS\system32\services.exe
Thu Feb 07 12:35:00 2008 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Feb 07 12:35:00 2008 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Feb 07 12:35:00 2008 => Scanning File C:\WINDOWS\system32\fxssvc.exe
Thu Feb 07 12:35:01 2008 => Scanning File C:\WINDOWS\system32\drivers\fltmgr.sys
Thu Feb 07 12:35:01 2008 => Scanning File c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
Thu Feb 07 12:35:01 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\ftdisk.sys
Thu Feb 07 12:35:01 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\msgpc.sys
Thu Feb 07 12:35:01 2008 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Feb 07 12:35:01 2008 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Feb 07 12:35:01 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\hidusb.sys
Thu Feb 07 12:35:01 2008 => Scanning File C:\WINDOWS\system32\Drivers\HTTP.sys
Thu Feb 07 12:35:01 2008 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Feb 07 12:35:01 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Thu Feb 07 12:35:01 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
Thu Feb 07 12:35:02 2008 => Scanning File C:\WINDOWS\MICROS~1.NET\FRAMEW~1\v3.0\WINDOW~1\infocard.exe
Thu Feb 07 12:35:02 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\imapi.sys
Thu Feb 07 12:35:02 2008 => Scanning File C:\WINDOWS\System32\imapi.exe
Thu Feb 07 12:35:02 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\intelide.sys
Thu Feb 07 12:35:02 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\intelppm.sys
Thu Feb 07 12:35:02 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\iomdisk.sys
Thu Feb 07 12:35:02 2008 => Scanning File C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
Thu Feb 07 12:35:03 2008 => Scanning File C:\WINDOWS\system32\drivers\ip6fw.sys
Thu Feb 07 12:35:03 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
Thu Feb 07 12:35:03 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\ipinip.sys
Thu Feb 07 12:35:03 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\ipnat.sys
Thu Feb 07 12:35:03 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\ipsec.sys
Thu Feb 07 12:35:03 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\irenum.sys
Thu Feb 07 12:35:03 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\isapnp.sys
Thu Feb 07 12:35:03 2008 => Scanning File C:\WINDOWS\SYSTEM32\JNHJKFRN
Thu Feb 07 12:35:04 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Thu Feb 07 12:35:04 2008 => Scanning File C:\WINDOWS\system32\drivers\kmixer.sys
Thu Feb 07 12:35:04 2008 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Feb 07 12:35:04 2008 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Feb 07 12:35:04 2008 => Scanning File C:\PROGRA~1\Symantec\LIVEUP~2\LUCOMS~1.EXE
Thu Feb 07 12:35:04 2008 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Feb 07 12:35:04 2008 => Scanning File C:\WINDOWS\System32\tcpsvcs.exe
Thu Feb 07 12:35:05 2008 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Feb 07 12:35:05 2008 => Scanning File C:\WINDOWS\System32\mnmsrvc.exe
Thu Feb 07 12:35:05 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\mouclass.sys
Thu Feb 07 12:35:05 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\mouhid.sys
Thu Feb 07 12:35:05 2008 => Scanning File C:\PROGRA~1\COMMON~1\MOTIVE\MREMPR5.SYS
Thu Feb 07 12:35:05 2008 => Scanning File C:\PROGRA~1\COMMON~1\MOTIVE\MRENDIS5.SYS
Thu Feb 07 12:35:05 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Thu Feb 07 12:35:05 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Thu Feb 07 12:35:06 2008 => Scanning File C:\WINDOWS\System32\msdtc.exe
Thu Feb 07 12:35:06 2008 => Scanning File C:\WINDOWS\system32\msiexec.exe
Thu Feb 07 12:35:06 2008 => Scanning File C:\WINDOWS\system32\drivers\MSKSSRV.sys
Thu Feb 07 12:35:06 2008 => Scanning File C:\WINDOWS\system32\drivers\MSPCLOCK.sys
Thu Feb 07 12:35:06 2008 => Scanning File C:\WINDOWS\system32\drivers\MSPQM.sys
Thu Feb 07 12:35:06 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Thu Feb 07 12:35:06 2008 => Scanning File C:\PROGRA~1\NORTON~1\navapsvc.exe
Thu Feb 07 12:35:06 2008 => Scanning File C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080206.004\NAVENG.SYS
Thu Feb 07 12:35:06 2008 => Scanning File C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080206.004\NAVEX15.SYS
Thu Feb 07 12:35:06 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Thu Feb 07 12:35:06 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Thu Feb 07 12:35:07 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Thu Feb 07 12:35:07 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\netbios.sys
Thu Feb 07 12:35:07 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\netbt.sys
Thu Feb 07 12:35:07 2008 => Scanning File C:\WINDOWS\system32\netdde.exe
  • 0

#5
kathy4u2nv

kathy4u2nv

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
MWAV Report part 4

Thu Feb 07 12:35:07 2008 => Scanning File C:\WINDOWS\system32\netdde.exe
Thu Feb 07 12:35:07 2008 => Scanning File C:\WINDOWS\System32\lsass.exe
Thu Feb 07 12:35:07 2008 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Feb 07 12:35:07 2008 => Scanning File C:\WINDOWS\MICROS~1.NET\FRAMEW~1\v3.0\WINDOW~1\SMSVCH~1.EXE
Thu Feb 07 12:35:07 2008 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Feb 07 12:35:07 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\NMnt.sys
Thu Feb 07 12:35:08 2008 => Scanning File C:\PROGRA~1\NORTON~1\IWP\NPFMntor.exe
Thu Feb 07 12:35:08 2008 => Scanning File C:\WINDOWS\System32\lsass.exe
Thu Feb 07 12:35:08 2008 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Feb 07 12:35:08 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
Thu Feb 07 12:35:08 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
Thu Feb 07 12:35:08 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
Thu Feb 07 12:35:08 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
Thu Feb 07 12:35:08 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
Thu Feb 07 12:35:08 2008 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Feb 07 12:35:08 2008 => Scanning File C:\PROGRA~1\COMMON~1\MICROS~1\SOURCE~1\OSE.EXE
Thu Feb 07 12:35:08 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\parport.sys
Thu Feb 07 12:35:08 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\pci.sys
Thu Feb 07 12:35:08 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\pciide.sys
Thu Feb 07 12:35:08 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\pcmcia.sys
Thu Feb 07 12:35:09 2008 => Scanning File C:\WINDOWS\system32\drivers\pfc.sys
Thu Feb 07 12:35:09 2008 => Scanning File C:\WINDOWS\system32\services.exe
Thu Feb 07 12:35:09 2008 => Scanning File C:\WINDOWS\System32\lsass.exe
Thu Feb 07 12:35:09 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\raspptp.sys
Thu Feb 07 12:35:09 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\processr.sys
Thu Feb 07 12:35:09 2008 => Scanning File C:\WINDOWS\system32\lsass.exe
Thu Feb 07 12:35:09 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\psched.sys
Thu Feb 07 12:35:09 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\ptilink.sys
Thu Feb 07 12:35:09 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
Thu Feb 07 12:35:09 2008 => Scanning File C:\WINDOWS\system32\dllhost.exe
Thu Feb 07 12:35:09 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\rasacd.sys
Thu Feb 07 12:35:09 2008 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Feb 07 12:35:09 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Thu Feb 07 12:35:09 2008 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Feb 07 12:35:09 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Thu Feb 07 12:35:09 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\raspti.sys
Thu Feb 07 12:35:09 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\rdbss.sys
Thu Feb 07 12:35:09 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
Thu Feb 07 12:35:10 2008 => Scanning File C:\WINDOWS\system32\sessmgr.exe
Thu Feb 07 12:35:10 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\redbook.sys
Thu Feb 07 12:35:10 2008 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Feb 07 12:35:10 2008 => Scanning File C:\WINDOWS\System32\locator.exe
Thu Feb 07 12:35:10 2008 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Feb 07 12:35:10 2008 => Scanning File C:\PROGRA~1\Verizon\PCSECU~1\RPSUPD~1.EXE
Thu Feb 07 12:35:10 2008 => Scanning File C:\WINDOWS\System32\rsvp.exe
Thu Feb 07 12:35:10 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
Thu Feb 07 12:35:10 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
Thu Feb 07 12:35:10 2008 => Scanning File C:\WINDOWS\system32\lsass.exe
Thu Feb 07 12:35:10 2008 => Scanning File C:\PROGRA~1\NORTON~1\SAVRT.SYS
Thu Feb 07 12:35:11 2008 => Scanning File C:\PROGRA~1\NORTON~1\SAVRTPEL.SYS
Thu Feb 07 12:35:11 2008 => Scanning File C:\PROGRA~1\NORTON~1\SAVScan.exe
Thu Feb 07 12:35:11 2008 => Scanning File C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
Thu Feb 07 12:35:11 2008 => Scanning File C:\WINDOWS\System32\SCardSvr.exe
Thu Feb 07 12:35:11 2008 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Feb 07 12:35:11 2008 => Scanning File C:\WINDOWS\system32\drivers\scsiport.sys
Thu Feb 07 12:35:11 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\secdrv.sys
Thu Feb 07 12:35:11 2008 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Feb 07 12:35:11 2008 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Feb 07 12:35:11 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\sfloppy.sys
Thu Feb 07 12:35:11 2008 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Feb 07 12:35:11 2008 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Feb 07 12:35:12 2008 => Scanning File C:\WINDOWS\System32\tcpsvcs.exe
Thu Feb 07 12:35:12 2008 => Scanning File C:\PROGRA~1\COMMON~1\SYMANT~1\SNDSrvc.exe
Thu Feb 07 12:35:12 2008 => Scanning File C:\WINDOWS\System32\snmp.exe
Thu Feb 07 12:35:12 2008 => Scanning File C:\WINDOWS\System32\snmptrap.exe
Thu Feb 07 12:35:12 2008 => Scanning File C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\SPBBCDRV.SYS
Thu Feb 07 12:35:12 2008 => Scanning File C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\SPBBCSvc.exe
Thu Feb 07 12:35:12 2008 => Scanning File C:\WINDOWS\system32\drivers\splitter.sys
Thu Feb 07 12:35:12 2008 => Scanning File C:\WINDOWS\system32\spoolsv.exe
Thu Feb 07 12:35:12 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\sr.sys
Thu Feb 07 12:35:13 2008 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Feb 07 12:35:13 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\srv.sys
Thu Feb 07 12:35:13 2008 => Scanning File C:\WINDOWS\system32\Drivers\EKIoMngr.sys
Thu Feb 07 12:35:13 2008 => Scanning File C:\WINDOWS\system32\Drivers\EPIoMngr.sys
Thu Feb 07 12:35:13 2008 => Scanning File C:\WINDOWS\system32\Drivers\SSIoMngr.sys
Thu Feb 07 12:35:13 2008 => Scanning File C:\WINDOWS\system32\Drivers\TPIoMngr.sys
Thu Feb 07 12:35:13 2008 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Feb 07 12:35:13 2008 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Feb 07 12:35:13 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\swenum.sys
Thu Feb 07 12:35:13 2008 => Scanning File C:\WINDOWS\system32\drivers\swmidi.sys
Thu Feb 07 12:35:13 2008 => Scanning File C:\WINDOWS\System32\dllhost.exe
Thu Feb 07 12:35:13 2008 => Scanning File C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
Thu Feb 07 12:35:14 2008 => Scanning File C:\WINDOWS\System32\Drivers\SYMDNS.SYS
Thu Feb 07 12:35:14 2008 => Scanning File C:\PROGRA~1\SYMANTEC\SYMEVENT.SYS
Thu Feb 07 12:35:14 2008 => Scanning File C:\WINDOWS\System32\Drivers\SYMFW.SYS
Thu Feb 07 12:35:14 2008 => Scanning File C:\WINDOWS\System32\Drivers\SYMIDS.SYS
Thu Feb 07 12:35:15 2008 => Scanning File C:\PROGRA~1\COMMON~1\SYMANT~1\SYMCDATA\IDS-DI~1\20080205.001\SYMIDSCO.SYS
Thu Feb 07 12:35:15 2008 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\SYMLCBRD.SYS
Thu Feb 07 12:35:15 2008 => Scanning File C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
Thu Feb 07 12:35:15 2008 => Scanning File C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
Thu Feb 07 12:35:15 2008 => Scanning File C:\WINDOWS\System32\Drivers\SYMTDI.SYS
Thu Feb 07 12:35:15 2008 => Scanning File C:\WINDOWS\system32\drivers\sysaudio.sys
Thu Feb 07 12:35:15 2008 => Scanning File C:\WINDOWS\system32\smlogsvc.exe
Thu Feb 07 12:35:15 2008 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Feb 07 12:35:16 2008 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\TBIOSDRV.SYS
Thu Feb 07 12:35:16 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\tcpip.sys
Thu Feb 07 12:35:16 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\tcpip6.sys
Thu Feb 07 12:35:16 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\termdd.sys
Thu Feb 07 12:35:16 2008 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Feb 07 12:35:16 2008 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Feb 07 12:35:16 2008 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Feb 07 12:35:16 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\tunmp.sys
Thu Feb 07 12:35:16 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\update.sys
Thu Feb 07 12:35:16 2008 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Feb 07 12:35:16 2008 => Scanning File C:\WINDOWS\System32\ups.exe
Thu Feb 07 12:35:16 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\usbehci.sys
Thu Feb 07 12:35:16 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\usbhub.sys
Thu Feb 07 12:35:16 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\usbscan.sys
Thu Feb 07 12:35:16 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Thu Feb 07 12:35:17 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\usbuhci.sys
Thu Feb 07 12:35:17 2008 => Scanning File C:\WINDOWS\System32\drivers\vga.sys
Thu Feb 07 12:35:17 2008 => Scanning File C:\PROGRA~1\VIEWPO~1\Common\VIEWPO~1.EXE
Thu Feb 07 12:35:17 2008 => Scanning File C:\WINDOWS\System32\vssvc.exe
Thu Feb 07 12:35:17 2008 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Feb 07 12:35:17 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\wanarp.sys
Thu Feb 07 12:35:17 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\wanatw4.sys
  • 0

#6
kathy4u2nv

kathy4u2nv

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
MWAV Report part 5

Thu Feb 07 12:35:17 2008 => Scanning File C:\WINDOWS\system32\drivers\wdmaud.sys
Thu Feb 07 12:35:17 2008 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Feb 07 12:35:17 2008 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Feb 07 12:35:17 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\wlags48b.sys
Thu Feb 07 12:35:17 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\wlluc48.sys
Thu Feb 07 12:35:17 2008 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Feb 07 12:35:17 2008 => Scanning File C:\WINDOWS\System32\wbem\wmiapsrv.exe
Thu Feb 07 12:35:18 2008 => Scanning File C:\PROGRA~1\WINDOW~2\WMPNetwk.exe
Thu Feb 07 12:35:18 2008 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Feb 07 12:35:18 2008 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Feb 07 12:35:18 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\WudfPf.sys
Thu Feb 07 12:35:18 2008 => Scanning File C:\WINDOWS\system32\DRIVERS\wudfrd.sys
Thu Feb 07 12:35:18 2008 => Scanning File C:\WINDOWS\system32\svchost.exe
Thu Feb 07 12:35:18 2008 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Feb 07 12:35:18 2008 => Scanning File C:\WINDOWS\System32\svchost.exe
Thu Feb 07 12:35:18 2008 => Scanning File C:\WINDOWS\system32\drivers\ialmsbw.sys
Thu Feb 07 12:35:18 2008 => Scanning File C:\WINDOWS\system32\drivers\ialmkchw.sys
Thu Feb 07 12:35:18 2008 => Scanning File C:\WINDOWS\system32\drivers\wA301a.sys

Thu Feb 07 12:35:18 2008 => ***** Scanning System32 Folders *****
Thu Feb 07 12:35:19 2008 => Scanning C:\WINDOWS Directory
Thu Feb 07 12:35:19 2008 => Scanning Folder: C:\WINDOWS\*.*
Thu Feb 07 12:35:21 2008 => Scanning File C:\WINDOWS\0.log [**]
Thu Feb 07 12:35:21 2008 => Scanning File C:\WINDOWS\002213_.tmp
Thu Feb 07 12:35:21 2008 => Scanning File C:\WINDOWS\Active Setup Log.txt
Thu Feb 07 12:35:21 2008 => Scanning File C:\WINDOWS\agrsmdel.exe
Thu Feb 07 12:35:22 2008 => Scanning File C:\WINDOWS\alcrmv.exe
Thu Feb 07 12:35:22 2008 => Scanning File C:\WINDOWS\alcupd.exe
Thu Feb 07 12:35:23 2008 => Scanning File C:\WINDOWS\aolback.exe.lnk
Thu Feb 07 12:35:23 2008 => Scanning File C:\WINDOWS\artera.usr
Thu Feb 07 12:35:23 2008 => Scanning File C:\WINDOWS\atid.ini
Thu Feb 07 12:35:23 2008 => Scanning File C:\WINDOWS\AWMODEM.INF
Thu Feb 07 12:35:23 2008 => Scanning File C:\WINDOWS\basecsp.log
Thu Feb 07 12:35:23 2008 => Scanning File C:\WINDOWS\Blue Lace 16.bmp
Thu Feb 07 12:35:23 2008 => Scanning File C:\WINDOWS\bootstat.dat
Thu Feb 07 12:35:23 2008 => Scanning File C:\WINDOWS\BVER.BAT
Thu Feb 07 12:35:23 2008 => Scanning File C:\WINDOWS\C0XoCF96jW.exe
Thu Feb 07 12:35:23 2008 => Scanning File C:\WINDOWS\CARPDLL.DLL
Thu Feb 07 12:35:24 2008 => Scanning File C:\WINDOWS\carpserv.exe
Thu Feb 07 12:35:24 2008 => Scanning File C:\WINDOWS\CBBasis.xml
Thu Feb 07 12:35:24 2008 => Scanning File C:\WINDOWS\CBVersion.txt
Thu Feb 07 12:35:24 2008 => Scanning File C:\WINDOWS\cdplayer.ini
Thu Feb 07 12:35:24 2008 => Scanning File C:\WINDOWS\CeEKey.INI [**]
Thu Feb 07 12:35:24 2008 => Scanning File C:\WINDOWS\CePMTray.INI [**]
Thu Feb 07 12:35:24 2008 => Scanning File C:\WINDOWS\chipset.log
Thu Feb 07 12:35:24 2008 => Scanning File C:\WINDOWS\clock.avi
Thu Feb 07 12:35:24 2008 => Scanning File C:\WINDOWS\cmsetacl.log
Thu Feb 07 12:35:24 2008 => Scanning File C:\WINDOWS\Coffee Bean.bmp
Thu Feb 07 12:35:24 2008 => Scanning File C:\WINDOWS\COM+.log
Thu Feb 07 12:35:24 2008 => Scanning File C:\WINDOWS\comsetup.log
Thu Feb 07 12:35:24 2008 => Scanning File C:\WINDOWS\control.ini [**]
Thu Feb 07 12:35:24 2008 => Scanning File C:\WINDOWS\CS_SETUP.ini
Thu Feb 07 12:35:24 2008 => Scanning File C:\WINDOWS\desktop.ini
Thu Feb 07 12:35:24 2008 => Scanning File C:\WINDOWS\DirectX.log
Thu Feb 07 12:35:24 2008 => Scanning File C:\WINDOWS\DtcInstall.log
Thu Feb 07 12:35:24 2008 => Scanning File C:\WINDOWS\EReg206.dat
Thu Feb 07 12:35:25 2008 => Scanning File C:\WINDOWS\EventSystem.log
Thu Feb 07 12:35:25 2008 => Scanning File C:\WINDOWS\explorer.exe
Thu Feb 07 12:35:25 2008 => Scanning File C:\WINDOWS\explorer.scf
Thu Feb 07 12:35:25 2008 => Scanning File C:\WINDOWS\FaxSetup.log
Thu Feb 07 12:35:25 2008 => Scanning File C:\WINDOWS\FeatherTexture.bmp
Thu Feb 07 12:35:25 2008 => Scanning File C:\WINDOWS\FreedomInstallScript.log
Thu Feb 07 12:35:25 2008 => Scanning File C:\WINDOWS\Gone Fishing.bmp
Thu Feb 07 12:35:25 2008 => Scanning File C:\WINDOWS\Greenstone.bmp
Thu Feb 07 12:35:25 2008 => Scanning File C:\WINDOWS\habifypo.exe
Thu Feb 07 12:35:25 2008 => Scanning File C:\WINDOWS\hh.exe
Thu Feb 07 12:35:25 2008 => Scanning File C:\WINDOWS\IDNMitigationAPIs.log
Thu Feb 07 12:35:25 2008 => Scanning File C:\WINDOWS\ie7.log
Thu Feb 07 12:35:26 2008 => Scanning File C:\WINDOWS\ie7Uninst.log
Thu Feb 07 12:35:26 2008 => Scanning File C:\WINDOWS\ie7_main.log
Thu Feb 07 12:35:26 2008 => Scanning File C:\WINDOWS\iereseticons.log
Thu Feb 07 12:35:26 2008 => Scanning File C:\WINDOWS\ifmtirop.exe
Thu Feb 07 12:35:27 2008 => File C:\WINDOWS\ifmtirop.exe infected by "not-virus:Hoax.Win32.Renos.asa" Virus. Action Taken: File Renamed.

Thu Feb 07 12:35:27 2008 => Scanning File C:\WINDOWS\iis6.log
Thu Feb 07 12:35:28 2008 => Scanning File C:\WINDOWS\imsins.BAK
Thu Feb 07 12:35:28 2008 => Scanning File C:\WINDOWS\imsins.log
Thu Feb 07 12:35:28 2008 => Scanning File C:\WINDOWS\intuprof.ini
Thu Feb 07 12:35:28 2008 => Scanning File C:\WINDOWS\iomqs3.dat
Thu Feb 07 12:35:28 2008 => Scanning File C:\WINDOWS\IPROF32.DLL
Thu Feb 07 12:35:28 2008 => Scanning File C:\WINDOWS\IsUninst.exe
Thu Feb 07 12:35:28 2008 => Scanning File C:\WINDOWS\jautoexp.dat
Thu Feb 07 12:35:28 2008 => Scanning File C:\WINDOWS\java_install_reg.log
Thu Feb 07 12:35:28 2008 => Scanning File C:\WINDOWS\KB835409.log
Thu Feb 07 12:35:29 2008 => Scanning File C:\WINDOWS\KB835732.log
Thu Feb 07 12:35:29 2008 => Scanning File C:\WINDOWS\KB842773.log
Thu Feb 07 12:35:29 2008 => Scanning File C:\WINDOWS\KB873339.log
Thu Feb 07 12:35:29 2008 => Scanning File C:\WINDOWS\KB885835.log
Thu Feb 07 12:35:29 2008 => Scanning File C:\WINDOWS\KB885836.log
Thu Feb 07 12:35:29 2008 => Scanning File C:\WINDOWS\KB886185.log
Thu Feb 07 12:35:29 2008 => Scanning File C:\WINDOWS\KB887472.log
Thu Feb 07 12:35:29 2008 => Scanning File C:\WINDOWS\KB888113.log
Thu Feb 07 12:35:30 2008 => Scanning File C:\WINDOWS\KB888302.log
Thu Feb 07 12:35:30 2008 => Scanning File C:\WINDOWS\KB890046.log
Thu Feb 07 12:35:30 2008 => Scanning File C:\WINDOWS\KB890859.log
Thu Feb 07 12:35:30 2008 => Scanning File C:\WINDOWS\KB891781.log
Thu Feb 07 12:35:30 2008 => Scanning File C:\WINDOWS\KB892130.log
Thu Feb 07 12:35:30 2008 => Scanning File C:\WINDOWS\KB893756.log
Thu Feb 07 12:35:30 2008 => Scanning File C:\WINDOWS\KB893803v2.log
Thu Feb 07 12:35:31 2008 => Scanning File C:\WINDOWS\KB896344.log
Thu Feb 07 12:35:31 2008 => Scanning File C:\WINDOWS\KB896358.log
Thu Feb 07 12:35:31 2008 => Scanning File C:\WINDOWS\KB896423.log
Thu Feb 07 12:35:31 2008 => Scanning File C:\WINDOWS\KB896424.log
Thu Feb 07 12:35:31 2008 => Scanning File C:\WINDOWS\KB896428.log
Thu Feb 07 12:35:31 2008 => Scanning File C:\WINDOWS\KB898458.log
Thu Feb 07 12:35:31 2008 => Scanning File C:\WINDOWS\KB898461.log
Thu Feb 07 12:35:32 2008 => Scanning File C:\WINDOWS\KB899587.log
Thu Feb 07 12:35:32 2008 => Scanning File C:\WINDOWS\KB899591.log
Thu Feb 07 12:35:32 2008 => Scanning File C:\WINDOWS\KB900485.log
Thu Feb 07 12:35:32 2008 => Scanning File C:\WINDOWS\KB900725.log
Thu Feb 07 12:35:32 2008 => Scanning File C:\WINDOWS\KB901017.log
Thu Feb 07 12:35:33 2008 => Scanning File C:\WINDOWS\KB901214.log
Thu Feb 07 12:35:33 2008 => Scanning File C:\WINDOWS\KB902400.log
Thu Feb 07 12:35:33 2008 => Scanning File C:\WINDOWS\KB904706.log
Thu Feb 07 12:35:33 2008 => Scanning File C:\WINDOWS\KB904942.log
Thu Feb 07 12:35:33 2008 => Scanning File C:\WINDOWS\KB905414.log
Thu Feb 07 12:35:33 2008 => Scanning File C:\WINDOWS\KB905495.log
Thu Feb 07 12:35:33 2008 => Scanning File C:\WINDOWS\KB905749.log
Thu Feb 07 12:35:33 2008 => Scanning File C:\WINDOWS\KB908519.log
Thu Feb 07 12:35:33 2008 => Scanning File C:\WINDOWS\KB908531.log
Thu Feb 07 12:35:33 2008 => Scanning File C:\WINDOWS\KB910437.log
Thu Feb 07 12:35:34 2008 => Scanning File C:\WINDOWS\KB911280.log
Thu Feb 07 12:35:34 2008 => Scanning File C:\WINDOWS\KB911562.log
Thu Feb 07 12:35:34 2008 => Scanning File C:\WINDOWS\KB911564.log
Thu Feb 07 12:35:34 2008 => Scanning File C:\WINDOWS\KB911565.log
Thu Feb 07 12:35:34 2008 => Scanning File C:\WINDOWS\KB911567-OE6SP1-20060316.165634.log
Thu Feb 07 12:35:34 2008 => Scanning File C:\WINDOWS\KB911567.log
Thu Feb 07 12:35:34 2008 => Scanning File C:\WINDOWS\KB911927.log
Thu Feb 07 12:35:35 2008 => Scanning File C:\WINDOWS\KB912919.log
Thu Feb 07 12:35:35 2008 => Scanning File C:\WINDOWS\KB913580.log
Thu Feb 07 12:35:35 2008 => Scanning File C:\WINDOWS\KB914388.log
Thu Feb 07 12:35:35 2008 => Scanning File C:\WINDOWS\KB914389.log
Thu Feb 07 12:35:35 2008 => Scanning File C:\WINDOWS\KB914440.log
Thu Feb 07 12:35:35 2008 => Scanning File C:\WINDOWS\KB914798.log
Thu Feb 07 12:35:35 2008 => Scanning File C:\WINDOWS\KB915865.log
Thu Feb 07 12:35:35 2008 => Scanning File C:\WINDOWS\KB916281-IE6SP1-20060526.162249.log
Thu Feb 07 12:35:35 2008 => Scanning File C:\WINDOWS\KB916595.log
Thu Feb 07 12:35:36 2008 => Scanning File C:\WINDOWS\KB917159.log
Thu Feb 07 12:35:36 2008 => Scanning File C:\WINDOWS\KB917344.log
Thu Feb 07 12:35:36 2008 => Scanning File C:\WINDOWS\KB917422.log
Thu Feb 07 12:35:36 2008 => Scanning File C:\WINDOWS\KB917734.log
Thu Feb 07 12:35:36 2008 => Scanning File C:\WINDOWS\KB917953.log
Thu Feb 07 12:35:36 2008 => Scanning File C:\WINDOWS\KB918118.log
Thu Feb 07 12:35:36 2008 => Scanning File C:\WINDOWS\KB918439-IE6SP1-20060530.145346.log
Thu Feb 07 12:35:36 2008 => Scanning File C:\WINDOWS\KB918766.log
Thu Feb 07 12:35:36 2008 => Scanning File C:\WINDOWS\KB918899-IE6SP1-20060725.123917.log
Thu Feb 07 12:35:36 2008 => Scanning File C:\WINDOWS\KB918899.log
Thu Feb 07 12:35:37 2008 => Scanning File C:\WINDOWS\KB919007.log
Thu Feb 07 12:35:37 2008 => Scanning File C:\WINDOWS\KB920213.log
Thu Feb 07 12:35:37 2008 => Scanning File C:\WINDOWS\KB920214.log
Thu Feb 07 12:35:37 2008 => Scanning File C:\WINDOWS\KB920342.log
Thu Feb 07 12:35:37 2008 => Scanning File C:\WINDOWS\KB920670.log
Thu Feb 07 12:35:37 2008 => Scanning File C:\WINDOWS\KB920683.log
Thu Feb 07 12:35:37 2008 => Scanning File C:\WINDOWS\KB920685.log
Thu Feb 07 12:35:37 2008 => Scanning File C:\WINDOWS\KB920872.log
Thu Feb 07 12:35:37 2008 => Scanning File C:\WINDOWS\KB921398.log
Thu Feb 07 12:35:37 2008 => Scanning File C:\WINDOWS\KB921503.log
Thu Feb 07 12:35:37 2008 => Scanning File C:\WINDOWS\KB921883.log
Thu Feb 07 12:35:38 2008 => Scanning File C:\WINDOWS\KB922582.log
Thu Feb 07 12:35:38 2008 => Scanning File C:\WINDOWS\KB922616.log
Thu Feb 07 12:35:38 2008 => Scanning File C:\WINDOWS\KB922760.log
Thu Feb 07 12:35:38 2008 => Scanning File C:\WINDOWS\KB922819.log
Thu Feb 07 12:35:38 2008 => Scanning File C:\WINDOWS\KB923191.log
Thu Feb 07 12:35:38 2008 => Scanning File C:\WINDOWS\KB923414.log
Thu Feb 07 12:35:38 2008 => Scanning File C:\WINDOWS\KB923689.log
Thu Feb 07 12:35:38 2008 => Scanning File C:\WINDOWS\KB923694.log
Thu Feb 07 12:35:38 2008 => Scanning File C:\WINDOWS\KB923723.log
Thu Feb 07 12:35:38 2008 => Scanning File C:\WINDOWS\KB923980.log
Thu Feb 07 12:35:38 2008 => Scanning File C:\WINDOWS\KB924191.log
Thu Feb 07 12:35:39 2008 => Scanning File C:\WINDOWS\KB924270.log
Thu Feb 07 12:35:39 2008 => Scanning File C:\WINDOWS\KB924496.log
Thu Feb 07 12:35:39 2008 => Scanning File C:\WINDOWS\KB924667.log
Thu Feb 07 12:35:39 2008 => Scanning File C:\WINDOWS\KB925398.log
Thu Feb 07 12:35:39 2008 => Scanning File C:\WINDOWS\KB925454.log
Thu Feb 07 12:35:39 2008 => Scanning File C:\WINDOWS\KB925486.log
Thu Feb 07 12:35:39 2008 => Scanning File C:\WINDOWS\KB925876.log
Thu Feb 07 12:35:39 2008 => Scanning File C:\WINDOWS\KB925902.log
Thu Feb 07 12:35:39 2008 => Scanning File C:\WINDOWS\KB926239.log
Thu Feb 07 12:35:39 2008 => Scanning File C:\WINDOWS\KB926247.log
Thu Feb 07 12:35:39 2008 => Scanning File C:\WINDOWS\KB926255.log
Thu Feb 07 12:35:39 2008 => Scanning File C:\WINDOWS\KB926436.log
Thu Feb 07 12:35:39 2008 => Scanning File C:\WINDOWS\KB927779.log
Thu Feb 07 12:35:40 2008 => Scanning File C:\WINDOWS\KB927802.log
Thu Feb 07 12:35:40 2008 => Scanning File C:\WINDOWS\KB927891.log
Thu Feb 07 12:35:40 2008 => Scanning File C:\WINDOWS\KB928090.log
Thu Feb 07 12:35:40 2008 => Scanning File C:\WINDOWS\KB928255.log
Thu Feb 07 12:35:40 2008 => Scanning File C:\WINDOWS\KB928843.log
Thu Feb 07 12:35:40 2008 => Scanning File C:\WINDOWS\KB929123.log
Thu Feb 07 12:35:40 2008 => Scanning File C:\WINDOWS\KB929338.log
Thu Feb 07 12:35:40 2008 => Scanning File C:\WINDOWS\KB929399.log
Thu Feb 07 12:35:40 2008 => Scanning File C:\WINDOWS\KB929969.log
Thu Feb 07 12:35:40 2008 => Scanning File C:\WINDOWS\KB930178.log
Thu Feb 07 12:35:40 2008 => Scanning File C:\WINDOWS\KB930916.log
Thu Feb 07 12:35:40 2008 => Scanning File C:\WINDOWS\KB931261.log
Thu Feb 07 12:35:40 2008 => Scanning File C:\WINDOWS\KB931768.log
Thu Feb 07 12:35:40 2008 => Scanning File C:\WINDOWS\KB931784.log
Thu Feb 07 12:35:41 2008 => Scanning File C:\WINDOWS\KB931836.log
Thu Feb 07 12:35:41 2008 => Scanning File C:\WINDOWS\KB932168.log
Thu Feb 07 12:35:41 2008 => Scanning File C:\WINDOWS\KB933360.log
Thu Feb 07 12:35:41 2008 => Scanning File C:\WINDOWS\KB933566.log
Thu Feb 07 12:35:41 2008 => Scanning File C:\WINDOWS\KB933729.log
Thu Feb 07 12:35:41 2008 => Scanning File C:\WINDOWS\KB935839.log
Thu Feb 07 12:35:41 2008 => Scanning File C:\WINDOWS\KB935840.log
Thu Feb 07 12:35:41 2008 => Scanning File C:\WINDOWS\KB936021.log
Thu Feb 07 12:35:41 2008 => Scanning File C:\WINDOWS\KB936357.log
Thu Feb 07 12:35:41 2008 => Scanning File C:\WINDOWS\KB936782.log
Thu Feb 07 12:35:41 2008 => Scanning File C:\WINDOWS\KB937143.log
Thu Feb 07 12:35:41 2008 => Scanning File C:\WINDOWS\KB938127-IE7.log
Thu Feb 07 12:35:42 2008 => Scanning File C:\WINDOWS\KB938127.log
Thu Feb 07 12:35:42 2008 => Scanning File C:\WINDOWS\KB938828.log
Thu Feb 07 12:35:42 2008 => Scanning File C:\WINDOWS\KB938829.log
Thu Feb 07 12:35:42 2008 => Scanning File C:\WINDOWS\KB939653.log
Thu Feb 07 12:35:42 2008 => Scanning File C:\WINDOWS\KB939683.log
Thu Feb 07 12:35:42 2008 => Scanning File C:\WINDOWS\KB941202.log
Thu Feb 07 12:35:42 2008 => Scanning File C:\WINDOWS\KB941568.log
  • 0

#7
kathy4u2nv

kathy4u2nv

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
MWAV Report part 6

Thu Feb 07 12:35:42 2008 => Scanning File C:\WINDOWS\KB941569.log
Thu Feb 07 12:35:42 2008 => Scanning File C:\WINDOWS\KB941644.log
Thu Feb 07 12:35:42 2008 => Scanning File C:\WINDOWS\KB942615-IE7.log
Thu Feb 07 12:35:43 2008 => Scanning File C:\WINDOWS\KB942615.log
Thu Feb 07 12:35:43 2008 => Scanning File C:\WINDOWS\KB942763.log
Thu Feb 07 12:35:43 2008 => Scanning File C:\WINDOWS\KB942840.log
Thu Feb 07 12:35:43 2008 => Scanning File C:\WINDOWS\KB943460.log
Thu Feb 07 12:35:43 2008 => Scanning File C:\WINDOWS\KB943485.log
Thu Feb 07 12:35:43 2008 => Scanning File C:\WINDOWS\KB944653.log
Thu Feb 07 12:35:43 2008 => Scanning File C:\WINDOWS\KB946627.log
Thu Feb 07 12:35:43 2008 => Scanning File C:\WINDOWS\LUINSTALL.LOG
Thu Feb 07 12:35:44 2008 => Scanning File C:\WINDOWS\machine.ver
Thu Feb 07 12:35:44 2008 => Scanning File C:\WINDOWS\ModemLog_TOSHIBA Software Modem.txt
Thu Feb 07 12:35:44 2008 => Scanning File C:\WINDOWS\ModemLog_U.S. Robotics 56K Faxmodem USB.txt
Thu Feb 07 12:35:44 2008 => Scanning File C:\WINDOWS\ModemLog_Zoom V92 USB Faxmodem.txt
Thu Feb 07 12:35:44 2008 => Scanning File C:\WINDOWS\mpsetup.log
Thu Feb 07 12:35:44 2008 => Scanning File C:\WINDOWS\mrofinu27.exe.tmp
Thu Feb 07 12:35:44 2008 => File C:\WINDOWS\mrofinu27.exe.tmp infected by "Trojan-Downloader.Win32.Agent.iug" Virus. Action Taken: File Deleted.

Thu Feb 07 12:35:44 2008 => Scanning File C:\WINDOWS\MSCompPackV1.log
Thu Feb 07 12:35:45 2008 => Scanning File C:\WINDOWS\msdfmap.ini
Thu Feb 07 12:35:45 2008 => Scanning File C:\WINDOWS\MSDraw.ini [**]
Thu Feb 07 12:35:45 2008 => Scanning File C:\WINDOWS\msgsocm.log
Thu Feb 07 12:35:45 2008 => Scanning File C:\WINDOWS\msoffice.ini
Thu Feb 07 12:35:45 2008 => Scanning File C:\WINDOWS\msxml4-KB936181-enu.LOG
Thu Feb 07 12:35:45 2008 => Scanning File C:\WINDOWS\NDSBrow.INI [**]
Thu Feb 07 12:35:45 2008 => Scanning File C:\WINDOWS\NDSTray.INI [**]
Thu Feb 07 12:35:45 2008 => Scanning File C:\WINDOWS\Nircmd.exe
Thu Feb 07 12:35:45 2008 => Scanning File C:\WINDOWS\NLSDownlevelMapping.log
Thu Feb 07 12:35:45 2008 => Scanning File C:\WINDOWS\notepad.exe
Thu Feb 07 12:35:45 2008 => Scanning File C:\WINDOWS\nsreg.dat
Thu Feb 07 12:35:45 2008 => Scanning File C:\WINDOWS\nsw.log
Thu Feb 07 12:35:45 2008 => Scanning File C:\WINDOWS\ntbtlog.txt
Thu Feb 07 12:35:45 2008 => Scanning File C:\WINDOWS\ntdtcsetup.log
Thu Feb 07 12:35:46 2008 => Scanning File C:\WINDOWS\ocgen.log
Thu Feb 07 12:35:46 2008 => Scanning File C:\WINDOWS\ocmsn.log
Thu Feb 07 12:35:46 2008 => Scanning File C:\WINDOWS\ODBC.INI
Thu Feb 07 12:35:46 2008 => Scanning File C:\WINDOWS\ODBCINST.INI
Thu Feb 07 12:35:46 2008 => Scanning File C:\WINDOWS\OEWABLog.txt
Thu Feb 07 12:35:46 2008 => Scanning File C:\WINDOWS\opuc.dll
Thu Feb 07 12:35:46 2008 => Scanning File C:\WINDOWS\orun32.ini
Thu Feb 07 12:35:46 2008 => Scanning File C:\WINDOWS\orun32.isu
Thu Feb 07 12:35:46 2008 => Scanning File C:\WINDOWS\PCDLIB32.DLL
Thu Feb 07 12:35:47 2008 => Scanning File C:\WINDOWS\PowerReg.dat
Thu Feb 07 12:35:47 2008 => Scanning File C:\WINDOWS\Prairie Wind.bmp
Thu Feb 07 12:35:47 2008 => Scanning File C:\WINDOWS\PrintWorkShop2004.ini
Thu Feb 07 12:35:47 2008 => Scanning File C:\WINDOWS\PROTOCOL.INI [**]
Thu Feb 07 12:35:47 2008 => Scanning File C:\WINDOWS\Q323255.log
Thu Feb 07 12:35:47 2008 => Scanning File C:\WINDOWS\Q327979.log
Thu Feb 07 12:35:47 2008 => Scanning File C:\WINDOWS\Q328310.log
Thu Feb 07 12:35:47 2008 => Scanning File C:\WINDOWS\Q329048.log
Thu Feb 07 12:35:47 2008 => Scanning File C:\WINDOWS\q329112.log
Thu Feb 07 12:35:47 2008 => Scanning File C:\WINDOWS\Q329115.log
Thu Feb 07 12:35:47 2008 => Scanning File C:\WINDOWS\Q329834.log
Thu Feb 07 12:35:47 2008 => Scanning File C:\WINDOWS\qjcxqngn.dll
Thu Feb 07 12:35:48 2008 => Scanning File C:\WINDOWS\QTFont.for
Thu Feb 07 12:35:48 2008 => Scanning File C:\WINDOWS\QTFont.qfn
Thu Feb 07 12:35:48 2008 => Scanning File C:\WINDOWS\QUICKEN.INI
Thu Feb 07 12:35:48 2008 => Scanning File C:\WINDOWS\regedit.exe
Thu Feb 07 12:35:48 2008 => Scanning File C:\WINDOWS\REGLOCS.OLD
Thu Feb 07 12:35:48 2008 => Scanning File C:\WINDOWS\regopt.log
Thu Feb 07 12:35:48 2008 => Scanning File C:\WINDOWS\Rhododendron.bmp
Thu Feb 07 12:35:48 2008 => Scanning File C:\WINDOWS\River Sumida.bmp
Thu Feb 07 12:35:48 2008 => Scanning File C:\WINDOWS\Santa Fe Stucco.bmp
Thu Feb 07 12:35:48 2008 => Scanning File C:\WINDOWS\SchedLgU.Txt
Thu Feb 07 12:35:48 2008 => Scanning File C:\WINDOWS\sessmgr.setup.log
Thu Feb 07 12:35:48 2008 => Scanning File C:\WINDOWS\setdebug.exe
Thu Feb 07 12:35:48 2008 => Scanning File C:\WINDOWS\setupact.log
Thu Feb 07 12:35:48 2008 => Scanning File C:\WINDOWS\setupapi.log
Thu Feb 07 12:35:49 2008 => Scanning File C:\WINDOWS\setupapi.log.0.old
Thu Feb 07 12:35:49 2008 => Scanning File C:\WINDOWS\setuperr.log [**]
Thu Feb 07 12:35:49 2008 => Scanning File C:\WINDOWS\SIGVERIF.TXT
Thu Feb 07 12:35:49 2008 => Scanning File C:\WINDOWS\slrundll.exe
Thu Feb 07 12:35:49 2008 => Scanning File C:\WINDOWS\smscfg.ini
Thu Feb 07 12:35:49 2008 => Scanning File C:\WINDOWS\Soap Bubbles.bmp
Thu Feb 07 12:35:49 2008 => Scanning File C:\WINDOWS\spupdsvc.log
Thu Feb 07 12:35:49 2008 => Scanning File C:\WINDOWS\ST5UNST.EXE
Thu Feb 07 12:35:49 2008 => Scanning File C:\WINDOWS\Sti_Trace.log [**]
Thu Feb 07 12:35:49 2008 => Scanning File C:\WINDOWS\svcpack.log
Thu Feb 07 12:35:49 2008 => Scanning File C:\WINDOWS\swupdate.ini
Thu Feb 07 12:35:49 2008 => Scanning File C:\WINDOWS\system.ini
Thu Feb 07 12:35:50 2008 => Scanning File C:\WINDOWS\T30DebugLogFile.txt [**]
Thu Feb 07 12:35:50 2008 => Scanning File C:\WINDOWS\TASKMAN.EXE
Thu Feb 07 12:35:50 2008 => Scanning File C:\WINDOWS\taskmon.exe~
Thu Feb 07 12:35:50 2008 => File C:\WINDOWS\taskmon.exe~ infected by "Trojan-Downloader.Win32.Tibs.uo" Virus. Action Taken: File Deleted.

Thu Feb 07 12:35:50 2008 => Scanning File C:\WINDOWS\ToshDefs.reg
Thu Feb 07 12:35:50 2008 => *** File C:\WINDOWS\Toshiba.bmp having Size Restriction ***
Thu Feb 07 12:35:50 2008 => Scanning File C:\WINDOWS\Toshiba.bmp [**]
Thu Feb 07 12:35:50 2008 => Scanning File C:\WINDOWS\TPTray.INI [**]
Thu Feb 07 12:35:50 2008 => Scanning File C:\WINDOWS\TSession.reg
Thu Feb 07 12:35:50 2008 => Scanning File C:\WINDOWS\tsoc.log
Thu Feb 07 12:35:50 2008 => Scanning File C:\WINDOWS\twain.dll
Thu Feb 07 12:35:50 2008 => Scanning File C:\WINDOWS\twain_32.dll
Thu Feb 07 12:35:50 2008 => Scanning File C:\WINDOWS\twunk_16.exe
Thu Feb 07 12:35:51 2008 => Scanning File C:\WINDOWS\twunk_32.exe
Thu Feb 07 12:35:51 2008 => Scanning File C:\WINDOWS\uccspecb.sys
Thu Feb 07 12:35:51 2008 => Scanning File C:\WINDOWS\unins000.dat
Thu Feb 07 12:35:51 2008 => Scanning File C:\WINDOWS\unins000.exe
Thu Feb 07 12:35:51 2008 => Scanning File C:\WINDOWS\unins001.dat
Thu Feb 07 12:35:51 2008 => Scanning File C:\WINDOWS\unins001.exe
Thu Feb 07 12:35:51 2008 => Scanning File C:\WINDOWS\uninst.exe
Thu Feb 07 12:35:51 2008 => Scanning File C:\WINDOWS\UNINST32.EXE
Thu Feb 07 12:35:52 2008 => Scanning File C:\WINDOWS\unvise32.exe
Thu Feb 07 12:35:52 2008 => Scanning File C:\WINDOWS\unvise32qt.exe
Thu Feb 07 12:35:52 2008 => Scanning File C:\WINDOWS\updspapi.log
Thu Feb 07 12:35:52 2008 => Scanning File C:\WINDOWS\upst.ini
Thu Feb 07 12:35:52 2008 => Scanning File C:\WINDOWS\usrwiz.ini
Thu Feb 07 12:35:52 2008 => Scanning File C:\WINDOWS\vb.ini
Thu Feb 07 12:35:52 2008 => Scanning File C:\WINDOWS\vbaddin.ini
Thu Feb 07 12:35:52 2008 => Scanning File C:\WINDOWS\vminst.log
Thu Feb 07 12:35:53 2008 => Scanning File C:\WINDOWS\vmmreg32.dll
Thu Feb 07 12:35:53 2008 => Scanning File C:\WINDOWS\wanmpsvc.exe
Thu Feb 07 12:35:53 2008 => Scanning File C:\WINDOWS\WGA.log
Thu Feb 07 12:35:53 2008 => Scanning File C:\WINDOWS\wiadebug.log
Thu Feb 07 12:35:53 2008 => Scanning File C:\WINDOWS\wiaservc.log
Thu Feb 07 12:35:53 2008 => Scanning File C:\WINDOWS\WIC.log
Thu Feb 07 12:35:53 2008 => Scanning File C:\WINDOWS\win.ini
Thu Feb 07 12:35:53 2008 => Scanning File C:\WINDOWS\Windows Update.log
Thu Feb 07 12:35:53 2008 => Scanning File C:\WINDOWS\WindowsShell.Manifest
Thu Feb 07 12:35:53 2008 => Scanning File C:\WINDOWS\WindowsShellOld.Manifest
Thu Feb 07 12:35:53 2008 => Scanning File C:\WINDOWS\WindowsUpdate.log
Thu Feb 07 12:35:53 2008 => Scanning File C:\WINDOWS\winhelp.exe
Thu Feb 07 12:35:54 2008 => Scanning File C:\WINDOWS\winhlp32.exe
Thu Feb 07 12:35:54 2008 => Scanning File C:\WINDOWS\WinInit.ini
Thu Feb 07 12:35:54 2008 => Scanning File C:\WINDOWS\WinInit.ini.backup
Thu Feb 07 12:35:54 2008 => Scanning File C:\WINDOWS\winnt.bmp
Thu Feb 07 12:35:54 2008 => Scanning File C:\WINDOWS\winnt256.bmp
Thu Feb 07 12:35:54 2008 => Scanning File C:\WINDOWS\WMFDist11.log
Thu Feb 07 12:35:54 2008 => Scanning File C:\WINDOWS\wmp11.log
Thu Feb 07 12:35:54 2008 => Scanning File C:\WINDOWS\wmsetup.log
Thu Feb 07 12:35:54 2008 => Scanning File C:\WINDOWS\wmsetup10.log
Thu Feb 07 12:35:54 2008 => Scanning File C:\WINDOWS\WMSysPr9.prx
Thu Feb 07 12:35:54 2008 => Scanning File C:\WINDOWS\WMSysPrx.prx
Thu Feb 07 12:35:54 2008 => Scanning File C:\WINDOWS\Wudf01000Inst.log
Thu Feb 07 12:35:54 2008 => Scanning File C:\WINDOWS\XpsEPSC.log
Thu Feb 07 12:35:54 2008 => Scanning File C:\WINDOWS\xpsp1hfm.log
Thu Feb 07 12:35:55 2008 => Scanning File C:\WINDOWS\xpupdate.exe.vir
Thu Feb 07 12:35:55 2008 => File C:\WINDOWS\xpupdate.exe.vir infected by "Packed.Win32.Tibs.ib" Virus. Action Taken: File Renamed.

Thu Feb 07 12:35:55 2008 => Scanning File C:\WINDOWS\Zapotec.bmp
Thu Feb 07 12:35:55 2008 => Scanning File C:\WINDOWS\_default.pif
Thu Feb 07 12:35:55 2008 => Scanning C:\WINDOWS\system32 Directory
Thu Feb 07 12:35:55 2008 => Scanning Folder: C:\WINDOWS\system32\*.*
Thu Feb 07 12:35:55 2008 => Scanning File C:\WINDOWS\system32\$ncsp$.inf
Thu Feb 07 12:35:55 2008 => Scanning File C:\WINDOWS\system32\$winnt$.inf
Thu Feb 07 12:35:55 2008 => Scanning File C:\WINDOWS\system32\12520437.cpx
Thu Feb 07 12:35:55 2008 => Scanning File C:\WINDOWS\system32\12520850.cpx
Thu Feb 07 12:35:55 2008 => Scanning File C:\WINDOWS\system32\6to4svc.dll
Thu Feb 07 12:35:55 2008 => Scanning File C:\WINDOWS\system32\A303_R35.bpl
Thu Feb 07 12:35:55 2008 => Scanning File C:\WINDOWS\system32\aaaamon.dll
Thu Feb 07 12:35:55 2008 => Scanning File C:\WINDOWS\system32\aaclient.dll
Thu Feb 07 12:35:56 2008 => Scanning File C:\WINDOWS\system32\aamd532.dll
Thu Feb 07 12:35:56 2008 => Scanning File C:\WINDOWS\system32\access.cpl
Thu Feb 07 12:35:56 2008 => Scanning File C:\WINDOWS\system32\accserv.mib
Thu Feb 07 12:35:56 2008 => Scanning File C:\WINDOWS\system32\acctres.dll
Thu Feb 07 12:35:56 2008 => Scanning File C:\WINDOWS\system32\accwiz.exe
Thu Feb 07 12:35:56 2008 => Scanning File C:\WINDOWS\system32\acelpdec.ax
Thu Feb 07 12:35:56 2008 => Scanning File C:\WINDOWS\system32\ACFINST.dll
Thu Feb 07 12:35:56 2008 => Scanning File C:\WINDOWS\system32\acledit.dll
Thu Feb 07 12:35:56 2008 => Scanning File C:\WINDOWS\system32\aclui.dll
Thu Feb 07 12:35:57 2008 => Scanning File C:\WINDOWS\system32\activeds.dll
Thu Feb 07 12:35:57 2008 => Scanning File C:\WINDOWS\system32\activeds.tlb
Thu Feb 07 12:35:57 2008 => Scanning File C:\WINDOWS\system32\actmovie.exe
Thu Feb 07 12:35:57 2008 => Scanning File C:\WINDOWS\system32\actxprxy.dll
Thu Feb 07 12:35:57 2008 => Scanning File C:\WINDOWS\system32\admparse.dll
Thu Feb 07 12:35:57 2008 => Scanning File C:\WINDOWS\system32\adptif.dll
Thu Feb 07 12:35:57 2008 => Scanning File C:\WINDOWS\system32\adsldp.dll
Thu Feb 07 12:35:57 2008 => Scanning File C:\WINDOWS\system32\adsldpc.dll
Thu Feb 07 12:35:57 2008 => Scanning File C:\WINDOWS\system32\adsmsext.dll
Thu Feb 07 12:35:58 2008 => Scanning File C:\WINDOWS\system32\adsnt.dll
Thu Feb 07 12:35:58 2008 => Scanning File C:\WINDOWS\system32\advapi32.dll
Thu Feb 07 12:35:58 2008 => Scanning File C:\WINDOWS\system32\advpack.dll
Thu Feb 07 12:35:58 2008 => Scanning File C:\WINDOWS\system32\advpack.dll.mui
Thu Feb 07 12:35:58 2008 => Scanning File C:\WINDOWS\system32\ahui.exe
Thu Feb 07 12:35:58 2008 => Scanning File C:\WINDOWS\system32\AKCPanel.cpl
Thu Feb 07 12:35:58 2008 => Scanning File C:\WINDOWS\system32\alg.exe
Thu Feb 07 12:35:58 2008 => Scanning File C:\WINDOWS\system32\alrsvc.dll
Thu Feb 07 12:35:58 2008 => Scanning File C:\WINDOWS\system32\amazing.scr
Thu Feb 07 12:35:59 2008 => Scanning File C:\WINDOWS\system32\amazing.scr.am
Thu Feb 07 12:35:59 2008 => Scanning File C:\WINDOWS\system32\amcompat.tlb
Thu Feb 07 12:35:59 2008 => Scanning File C:\WINDOWS\system32\amstream.dll
Thu Feb 07 12:35:59 2008 => Scanning File C:\WINDOWS\system32\ansi.sys
Thu Feb 07 12:35:59 2008 => Scanning File C:\WINDOWS\system32\apcups.dll
Thu Feb 07 12:35:59 2008 => Scanning File C:\WINDOWS\system32\apiuser32.dll
Thu Feb 07 12:35:59 2008 => File C:\WINDOWS\system32\apiuser32.dll infected by "Trojan-PSW.Win32.Delf.aox" Virus. Action Taken: File Deleted.

Thu Feb 07 12:35:59 2008 => Scanning File C:\WINDOWS\system32\append.exe
Thu Feb 07 12:35:59 2008 => Scanning File C:\WINDOWS\system32\apphelp.dll
Thu Feb 07 12:35:59 2008 => Scanning File C:\WINDOWS\system32\appwiz.cpl
Thu Feb 07 12:36:00 2008 => Scanning File C:\WINDOWS\system32\arp.exe
Thu Feb 07 12:36:00 2008 => Scanning File C:\WINDOWS\system32\asctrls.ocx
Thu Feb 07 12:36:00 2008 => Scanning File C:\WINDOWS\system32\asferror.dll
Thu Feb 07 12:36:00 2008 => Scanning File C:\WINDOWS\system32\asfsipc.dll
Thu Feb 07 12:36:00 2008 => Scanning File C:\WINDOWS\system32\Asteroid6.dll
Thu Feb 07 12:36:00 2008 => Scanning File C:\WINDOWS\system32\asycfilt.dll
Thu Feb 07 12:36:01 2008 => Scanning File C:\WINDOWS\system32\at.exe
Thu Feb 07 12:36:01 2008 => Scanning File C:\WINDOWS\system32\ati2cqag.dll
Thu Feb 07 12:36:01 2008 => Scanning File C:\WINDOWS\system32\ati2dvaa.dll
Thu Feb 07 12:36:01 2008 => Scanning File C:\WINDOWS\system32\ati2dvag.dll
Thu Feb 07 12:36:01 2008 => Scanning File C:\WINDOWS\system32\ati3d1ag.dll
Thu Feb 07 12:36:01 2008 => Scanning File C:\WINDOWS\system32\ati3duag.dll
Thu Feb 07 12:36:02 2008 => Scanning File C:\WINDOWS\system32\ativdaxx.ax
Thu Feb 07 12:36:02 2008 => Scanning File C:\WINDOWS\system32\ativmvxx.ax
Thu Feb 07 12:36:02 2008 => Scanning File C:\WINDOWS\system32\ativtmxx.dll
Thu Feb 07 12:36:02 2008 => Scanning File C:\WINDOWS\system32\ativvaxx.dll
Thu Feb 07 12:36:02 2008 => Scanning File C:\WINDOWS\system32\atkctrs.dll
Thu Feb 07 12:36:02 2008 => Scanning File C:\WINDOWS\system32\atl.dll
Thu Feb 07 12:36:02 2008 => Scanning File C:\WINDOWS\system32\ATL71.dll
Thu Feb 07 12:36:02 2008 => Scanning File C:\WINDOWS\system32\atmadm.exe
Thu Feb 07 12:36:03 2008 => Scanning File C:\WINDOWS\system32\atmfd.dll
Thu Feb 07 12:36:03 2008 => Scanning File C:\WINDOWS\system32\atmlib.dll
Thu Feb 07 12:36:03 2008 => Scanning File C:\WINDOWS\system32\atmpvcno.dll
Thu Feb 07 12:36:03 2008 => Scanning File C:\WINDOWS\system32\atrace.dll
Thu Feb 07 12:36:03 2008 => Scanning File C:\WINDOWS\system32\attrib.exe
Thu Feb 07 12:36:03 2008 => Scanning File C:\WINDOWS\system32\audiodev.dll
Thu Feb 07 12:36:03 2008 => Scanning File C:\WINDOWS\system32\audiosrv.dll
Thu Feb 07 12:36:03 2008 => Scanning File C:\WINDOWS\system32\auditusr.exe
Thu Feb 07 12:36:03 2008 => Scanning File C:\WINDOWS\system32\authserv.mib
Thu Feb 07 12:36:03 2008 => Scanning File C:\WINDOWS\system32\authz.dll
Thu Feb 07 12:36:03 2008 => Scanning File C:\WINDOWS\system32\autochk.exe
Thu Feb 07 12:36:03 2008 => Scanning File C:\WINDOWS\system32\autoconv.exe
Thu Feb 07 12:36:04 2008 => Scanning File C:\WINDOWS\system32\autodisc.dll
Thu Feb 07 12:36:04 2008 => Scanning File C:\WINDOWS\system32\AutoDisk.cpl
Thu Feb 07 12:36:04 2008 => Scanning File C:\WINDOWS\system32\AUTOEXEC.NT
Thu Feb 07 12:36:04 2008 => Scanning File C:\WINDOWS\system32\autofmt.exe
Thu Feb 07 12:36:04 2008 => Scanning File C:\WINDOWS\system32\autolfn.exe
Thu Feb 07 12:36:04 2008 => Scanning File C:\WINDOWS\system32\avicap.dll
Thu Feb 07 12:36:05 2008 => Scanning File C:\WINDOWS\system32\avicap32.dll
Thu Feb 07 12:36:05 2008 => Scanning File C:\WINDOWS\system32\avifil32.dll
Thu Feb 07 12:36:05 2008 => Scanning File C:\WINDOWS\system32\avifile.dll
Thu Feb 07 12:36:05 2008 => Scanning File C:\WINDOWS\system32\avmeter.dll
Thu Feb 07 12:36:05 2008 => Scanning File C:\WINDOWS\system32\avtapi.dll
Thu Feb 07 12:36:05 2008 => Scanning File C:\WINDOWS\system32\avwav.dll
Thu Feb 07 12:36:05 2008 => Scanning File C:\WINDOWS\system32\axaltocm.dll
Thu Feb 07 12:36:05 2008 => Scanning File C:\WINDOWS\system32\basecsp.dll
Thu Feb 07 12:36:06 2008 => Scanning File C:\WINDOWS\system32\basesrv.dll
Thu Feb 07 12:36:06 2008 => Scanning File C:\WINDOWS\system32\batmeter.dll
Thu Feb 07 12:36:06 2008 => Scanning File C:\WINDOWS\system32\batt.dll
Thu Feb 07 12:36:06 2008 => Scanning File C:\WINDOWS\system32\Bcbsmp35.bpl
Thu Feb 07 12:36:06 2008 => Scanning File C:\WINDOWS\system32\bcsprsrc.dll
Thu Feb 07 12:36:06 2008 => Scanning File C:\WINDOWS\system32\bdaplgin.ax
Thu Feb 07 12:36:06 2008 => Scanning File C:\WINDOWS\system32\bidispl.dll
Thu Feb 07 12:36:06 2008 => Scanning File C:\WINDOWS\system32\bios1.rom
Thu Feb 07 12:36:06 2008 => Scanning File C:\WINDOWS\system32\bios4.rom
Thu Feb 07 12:36:06 2008 => Scanning File C:\WINDOWS\system32\bitsprx2.dll
Thu Feb 07 12:36:06 2008 => Scanning File C:\WINDOWS\system32\bitsprx3.dll
Thu Feb 07 12:36:06 2008 => Scanning File C:\WINDOWS\system32\blackbox.dll
Thu Feb 07 12:36:06 2008 => Scanning File C:\WINDOWS\system32\BlackSecurity.scr
Thu Feb 07 12:36:07 2008 => Scanning File C:\WINDOWS\system32\blastcln.exe
Thu Feb 07 12:36:07 2008 => Scanning File C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe~
Thu Feb 07 12:36:07 2008 => File C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe~ infected by "Trojan-Downloader.Win32.Agent.itg" Virus. Action Taken: File Deleted.

Thu Feb 07 12:36:07 2008 => Scanning File C:\WINDOWS\system32\bootok.exe
Thu Feb 07 12:36:07 2008 => Scanning File C:\WINDOWS\system32\bootvid.dll
Thu Feb 07 12:36:07 2008 => Scanning File C:\WINDOWS\system32\bootvrfy.exe
Thu Feb 07 12:36:07 2008 => Scanning File C:\WINDOWS\system32\bopomofo.uce
Thu Feb 07 12:36:07 2008 => Scanning File C:\WINDOWS\system32\Borlndmm.dll
Thu Feb 07 12:36:07 2008 => Scanning File C:\WINDOWS\system32\browselc.dll
Thu Feb 07 12:36:07 2008 => Scanning File C:\WINDOWS\system32\browser.dll
Thu Feb 07 12:36:07 2008 => Scanning File C:\WINDOWS\system32\browseui.dll
Thu Feb 07 12:36:08 2008 => Scanning File C:\WINDOWS\system32\browsewm.dll
Thu Feb 07 12:36:08 2008 => Scanning File C:\WINDOWS\system32\bthci.dll
Thu Feb 07 12:36:08 2008 => Scanning File C:\WINDOWS\system32\bthprops.cpl
  • 0

#8
kathy4u2nv

kathy4u2nv

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
MWAV Report....okay, there is over 3000 pages to this report, rather than posting it all, here is the end of the report, if you need it emailed to you i can do that as it would probably be easier
  • 0

#9
kathy4u2nv

kathy4u2nv

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
I think i may have got rid of my issue's but i am not sure.....if someone could please look at the latest HJT log and let me know i would appreciate it....thanks in advance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43:45 AM, on 2/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\toshiba\ivp\ism\pinger.exe
C:\toshiba\sysstability\tsyssmon.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\ohtnyn.exe
C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\wuauclt.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2E19EC38-382E-45AA-8EAA-AF3876B93878} - C:\WINDOWS\system32\ciod.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [Pinger] C:\toshiba\ivp\ism\pinger.exe
O4 - HKLM\..\Run: [TSysSMon] c:\toshiba\sysstability\tsyssmon.exe /detect
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [drmsrv32] C:\ohtnyn.exe
O4 - HKCU\..\Run: [Iomega Active Disk] C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZUxdm486YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1153779408093
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1157108437390
O16 - DPF: {98BFD494-F6AD-4794-9038-832C0654CC43} (AOL YGP UPF Ctrl) - http://pak04.picture...-US.9.2.4.0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3866FD2E-6002-45C7-BDED-7FA5D76E31E2}: NameServer = 202.139.2.60
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Iomega Activity Disk2 - Iomega Corporation - C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
O23 - Service: IomegaAccess - Iomega Corporation - (no file)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~2\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Radialpoint Unicorn Update Service (RPSUpdaterR) - Radialpoint Inc. - C:\Program Files\Verizon\PC Security Checkup\rpsupdaterR.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9144 bytes
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP