Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

fresh infection: Trojan-Spy.HTML.Smitfraud.c[RESOLVED]


  • This topic is locked This topic is locked

#16
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
OK, let's try using mwav since it doesn't seem like you ran it the first time I asked earlier.

Please empty any Quarantine folder in your antivirus program and purge all recovery items in the Spybot program (if you use it) before running this tool.

Download the Mwav virus checker at http://www.mwti.net/antivirus/mwav.asp (Use Link 3)

1. Save it to a folder.
2. Reboot into Safe Mode.
3. Double click the Mwav.exe file. This is a stand alone tool and NOT just a virus checker......so it won't install anything.
4. Select all local drives, scan all files, and press SCAN. When it is completed, anything found will be displayed in the lower pane.
5. In the Virus Log Information Pane......
Left click and highlight all the information in the Lower pane --- Use &CTRL C &on your keyboard to copy everything found in the lower pane and save it to a notepad file
*Note* If prompted that a virus was found and you need to purchase the product to remove the malware, just close out the prompt and let it continue scanning. We are not going to use this to remove anything...but to ID the bad files.

Once you copy that to a Notepad file...highlight the text and copy it here.
  • 0

Advertisements


#17
tilby

tilby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
i'm still infected. i'm in complete shock. that tool found at least a dozen more
infections. it opened up an automatic notepad log when it completed... i'm hoping
that's what you wanted... i was so shocked i think i just saved it real fast without
remembering to do the ctrl & c key stroke.


Fri May 13 00:41:14 2005 => **********************************************************
Fri May 13 00:41:14 2005 => MicroWorld AntiVirus & Spyware Toolkit Utility.
Fri May 13 00:41:14 2005 => Copyright © 2003-2005, MicroWorld Technologies Inc.
Fri May 13 00:41:14 2005 => **********************************************************
Fri May 13 00:41:14 2005 => Version 6.1.7 (C:\DOCUME~1\Owner\LOCALS~1\Temp\mwavscan.com)
Fri May 13 00:41:14 2005 => Log File: C:\DOCUME~1\Owner\LOCALS~1\Temp\MWAV.LOG
Fri May 13 00:41:14 2005 => MWAV Registered: FALSE.
Fri May 13 00:41:14 2005 => MWAV Mode: Only Scan files.
Fri May 13 00:41:14 2005 => Latest Date of files inside MWAV: 05 May 2005 11:32:43.
Fri May 13 00:41:20 2005 => AV Library Loaded...
Fri May 13 00:41:20 2005 => MWAV doing self scanning...
Fri May 13 00:41:20 2005 => Scanning File C:\DOCUME~1\Owner\LOCALS~1\Temp\kavss.exe
Fri May 13 00:41:20 2005 => Scanning File C:\DOCUME~1\Owner\LOCALS~1\Temp\Getvlist.exe
Fri May 13 00:41:21 2005 => Scanning File C:\DOCUME~1\Owner\LOCALS~1\Temp\kavss.dll
Fri May 13 00:41:21 2005 => Scanning File C:\DOCUME~1\Owner\LOCALS~1\Temp\kavssdi.dll
Fri May 13 00:41:21 2005 => Scanning File C:\DOCUME~1\Owner\LOCALS~1\Temp\kavssi.dll
Fri May 13 00:41:21 2005 => Scanning File C:\DOCUME~1\Owner\LOCALS~1\Temp\kavvlg.dll
Fri May 13 00:41:21 2005 => Scanning File C:\DOCUME~1\Owner\LOCALS~1\Temp\msvlclnt.dll
Fri May 13 00:41:21 2005 => Scanning File C:\DOCUME~1\Owner\LOCALS~1\Temp\ipc.dll
Fri May 13 00:41:21 2005 => Scanning File C:\DOCUME~1\Owner\LOCALS~1\Temp\main.avi
Fri May 13 00:41:21 2005 => Scanning File C:\DOCUME~1\Owner\LOCALS~1\Temp\virus.avi
Fri May 13 00:41:21 2005 => MWAV files are clean.
Fri May 13 00:41:24 2005 => Virus Database Date: 2005/05/05
Fri May 13 00:41:24 2005 => Virus Database Count: 128422

Fri May 13 00:41:57 2005 => **********************************************************
Fri May 13 00:41:57 2005 => MicroWorld AntiVirus & Spyware Toolkit Utility.
Fri May 13 00:41:57 2005 => Copyright © 2003-2005, MicroWorld Technologies Inc.
Fri May 13 00:41:57 2005 =>
Fri May 13 00:41:57 2005 => Support: [email protected]
Fri May 13 00:41:57 2005 => Web: http://www.mwti.net
Fri May 13 00:41:57 2005 => **********************************************************
Fri May 13 00:41:57 2005 => Version 6.1.7 (C:\DOCUME~1\Owner\LOCALS~1\Temp\mwavscan.com)
Fri May 13 00:41:57 2005 => Log File: C:\DOCUME~1\Owner\LOCALS~1\Temp\MWAV.LOG
Fri May 13 00:41:57 2005 => User Account: Owner
Fri May 13 00:41:57 2005 => Windows Root Folder: C:\WINDOWS
Fri May 13 00:41:57 2005 => Windows Sys32 Folder: C:\WINDOWS\System32
Fri May 13 00:41:57 2005 => OS: Windows NT
Fri May 13 00:41:57 2005 => Latest Date of files inside MWAV: 05 May 2005 11:32:43.

Fri May 13 00:41:57 2005 => Options Selected by User:
Fri May 13 00:41:57 2005 => Memory Check: Enabled
Fri May 13 00:41:57 2005 => Registry Check: Enabled
Fri May 13 00:41:57 2005 => StartUp Folder Check: Enabled
Fri May 13 00:41:57 2005 => System Folder Check: Enabled
Fri May 13 00:41:57 2005 => System Area Check: Disabled
Fri May 13 00:41:57 2005 => Services Check: Enabled
Fri May 13 00:41:57 2005 => Drive Check Option Disabled
Fri May 13 00:41:57 2005 => Folder Check: Disabled

Fri May 13 00:41:57 2005 => ***** Scanning Memory Files *****
Fri May 13 00:41:57 2005 => Scanning File C:\WINDOWS\System32\smss.exe
Fri May 13 00:41:58 2005 => Scanning File C:\WINDOWS\System32\ntdll.dll
Fri May 13 00:41:58 2005 => Scanning File C:\WINDOWS\SYSTEM32\CSRSS.EXE
Fri May 13 00:41:58 2005 => Scanning File C:\WINDOWS\system32\CSRSRV.dll
Fri May 13 00:41:58 2005 => Scanning File C:\WINDOWS\system32\basesrv.dll
Fri May 13 00:41:58 2005 => Scanning File C:\WINDOWS\system32\winsrv.dll
Fri May 13 00:41:58 2005 => Scanning File C:\WINDOWS\system32\USER32.dll
Fri May 13 00:41:58 2005 => Scanning File C:\WINDOWS\system32\KERNEL32.dll
Fri May 13 00:41:58 2005 => Scanning File C:\WINDOWS\system32\GDI32.dll
Fri May 13 00:41:59 2005 => Scanning File C:\WINDOWS\system32\ADVAPI32.dll
Fri May 13 00:41:59 2005 => Scanning File C:\WINDOWS\system32\RPCRT4.dll
Fri May 13 00:41:59 2005 => Scanning File C:\WINDOWS\System32\sxs.dll
Fri May 13 00:41:59 2005 => Scanning File C:\WINDOWS\SYSTEM32\WINLOGON.EXE
Fri May 13 00:41:59 2005 => Scanning File C:\WINDOWS\system32\msvcrt.dll
Fri May 13 00:41:59 2005 => Scanning File C:\WINDOWS\system32\USERENV.dll
Fri May 13 00:41:59 2005 => Scanning File C:\WINDOWS\system32\NDdeApi.dll
Fri May 13 00:41:59 2005 => Scanning File C:\WINDOWS\system32\CRYPT32.dll
Fri May 13 00:42:00 2005 => Scanning File C:\WINDOWS\system32\MSASN1.dll
Fri May 13 00:42:00 2005 => Scanning File C:\WINDOWS\system32\Secur32.dll
Fri May 13 00:42:00 2005 => Scanning File C:\WINDOWS\system32\WINSTA.dll
Fri May 13 00:42:00 2005 => Scanning File C:\WINDOWS\system32\PROFMAP.dll
Fri May 13 00:42:00 2005 => Scanning File C:\WINDOWS\system32\NETAPI32.dll
Fri May 13 00:42:00 2005 => Scanning File C:\WINDOWS\system32\REGAPI.dll
Fri May 13 00:42:00 2005 => Scanning File C:\WINDOWS\system32\WS2_32.dll
Fri May 13 00:42:00 2005 => Scanning File C:\WINDOWS\system32\WS2HELP.dll
Fri May 13 00:42:00 2005 => Scanning File C:\WINDOWS\system32\AUTHZ.dll
Fri May 13 00:42:00 2005 => Scanning File C:\WINDOWS\system32\PSAPI.DLL
Fri May 13 00:42:00 2005 => Scanning File C:\WINDOWS\system32\VERSION.dll
Fri May 13 00:42:01 2005 => Scanning File C:\WINDOWS\system32\SETUPAPI.dll
Fri May 13 00:42:01 2005 => Scanning File C:\WINDOWS\System32\MSGINA.dll
Fri May 13 00:42:01 2005 => Scanning File C:\WINDOWS\system32\SHELL32.dll
Fri May 13 00:42:01 2005 => Scanning File C:\WINDOWS\system32\SHLWAPI.dll
Fri May 13 00:42:01 2005 => Scanning File C:\WINDOWS\system32\COMCTL32.dll
Fri May 13 00:42:02 2005 => Scanning File C:\WINDOWS\System32\ODBC32.dll
Fri May 13 00:42:02 2005 => Scanning File C:\WINDOWS\system32\comdlg32.dll
Fri May 13 00:42:02 2005 => Scanning File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll
Fri May 13 00:42:02 2005 => Scanning File C:\WINDOWS\System32\odbcint.dll
Fri May 13 00:42:02 2005 => Scanning File C:\WINDOWS\System32\SHSVCS.dll
Fri May 13 00:42:02 2005 => Scanning File C:\WINDOWS\system32\sfc.dll
Fri May 13 00:42:03 2005 => Scanning File C:\WINDOWS\System32\sfc_os.dll
Fri May 13 00:42:03 2005 => Scanning File C:\WINDOWS\System32\WINTRUST.dll
Fri May 13 00:42:03 2005 => Scanning File C:\WINDOWS\system32\ole32.dll
Fri May 13 00:42:03 2005 => Scanning File C:\WINDOWS\system32\IMAGEHLP.dll
Fri May 13 00:42:03 2005 => Scanning File C:\WINDOWS\System32\WINMM.dll
Fri May 13 00:42:03 2005 => Scanning File C:\WINDOWS\system32\cscdll.dll
Fri May 13 00:42:03 2005 => Scanning File C:\WINDOWS\system32\WlNotify.dll
Fri May 13 00:42:03 2005 => Scanning File C:\WINDOWS\System32\WinSCard.dll
Fri May 13 00:42:03 2005 => Scanning File C:\WINDOWS\System32\WTSAPI32.dll
Fri May 13 00:42:04 2005 => Scanning File C:\WINDOWS\System32\WINSPOOL.DRV
Fri May 13 00:42:04 2005 => Scanning File C:\WINDOWS\system32\MPR.dll
Fri May 13 00:42:04 2005 => Scanning File C:\WINDOWS\System32\rsaenh.dll
Fri May 13 00:42:04 2005 => Scanning File C:\WINDOWS\System32\UxTheme.dll
Fri May 13 00:42:04 2005 => Scanning File C:\WINDOWS\System32\SAMLIB.dll
Fri May 13 00:42:04 2005 => Scanning File C:\WINDOWS\System32\cscui.dll
Fri May 13 00:42:04 2005 => Scanning File C:\WINDOWS\System32\NTMARTA.DLL
Fri May 13 00:42:04 2005 => Scanning File C:\WINDOWS\system32\WLDAP32.dll
Fri May 13 00:42:05 2005 => Scanning File C:\WINDOWS\System32\COMRes.dll
Fri May 13 00:42:05 2005 => Scanning File C:\WINDOWS\system32\OLEAUT32.dll
Fri May 13 00:42:05 2005 => Scanning File C:\WINDOWS\System32\CLBCATQ.DLL
Fri May 13 00:42:05 2005 => Scanning File C:\WINDOWS\system32\services.exe
Fri May 13 00:42:05 2005 => Scanning File C:\WINDOWS\system32\SCESRV.dll
Fri May 13 00:42:05 2005 => Scanning File C:\WINDOWS\system32\umpnpmgr.dll
Fri May 13 00:42:05 2005 => Scanning File C:\WINDOWS\system32\NCObjAPI.DLL
Fri May 13 00:42:05 2005 => Scanning File C:\WINDOWS\system32\eventlog.dll
Fri May 13 00:42:05 2005 => Scanning File C:\WINDOWS\system32\lsass.exe
Fri May 13 00:42:05 2005 => Scanning File C:\WINDOWS\system32\LSASRV.dll
Fri May 13 00:42:06 2005 => Scanning File C:\WINDOWS\system32\SAMSRV.dll
Fri May 13 00:42:06 2005 => Scanning File C:\WINDOWS\system32\cryptdll.dll
Fri May 13 00:42:06 2005 => Scanning File C:\WINDOWS\system32\DNSAPI.dll
Fri May 13 00:42:06 2005 => Scanning File C:\WINDOWS\system32\NTDSAPI.dll
Fri May 13 00:42:06 2005 => Scanning File C:\WINDOWS\system32\msprivs.dll
Fri May 13 00:42:06 2005 => Scanning File C:\WINDOWS\system32\kerberos.dll
Fri May 13 00:42:06 2005 => Scanning File C:\WINDOWS\system32\msv1_0.dll
Fri May 13 00:42:06 2005 => Scanning File C:\WINDOWS\system32\netlogon.dll
Fri May 13 00:42:06 2005 => Scanning File C:\WINDOWS\system32\w32time.dll
Fri May 13 00:42:06 2005 => Scanning File C:\WINDOWS\system32\MSVCP60.dll
Fri May 13 00:42:07 2005 => Scanning File C:\WINDOWS\system32\iphlpapi.dll
Fri May 13 00:42:07 2005 => Scanning File C:\WINDOWS\system32\schannel.dll
Fri May 13 00:42:07 2005 => Scanning File C:\WINDOWS\system32\wdigest.dll
Fri May 13 00:42:07 2005 => Scanning File C:\WINDOWS\system32\scecli.dll
Fri May 13 00:42:07 2005 => Scanning File C:\WINDOWS\system32\svchost.exe
Fri May 13 00:42:07 2005 => Scanning File c:\windows\system32\rpcss.dll
Fri May 13 00:42:07 2005 => Scanning File C:\WINDOWS\system32\mswsock.dll
Fri May 13 00:42:07 2005 => Scanning File C:\WINDOWS\System32\wshtcpip.dll
Fri May 13 00:42:07 2005 => Scanning File C:\WINDOWS\System32\winrnr.dll
Fri May 13 00:42:07 2005 => Scanning File C:\WINDOWS\system32\rasadhlp.dll
Fri May 13 00:42:08 2005 => Scanning File c:\windows\system32\cryptsvc.dll
Fri May 13 00:42:08 2005 => Scanning File c:\windows\system32\certcli.dll
Fri May 13 00:42:08 2005 => Scanning File c:\windows\system32\ATL.DLL
Fri May 13 00:42:08 2005 => Scanning File c:\windows\system32\CRYPTUI.dll
Fri May 13 00:42:08 2005 => Scanning File C:\WINDOWS\system32\WININET.dll
Fri May 13 00:42:08 2005 => Scanning File c:\windows\system32\ESENT.dll
Fri May 13 00:42:08 2005 => Scanning File c:\windows\system32\wbem\wmisvc.dll
Fri May 13 00:42:09 2005 => Scanning File c:\windows\system32\wbem\wbemcomn.dll
Fri May 13 00:42:09 2005 => Scanning File C:\WINDOWS\System32\VSSAPI.DLL
Fri May 13 00:42:09 2005 => Scanning File c:\windows\system32\srsvc.dll
Fri May 13 00:42:09 2005 => Scanning File c:\windows\system32\POWRPROF.dll
Fri May 13 00:42:09 2005 => Scanning File c:\windows\pchealth\helpctr\binaries\pchsvc.dll
Fri May 13 00:42:09 2005 => Scanning File C:\WINDOWS\System32\es.dll
Fri May 13 00:42:10 2005 => Scanning File C:\WINDOWS\System32\wbem\wbemcore.dll
Fri May 13 00:42:10 2005 => Scanning File C:\WINDOWS\System32\wbem\esscli.dll
Fri May 13 00:42:10 2005 => Scanning File C:\WINDOWS\System32\wbem\FastProx.dll
Fri May 13 00:42:10 2005 => Scanning File C:\WINDOWS\System32\wbem\wmiutils.dll
Fri May 13 00:42:10 2005 => Scanning File C:\WINDOWS\System32\wbem\repdrvfs.dll
Fri May 13 00:42:10 2005 => Scanning File C:\WINDOWS\System32\wbem\wmiprvsd.dll
Fri May 13 00:42:10 2005 => Scanning File C:\WINDOWS\System32\wbem\wbemess.dll
Fri May 13 00:42:10 2005 => Scanning File C:\WINDOWS\System32\wbem\ncprov.dll
Fri May 13 00:42:11 2005 => Scanning File C:\WINDOWS\System32\wbem\wbemcons.dll
Fri May 13 00:42:11 2005 => Scanning File C:\DOCUME~1\Owner\LOCALS~1\Temp\mwavscan.com
Fri May 13 00:42:11 2005 => Scanning File C:\DOCUME~1\Owner\LOCALS~1\Temp\msvlclnt.dll
Fri May 13 00:42:11 2005 => Scanning File C:\DOCUME~1\Owner\LOCALS~1\Temp\kavssdi.dll
Fri May 13 00:42:11 2005 => Scanning File C:\DOCUME~1\Owner\LOCALS~1\Temp\kavssd.dll
Fri May 13 00:42:11 2005 => Scanning File C:\DOCUME~1\Owner\LOCALS~1\Temp\kavssi.dll
Fri May 13 00:42:11 2005 => Scanning File C:\DOCUME~1\Owner\LOCALS~1\Temp\ipc.dll
Fri May 13 00:42:12 2005 => Scanning File C:\WINDOWS\system32\Apphelp.dll
Fri May 13 00:42:12 2005 => Scanning File C:\DOCUME~1\Owner\LOCALS~1\Temp\RICHED32.DLL
Fri May 13 00:42:12 2005 => Scanning File C:\DOCUME~1\Owner\LOCALS~1\Temp\PSAPI.DLL
Fri May 13 00:42:12 2005 => Scanning File C:\WINDOWS\System32\VDMDBG.DLL
Fri May 13 00:42:12 2005 => Scanning File C:\DOCUME~1\Owner\LOCALS~1\Temp\kavss.exe
Fri May 13 00:42:12 2005 => Scanning File C:\DOCUME~1\Owner\LOCALS~1\Temp\kavss.dll

Fri May 13 00:42:12 2005 => ***** Scanning Registry Files *****

Fri May 13 00:42:12 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Fri May 13 00:42:12 2005 => Scanning File C:\WINDOWS\system32\SHELL32.dll
Fri May 13 00:42:12 2005 => Scanning File C:\WINDOWS\system32\SHELL32.dll
Fri May 13 00:42:12 2005 => Scanning File C:\WINDOWS\System32\webcheck.dll
Fri May 13 00:42:12 2005 => Scanning File C:\WINDOWS\System32\stobject.dll

Fri May 13 00:42:12 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

Fri May 13 00:42:12 2005 => Scanning HKLM\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension
Fri May 13 00:42:13 2005 => Scanning File C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

Fri May 13 00:42:13 2005 => Scanning HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar

Fri May 13 00:42:13 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
Fri May 13 00:42:13 2005 => {53707962-6F74-2D53-2644-206D7942484F} = C:\PROGRA~1\SPYBOT~1\SDHelper.dll
Fri May 13 00:42:13 2005 => Scanning File C:\PROGRA~1\SPYBOT~1\SDHelper.dll

Fri May 13 00:42:13 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler
Fri May 13 00:42:13 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Fri May 13 00:42:13 2005 => Scanning File C:\WINDOWS\System32\browseui.dll

Fri May 13 00:42:13 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Fri May 13 00:42:13 2005 => Scanning File C:\WINDOWS\system32\mmsys.cpl
Fri May 13 00:42:13 2005 => Scanning File C:\WINDOWS\system32\icmui.dll
Fri May 13 00:42:14 2005 => Scanning File C:\WINDOWS\system32\rshx32.dll
Fri May 13 00:42:14 2005 => Scanning File C:\WINDOWS\system32\docprop.dll
Fri May 13 00:42:14 2005 => Scanning File C:\WINDOWS\system32\ntshrui.dll
Fri May 13 00:42:14 2005 => Scanning File C:\WINDOWS\System32\themeui.dll
Fri May 13 00:42:14 2005 => Scanning File C:\WINDOWS\system32\deskadp.dll
Fri May 13 00:42:14 2005 => Scanning File C:\WINDOWS\system32\deskmon.dll
Fri May 13 00:42:14 2005 => Scanning File C:\WINDOWS\system32\dssec.dll
Fri May 13 00:42:14 2005 => Scanning File C:\WINDOWS\system32\SlayerXP.dll
Fri May 13 00:42:14 2005 => Scanning File C:\WINDOWS\system32\shscrap.dll
Fri May 13 00:42:14 2005 => Scanning File C:\WINDOWS\system32\diskcopy.dll
Fri May 13 00:42:15 2005 => Scanning File C:\WINDOWS\system32\ntlanui2.dll
Fri May 13 00:42:15 2005 => Scanning File C:\WINDOWS\System32\icmui.dll
Fri May 13 00:42:15 2005 => Scanning File C:\WINDOWS\system32\icmui.dll
Fri May 13 00:42:15 2005 => Scanning File C:\WINDOWS\system32\printui.dll
Fri May 13 00:42:15 2005 => Scanning File C:\WINDOWS\system32\dskquoui.dll
Fri May 13 00:42:15 2005 => Scanning File C:\WINDOWS\system32\syncui.dll
Fri May 13 00:42:15 2005 => Scanning File C:\WINDOWS\System32\hticons.dll
Fri May 13 00:42:15 2005 => Scanning File C:\WINDOWS\system32\fontext.dll
Fri May 13 00:42:15 2005 => Scanning File C:\WINDOWS\system32\icmui.dll
Fri May 13 00:42:15 2005 => Scanning File C:\WINDOWS\system32\rshx32.dll
Fri May 13 00:42:15 2005 => Scanning File C:\WINDOWS\system32\ntshrui.dll
Fri May 13 00:42:15 2005 => Scanning File C:\WINDOWS\system32\deskperf.dll
Fri May 13 00:42:15 2005 => Scanning File C:\WINDOWS\system32\cryptext.dll
Fri May 13 00:42:15 2005 => Scanning File C:\WINDOWS\system32\cryptext.dll
Fri May 13 00:42:15 2005 => Scanning File C:\WINDOWS\system32\NETSHELL.dll
Fri May 13 00:42:16 2005 => Scanning File C:\WINDOWS\system32\NETSHELL.dll
Fri May 13 00:42:16 2005 => Scanning File C:\WINDOWS\system32\wiashext.dll
Fri May 13 00:42:16 2005 => Scanning File C:\WINDOWS\system32\wiashext.dll
Fri May 13 00:42:16 2005 => Scanning File C:\WINDOWS\system32\wiashext.dll
Fri May 13 00:42:16 2005 => Scanning File C:\WINDOWS\system32\wiashext.dll
Fri May 13 00:42:16 2005 => Scanning File C:\WINDOWS\system32\wiashext.dll
Fri May 13 00:42:16 2005 => Scanning File C:\WINDOWS\System32\remotepg.dll
Fri May 13 00:42:16 2005 => Scanning File C:\WINDOWS\System32\wuaueng.dll
Fri May 13 00:42:16 2005 => Scanning File C:\WINDOWS\System32\wshext.dll
Fri May 13 00:42:16 2005 => Scanning File C:\PROGRA~1\COMMON~1\System\OLEDB~1\oledb32.dll
Fri May 13 00:42:16 2005 => Scanning File C:\WINDOWS\System32\mstask.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\mstask.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\mstask.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\shmedia.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\shmedia.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\shmedia.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\shmedia.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\shmedia.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\shmedia.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\BROWSEUI.DLL
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\browseui.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\system32\shdocvw.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\shdocvw.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\sendmail.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\sendmail.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\occache.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\webcheck.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\webcheck.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\webcheck.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\webcheck.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\webcheck.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\webcheck.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\webcheck.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\webcheck.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\webcheck.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\webcheck.dll
Fri May 13 00:42:17 2005 => Scanning File C:\WINDOWS\System32\appwiz.cpl
Fri May 13 00:42:18 2005 => Scanning File C:\WINDOWS\System32\appwiz.cpl
Fri May 13 00:42:18 2005 => Scanning File C:\WINDOWS\System32\appwiz.cpl
Fri May 13 00:42:18 2005 => Scanning File C:\WINDOWS\system32\shimgvw.dll
Fri May 13 00:42:18 2005 => Scanning File C:\WINDOWS\system32\shimgvw.dll
Fri May 13 00:42:18 2005 => Scanning File C:\WINDOWS\system32\shimgvw.dll
Fri May 13 00:42:18 2005 => Scanning File C:\WINDOWS\system32\shimgvw.dll
Fri May 13 00:42:18 2005 => Scanning File C:\WINDOWS\system32\shimgvw.dll
Fri May 13 00:42:18 2005 => Scanning File C:\WINDOWS\system32\shimgvw.dll
Fri May 13 00:42:18 2005 => Scanning File C:\WINDOWS\System32\netplwiz.dll
Fri May 13 00:42:18 2005 => Scanning File C:\WINDOWS\System32\netplwiz.dll
Fri May 13 00:42:18 2005 => Scanning File C:\WINDOWS\System32\netplwiz.dll
Fri May 13 00:42:18 2005 => Scanning File C:\WINDOWS\System32\netplwiz.dll
Fri May 13 00:42:18 2005 => Scanning File C:\WINDOWS\System32\zipfldr.dll
Fri May 13 00:42:18 2005 => Scanning File C:\WINDOWS\System32\zipfldr.dll
Fri May 13 00:42:18 2005 => Scanning File C:\WINDOWS\System32\zipfldr.dll
Fri May 13 00:42:18 2005 => Scanning File C:\WINDOWS\System32\cdfview.dll
Fri May 13 00:42:18 2005 => Scanning File C:\WINDOWS\System32\cdfview.dll
Fri May 13 00:42:18 2005 => Scanning File C:\WINDOWS\System32\cdfview.dll
Fri May 13 00:42:18 2005 => Scanning File C:\WINDOWS\System32\cdfview.dll
Fri May 13 00:42:18 2005 => Scanning File C:\WINDOWS\System32\cdfview.dll
Fri May 13 00:42:18 2005 => Scanning File C:\WINDOWS\System32\msieftp.dll
Fri May 13 00:42:18 2005 => Scanning File C:\WINDOWS\System32\docprop2.dll
Fri May 13 00:42:18 2005 => Scanning File C:\WINDOWS\System32\docprop2.dll
Fri May 13 00:42:18 2005 => Scanning File C:\WINDOWS\System32\docprop2.dll
Fri May 13 00:42:18 2005 => Scanning File C:\WINDOWS\System32\docprop2.dll
Fri May 13 00:42:18 2005 => Scanning File C:\WINDOWS\System32\docprop2.dll
Fri May 13 00:42:18 2005 => Scanning File C:\WINDOWS\System32\docprop2.dll
Fri May 13 00:42:18 2005 => Scanning File C:\WINDOWS\System32\dsquery.dll
Fri May 13 00:42:19 2005 => Scanning File C:\WINDOWS\System32\dsquery.dll
Fri May 13 00:42:19 2005 => Scanning File C:\WINDOWS\System32\dsquery.dll
Fri May 13 00:42:19 2005 => Scanning File C:\WINDOWS\System32\dsquery.dll
Fri May 13 00:42:19 2005 => Scanning File C:\WINDOWS\System32\dsuiext.dll
Fri May 13 00:42:19 2005 => Scanning File C:\WINDOWS\System32\dsuiext.dll
Fri May 13 00:42:19 2005 => Scanning File C:\WINDOWS\System32\mydocs.dll
Fri May 13 00:42:19 2005 => Scanning File C:\WINDOWS\System32\mydocs.dll
Fri May 13 00:42:19 2005 => Scanning File C:\WINDOWS\System32\mydocs.dll
Fri May 13 00:42:19 2005 => Scanning File C:\WINDOWS\System32\cscui.dll
Fri May 13 00:42:19 2005 => Scanning File C:\WINDOWS\System32\cscui.dll
Fri May 13 00:42:19 2005 => Scanning File C:\WINDOWS\System32\cscui.dll
Fri May 13 00:42:19 2005 => Scanning File C:\WINDOWS\msagent\agentpsh.dll
Fri May 13 00:42:19 2005 => Scanning File C:\WINDOWS\System32\dfsshlex.dll
Fri May 13 00:42:19 2005 => Scanning File C:\WINDOWS\System32\photowiz.dll
Fri May 13 00:42:19 2005 => Scanning File C:\WINDOWS\System32\mmcshext.dll
Fri May 13 00:42:19 2005 => Scanning File C:\WINDOWS\system32\cabview.dll
Fri May 13 00:42:19 2005 => Scanning File C:\PROGRA~1\OUTLOO~1\wabfind.dll
Fri May 13 00:42:20 2005 => Scanning File C:\WINDOWS\System32\wmpshell.dll
Fri May 13 00:42:20 2005 => Scanning File C:\WINDOWS\System32\wmpshell.dll
Fri May 13 00:42:20 2005 => Scanning File C:\WINDOWS\System32\wmpshell.dll
Fri May 13 00:42:20 2005 => Scanning File C:\WINDOWS\System32\Audiodev.dll
Fri May 13 00:42:20 2005 => Scanning File C:\WINDOWS\System32\Audiodev.dll
Fri May 13 00:42:20 2005 => Scanning File C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Fri May 13 00:42:20 2005 => ERROR!!! Invalid Entry {B8323370-FF27-11D2-97B6-204C4F4F5020} = C:\Program Files\SmartFTP\smarthook.dll (in key SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved). Removing it.
Fri May 13 00:42:20 2005 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avgse.dll
Fri May 13 00:42:20 2005 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avgse.dll

Fri May 13 00:42:20 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

Fri May 13 00:42:20 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Fri May 13 00:42:20 2005 => Scanning File C:\WINDOWS\Explorer.exe
Fri May 13 00:42:20 2005 => Scanning File C:\WINDOWS\system32\userinit.exe
Fri May 13 00:42:20 2005 => Scanning File C:\WINDOWS\system32\dskquota.dll
Fri May 13 00:42:21 2005 => Scanning File C:\WINDOWS\system32\scecli.dll
Fri May 13 00:42:21 2005 => Scanning File C:\WINDOWS\system32\iedkcs32.dll
Fri May 13 00:42:21 2005 => Scanning File C:\WINDOWS\system32\scecli.dll
Fri May 13 00:42:21 2005 => Scanning File C:\WINDOWS\system32\crypt32.dll
Fri May 13 00:42:21 2005 => Scanning File C:\WINDOWS\system32\cryptnet.dll
Fri May 13 00:42:21 2005 => Scanning File C:\WINDOWS\system32\cscdll.dll
Fri May 13 00:42:21 2005 => Scanning File C:\WINDOWS\system32\wlnotify.dll
Fri May 13 00:42:21 2005 => Scanning File C:\WINDOWS\system32\wlnotify.dll
Fri May 13 00:42:21 2005 => Scanning File C:\WINDOWS\system32\sclgntfy.dll
Fri May 13 00:42:21 2005 => Scanning File C:\WINDOWS\system32\WlNotify.dll
Fri May 13 00:42:21 2005 => Scanning File C:\WINDOWS\system32\wlnotify.dll
Fri May 13 00:42:21 2005 => Scanning File C:\WINDOWS\system32\wlnotify.dll

Fri May 13 00:42:21 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Fri May 13 00:42:21 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

Fri May 13 00:42:21 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

Fri May 13 00:42:21 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AEDEBUG
Fri May 13 00:42:21 2005 => Scanning File C:\WINDOWS\system32\drwtsn32.exe

Fri May 13 00:42:21 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
Fri May 13 00:42:21 2005 => Scanning File C:\WINDOWS\system32\ntsd.exe

Fri May 13 00:42:21 2005 => Scanning HKCU\Control Panel\Desktop
Fri May 13 00:42:21 2005 => Scanning File C:\WINDOWS\SYSTEM32\ssmypics.scr

Fri May 13 00:42:21 2005 => Scanning HKLM\SYSTEM\CurrentControlSet\Control\WOW
Fri May 13 00:42:21 2005 => Scanning File C:\WINDOWS\system32\ntvdm.exe
Fri May 13 00:42:22 2005 => Scanning File C:\WINDOWS\system32\ntvdm.exe

Fri May 13 00:42:22 2005 => Scanning HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
Fri May 13 00:42:22 2005 => Scanning File C:\WINDOWS\INF\unregmp2.exe
Fri May 13 00:42:22 2005 => Scanning File C:\WINDOWS\system32\shmgrate.exe
Fri May 13 00:42:22 2005 => Scanning File C:\WINDOWS\system32\shmgrate.exe
Fri May 13 00:42:22 2005 => Scanning File C:\WINDOWS\system32\regsvr32.exe
Fri May 13 00:42:22 2005 => Scanning File C:\WINDOWS\System32\rundll32.exe
Fri May 13 00:42:22 2005 => Scanning File C:\PROGRA~1\OUTLOO~1\setup50.exe
Fri May 13 00:42:22 2005 => Scanning File C:\WINDOWS\system32\rundll32.exe
Fri May 13 00:42:22 2005 => Scanning File C:\WINDOWS\system32\rundll32.exe
Fri May 13 00:42:22 2005 => Scanning File C:\WINDOWS\system32\rundll32.exe
Fri May 13 00:42:22 2005 => Scanning File C:\PROGRA~1\OUTLOO~1\setup50.exe
Fri May 13 00:42:22 2005 => Scanning File C:\WINDOWS\system32\regsvr32.exe
Fri May 13 00:42:22 2005 => Scanning File C:\WINDOWS\system32\ie4uinit.exe
Fri May 13 00:42:22 2005 => Scanning File C:\WINDOWS\system32\rundll32.exe
Fri May 13 00:42:22 2005 => Scanning File C:\WINDOWS\system32\rundll32.exe

Fri May 13 00:42:22 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

Fri May 13 00:42:22 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

Fri May 13 00:42:22 2005 => Scanning HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Run

Fri May 13 00:42:22 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Run

Fri May 13 00:42:22 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Fri May 13 00:42:22 2005 => Scanning File c:\windows\system\hpsysdrv.exe
Fri May 13 00:42:23 2005 => Scanning File C:\PROGRA~1\IOMEGA~1\AUTOLA~1.EXE
Fri May 13 00:42:23 2005 => Scanning File C:\WINDOWS\system32\ps2.exe
Fri May 13 00:42:23 2005 => Scanning File C:\WINDOWS\System32\hkcmd.exe
Fri May 13 00:42:23 2005 => Scanning File C:\WINDOWS\System32\igfxtray.exe
Fri May 13 00:42:23 2005 => Scanning File C:\WINDOWS\system32\RUNDLL32.EXE
Fri May 13 00:42:23 2005 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
Fri May 13 00:42:23 2005 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

Fri May 13 00:42:24 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Fri May 13 00:42:24 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

Fri May 13 00:42:24 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

Fri May 13 00:42:24 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce

Fri May 13 00:42:24 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Fri May 13 00:42:24 2005 => Scanning File C:\PROGRA~1\AWS\WEATHE~1\Weather.exe

Fri May 13 00:42:26 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Fri May 13 00:42:26 2005 => Scanning File C:\PROGRA~1\CleanUp!\CleanUp.exe

Fri May 13 00:42:26 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

Fri May 13 00:42:26 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

Fri May 13 00:42:26 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup

Fri May 13 00:42:26 2005 => Scanning HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Fri May 13 00:42:26 2005 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe

Fri May 13 00:42:26 2005 => Scanning HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Fri May 13 00:42:26 2005 => Scanning HKCR\txtfile\shell\open\command
Fri May 13 00:42:26 2005 => Scanning File C:\WINDOWS\system32\Notepad.exe

Fri May 13 00:42:27 2005 => Scanning HKCR\comfile\shell\open\command

Fri May 13 00:42:27 2005 => Scanning HKCR\exefile\shell\open\command

Fri May 13 00:42:27 2005 => Scanning HKCR\dllfile\shell\open\command

Fri May 13 00:42:27 2005 => Scanning HKCR\batfile\shell\open\command

Fri May 13 00:42:27 2005 => Scanning HKCR\piffile\shell\open\command

Fri May 13 00:42:27 2005 => Scanning HKCR\scrfile\shell\open\command

Fri May 13 00:42:27 2005 => Scanning HKCR\scrfile\shell\config\command

Fri May 13 00:42:27 2005 => Scanning HKCR\regfile\shell\open\command

Fri May 13 00:42:27 2005 => Scanning HKCR\htmlfile\shell\open\command
Fri May 13 00:42:27 2005 => Scanning File C:\PROGRA~1\INTERN~1\iexplore.exe

Fri May 13 00:42:27 2005 => Scanning HKCR\htafile\shell\open\command

Fri May 13 00:42:27 2005 => Scanning HKCR\jsfile\shell\open\command
Fri May 13 00:42:27 2005 => Scanning File C:\WINDOWS\System32\WScript.exe

Fri May 13 00:42:27 2005 => Scanning HKCR\jsefile\shell\open\command
Fri May 13 00:42:27 2005 => Scanning File C:\WINDOWS\System32\WScript.exe

Fri May 13 00:42:27 2005 => Scanning HKCR\vbsfile\shell\open\command
Fri May 13 00:42:27 2005 => Scanning File C:\WINDOWS\System32\WScript.exe

Fri May 13 00:42:27 2005 => Scanning HKCR\vbefile\shell\open\command
Fri May 13 00:42:27 2005 => Scanning File C:\WINDOWS\System32\WScript.exe

Fri May 13 00:42:27 2005 => Scanning HKCR\wshfile\shell\open\command
Fri May 13 00:42:27 2005 => Scanning File C:\WINDOWS\System32\WScript.exe

Fri May 13 00:42:27 2005 => Scanning HKCR\wsffile\shell\open\command
Fri May 13 00:42:27 2005 => Scanning File C:\WINDOWS\System32\WScript.exe

Fri May 13 00:42:27 2005 => ***** Scanning StartUp Folders *****

Fri May 13 00:42:27 2005 => ***** Scanning C:\Documents and Settings\Owner\Start Menu\Programs\Startup Folder *****
Fri May 13 00:42:27 2005 => Scanning Folder: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\*.*
Fri May 13 00:42:27 2005 => Scanning File C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini

Fri May 13 00:42:27 2005 => ***** Scanning C:\Documents and Settings\All Users\Start Menu\Programs\Startup Folder *****
Fri May 13 00:42:28 2005 => Scanning Folder: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\*.*
Fri May 13 00:42:28 2005 => Scanning File C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Anti-Spyware Blocker.lnk
Fri May 13 00:42:28 2005 => Scanning File C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
Fri May 13 00:42:28 2005 => Scanning File C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Smart Wizard Wireless Settings.lnk.disabled

Fri May 13 00:42:28 2005 => ***** Scanning C:\Documents and Settings\Administrator\Start menu\Programs\Startup Folder *****
Fri May 13 00:42:28 2005 => Scanning Folder: C:\DOCUME~1\ADMINI~1\STARTM~1\Programs\Startup\*.*
Fri May 13 00:42:28 2005 => Scanning File C:\DOCUME~1\ADMINI~1\STARTM~1\Programs\Startup\AutoPlay.exe
Fri May 13 00:42:28 2005 => Scanning File C:\DOCUME~1\ADMINI~1\STARTM~1\Programs\Startup\desktop.ini

Fri May 13 00:42:28 2005 => ***** Scanning C:\Documents and Settings\Default User\Start menu\Programs\Startup Folder *****
Fri May 13 00:42:28 2005 => Scanning Folder: C:\DOCUME~1\DEFAUL~1\STARTM~1\Programs\Startup\*.*
Fri May 13 00:42:28 2005 => Scanning File C:\DOCUME~1\DEFAUL~1\STARTM~1\Programs\Startup\AutoPlay.exe
Fri May 13 00:42:28 2005 => Scanning File C:\DOCUME~1\DEFAUL~1\STARTM~1\Programs\Startup\desktop.ini

Fri May 13 00:42:29 2005 => ***** Scanning Service Files *****
Fri May 13 00:42:29 2005 => Scanning HKLM\SYSTEM\CurrentControlSet\Services
Fri May 13 00:42:29 2005 => Scanning File C:\WINDOWS\System32\drivers\ac97intc.sys
Fri May 13 00:42:29 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ACPI.sys
Fri May 13 00:42:29 2005 => Scanning File C:\WINDOWS\System32\drivers\aec.sys
Fri May 13 00:42:29 2005 => Scanning File C:\WINDOWS\System32\drivers\afd.sys
Fri May 13 00:42:29 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\agp440.sys
Fri May 13 00:42:29 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri May 13 00:42:29 2005 => Scanning File C:\WINDOWS\System32\alg.exe
Fri May 13 00:42:29 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\amdagp.sys
Fri May 13 00:42:29 2005 => Scanning File C:\WINDOWS\system32\svchost.exe
Fri May 13 00:42:29 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\asyncmac.sys
Fri May 13 00:42:29 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\atapi.sys
Fri May 13 00:42:29 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\atmarpc.sys
Fri May 13 00:42:29 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri May 13 00:42:29 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\audstub.sys
Fri May 13 00:42:29 2005 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Fri May 13 00:42:30 2005 => Scanning File C:\WINDOWS\System32\Drivers\avg7core.sys
Fri May 13 00:42:30 2005 => Scanning File C:\WINDOWS\System32\Drivers\avg7rsw.sys
Fri May 13 00:42:30 2005 => Scanning File C:\WINDOWS\System32\Drivers\avg7rsxp.sys
Fri May 13 00:42:30 2005 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
Fri May 13 00:42:30 2005 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\AVGTDI.SYS
Fri May 13 00:42:30 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri May 13 00:42:30 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri May 13 00:42:30 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\cdrom.sys
Fri May 13 00:42:30 2005 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\CINEMSUP.SYS
Fri May 13 00:42:30 2005 => Scanning File C:\WINDOWS\System32\cisvc.exe
Fri May 13 00:42:31 2005 => Scanning File C:\WINDOWS\system32\clipsrv.exe
Fri May 13 00:42:31 2005 => Scanning File C:\WINDOWS\System32\dllhost.exe
Fri May 13 00:42:31 2005 => Scanning File C:\WINDOWS\system32\svchost.exe
Fri May 13 00:42:31 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri May 13 00:42:31 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\disk.sys
Fri May 13 00:42:31 2005 => Scanning File C:\WINDOWS\System32\dmadmin.exe
Fri May 13 00:42:31 2005 => Scanning File C:\WINDOWS\System32\drivers\dmboot.sys
Fri May 13 00:42:31 2005 => Scanning File C:\WINDOWS\System32\drivers\dmio.sys
Fri May 13 00:42:31 2005 => Scanning File C:\WINDOWS\System32\drivers\dmload.sys
Fri May 13 00:42:31 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri May 13 00:42:31 2005 => Scanning File C:\WINDOWS\System32\drivers\DMusic.sys
Fri May 13 00:42:31 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri May 13 00:42:31 2005 => Scanning File C:\WINDOWS\System32\drivers\drmkaud.sys
Fri May 13 00:42:31 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri May 13 00:42:31 2005 => Scanning File C:\WINDOWS\system32\services.exe
Fri May 13 00:42:31 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri May 13 00:42:31 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\FA312nd5.sys
Fri May 13 00:42:31 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri May 13 00:42:31 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\fdc.sys
Fri May 13 00:42:32 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\flpydisk.sys
Fri May 13 00:42:32 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ftdisk.sys
Fri May 13 00:42:32 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\gameenum.sys
Fri May 13 00:42:32 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\msgpc.sys
Fri May 13 00:42:32 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri May 13 00:42:32 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri May 13 00:42:32 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\hidusb.sys
Fri May 13 00:42:32 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\i8042prt.sys
Fri May 13 00:42:32 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\i81xnt5.sys
Fri May 13 00:42:32 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\wADV01nt.sys
Fri May 13 00:42:32 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\wADV02NT.sys
Fri May 13 00:42:32 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\wADV05NT.sys
Fri May 13 00:42:32 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys
Fri May 13 00:42:32 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys
Fri May 13 00:42:32 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\wATV01nt.sys
Fri May 13 00:42:32 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\wATV02NT.sys
Fri May 13 00:42:32 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\wATV04nt.sys
Fri May 13 00:42:33 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys
Fri May 13 00:42:33 2005 => Scanning File C:\WINDOWS\System32\imapi.exe
Fri May 13 00:42:33 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\intelide.sys
Fri May 13 00:42:33 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\iomdisk.sys
Fri May 13 00:42:33 2005 => ERROR!!! Invalid Entry "" in SYSTEM\CurrentControlSet\Services\Iomega Activity Disk2...
Fri May 13 00:42:33 2005 => Scanning File C:\PROGRA~1\Iomega\System32\AppServices.exe
Fri May 13 00:42:33 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys
Fri May 13 00:42:33 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ipinip.sys
Fri May 13 00:42:33 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ipnat.sys
Fri May 13 00:42:33 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ipsec.sys
Fri May 13 00:42:33 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\irenum.sys
Fri May 13 00:42:34 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\isapnp.sys
Fri May 13 00:42:34 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\kbdclass.sys
Fri May 13 00:42:34 2005 => Scanning File C:\WINDOWS\System32\drivers\kmixer.sys
Fri May 13 00:42:34 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\L8042pr2.Sys
Fri May 13 00:42:34 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri May 13 00:42:34 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri May 13 00:42:34 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri May 13 00:42:34 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\LMouFlt2.Sys
Fri May 13 00:42:34 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys
Fri May 13 00:42:34 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\mdc8021x.sys
Fri May 13 00:42:34 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri May 13 00:42:34 2005 => Scanning File C:\WINDOWS\System32\mnmsrvc.exe
Fri May 13 00:42:34 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\mouclass.sys
Fri May 13 00:42:34 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\mouhid.sys
Fri May 13 00:42:34 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\mrxdav.sys
Fri May 13 00:42:35 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
Fri May 13 00:42:35 2005 => Scanning File C:\WINDOWS\System32\msdtc.exe
Fri May 13 00:42:35 2005 => Scanning File C:\WINDOWS\System32\msiexec.exe
Fri May 13 00:42:35 2005 => Scanning File C:\WINDOWS\System32\drivers\MSKSSRV.sys
Fri May 13 00:42:35 2005 => Scanning File C:\WINDOWS\System32\drivers\MSPCLOCK.sys
Fri May 13 00:42:35 2005 => Scanning File C:\WINDOWS\System32\drivers\MSPQM.sys
Fri May 13 00:42:35 2005 => Scanning File C:\WINDOWS\System32\drivers\msmpu401.sys
Fri May 13 00:42:35 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ndistapi.sys
Fri May 13 00:42:35 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ndisuio.sys
Fri May 13 00:42:35 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ndiswan.sys
Fri May 13 00:42:35 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\netbios.sys
Fri May 13 00:42:35 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\netbt.sys
Fri May 13 00:42:35 2005 => Scanning File C:\WINDOWS\system32\netdde.exe
Fri May 13 00:42:35 2005 => Scanning File C:\WINDOWS\system32\netdde.exe
Fri May 13 00:42:35 2005 => Scanning File C:\WINDOWS\System32\lsass.exe
Fri May 13 00:42:36 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri May 13 00:42:36 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri May 13 00:42:36 2005 => Scanning File C:\WINDOWS\System32\lsass.exe
Fri May 13 00:42:36 2005 => Scanning File C:\WINDOWS\system32\svchost.exe
Fri May 13 00:42:36 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\nv4_mini.sys
Fri May 13 00:42:36 2005 => Scanning File C:\WINDOWS\System32\nvsvc32.exe
Fri May 13 00:42:36 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys
Fri May 13 00:42:36 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys
Fri May 13 00:42:36 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\p3.sys
Fri May 13 00:42:36 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\parport.sys
Fri May 13 00:42:36 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\pci.sys
Fri May 13 00:42:36 2005 => Scanning File C:\WINDOWS\system32\services.exe
Fri May 13 00:42:36 2005 => Scanning File C:\WINDOWS\System32\lsass.exe
Fri May 13 00:42:36 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\raspptp.sys
Fri May 13 00:42:36 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\processr.sys
Fri May 13 00:42:36 2005 => Scanning File C:\WINDOWS\system32\lsass.exe
Fri May 13 00:42:36 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\PS2.sys
Fri May 13 00:42:37 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\psched.sys
Fri May 13 00:42:37 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\ptilink.sys
Fri May 13 00:42:37 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\rasacd.sys
Fri May 13 00:42:37 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri May 13 00:42:37 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
Fri May 13 00:42:37 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri May 13 00:42:37 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\raspppoe.sys
Fri May 13 00:42:37 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\raspti.sys
Fri May 13 00:42:37 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\rdbss.sys
Fri May 13 00:42:37 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Fri May 13 00:42:37 2005 => Scanning File C:\WINDOWS\system32\sessmgr.exe
Fri May 13 00:42:37 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\redbook.sys
Fri May 13 00:42:37 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri May 13 00:42:37 2005 => Scanning File C:\WINDOWS\System32\locator.exe
Fri May 13 00:42:37 2005 => Scanning File C:\WINDOWS\system32\svchost.exe
Fri May 13 00:42:37 2005 => Scanning File C:\WINDOWS\System32\rsvp.exe
Fri May 13 00:42:37 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\RTL8139.SYS
Fri May 13 00:42:37 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\s3gnbm.sys
Fri May 13 00:42:38 2005 => Scanning File C:\WINDOWS\system32\lsass.exe
Fri May 13 00:42:38 2005 => Scanning File C:\WINDOWS\System32\SCardSvr.exe
Fri May 13 00:42:38 2005 => Scanning File C:\WINDOWS\System32\SCardSvr.exe
Fri May 13 00:42:38 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri May 13 00:42:38 2005 => Scanning File C:\WINDOWS\system32\drivers\scsiport.sys
Fri May 13 00:42:38 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\secdrv.sys
Fri May 13 00:42:38 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri May 13 00:42:38 2005 => Scanning File C:\WINDOWS\system32\svchost.exe
Fri May 13 00:42:38 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\serenum.sys
Fri May 13 00:42:38 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\serial.sys
Fri May 13 00:42:38 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri May 13 00:42:38 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri May 13 00:42:38 2005 => Scanning File C:\WINDOWS\System32\drivers\splitter.sys
Fri May 13 00:42:38 2005 => Scanning File C:\WINDOWS\system32\spoolsv.exe
Fri May 13 00:42:38 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\sr.sys
Fri May 13 00:42:38 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri May 13 00:42:38 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\srv.sys
Fri May 13 00:42:38 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri May 13 00:42:38 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri May 13 00:42:38 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\swenum.sys
Fri May 13 00:42:38 2005 => Scanning File C:\WINDOWS\System32\drivers\swmidi.sys
Fri May 13 00:42:38 2005 => Scanning File C:\WINDOWS\System32\dllhost.exe
Fri May 13 00:42:38 2005 => Scanning File C:\WINDOWS\System32\drivers\sysaudio.sys
Fri May 13 00:42:38 2005 => Scanning File C:\WINDOWS\system32\smlogsvc.exe
Fri May 13 00:42:39 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Fri May 13 00:42:39 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\tcpip.sys
Fri May 13 00:42:39 2005 => Scanning File C:\WINDOWS\System32\DRIVERS\termdd.sy

Edited by tilby, 12 May 2005 - 10:59 PM.

  • 0

#18
tilby

tilby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
i just finished an avg scan, and it found four infections... three in which it states:
"selected object is located inside the archive and cannot be healed"...
is this bad?
i f'ed up somewhere, didn't i?
i apologize for being a continual ache... i guess i'm just enjoying my "member" status... lol

Edited by tilby, 13 May 2005 - 06:20 PM.

  • 0

#19
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
The mwav log that you gave me doesn't show me anything that I need. You must copy the bottom pane so it tells me which files are infected. The log you gave me only tells me where it did the scan.
  • 0

#20
tilby

tilby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
sorry :tazz: i had a feeling i was doing it wrong

File System Found infected by "DyFuCA Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "DyFuCA Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "emusicclient Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "ameopt Spyware/Adware" Virus. Action Taken: No Action Taken.
File System Found infected by "cws.therealsearch Spyware/Adware" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\m0j1.sys infected by "Trojan.Win32.Delf.cf" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\j91d1.dll infected by "Trojan.Win32.Delf.cf" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\m0j1.sys infected by "Trojan.Win32.Delf.cf" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\sp.dat infected by "Trojan.Win32.Starter.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\sysp.dll infected by "Trojan.Win32.Starter.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\systemp.dll infected by "Trojan.Win32.Starter.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\systemp.exe infected by "Trojan.Win32.Starter.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\System32\xkh.exe infected by "Trojan.Win32.Delf.cf" Virus. Action Taken: No Action Taken.

Edited by tilby, 13 May 2005 - 10:45 AM.

  • 0

#21
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Download KillBox http://www.greyknigh...spy/KillBox.exe. Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. For each of the following files below, check the box that says 'Unregister .dll Before Deleting' if it's not grayed out. Copy and paste each of the following into KillBox (hitting the X button for each file - choose NO when it asks if you want to reboot):

C:\WINDOWS\m0j1.sys
C:\WINDOWS\System32\j91d1.dll
C:\WINDOWS\System32\m0j1.sys
C:\WINDOWS\System32\sp.dat
C:\WINDOWS\System32\sysp.dll
C:\WINDOWS\System32\systemp.dll
C:\WINDOWS\System32\systemp.exe
C:\WINDOWS\System32\xkh.exe


Run Ad-aware and Spybot. Update them first and then run a full scan.

To fix the wallpaper/background problem, right click on this link and choose Save As. Save that file somewhere. Now double click on that file you just saved and say Yes to add/merge it into the registry.

Any problems now? If not:

Your log is clean.

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer and uncheck the same box to enable System Restore.

Make sure to get the latest updates for Windows and Internet Explorer at http://v5.windowsupd...t.aspx?ln=en-us.

To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If not, you should be set to go.
  • 0

#22
tilby

tilby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
well, i did everything and the only thing that's different is the background. instead of pitchblack, it's blue, and the security warning isn't there. it's just blue. there's no right click for the desktop, no icons and no start menu. i ran ad-aware and spybot again, after unchecking the restore box in my computer/properties, and nothing was found except three neglegeable files in ad-aware. i deleted them, tried merging the smitfraud file with the registry again, and it still didn't work. just a blue background. i also tried the sfc / scannow task, but it still won't load up either. it only flashed on for a split second and disappeared.

i'm gonna try the whole process all over again, starting with the killbox instructions, just to make sure i covered all your tracks.

-ok, well, did killbox and it said for each file that none of them seemed to exist. should i run hijack this? i'm just going to wait for further instructions :tazz:

is it true that this infection is being caused by microsoft, and that, simply put, we're not going to stop getting infected until microsoft is able to do something about the problems on their end? if this isn't the case, who, or what is to blame for these infections? does anyone even know, or are we just in a state of emergency: a reason to get cured and leave our computers off for a few weeks? because i don't even use internet explorer anymore; i use mozilla. i do have package sp1a for windows, but i had to install that over sp2. i think i might have had sp2 before all this got as bad as it is. do you think that could be causing me my seemingly unique desktop problems?

Edited by tilby, 13 May 2005 - 06:09 PM.

  • 0

#23
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Hold off on the SP2 install until everything is working properly. If you have SP1 already, leave it alone.

No, it's not caused by Microsoft. A lot of these hijacks are aimed at Windows though, just because they are the #1 used operating system. We can fix this (see below). Just install the prevention tools and update windows if there are any. There is no fool-proof way around this. Just have to be more careful on what sites you visit, what programs you download and other things that you do regularly. Even opening a virus infected email attachment.

To fix the wallpaper/background problem, right click on this link and choose Save As. Save that file somewhere. Now double click on that file you just saved and say Yes to add/merge it into the registry.

Any more problems now?
  • 0

#24
tilby

tilby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
still nothing... :tazz: should i restart right after i merge the file into the registry? 'cause it's still not working.
  • 0

#25
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
You mean the desktop or everything (start menu, right click, etc.)? Try clicking on the desktop and hit the F5 key. I assume you probably restarted by now also. How did you run that smitfraud.reg file? Was it on your desktop?
  • 0

Advertisements


#26
tilby

tilby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
i mean everything; all of the desktop features except ctrl+alt+del (which has been the only way i can view anything on my computer and my desktop). i haven't been able to view any folder contents, or my desktop items, except through task manager. i saved the smitfraud.reg file to a folder on my desktop. should i have saved it directly to my desktop? f5 doesn't seem to do anything. i have been able to change my background, but not through desktop properties. i right clicked on a picture i found on a web page, and set it like that. nothing on my desktop can be seen except that picture.

Edited by tilby, 16 May 2005 - 11:44 AM.

  • 0

#27
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Hmm, not sure if it will run from the task manager. So you are running smitfraud.reg from File->New Task? I think it can be done using the command prompt, but I'm not 100% sure how to run a .reg file from there. It might be reg load ...path of the .reg file\smitfraud.reg or may reg add .....

It shouldn't matter where you saved it as long as you ran it. It should have prompted you if you want to add it to the registry once you ran it. Did it prompt you?

If it still fails, try running sfc /scannow and see if it can find any missing/corrupted files.
  • 0

#28
tilby

tilby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
yeah, every time i tried the smitfraud.reg, it prompted me to merge it with the registry, and i clicked yes every time; and every time, it told me it was merged successfully, but with no results. the sfc / scannow still doesn't work, and never has. it brings up the black window for a split second, then disappears.
  • 0

#29
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Just wondering, do you just enter the path to the registry file and hit OK to run it or do you have to go into the command prompt to do this?

OK, you mentioned earlier that you don't have the start menu, but I think that was before I asked you to run smitfraud.reg. Are you still missing the start menu now? Right clicking on desktop doesn't work either?
  • 0

#30
tilby

tilby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
i could just enter the path, but i haven't tried that. i just browsed for the smitfraud.reg file through "new task" in task manager, and ran it like that.

no i haven't had a start menu for nearly as long as this has been going on. i didn't have the start menu long before the first time you asked me to run the smitfraud.reg file. by my forth post, i had lost everything you normally see when desktop loads. my computer's been like that ever since. it's been like that through every instruction you gave me, and it's still not there. neither are my icons, nor the right click menu on my desktop.

Edited by tilby, 18 May 2005 - 11:05 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP