Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Blasphemy! [RESOLVED]

Started by elite , Jun 05 2005 11:52 AM

  • This topic is locked This topic is locked

#1
elite
Posted 05 June 2005 - 11:52 AM

elite

    Member

  • Member
  • PipPip
  • 35 posts
Hey,

Here's my log. My problem is that my computer just randomly shuts down even in safemode. It doesn't let me run adware or spybot completely. Meaning that, while it's in the middle of a scan it'll shut down. What else .. hmm, windows media player, it wont let me watch/listen etc anything to do with media it just shuts off .. so help please ..

Thanx!

Logfile of HijackThis v1.99.1
Scan saved at 1:50:35 PM, on 06/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Athan\Athan.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\IC Media Corp\ICM532\Launchpad.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Mustafa\LOCALS~1\Temp\Rar$EX00.047\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpySpotter] C:\PROGRA~1\SPYSPO~1\SpySpotter.exe -onreboot
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Launchpad.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/i...etup1.0.0.8.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla...ller/dwnldr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://anu.popcap.co...aploader_v6.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab30149.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E475D6DC-81B7-4148-ABF0-32A300888E82}: NameServer = 207.136.100.40 209.148.64.40
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

Advertisements

#2
elite
Posted 07 June 2005 - 04:35 PM

elite

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
can i get a little help here please :tazz:
  • 0

#3
elite
Posted 07 June 2005 - 07:49 PM

elite

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
:tazz: .. after running MS anti spyware .. it picked up wintools trojan but deleted it .. however it still shuts down .. a little ;) please
  • 0

#4
Guest_thatman_*
Posted 07 June 2005 - 08:08 PM

Guest_thatman_*
  • Guest
Hi elite

Please download this scanner – mwav exe http://www.spywarein...wnload/mwav.exe


Run it in safemode when completed

Reboot as normal

Rescan with HJT and post the HJT.log With mwav.log

Kc :tazz:
  • 0

#5
elite
Posted 08 June 2005 - 03:38 PM

elite

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
here's the hijackthis log after running mwav

Logfile of HijackThis v1.99.1
Scan saved at 1:44:52 AM, on 06/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Mustafa\LOCALS~1\Temp\Rar$EX00.906\HijackThis.exe
C:\DOCUME~1\Mustafa\LOCALS~1\Temp\Rar$EX04.375\HijackThis.exe
C:\DOCUME~1\Mustafa\LOCALS~1\Temp\Rar$EX04.594\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Launchpad.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/i...etup1.0.0.8.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla...ller/dwnldr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://anu.popcap.co...aploader_v6.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab30149.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E475D6DC-81B7-4148-ABF0-32A300888E82}: NameServer = 207.136.100.40 209.148.64.40
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Edited by elite, 08 June 2005 - 03:51 PM.

  • 0

#6
elite
Posted 08 June 2005 - 03:50 PM

elite

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
complete mwav log

Wed Jun 08 01:40:45 2005 => **********************************************************
Wed Jun 08 01:40:45 2005 => eScan AntiVirus Toolkit Utility.
Wed Jun 08 01:40:45 2005 => Copyright © 2003-2004, MicroWorld Technologies Inc.
Wed Jun 08 01:40:45 2005 => **********************************************************
Wed Jun 08 01:40:45 2005 => Version 4.4.7
Wed Jun 08 01:40:45 2005 => Log File: C:\DOCUME~1\Mustafa\MYDOCU~1\mwav.log
Wed Jun 08 01:40:45 2005 => Latest Date of files inside MWAV: 04 Jun 2005 04:11:59.
Wed Jun 08 01:40:47 2005 => AV Library Loaded...
Wed Jun 08 01:40:47 2005 => Scanning File C:\DOCUME~1\Mustafa\MYDOCU~1\kavss.exe
Wed Jun 08 01:40:47 2005 => Scanning File C:\DOCUME~1\Mustafa\MYDOCU~1\Getvlist.exe
Wed Jun 08 01:40:47 2005 => Scanning File C:\DOCUME~1\Mustafa\MYDOCU~1\kavss.dll
Wed Jun 08 01:40:47 2005 => Scanning File C:\DOCUME~1\Mustafa\MYDOCU~1\kavssdi.dll
Wed Jun 08 01:40:47 2005 => Scanning File C:\DOCUME~1\Mustafa\MYDOCU~1\kavssi.dll
Wed Jun 08 01:40:47 2005 => Scanning File C:\DOCUME~1\Mustafa\MYDOCU~1\kavvlg.dll
Wed Jun 08 01:40:47 2005 => Scanning File C:\DOCUME~1\Mustafa\MYDOCU~1\msvlclnt.dll
Wed Jun 08 01:40:47 2005 => Scanning File C:\DOCUME~1\Mustafa\MYDOCU~1\ipc.dll
Wed Jun 08 01:40:47 2005 => Scanning File C:\DOCUME~1\Mustafa\MYDOCU~1\main.avi
Wed Jun 08 01:40:47 2005 => Scanning File C:\DOCUME~1\Mustafa\MYDOCU~1\virus.avi
Wed Jun 08 01:40:48 2005 => Virus Database Date: 2005/06/04
Wed Jun 08 01:40:48 2005 => Virus Database Count: 133302
Wed Jun 08 01:40:55 2005 => Generating Virus List... getvlist.exe C:\DOCUME~1\Mustafa\MYDOCU~1\vlist.txt

Wed Jun 08 01:41:02 2005 => **********************************************************
Wed Jun 08 01:41:02 2005 => eScan AntiVirus Toolkit Utility.
Wed Jun 08 01:41:02 2005 => Copyright © 2003-2004, MicroWorld Technologies Inc.
Wed Jun 08 01:41:02 2005 =>
Wed Jun 08 01:41:02 2005 => Support: [email protected]
Wed Jun 08 01:41:02 2005 => Web: http://www.mwti.net
Wed Jun 08 01:41:02 2005 => **********************************************************
Wed Jun 08 01:41:02 2005 => Version 4.4.7
Wed Jun 08 01:41:02 2005 => Log File: C:\DOCUME~1\Mustafa\MYDOCU~1\mwav.log
Wed Jun 08 01:41:02 2005 => Latest Date of files inside MWAV: 04 Jun 2005 04:11:59.

Wed Jun 08 01:41:02 2005 => Options Selected by User:
Wed Jun 08 01:41:02 2005 => Memory Check: Enabled
Wed Jun 08 01:41:02 2005 => Registry Check: Enabled
Wed Jun 08 01:41:02 2005 => StartUp Folder Check: Enabled
Wed Jun 08 01:41:02 2005 => System Folder Check: Enabled
Wed Jun 08 01:41:02 2005 => System Area Check: Disabled
Wed Jun 08 01:41:02 2005 => Services Check: Enabled
Wed Jun 08 01:41:02 2005 => Drive Check Option Disabled
Wed Jun 08 01:41:02 2005 => Scanning Type: Scan And Clean
Wed Jun 08 01:41:02 2005 => Folder Check: Disabled

Wed Jun 08 01:41:02 2005 => ***** Scanning Memory Files *****
Wed Jun 08 01:41:02 2005 => Scanning File C:\WINDOWS\system32\services.exe
Wed Jun 08 01:41:03 2005 => Scanning File C:\WINDOWS\system32\lsass.exe
Wed Jun 08 01:41:03 2005 => Scanning File C:\WINDOWS\system32\svchost.exe
Wed Jun 08 01:41:03 2005 => Scanning File C:\WINDOWS\system32\svchost.exe
Wed Jun 08 01:41:03 2005 => Scanning File C:\WINDOWS\Explorer.EXE
Wed Jun 08 01:41:03 2005 => Scanning File C:\DOCUME~1\Mustafa\MYDOCU~1\mwavscan.com
Wed Jun 08 01:41:03 2005 => Scanning File C:\DOCUME~1\Mustafa\MYDOCU~1\kavss.exe

Wed Jun 08 01:41:03 2005 => ***** Scanning Registry Files *****

Wed Jun 08 01:41:03 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Wed Jun 08 01:41:03 2005 => *** File C:\WINDOWS\system32\SHELL32.dll having Size Restriction ***
Wed Jun 08 01:41:03 2005 => Scanning File C:\WINDOWS\system32\SHELL32.dll [**]
Wed Jun 08 01:41:03 2005 => *** File C:\WINDOWS\system32\SHELL32.dll having Size Restriction ***
Wed Jun 08 01:41:03 2005 => Scanning File C:\WINDOWS\system32\SHELL32.dll [**]
Wed Jun 08 01:41:03 2005 => Scanning File C:\WINDOWS\System32\webcheck.dll
Wed Jun 08 01:41:03 2005 => Scanning File C:\WINDOWS\System32\stobject.dll

Wed Jun 08 01:41:03 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
Wed Jun 08 01:41:04 2005 => {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
Wed Jun 08 01:41:04 2005 => Scanning File C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\ActiveX\ACROIE~1.OCX
Wed Jun 08 01:41:04 2005 => {08E74C67-99A6-45C7-94DA-A397A8FD8082} = NULL
Wed Jun 08 01:41:04 2005 => {53707962-6F74-2D53-2644-206D7942484F} = C:\PROGRA~1\SPYBOT~1\SDHelper.dll
Wed Jun 08 01:41:04 2005 => Scanning File C:\PROGRA~1\SPYBOT~1\SDHelper.dll
Wed Jun 08 01:41:04 2005 => {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} = NULL
Wed Jun 08 01:41:04 2005 => {AA58ED58-01DD-4d91-8333-CF10577473F7} = c:\program files\google\googletoolbar2.dll
Wed Jun 08 01:41:04 2005 => Scanning File c:\PROGRA~1\google\GOOGLE~2.DLL
Wed Jun 08 01:41:04 2005 => {BDF3E430-B101-42AD-A544-FADC6B084872} = C:\Program Files\Norton AntiVirus\NavShExt.dll
Wed Jun 08 01:41:04 2005 => Scanning File C:\PROGRA~1\NORTON~1\NavShExt.dll

Wed Jun 08 01:41:04 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Wed Jun 08 01:41:04 2005 => Scanning File C:\WINDOWS\Explorer.exe
Wed Jun 08 01:41:04 2005 => Scanning File C:\WINDOWS\system32\userinit.exe

Wed Jun 08 01:41:04 2005 => Scanning HKCU\Control Panel\Desktop
Wed Jun 08 01:41:04 2005 => Scanning File C:\WINDOWS\System32\logon.scr

Wed Jun 08 01:41:04 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Wed Jun 08 01:41:05 2005 => Scanning File C:\PROGRA~1\Athan\Athan.exe
Wed Jun 08 01:41:05 2005 => Scanning File C:\PROGRA~1\NORTON~1\navapw32.exe
Wed Jun 08 01:41:05 2005 => Scanning File C:\PROGRA~1\QUICKT~1\qttask.exe
Wed Jun 08 01:41:05 2005 => Scanning File C:\PROGRA~1\SYMNET~1\SNDMon.exe
Wed Jun 08 01:41:05 2005 => Scanning File C:\PROGRA~1\iTunes\ITUNES~1.EXE
Wed Jun 08 01:41:05 2005 => Scanning File C:\PROGRA~1\Picasa2\PICASA~2.EXE
Wed Jun 08 01:41:05 2005 => Scanning File C:\PROGRA~1\COMMON~1\Real\UPDATE~1\REALSC~1.EXE
Wed Jun 08 01:41:06 2005 => Scanning File C:\PROGRA~1\MICROS~4\gcasServ.exe

Wed Jun 08 01:41:06 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Wed Jun 08 01:41:06 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

Wed Jun 08 01:41:06 2005 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

Wed Jun 08 01:41:06 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Wed Jun 08 01:41:06 2005 => *** File C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe having Size Restriction ***
Wed Jun 08 01:41:06 2005 => Scanning File C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe [**]
Wed Jun 08 01:41:06 2005 => ERROR!!! Invalid Entry MessengerPlus3 = "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart. Removing it.
Wed Jun 08 01:41:06 2005 => *** File C:\PROGRA~1\MSNMES~1\msnmsgr.exe having Size Restriction ***
Wed Jun 08 01:41:06 2005 => Scanning File C:\PROGRA~1\MSNMES~1\msnmsgr.exe [**]

Wed Jun 08 01:41:06 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Wed Jun 08 01:41:06 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

Wed Jun 08 01:41:06 2005 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

Wed Jun 08 01:41:06 2005 => Scanning HKCR\txtfile\shell\open\command

Wed Jun 08 01:41:06 2005 => Scanning HKCR\comfile\shell\open\command

Wed Jun 08 01:41:07 2005 => Scanning HKCR\exefile\shell\open\command

Wed Jun 08 01:41:07 2005 => Scanning HKCR\dllfile\shell\open\command

Wed Jun 08 01:41:07 2005 => Scanning HKCR\batfile\shell\open\command

Wed Jun 08 01:41:07 2005 => Scanning HKCR\piffile\shell\open\command

Wed Jun 08 01:41:07 2005 => Scanning HKCR\scrfile\shell\open\command

Wed Jun 08 01:41:07 2005 => Scanning HKCR\scrfile\shell\config\command

Wed Jun 08 01:41:07 2005 => Scanning HKCR\regfile\shell\open\command

Wed Jun 08 01:41:07 2005 => ***** Scanning StartUp Folders *****

Wed Jun 08 01:41:07 2005 => ***** Scanning C:\Documents and Settings\Mustafa\Start Menu\Programs\Startup Folder *****
Wed Jun 08 01:41:07 2005 => Scanning Folder: C:\Documents and Settings\Mustafa\Start Menu\Programs\Startup\*.*
Wed Jun 08 01:41:07 2005 => Scanning File C:\Documents and Settings\Mustafa\Start Menu\Programs\Startup\desktop.ini [**]

Wed Jun 08 01:41:08 2005 => ***** Scanning C:\Documents and Settings\All Users\Start Menu\Programs\Startup Folder *****
Wed Jun 08 01:41:08 2005 => Scanning Folder: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\*.*
Wed Jun 08 01:41:08 2005 => Scanning File C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini [**]
Wed Jun 08 01:41:08 2005 => Scanning File C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk
Wed Jun 08 01:41:08 2005 => Scanning File C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
Wed Jun 08 01:41:08 2005 => Scanning File C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
Wed Jun 08 01:41:08 2005 => Scanning File C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
Wed Jun 08 01:41:08 2005 => Scanning File C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launchpad.lnk

Wed Jun 08 01:41:08 2005 => ***** Scanning C:\Documents and Settings\Administrator\Start menu\Programs\Startup Folder *****
Wed Jun 08 01:41:08 2005 => Scanning Folder: C:\DOCUME~1\ADMINI~1\STARTM~1\Programs\Startup\*.*
Wed Jun 08 01:41:08 2005 => Scanning File C:\DOCUME~1\ADMINI~1\STARTM~1\Programs\Startup\desktop.ini [**]

Wed Jun 08 01:41:08 2005 => ***** Scanning C:\Documents and Settings\Default User\Start menu\Programs\Startup Folder *****
Wed Jun 08 01:41:08 2005 => Scanning Folder: C:\DOCUME~1\DEFAUL~1\STARTM~1\Programs\Startup\*.*
Wed Jun 08 01:41:08 2005 => Scanning File C:\DOCUME~1\DEFAUL~1\STARTM~1\Programs\Startup\desktop.ini [**]

Wed Jun 08 01:41:08 2005 => ***** Scanning Service Files *****
Wed Jun 08 01:41:09 2005 => Scanning HKLM\SYSTEM\CurrentControlSet\Services
Wed Jun 08 01:41:09 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\ACPI.sys
Wed Jun 08 01:41:09 2005 => Scanning File C:\WINDOWS\system32\drivers\aec.sys
Wed Jun 08 01:41:09 2005 => Scanning File C:\WINDOWS\System32\drivers\afd.sys
Wed Jun 08 01:41:09 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Jun 08 01:41:09 2005 => Scanning File C:\WINDOWS\System32\alg.exe
Wed Jun 08 01:41:09 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\amdk7.sys
Wed Jun 08 01:41:09 2005 => Scanning File C:\WINDOWS\system32\svchost.exe
Wed Jun 08 01:41:09 2005 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\ASLM75.SYS
Wed Jun 08 01:41:09 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\asyncmac.sys
Wed Jun 08 01:41:09 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\atapi.sys
Wed Jun 08 01:41:09 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\atmarpc.sys
Wed Jun 08 01:41:09 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Jun 08 01:41:09 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\audstub.sys
Wed Jun 08 01:41:09 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Jun 08 01:41:09 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Jun 08 01:41:09 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
Wed Jun 08 01:41:09 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\cdrom.sys
Wed Jun 08 01:41:09 2005 => Scanning File C:\WINDOWS\System32\cisvc.exe
Wed Jun 08 01:41:09 2005 => Scanning File C:\WINDOWS\system32\clipsrv.exe
Wed Jun 08 01:41:10 2005 => Scanning File C:\WINDOWS\System32\dllhost.exe
Wed Jun 08 01:41:10 2005 => Scanning File C:\WINDOWS\system32\svchost.exe
Wed Jun 08 01:41:10 2005 => Scanning File C:\WINDOWS\system32\Drivers\usbuvt.sys
Wed Jun 08 01:41:10 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\DcCam.sys
Wed Jun 08 01:41:10 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\DcFpoint.sys
Wed Jun 08 01:41:10 2005 => Scanning File C:\WINDOWS\system32\drivers\dcfs2k.sys
Wed Jun 08 01:41:10 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\DcLps.sys
Wed Jun 08 01:41:10 2005 => Scanning File C:\WINDOWS\system32\svchost.exe
Wed Jun 08 01:41:10 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\DcPTP.sys
Wed Jun 08 01:41:10 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Jun 08 01:41:10 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\disk.sys
Wed Jun 08 01:41:10 2005 => Scanning File C:\WINDOWS\System32\dmadmin.exe
Wed Jun 08 01:41:10 2005 => Scanning File C:\WINDOWS\system32\drivers\dmboot.sys
Wed Jun 08 01:41:10 2005 => Scanning File C:\WINDOWS\system32\drivers\dmio.sys
Wed Jun 08 01:41:10 2005 => Scanning File C:\WINDOWS\system32\drivers\dmload.sys
Wed Jun 08 01:41:11 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Jun 08 01:41:11 2005 => Scanning File C:\WINDOWS\system32\drivers\DMusic.sys
Wed Jun 08 01:41:11 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Jun 08 01:41:11 2005 => Scanning File C:\WINDOWS\system32\drivers\drmkaud.sys
Wed Jun 08 01:41:11 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Jun 08 01:41:11 2005 => Scanning File C:\WINDOWS\system32\services.exe
Wed Jun 08 01:41:11 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Jun 08 01:41:11 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\exportit.sys
Wed Jun 08 01:41:11 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Jun 08 01:41:11 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\fdc.sys
Wed Jun 08 01:41:11 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Wed Jun 08 01:41:11 2005 => Scanning File C:\WINDOWS\system32\drivers\fltmgr.sys
Wed Jun 08 01:41:11 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\ftdisk.sys
Wed Jun 08 01:41:11 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\gameenum.sys
Wed Jun 08 01:41:11 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
Wed Jun 08 01:41:11 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\msgpc.sys
Wed Jun 08 01:41:11 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Jun 08 01:41:11 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Jun 08 01:41:11 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\hidusb.sys
Wed Jun 08 01:41:11 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\HPZid412.sys
Wed Jun 08 01:41:11 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
Wed Jun 08 01:41:11 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\HPZius12.sys
Wed Jun 08 01:41:11 2005 => Scanning File C:\WINDOWS\system32\Drivers\HTTP.sys
Wed Jun 08 01:41:12 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Jun 08 01:41:12 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Wed Jun 08 01:41:12 2005 => Scanning File C:\WINDOWS\System32\imapi.exe
Wed Jun 08 01:41:12 2005 => Scanning File C:\WINDOWS\system32\drivers\ip6fw.sys
Wed Jun 08 01:41:12 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
Wed Jun 08 01:41:12 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\ipinip.sys
Wed Jun 08 01:41:12 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\ipnat.sys
Wed Jun 08 01:41:12 2005 => Scanning File C:\PROGRA~1\iPod\bin\IPODSE~1.EXE
Wed Jun 08 01:41:12 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\ipsec.sys
Wed Jun 08 01:41:12 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\irenum.sys
Wed Jun 08 01:41:12 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\isapnp.sys
Wed Jun 08 01:41:12 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Wed Jun 08 01:41:12 2005 => Scanning File C:\WINDOWS\system32\drivers\kmixer.sys
Wed Jun 08 01:41:12 2005 => Scanning File C:\WINDOWS\system32\drivers\KodakCCS.exe
Wed Jun 08 01:41:12 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Jun 08 01:41:12 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Jun 08 01:41:12 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Jun 08 01:41:12 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Jun 08 01:41:12 2005 => Scanning File C:\WINDOWS\System32\mnmsrvc.exe
Wed Jun 08 01:41:12 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\mouclass.sys
Wed Jun 08 01:41:12 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\mouhid.sys
Wed Jun 08 01:41:13 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Wed Jun 08 01:41:13 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Wed Jun 08 01:41:13 2005 => Scanning File C:\WINDOWS\System32\msdtc.exe
Wed Jun 08 01:41:13 2005 => Scanning File C:\WINDOWS\system32\msiexec.exe
Wed Jun 08 01:41:13 2005 => Scanning File C:\WINDOWS\system32\drivers\MSKSSRV.sys
Wed Jun 08 01:41:13 2005 => Scanning File C:\WINDOWS\system32\drivers\MSPCLOCK.sys
Wed Jun 08 01:41:13 2005 => Scanning File C:\WINDOWS\system32\drivers\MSPQM.sys
Wed Jun 08 01:41:13 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Wed Jun 08 01:41:13 2005 => Scanning File C:\WINDOWS\system32\drivers\MSTEE.sys
Wed Jun 08 01:41:13 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
Wed Jun 08 01:41:13 2005 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\NAVAP.SYS
Wed Jun 08 01:41:13 2005 => Scanning File C:\PROGRA~1\NORTON~1\navapsvc.exe
Wed Jun 08 01:41:14 2005 => Scanning File C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20050607.016\NAVENG.SYS
Wed Jun 08 01:41:14 2005 => Scanning File C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20050607.016\NAVEX15.SYS
Wed Jun 08 01:41:14 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\NdisIP.sys
Wed Jun 08 01:41:14 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Wed Jun 08 01:41:14 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Wed Jun 08 01:41:14 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Wed Jun 08 01:41:14 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\netbios.sys
Wed Jun 08 01:41:14 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\netbt.sys
Wed Jun 08 01:41:14 2005 => Scanning File C:\WINDOWS\system32\netdde.exe
Wed Jun 08 01:41:14 2005 => Scanning File C:\WINDOWS\system32\netdde.exe
Wed Jun 08 01:41:14 2005 => Scanning File C:\WINDOWS\System32\lsass.exe
Wed Jun 08 01:41:14 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Jun 08 01:41:14 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Jun 08 01:41:14 2005 => Scanning File C:\WINDOWS\System32\lsass.exe
Wed Jun 08 01:41:14 2005 => Scanning File C:\WINDOWS\system32\svchost.exe
Wed Jun 08 01:41:14 2005 => *** File C:\WINDOWS\system32\DRIVERS\nv4_mini.sys having Size Restriction ***
Wed Jun 08 01:41:14 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [**]
Wed Jun 08 01:41:14 2005 => Scanning File C:\WINDOWS\system32\drivers\nvax.sys
Wed Jun 08 01:41:14 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\NVENET.sys
Wed Jun 08 01:41:14 2005 => Scanning File C:\WINDOWS\system32\drivers\nvapu.sys
Wed Jun 08 01:41:14 2005 => Scanning File C:\WINDOWS\System32\nvsvc32.exe
Wed Jun 08 01:41:15 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\nv_agp.sys
Wed Jun 08 01:41:15 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
Wed Jun 08 01:41:15 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
Wed Jun 08 01:41:15 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\parport.sys
Wed Jun 08 01:41:15 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\pci.sys
Wed Jun 08 01:41:15 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\pciide.sys
Wed Jun 08 01:41:15 2005 => Scanning File C:\WINDOWS\system32\services.exe
Wed Jun 08 01:41:15 2005 => Scanning File C:\WINDOWS\System32\HPZipm12.exe
Wed Jun 08 01:41:15 2005 => Scanning File C:\WINDOWS\System32\lsass.exe
Wed Jun 08 01:41:15 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\raspptp.sys
Wed Jun 08 01:41:15 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\processr.sys
Wed Jun 08 01:41:15 2005 => Scanning File C:\WINDOWS\system32\lsass.exe
Wed Jun 08 01:41:15 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\psched.sys
Wed Jun 08 01:41:15 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\ptilink.sys
Wed Jun 08 01:41:15 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
Wed Jun 08 01:41:15 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\qv2kux.sys
Wed Jun 08 01:41:15 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\rasacd.sys
Wed Jun 08 01:41:15 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Jun 08 01:41:15 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Wed Jun 08 01:41:16 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Jun 08 01:41:16 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Wed Jun 08 01:41:16 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\raspti.sys
Wed Jun 08 01:41:16 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\rdbss.sys
Wed Jun 08 01:41:16 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
Wed Jun 08 01:41:16 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Wed Jun 08 01:41:16 2005 => Scanning File C:\WINDOWS\system32\sessmgr.exe
Wed Jun 08 01:41:16 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\redbook.sys
Wed Jun 08 01:41:16 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Jun 08 01:41:16 2005 => Scanning File C:\WINDOWS\system32\svchost.exe
Wed Jun 08 01:41:16 2005 => Scanning File C:\WINDOWS\System32\locator.exe
Wed Jun 08 01:41:16 2005 => Scanning File C:\WINDOWS\system32\svchost.exe
Wed Jun 08 01:41:16 2005 => Scanning File C:\WINDOWS\System32\rsvp.exe
Wed Jun 08 01:41:16 2005 => Scanning File C:\WINDOWS\system32\lsass.exe
Wed Jun 08 01:41:16 2005 => Scanning File C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
Wed Jun 08 01:41:16 2005 => Scanning File C:\WINDOWS\System32\SCardSvr.exe
Wed Jun 08 01:41:16 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Jun 08 01:41:16 2005 => Scanning File C:\WINDOWS\system32\drivers\scsiport.sys
Wed Jun 08 01:41:16 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\secdrv.sys
Wed Jun 08 01:41:16 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Jun 08 01:41:16 2005 => Scanning File C:\WINDOWS\system32\svchost.exe
Wed Jun 08 01:41:16 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\serenum.sys
Wed Jun 08 01:41:17 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\serial.sys
Wed Jun 08 01:41:17 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Jun 08 01:41:17 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Jun 08 01:41:17 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\SLIP.sys
Wed Jun 08 01:41:17 2005 => Scanning File C:\PROGRA~1\COMMON~1\SYMANT~1\SNDSrvc.exe
Wed Jun 08 01:41:17 2005 => Scanning File C:\WINDOWS\system32\drivers\splitter.sys
Wed Jun 08 01:41:17 2005 => Scanning File C:\WINDOWS\system32\spoolsv.exe
Wed Jun 08 01:41:17 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\sr.sys
Wed Jun 08 01:41:17 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Jun 08 01:41:17 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\srv.sys
Wed Jun 08 01:41:17 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Jun 08 01:41:17 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Jun 08 01:41:17 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\StreamIP.sys
Wed Jun 08 01:41:17 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\swenum.sys
Wed Jun 08 01:41:17 2005 => Scanning File C:\WINDOWS\system32\drivers\swmidi.sys
Wed Jun 08 01:41:17 2005 => Scanning File C:\WINDOWS\System32\dllhost.exe
Wed Jun 08 01:41:17 2005 => Scanning File C:\PROGRA~1\SYMANTEC\SYMEVENT.SYS
Wed Jun 08 01:41:17 2005 => Scanning File C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
Wed Jun 08 01:41:17 2005 => Scanning File C:\WINDOWS\System32\Drivers\SYMTDI.SYS
Wed Jun 08 01:41:18 2005 => Scanning File C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\SymWSC.exe
Wed Jun 08 01:41:18 2005 => Scanning File C:\WINDOWS\system32\drivers\sysaudio.sys
Wed Jun 08 01:41:18 2005 => Scanning File C:\WINDOWS\system32\smlogsvc.exe
Wed Jun 08 01:41:18 2005 => ERROR!!! Invalid Entry \??\C:\DOCUME~1\Zahid\LOCALS~1\Temp\_ISTMP1.DIR\_ISTMP0.DIR\TAPBIND1.SYS in SYSTEM\CurrentControlSet\Services\TAPBIND...
Wed Jun 08 01:41:18 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Jun 08 01:41:18 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\tcpip.sys
Wed Jun 08 01:41:18 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\termdd.sys
Wed Jun 08 01:41:18 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Jun 08 01:41:18 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Jun 08 01:41:18 2005 => Scanning File C:\WINDOWS\System32\tlntsvr.exe
Wed Jun 08 01:41:18 2005 => Scanning File C:\WINDOWS\system32\svchost.exe
Wed Jun 08 01:41:18 2005 => ERROR!!! Invalid Entry \??\C:\WINDOWS\system32\drivers\klif.sys in SYSTEM\CurrentControlSet\Services\TSP...
Wed Jun 08 01:41:18 2005 => Scanning File C:\WINDOWS\System32\wdfmgr.exe
Wed Jun 08 01:41:18 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\update.sys
Wed Jun 08 01:41:18 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Jun 08 01:41:18 2005 => Scanning File C:\WINDOWS\System32\ups.exe
Wed Jun 08 01:41:18 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\usbccgp.sys
Wed Jun 08 01:41:19 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\usbehci.sys
Wed Jun 08 01:41:19 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\usbhub.sys
Wed Jun 08 01:41:19 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\usbohci.sys
Wed Jun 08 01:41:19 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\usbprint.sys
Wed Jun 08 01:41:19 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\usbscan.sys
Wed Jun 08 01:41:19 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Wed Jun 08 01:41:19 2005 => Scanning File C:\WINDOWS\System32\drivers\vga.sys
Wed Jun 08 01:41:19 2005 => Scanning File C:\WINDOWS\System32\vssvc.exe
Wed Jun 08 01:41:19 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Jun 08 01:41:19 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\wanarp.sys
Wed Jun 08 01:41:19 2005 => Scanning File C:\WINDOWS\system32\drivers\wdmaud.sys
Wed Jun 08 01:41:19 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Jun 08 01:41:19 2005 => Scanning File C:\WINDOWS\system32\svchost.exe
Wed Jun 08 01:41:19 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Jun 08 01:41:19 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Jun 08 01:41:19 2005 => Scanning File C:\WINDOWS\System32\wbem\wmiapsrv.exe
Wed Jun 08 01:41:19 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Jun 08 01:41:19 2005 => Scanning File C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
Wed Jun 08 01:41:19 2005 => Scanning File C:\WINDOWS\system32\svchost.exe
Wed Jun 08 01:41:19 2005 => Scanning File C:\WINDOWS\System32\svchost.exe
Wed Jun 08 01:41:19 2005 => Scanning File C:\WINDOWS\System32\svchost.exe

Wed Jun 08 01:41:19 2005 => ***** Scanning System32 Folders *****
Wed Jun 08 01:41:19 2005 => Scanning C:\WINDOWS Directory
Wed Jun 08 01:41:20 2005 => Scanning Folder: C:\WINDOWS\*.*
Wed Jun 08 01:41:20 2005 => Scanning File C:\WINDOWS\0.log [**]
Wed Jun 08 01:41:20 2005 => Scanning File C:\WINDOWS\002640_.tmp [**]
Wed Jun 08 01:41:20 2005 => Scanning File C:\WINDOWS\1002v4.rom [**]
Wed Jun 08 01:41:20 2005 => Scanning File C:\WINDOWS\1002v4.zip
Wed Jun 08 01:41:20 2005 => Scanning File C:\WINDOWS\Ascd_tmp.ini [**]
Wed Jun 08 01:41:20 2005 => Scanning File C:\WINDOWS\Athan Setup Log.txt [**]
Wed Jun 08 01:41:20 2005 => Scanning File C:\WINDOWS\aucfg.ini [**]
Wed Jun 08 01:41:20 2005 => Scanning File C:\WINDOWS\AuHCcup1.dll
Wed Jun 08 01:41:20 2005 => Scanning File C:\WINDOWS\AuHCcup1.ini [**]
Wed Jun 08 01:41:20 2005 => Scanning File C:\WINDOWS\Blue Lace 16.bmp [**]
Wed Jun 08 01:41:20 2005 => Scanning File C:\WINDOWS\bootstat.dat [**]
Wed Jun 08 01:41:20 2005 => Scanning File C:\WINDOWS\BPMNT.dll
Wed Jun 08 01:41:21 2005 => Scanning File C:\WINDOWS\cdplayer.ini [**]
Wed Jun 08 01:41:21 2005 => Scanning File C:\WINDOWS\clock.avi [**]
Wed Jun 08 01:41:21 2005 => Scanning File C:\WINDOWS\cmsetacl.log [**]
Wed Jun 08 01:41:21 2005 => Scanning File C:\WINDOWS\Coffee Bean.bmp [**]
Wed Jun 08 01:41:21 2005 => Scanning File C:\WINDOWS\comsetup.log [**]
Wed Jun 08 01:41:21 2005 => Scanning File C:\WINDOWS\control.ini [**]
Wed Jun 08 01:41:21 2005 => Scanning File C:\WINDOWS\dahotfix.log [**]
Wed Jun 08 01:41:21 2005 => Scanning File C:\WINDOWS\desktop.ini [**]
Wed Jun 08 01:41:21 2005 => Scanning File C:\WINDOWS\DirectX.log [**]
Wed Jun 08 01:41:21 2005 => Scanning File C:\WINDOWS\DtcInstall.log [**]
Wed Jun 08 01:41:21 2005 => Scanning File C:\WINDOWS\eReg.dat [**]
Wed Jun 08 01:41:21 2005 => Scanning File C:\WINDOWS\EReg072.dat [**]
Wed Jun 08 01:41:21 2005 => Scanning File C:\WINDOWS\euroconv.inf
Wed Jun 08 01:41:21 2005 => Scanning File C:\WINDOWS\explorer.exe
Wed Jun 08 01:41:21 2005 => Scanning File C:\WINDOWS\explorer.scf [**]
Wed Jun 08 01:41:21 2005 => Scanning File C:\WINDOWS\FaxSetup.log [**]
Wed Jun 08 01:41:21 2005 => Scanning File C:\WINDOWS\FeatherTexture.bmp [**]
Wed Jun 08 01:41:21 2005 => *** File C:\WINDOWS\FP1_03_0_529_NZS24N.EXE having Size Restriction ***
Wed Jun 08 01:41:21 2005 => Scanning File C:\WINDOWS\FP1_03_0_529_NZS24N.EXE [**]
Wed Jun 08 01:41:21 2005 => Scanning File C:\WINDOWS\GetServer.ini [**]
Wed Jun 08 01:41:21 2005 => Scanning File C:\WINDOWS\GILKIJIJ.ini [**]
Wed Jun 08 01:41:21 2005 => Scanning File C:\WINDOWS\Gone Fishing.bmp [**]
Wed Jun 08 01:41:21 2005 => Scanning File C:\WINDOWS\Greenstone.bmp [**]
Wed Jun 08 01:41:21 2005 => Scanning File C:\WINDOWS\hcextoutput.dll
Wed Jun 08 01:41:21 2005 => Scanning File C:\WINDOWS\hh.exe
Wed Jun 08 01:41:21 2005 => Scanning File C:\WINDOWS\hpoins01.dat [**]
Wed Jun 08 01:41:21 2005 => Scanning File C:\WINDOWS\hpomdl01.dat [**]
Wed Jun 08 01:41:21 2005 => Scanning File C:\WINDOWS\hpothb07.dat [**]
Wed Jun 08 01:41:21 2005 => Scanning File C:\WINDOWS\hpothb07.tif [**]
Wed Jun 08 01:41:21 2005 => Scanning File C:\WINDOWS\ieuninst.exe
Wed Jun 08 01:41:21 2005 => Scanning File C:\WINDOWS\iis6.log [**]
Wed Jun 08 01:41:21 2005 => Scanning File C:\WINDOWS\im01.gif [**]
Wed Jun 08 01:41:21 2005 => Scanning File C:\WINDOWS\im02.gif [**]
Wed Jun 08 01:41:21 2005 => Scanning File C:\WINDOWS\imsins.BAK [**]
Wed Jun 08 01:41:21 2005 => Scanning File C:\WINDOWS\imsins.log [**]
Wed Jun 08 01:41:21 2005 => Scanning File C:\WINDOWS\IsUninst.exe
Wed Jun 08 01:41:22 2005 => Scanning File C:\WINDOWS\iun6002.exe
Wed Jun 08 01:41:22 2005 => Scanning File C:\WINDOWS\KB821253.log [**]
Wed Jun 08 01:41:22 2005 => Scanning File C:\WINDOWS\KB821557.log [**]
Wed Jun 08 01:41:22 2005 => Scanning File C:\WINDOWS\KB823182.log [**]
Wed Jun 08 01:41:22 2005 => Scanning File C:\WINDOWS\KB823559.log [**]
Wed Jun 08 01:41:22 2005 => Scanning File C:\WINDOWS\KB824105.log [**]
Wed Jun 08 01:41:22 2005 => Scanning File C:\WINDOWS\KB824141.log [**]
Wed Jun 08 01:41:22 2005 => Scanning File C:\WINDOWS\KB825119.log [**]
Wed Jun 08 01:41:22 2005 => Scanning File C:\WINDOWS\KB828035.log [**]
Wed Jun 08 01:41:22 2005 => Scanning File C:\WINDOWS\KB828741.log [**]
Wed Jun 08 01:41:22 2005 => Scanning File C:\WINDOWS\KB834707.log [**]
Wed Jun 08 01:41:22 2005 => Scanning File C:\WINDOWS\KB835732.log [**]
Wed Jun 08 01:41:22 2005 => Scanning File C:\WINDOWS\KB837001.log [**]
Wed Jun 08 01:41:22 2005 => Scanning File C:\WINDOWS\KB839643-DirectX9.log [**]
Wed Jun 08 01:41:22 2005 => Scanning File C:\WINDOWS\KB839643.log [**]
Wed Jun 08 01:41:22 2005 => Scanning File C:\WINDOWS\KB839645.log [**]
Wed Jun 08 01:41:22 2005 => Scanning File C:\WINDOWS\KB840315.log [**]
Wed Jun 08 01:41:22 2005 => Scanning File C:\WINDOWS\KB840374.log [**]
Wed Jun 08 01:41:22 2005 => Scanning File C:\WINDOWS\KB841873.log [**]
Wed Jun 08 01:41:22 2005 => Scanning File C:\WINDOWS\KB842773.log [**]
Wed Jun 08 01:41:22 2005 => Scanning File C:\WINDOWS\KB867282.log [**]
Wed Jun 08 01:41:22 2005 => Scanning File C:\WINDOWS\KB873333.log [**]
Wed Jun 08 01:41:22 2005 => Scanning File C:\WINDOWS\KB873339.log [**]
Wed Jun 08 01:41:23 2005 => Scanning File C:\WINDOWS\KB885250.log [**]
Wed Jun 08 01:41:23 2005 => Scanning File C:\WINDOWS\KB885835.log [**]
Wed Jun 08 01:41:23 2005 => Scanning File C:\WINDOWS\KB885836.log [**]
Wed Jun 08 01:41:23 2005 => Scanning File C:\WINDOWS\KB885884.log [**]
Wed Jun 08 01:41:23 2005 => Scanning File C:\WINDOWS\KB886185.log [**]
Wed Jun 08 01:41:23 2005 => Scanning File C:\WINDOWS\KB887472.log [**]
Wed Jun 08 01:41:23 2005 => Scanning File C:\WINDOWS\KB887742.log [**]
Wed Jun 08 01:41:23 2005 => Scanning File C:\WINDOWS\KB888113.log [**]
Wed Jun 08 01:41:23 2005 => Scanning File C:\WINDOWS\KB888302.log [**]
Wed Jun 08 01:41:23 2005 => Scanning File C:\WINDOWS\KB890047.log [**]
Wed Jun 08 01:41:23 2005 => Scanning File C:\WINDOWS\KB890175.log [**]
Wed Jun 08 01:41:23 2005 => Scanning File C:\WINDOWS\KB890859.log [**]
Wed Jun 08 01:41:23 2005 => Scanning File C:\WINDOWS\KB890923.log [**]
Wed Jun 08 01:41:23 2005 => Scanning File C:\WINDOWS\KB891781.log [**]
Wed Jun 08 01:41:23 2005 => Scanning File C:\WINDOWS\KB893066.log [**]
Wed Jun 08 01:41:23 2005 => Scanning File C:\WINDOWS\KB893086.log [**]
Wed Jun 08 01:41:23 2005 => Scanning File C:\WINDOWS\KB893803.log [**]
Wed Jun 08 01:41:23 2005 => Scanning File C:\WINDOWS\KB893803v2.log [**]
Wed Jun 08 01:41:23 2005 => Scanning File C:\WINDOWS\loadhttp.dll
Wed Jun 08 01:41:23 2005 => Scanning File C:\WINDOWS\LPT$VPN.663 [**]
Wed Jun 08 01:41:23 2005 => Scanning File C:\WINDOWS\LUINSTALL.LOG [**]
Wed Jun 08 01:41:23 2005 => Scanning File C:\WINDOWS\MedCtrOC.log [**]
Wed Jun 08 01:41:23 2005 => Scanning File C:\WINDOWS\mozver.dat [**]
Wed Jun 08 01:41:23 2005 => Scanning File C:\WINDOWS\msdfmap.ini [**]
Wed Jun 08 01:41:23 2005 => Scanning File C:\WINDOWS\msgsocm.log [**]
Wed Jun 08 01:41:23 2005 => Scanning File C:\WINDOWS\msmqinst.log [**]
Wed Jun 08 01:41:23 2005 => Scanning File C:\WINDOWS\muninst.exe
Wed Jun 08 01:41:23 2005 => Scanning File C:\WINDOWS\netfxocm.log [**]
Wed Jun 08 01:41:23 2005 => Scanning File C:\WINDOWS\notepad.exe
Wed Jun 08 01:41:23 2005 => Scanning File C:\WINDOWS\nsreg.dat [**]
Wed Jun 08 01:41:23 2005 => Scanning File C:\WINDOWS\ntbtlog.txt [**]
Wed Jun 08 01:41:23 2005 => Scanning File C:\WINDOWS\ntdtcsetup.log [**]
Wed Jun 08 01:41:23 2005 => Scanning File C:\WINDOWS\ocgen.log [**]
Wed Jun 08 01:41:23 2005 => Scanning File C:\WINDOWS\ocmsn.log [**]
Wed Jun 08 01:41:23 2005 => Scanning File C:\WINDOWS\ODBC.INI [**]
Wed Jun 08 01:41:23 2005 => Scanning File C:\WINDOWS\ODBCINST.INI [**]
Wed Jun 08 01:41:23 2005 => Scanning File C:\WINDOWS\oeuninst.exe
Wed Jun 08 01:41:24 2005 => Scanning File C:\WINDOWS\OEWABLog.txt [**]
Wed Jun 08 01:41:24 2005 => Scanning File C:\WINDOWS\opuc.dll
Wed Jun 08 01:41:24 2005 => Scanning File C:\WINDOWS\PATCH.EXE
Wed Jun 08 01:41:24 2005 => Scanning File C:\WINDOWS\patchw32.dll
Wed Jun 08 01:41:24 2005 => Scanning File C:\WINDOWS\PCDLIB32.DLL
Wed Jun 08 01:41:24 2005 => Scanning File C:\WINDOWS\phage2.exe
Wed Jun 08 01:41:24 2005 => Scanning File C:\WINDOWS\PMK35_SETUP.ini [**]
Wed Jun 08 01:41:24 2005 => Scanning File C:\WINDOWS\popcinfo.dat [**]
Wed Jun 08 01:41:24 2005 => Scanning File C:\WINDOWS\PowerReg.dat [**]
Wed Jun 08 01:41:24 2005 => Scanning File C:\WINDOWS\Prairie Wind.bmp [**]
Wed Jun 08 01:41:24 2005 => Scanning File C:\WINDOWS\Q307869.log [**]
Wed Jun 08 01:41:24 2005 => Scanning File C:\WINDOWS\Q308210.log [**]
Wed Jun 08 01:41:24 2005 => Scanning File C:\WINDOWS\Q309521.log [**]
Wed Jun 08 01:41:24 2005 => Scanning File C:\WINDOWS\Q310437.log [**]
Wed Jun 08 01:41:24 2005 => Scanning File C:\WINDOWS\Q310510.log [**]
Wed Jun 08 01:41:24 2005 => Scanning File C:\WINDOWS\Q311542.log [**]
Wed Jun 08 01:41:24 2005 => Scanning File C:\WINDOWS\Q311889.log [**]
Wed Jun 08 01:41:24 2005 => Scanning File C:\WINDOWS\Q311967.log [**]
Wed Jun 08 01:41:24 2005 => Scanning File C:\WINDOWS\Q312370.log [**]
Wed Jun 08 01:41:24 2005 => Scanning File C:\WINDOWS\Q313450.log [**]
Wed Jun 08 01:41:25 2005 => Scanning File C:\WINDOWS\Q314862.log [**]
Wed Jun 08 01:41:25 2005 => Scanning File C:\WINDOWS\Q315000.log [**]
Wed Jun 08 01:41:25 2005 => Scanning File C:\WINDOWS\Q315403.log [**]
Wed Jun 08 01:41:25 2005 => Scanning File C:\WINDOWS\Q316397.log [**]
Wed Jun 08 01:41:25 2005 => Scanning File C:\WINDOWS\Q317277.log [**]
Wed Jun 08 01:41:25 2005 => Scanning File C:\WINDOWS\Q318138.log [**]
Wed Jun 08 01:41:25 2005 => Scanning File C:\WINDOWS\Q318388.log [**]
Wed Jun 08 01:41:25 2005 => Scanning File C:\WINDOWS\Q318966.log [**]
Wed Jun 08 01:41:25 2005 => Scanning File C:\WINDOWS\Q319322.log [**]
Wed Jun 08 01:41:25 2005 => Scanning File C:\WINDOWS\Q319580.log [**]
Wed Jun 08 01:41:25 2005 => Scanning File C:\WINDOWS\Q319949.log [**]
Wed Jun 08 01:41:25 2005 => Scanning File C:\WINDOWS\Q320174.log [**]
Wed Jun 08 01:41:25 2005 => Scanning File C:\WINDOWS\Q320552.log [**]
Wed Jun 08 01:41:25 2005 => Scanning File C:\WINDOWS\Q320678.log [**]
Wed Jun 08 01:41:25 2005 => Scanning File C:\WINDOWS\Q323172.log [**]
Wed Jun 08 01:41:25 2005 => Scanning File C:\WINDOWS\Q323255.log [**]
Wed Jun 08 01:41:25 2005 => Scanning File C:\WINDOWS\Q324096.log [**]
Wed Jun 08 01:41:25 2005 => Scanning File C:\WINDOWS\Q324380.log [**]
Wed Jun 08 01:41:25 2005 => Scanning File C:\WINDOWS\Q326830.log [**]
Wed Jun 08 01:41:25 2005 => Scanning File C:\WINDOWS\Q328940.log [**]
Wed Jun 08 01:41:25 2005 => Scanning File C:\WINDOWS\Q329048.log [**]
Wed Jun 08 01:41:25 2005 => Scanning File C:\WINDOWS\Q329115.log [**]
Wed Jun 08 01:41:25 2005 => Scanning File C:\WINDOWS\Q329170.log [**]
Wed Jun 08 01:41:25 2005 => Scanning File C:\WINDOWS\Q329390.log [**]
Wed Jun 08 01:41:25 2005 => Scanning File C:\WINDOWS\Q329441.log [**]
Wed Jun 08 01:41:25 2005 => Scanning File C:\WINDOWS\Q329834.log [**]
Wed Jun 08 01:41:25 2005 => Scanning File C:\WINDOWS\Q810577.log [**]
Wed Jun 08 01:41:25 2005 => Scanning File C:\WINDOWS\Q811493.log [**]
Wed Jun 08 01:41:25 2005 => Scanning File C:\WINDOWS\Q811630.log [**]
Wed Jun 08 01:41:25 2005 => Scanning File C:\WINDOWS\Q815021.log [**]
Wed Jun 08 01:41:25 2005 => Scanning File C:\WINDOWS\Q817606.log [**]
Wed Jun 08 01:41:25 2005 => Scanning File C:\WINDOWS\Q819696.log [**]
Wed Jun 08 01:41:25 2005 => Scanning File C:\WINDOWS\Q828026.log [**]
Wed Jun 08 01:41:25 2005 => Scanning File C:\WINDOWS\QTFont.for
Wed Jun 08 01:41:25 2005 => Scanning File C:\WINDOWS\QTFont.qfn [**]
Wed Jun 08 01:41:25 2005 => Scanning File C:\WINDOWS\regedit.exe
Wed Jun 08 01:41:25 2005 => Scanning File C:\WINDOWS\REGLOCS.OLD [**]
Wed Jun 08 01:41:25 2005 => Scanning File C:\WINDOWS\regopt.log [**]
Wed Jun 08 01:41:25 2005 => Scanning File C:\WINDOWS\Rhododendron.bmp [**]
Wed Jun 08 01:41:25 2005 => Scanning File C:\WINDOWS\River Sumida.bmp [**]
Wed Jun 08 01:41:25 2005 => Scanning File C:\WINDOWS\runtsckl.exe
Wed Jun 08 01:41:25 2005 => Scanning File C:\WINDOWS\Santa Fe Stucco.bmp [**]
Wed Jun 08 01:41:25 2005 => Scanning File C:\WINDOWS\SchedLgU.Txt [**]
Wed Jun 08 01:41:25 2005 => Scanning File C:\WINDOWS\sessmgr.setup.log [**]
Wed Jun 08 01:41:25 2005 => Scanning File C:\WINDOWS\SET3.tmp [**]
Wed Jun 08 01:41:26 2005 => Scanning File C:\WINDOWS\SET7.tmp [**]
Wed Jun 08 01:41:26 2005 => Scanning File C:\WINDOWS\setupact.log [**]
Wed Jun 08 01:41:26 2005 => Scanning File C:\WINDOWS\setupapi.log [**]
Wed Jun 08 01:41:26 2005 => Scanning File C:\WINDOWS\setupapi.log.0.old [**]
Wed Jun 08 01:41:26 2005 => Scanning File C:\WINDOWS\setuperr.log [**]
Wed Jun 08 01:41:26 2005 => Scanning File C:\WINDOWS\setuplog.txt [**]
Wed Jun 08 01:41:26 2005 => Scanning File C:\WINDOWS\slrundll.exe
Wed Jun 08 01:41:26 2005 => Scanning File C:\WINDOWS\SND531unin.txt [**]
Wed Jun 08 01:41:26 2005 => Scanning File C:\WINDOWS\Soap Bubbles.bmp [**]
Wed Jun 08 01:41:26 2005 => Scanning File C:\WINDOWS\spuninst.log [**]
Wed Jun 08 01:41:26 2005 => Scanning File C:\WINDOWS\spupdsvc.log [**]
Wed Jun 08 01:41:26 2005 => Scanning File C:\WINDOWS\Sti_Trace.log [**]
Wed Jun 08 01:41:26 2005 => Scanning File C:\WINDOWS\svcpack.log [**]
Wed Jun 08 01:41:26 2005 => Scanning File C:\WINDOWS\SYMEVENT.LOG [**]
Wed Jun 08 01:41:26 2005 => Scanning File C:\WINDOWS\system.ini [**]
Wed Jun 08 01:41:26 2005 => Scanning File C:\WINDOWS\tabletoc.log [**]
Wed Jun 08 01:41:26 2005 => Scanning File C:\WINDOWS\TASKMAN.EXE
Wed Jun 08 01:41:26 2005 => Scanning File C:\WINDOWS\TMUPDATE.DLL
Wed Jun 08 01:41:26 2005 => Scanning File C:\WINDOWS\tmupdate.ini [**]
Wed Jun 08 01:41:26 2005 => Scanning File C:\WINDOWS\tsc.exe
Wed Jun 08 01:41:27 2005 => Scanning File C:\WINDOWS\TSC.INI [**]
Wed Jun 08 01:41:27 2005 => Scanning File C:\WINDOWS\tsc.ptn [**]
Wed Jun 08 01:41:27 2005 => Scanning File C:\WINDOWS\tsoc.log [**]
Wed Jun 08 01:41:27 2005 => Scanning File C:\WINDOWS\twain.dll
Wed Jun 08 01:41:27 2005 => Scanning File C:\WINDOWS\twain_32.dll
Wed Jun 08 01:41:27 2005 => Scanning File C:\WINDOWS\twunk_16.exe
Wed Jun 08 01:41:27 2005 => Scanning File C:\WINDOWS\twunk_32.exe
Wed Jun 08 01:41:27 2005 => Scanning File C:\WINDOWS\uninst.exe
Wed Jun 08 01:41:27 2005 => Scanning File C:\WINDOWS\UninstallFirefox.exe
Wed Jun 08 01:41:27 2005 => Scanning File C:\WINDOWS\unvise32qt.exe
Wed Jun 08 01:41:27 2005 => Scanning File C:\WINDOWS\UNZIP.DLL
Wed Jun 08 01:41:27 2005 => Scanning File C:\WINDOWS\updspapi.log [**]
Wed Jun 08 01:41:27 2005 => Scanning File C:\WINDOWS\upgrade.htm
Wed Jun 08 01:41:27 2005 => Scanning File C:\WINDOWS\vb.ini [**]
Wed Jun 08 01:41:27 2005 => Scanning File C:\WINDOWS\vbaddin.ini [**]
Wed Jun 08 01:41:27 2005 => Scanning File C:\WINDOWS\videomvp.ini [**]
Wed Jun 08 01:41:27 2005 => Scanning File C:\WINDOWS\vmmreg32.dll
Wed Jun 08 01:41:27 2005 => Scanning File C:\WINDOWS\VPTNFILE.663 [**]
Wed Jun 08 01:41:27 2005 => Scanning File C:\WINDOWS\vsapi32.dll
Wed Jun 08 01:41:28 2005 => Scanning File C:\WINDOWS\wiadebug.log [**]
Wed Jun 08 01:41:28 2005 => Scanning File C:\WINDOWS\wiaservc.log [**]
Wed Jun 08 01:41:28 2005 => Scanning File C:\WINDOWS\win.ini [**]
Wed Jun 08 01:41:28 2005 => Scanning File C:\WINDOWS\winamp.ini [**]
Wed Jun 08 01:41:28 2005 => Scanning File C:\WINDOWS\Windows Update.log [**]
Wed Jun 08 01:41:28 2005 => Scanning File C:\WINDOWS\WindowsShell.Manifest [**]
Wed Jun 08 01:41:28 2005 => Scanning File C:\WINDOWS\WindowsUpdate.log [**]
Wed Jun 08 01:41:28 2005 => Scanning File C:\WINDOWS\winhelp.exe
Wed Jun 08 01:41:28 2005 => Scanning File C:\WINDOWS\winhlp32.exe
Wed Jun 08 01:41:28 2005 => Scanning File C:\WINDOWS\wininit.ini [**]
Wed Jun 08 01:41:28 2005 => Scanning File C:\WINDOWS\winnt.bmp [**]
Wed Jun 08 01:41:28 2005 => Scanning File C:\WINDOWS\winnt256.bmp [**]
Wed Jun 08 01:41:28 2005 => Scanning File C:\WINDOWS\wmsetup.log [**]
Wed Jun 08 01:41:28 2005 => Scanning File C:\WINDOWS\wmsetup10.log [**]
Wed Jun 08 01:41:28 2005 => Scanning File C:\WINDOWS\WMSysPr9.prx [**]
Wed Jun 08 01:41:28 2005 => Scanning File C:\WINDOWS\WMSysPrx.prx [**]
Wed Jun 08 01:41:28 2005 => Scanning File C:\WINDOWS\wusetup.log [**]
Wed Jun 08 01:41:28 2005 => Scanning File C:\WINDOWS\xpsp1hfm.log [**]
Wed Jun 08 01:41:28 2005 => Scanning File C:\WINDOWS\yacs.log [**]
Wed Jun 08 01:41:28 2005 => Scanning File C:\WINDOWS\Zapotec.bmp [**]
Wed Jun 08 01:41:28 2005 => Scanning File C:\WINDOWS\_default.pif
Wed Jun 08 01:41:28 2005 => Scanning C:\WINDOWS\system32 Directory
Wed Jun 08 01:41:28 2005 => Scanning Folder: C:\WINDOWS\system32\*.*
Wed Jun 08 01:41:29 2005 => Scanning File C:\WINDOWS\system32\$winnt$.inf
Wed Jun 08 01:41:29 2005 => Scanning File C:\WINDOWS\system32\12520437.cpx [**]
Wed Jun 08 01:41:29 2005 => Scanning File C:\WINDOWS\system32\12520850.cpx [**]
Wed Jun 08 01:41:29 2005 => Scanning File C:\WINDOWS\system32\3lsv0i7p.html [**]
Wed Jun 08 01:41:29 2005 => Scanning File C:\WINDOWS\system32\6to4svc.dll
Wed Jun 08 01:41:29 2005 => Scanning File C:\WINDOWS\system32\8532.ax
Wed Jun 08 01:41:29 2005 => Scanning File C:\WINDOWS\system32\8532prop.ax
Wed Jun 08 01:41:29 2005 => Scanning File C:\WINDOWS\system32\8532util.dll
Wed Jun 08 01:41:29 2005 => Scanning File C:\WINDOWS\system32\8532vfw.dll
Wed Jun 08 01:41:29 2005 => Scanning File C:\WINDOWS\system32\a15.tbl [**]
Wed Jun 08 01:41:29 2005 => Scanning File C:\WINDOWS\system32\a234.tbl [**]
Wed Jun 08 01:41:29 2005 => Scanning File C:\WINDOWS\system32\aaaamon.dll
Wed Jun 08 01:41:29 2005 => Scanning File C:\WINDOWS\system32\access.cpl
Wed Jun 08 01:41:29 2005 => Scanning File C:\WINDOWS\system32\acctres.dll
Wed Jun 08 01:41:29 2005 => Scanning File C:\WINDOWS\system32\accwiz.exe
Wed Jun 08 01:41:29 2005 => Scanning File C:\WINDOWS\system32\acelpdec.ax
Wed Jun 08 01:41:29 2005 => Scanning File C:\WINDOWS\system32\acledit.dll
Wed Jun 08 01:41:29 2005 => Scanning File C:\WINDOWS\system32\aclui.dll
Wed Jun 08 01:41:29 2005 => Scanning File C:\WINDOWS\system32\acode.tbl [**]
Wed Jun 08 01:41:29 2005 => Scanning File C:\WINDOWS\system32\activeds.dll
Wed Jun 08 01:41:29 2005 => Scanning File C:\WINDOWS\system32\activeds.tlb
Wed Jun 08 01:41:30 2005 => Scanning File C:\WINDOWS\system32\actmovie.exe
Wed Jun 08 01:41:30 2005 => Scanning File C:\WINDOWS\system32\actxprxy.dll
Wed Jun 08 01:41:30 2005 => Scanning File C:\WINDOWS\system32\admparse.dll
Wed Jun 08 01:41:30 2005 => Scanning File C:\WINDOWS\system32\adptif.dll
Wed Jun 08 01:41:30 2005 => Scanning File C:\WINDOWS\system32\adsldp.dll
Wed Jun 08 01:41:30 2005 => Scanning File C:\WINDOWS\system32\adsldpc.dll
Wed Jun 08 01:41:30 2005 => Scanning File C:\WINDOWS\system32\adsmsext.dll
Wed Jun 08 01:41:30 2005 => Scanning File C:\WINDOWS\system32\adsnds.dll
Wed Jun 08 01:41:30 2005 => Scanning File C:\WINDOWS\system32\adsnt.dll
Wed Jun 08 01:41:30 2005 => Scanning File C:\WINDOWS\system32\adsnw.dll
Wed Jun 08 01:41:30 2005 => Scanning File C:\WINDOWS\system32\advapi32.dll
Wed Jun 08 01:41:30 2005 => Scanning File C:\WINDOWS\system32\advpack.dll
Wed Jun 08 01:41:30 2005 => Scanning File C:\WINDOWS\system32\ahui.exe
Wed Jun 08 01:41:30 2005 => Scanning File C:\WINDOWS\system32\alg.exe
Wed Jun 08 01:41:30 2005 => Scanning File C:\WINDOWS\system32\alrsvc.dll
Wed Jun 08 01:41:31 2005 => Scanning File C:\WINDOWS\system32\ALut.dll
Wed Jun 08 01:41:31 2005 => Scanning File C:\WINDOWS\system32\amcompat.tlb
Wed Jun 08 01:41:31 2005 => Scanning File C:\WINDOWS\system32\amstream.dll
Wed Jun 08 01:41:31 2005 => Scanning File C:\WINDOWS\system32\ansi.sys
Wed Jun 08 01:41:31 2005 => Scanning File C:\WINDOWS\system32\apcups.dll
Wed Jun 08 01:41:31 2005 => Scanning File C:\WINDOWS\system32\append.exe
Wed Jun 08 01:41:31 2005 => Scanning File C:\WINDOWS\system32\apphelp.dll
Wed Jun 08 01:41:31 2005 => Scanning File C:\WINDOWS\system32\appmgmts.dll
Wed Jun 08 01:41:31 2005 => Scanning File C:\WINDOWS\system32\appmgr.dll
Wed Jun 08 01:41:31 2005 => Scanning File C:\WINDOWS\system32\appwiz.cpl
Wed Jun 08 01:41:31 2005 => Scanning File C:\WINDOWS\system32\arp.exe
Wed Jun 08 01:41:31 2005 => Scanning File C:\WINDOWS\system32\arphr.tbl [**]
Wed Jun 08 01:41:31 2005 => Scanning File C:\WINDOWS\system32\arptr.tbl [**]
Wed Jun 08 01:41:31 2005 => Scanning File C:\WINDOWS\system32\array30.tab [**]
Wed Jun 08 01:41:31 2005 => Scanning File C:\WINDOWS\system32\arrayhw.tab [**]
Wed Jun 08 01:41:31 2005 => Scanning File C:\WINDOWS\system32\asctrls.ocx
Wed Jun 08 01:41:31 2005 => Scanning File C:\WINDOWS\system32\asferror.dll
Wed Jun 08 01:41:31 2005 => Scanning File C:\WINDOWS\system32\asfsipc.dll
Wed Jun 08 01:41:31 2005 => Scanning File C:\WINDOWS\system32\asr_fmt.exe
Wed Jun 08 01:41:32 2005 => Scanning File C:\WINDOWS\system32\asr_ldm.exe
Wed Jun 08 01:41:32 2005 => Scanning File C:\WINDOWS\system32\asr_pfu.exe
Wed Jun 08 01:41:32 2005 => Scanning File C:\WINDOWS\system32\asycfilt.dll
Wed Jun 08 01:41:32 2005 => Scanning File C:\WINDOWS\system32\at.exe
Wed Jun 08 01:41:32 2005 => Scanning File C:\WINDOWS\system32\ATHPRXY.DLL
Wed Jun 08 01:41:32 2005 => Scanning File C:\WINDOWS\system32\ati2cqag.dll
Wed Jun 08 01:41:32 2005 => Scanning File C:\WINDOWS\system32\ati2dvaa.dll
Wed Jun 08 01:41:32 2005 => Scanning File C:\WINDOWS\system32\ati2dvag.dll
Wed Jun 08 01:41:32 2005 => Scanning File C:\WINDOWS\system32\ati3d1ag.dll
Wed Jun 08 01:41:32 2005 => *** File C:\WINDOWS\system32\ati3duag.dll having Size Restriction ***
Wed Jun 08 01:41:32 2005 => Scanning File C:\WINDOWS\system32\ati3duag.dll [**]
Wed Jun 08 01:41:32 2005 => Scanning File C:\WINDOWS\system32\ativdaxx.ax
Wed Jun 08 01:41:32 2005 => Scanning File C:\WINDOWS\system32\ativmvxx.ax
Wed Jun 08 01:41:32 2005 => Scanning File C:\WINDOWS\system32\ativtmxx.dll
Wed Jun 08 01:41:32 2005 => Scanning File C:\WINDOWS\system32\ativvaxx.dll
Wed Jun 08 01:41:32 2005 => Scanning File C:\WINDOWS\system32\atkctrs.dll
Wed Jun 08 01:41:32 2005 => Scanning File C:\WINDOWS\system32\atl.dll
Wed Jun 08 01:41:32 2005 => Scanning File C:\WINDOWS\system32\ATL71.DLL
Wed Jun 08 01:41:33 2005 => Scanning File C:\WINDOWS\system32\atmadm.exe
Wed Jun 08 01:41:33 2005 => Scanning File C:\WINDOWS\system32\atmfd.dll
Wed Jun 08 01:41:33 2005 => Scanning File C:\WINDOWS\system32\atmlib.dll
Wed Jun 08 01:41:33 2005 => Scanning File C:\WINDOWS\system32\atmpvcno.dll
Wed Jun 08 01:41:33 2005 => Scanning File C:\WINDOWS\system32\atrace.dll
Wed Jun 08 01:41:33 2005 => Scanning File C:\WINDOWS\system32\attrib.exe
Wed Jun 08 01:41:33 2005 => Scanning File C:\WINDOWS\system32\Audiodev.dll
Wed Jun 08 01:41:33 2005 => Scanning File C:\WINDOWS\system32\audiosrv.dll
Wed Jun 08 01:41:33 2005 => Scanning File C:\WINDOWS\system32\auditusr.exe
Wed Jun 08 01:41:33 2005 => Scanning File C:\WINDOWS\system32\authz.dll
Wed Jun 08 01:41:33 2005 => Scanning File C:\WINDOWS\system32\autochk.exe
Wed Jun 08 01:41:33 2005 => Scanning File C:\WINDOWS\system32\autoconv.exe
Wed Jun 08 01:41:34 2005 => Scanning File C:\WINDOWS\system32\autodisc.dll
Wed Jun 08 01:41:34 2005 => Scanning File C:\WINDOWS\system32\autofmt.exe
Wed Jun 08 01:41:34 2005 => Scanning File C:\WINDOWS\system32\autolfn.exe
Wed Jun 08 01:41:34 2005 => Scanning File C:\WINDOWS\system32\avicap.dll
Wed Jun 08 01:41:34 2005 => Scanning File C:\WINDOWS\system32\avicap32.dll
Wed Jun 08 01:41:34 2005 => Scanning File C:\WINDOWS\system32\avifil32.dll
Wed Jun 08 01:41:34 2005 => Scanning File C:\WINDOWS\system32\avifile.dll
Wed Jun 08 01:41:34 2005 => Scanning File C:\WINDOWS\system32\avmeter.dll
Wed Jun 08 01:41:34 2005 => Scanning File C:&
  • 0

#7
Guest_thatman_*
Posted 09 June 2005 - 12:23 PM

Guest_thatman_*
  • Guest
Hi elite

Please read through the instructions before you start (you may want to print this out).

HijackThis is being run from a temporary folder; this means that any backups it creates as a result of fixes made with it will be lost. Please create a new folder for it and place the program into that new folder. Create a new folder Name the folder: C:\HJT\ now copy and paste HijackThis.exe into the new folder. Allways run HJT from this folder.

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items:
O2 - BHO: (no name) - {08E74C67-99A6-45C7-94DA-A397A8FD8082} - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/i...etup1.0.0.8.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
Click on Fix Checked when finished and exit HijackThis.

ActiveX Controls could do with a big cleanup. Open your browser and go to Tools > Internet Options and click on the General Tab. Click on Settings (next to Temporary Internet Files) and then click on View Objects. Rightclick on each and choose Properties. If there is anything there that you dont know what it is (microsoft, apple, macromedia etc are OK) or where it came from, delete it. If there are any damaged controls there, delete those also. If any are needed, you will be prompted to download them again anyway.

Sun Java clean up
Clearing Java cache
Clearing the Java Plug-in cache ensures that the browser loads the latest versions of Java applications and applets.
To clear the Java Plug-in cache:
1. Click Start > Control Panel.
2. Double-click the Java icon in the control panel.
The Java Control Panel appears.

Java Control Panel
3. Click Settings under Temporary Internet Files.
The Temporary Files Settings dialog box appears.

Temporary Files Settings dialog box
4. Click Delete Files.
The Delete Temporary Files dialog box appears.

Delete Temporary Files dialog box
There are three options on this window to clear the cache.
1. Delete Files
2. View Applications
3. View Applets
5. Click OK on Delete Temporary Files window.
Note: This deletes all the Downloaded Applications and Applets from the cache.

6. Click OK on Temporary Files Settings window.
Note: If you want to delete a specific application and applet from the cache, click on View Application and View Applet options respectively.

Download the Hoster from here Press "Restore Original Hosts. and press "OK". Exit Program.

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp
Please post the logs From Panda virus scan and HJT.logWe will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0

#8
elite
Posted 10 June 2005 - 04:43 PM

elite

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Incident Status Location

Adware:Adware/WinTools No disinfected Windows Registry
Adware:Adware/WUpd No disinfected C:\Program Files\AdTools Service
Spyware:Spyware/Altnet No disinfected Windows Registry
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\readmewaysurfhope\01 size.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\readmewaysurfhope\defydeaf.exe
Spyware:Spyware/XXXToolbar No disinfected C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\5SKBXPSP\prompt[2].php


Incident Status Location

Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\readmewaysurfhope\01 size.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\readmewaysurfhope\defydeaf.exe
Spyware:Spyware/XXXToolbar No disinfected C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\5SKBXPSP\prompt[2].php
  • 0

#9
elite
Posted 10 June 2005 - 04:45 PM

elite

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
thats what it picked up on panda active scan before it shut down :tazz: it doesnt let me scan my entire registry or C .. im going to post the recent hijackthis log .
  • 0

#10
elite
Posted 10 June 2005 - 06:46 PM

elite

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
here is the hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 6:32:51 PM, on 06/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\IC Media Corp\ICM532\Launchpad.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\imapi.exe
C:\HJT\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Launchpad.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla...ller/dwnldr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://anu.popcap.co...aploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E475D6DC-81B7-4148-ABF0-32A300888E82}: NameServer = 207.136.100.40 209.148.64.40
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

Advertisements

#11
Guest_thatman_*
Posted 11 June 2005 - 04:09 AM

Guest_thatman_*
  • Guest
Hi elite

Please read through the instructions before you start (you may want to print this out).

Please set your system to show all files; please see here if you're unsure how to do this.

Please download and install AD-Aware.
Check Here on how setup and use it - please make sure you update it first. Don't run yet.

Download Pocket Killbox and unzip it; save it to your Desktop. We may need it later.

Download and unzip to one folder:
http://metallica.gee...com/findlop.zip
Inside the folder find findlop.bat
Doubleclick it and it will create the file C:\findlop.txt
Find that file and copy the content into your next post.


Download Ewido Trojan’s and malware remover http://www.ewido.net/en/download/
This setup contains the free as well as the plus-version of the ewido security suite. After the installation, a free 14-day test version containing all the extensions of the plus-version will be activated. At the end of the test phase, the extensions of the plus version are deactivated and the freeware version can be used unlimited times. The purchased license code of the plus version can be entered at any time.
Ewido will auto-udate. Don't run yet

Reboot into Safe Mode: please see here if you are not sure how to do this.

Run Ewido full scan. Save the scan.log.

Clear out the files in the Prefetch folder. Go to start> run> type into the box Prefetch and delete all the files in that folder.



Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure all are checked and then press *ok* to remove:

Run Ad-aware se let remove all it finds

Find and delete this folder
C:\Program Files\AdTools Service<--Delete the whole folder.


Run killbox and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.
The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes.
C:\Documents and Settings\All Users\Application Data\readmewaysurfhope\01 size.exe
C:\Documents and Settings\All Users\Application Data\readmewaysurfhope\defydeaf.exe
C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\5SKBXPSP\prompt[2].php
C:\WINDOWS\loadhttp.dll
C:\WINDOWS\LPT$VPN.663
Let the system reboot.

Please download, install and run this disk cleanup utility called Cleanup version 4.0!: http://downloads.ste...p/CleanUp40.exe
It will get rid of any malware which may be hiding in your temp folders ( a common hiding place). You will also regain a massive amount of disk space. Here is a tutorial which describes its usage: http://www.bleepingc...tutorial93.html
Check the custom settings to your liking under options, but be sure to delete temporary files and temporary internet files for all user profiles. Also, cleanout the prefetch folder and the recycle bin.When the scan has finnished click the close button
When prompted the system will log off to let it clean out the remaining files. when the log screen shows log back on and continue the fix.

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
Please post the logs From Panda, Ewido and HJT.logWe will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0

#12
elite
Posted 11 June 2005 - 08:57 PM

elite

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
lets start of with the log which doesnt force the computer to shut down, so here is the hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:57:28 PM, on 06/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla...ller/dwnldr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://anu.popcap.co...aploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E475D6DC-81B7-4148-ABF0-32A300888E82}: NameServer = 207.136.100.40 209.148.64.40
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
  • 0

#13
elite
Posted 11 June 2005 - 09:00 PM

elite

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Findlop log:

[TRACE] Enumerating jobs and queues
[TRACE] Activating job 'FRU Task #Hewlett-Packard#hp psc 1200 series#1093629030
.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe'
Parameters: '-I "#Hewlett-Packard#hp psc 1200 series#1093629030"'
WorkingDirectory: ''
Comment: ''
Creator: '---'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 00/00/0000 0:00:00
StartError: SCHED_S_TASK_HAS_NOT_RUN
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 1
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

No triggers


[TRACE] Activating job 'Norton AntiVirus - Scan my computer.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\PROGRA~1\NORTON~1\NAVW32.exe'
Parameters: '/task:C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\Tasks\mycomp.sca'
WorkingDirectory: ''
Comment: 'This is a schedule scan task from Norton AntiVirus.'
Creator: '---'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 07/16/2004 20:00:00
NextRun: 06/17/2005 20:00:00
StartError: 0x80070534
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Weekly
WeeksInterval: 1
DaysOfTheWeek: .....F.
StartDate: 06/24/2004
EndDate: 00/00/0000
StartTime: 20:00
MinutesDuration: 0
MinutesInterval: 0
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'Symantec NetDetect.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE'
Parameters: ''
WorkingDirectory: 'C:\Program Files\Symantec\LiveUpdate'
Comment: 'Symantec NetDetect'
Creator: '---'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 06/11/2005 21:50:00
NextRun: 06/12/2005 1:50:00
StartError: S_OK
ExitCode: 0
Status: SCHED_S_TASK_READY
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

1 Trigger

Trigger 0:
Type: Daily
DaysInterval: 1
StartDate: 06/11/2005
EndDate: 00/00/0000
StartTime: 05:50
MinutesDuration: 1440
MinutesInterval: 240
Flags:
HasEndDate = 0
KillAtDuration = 0
Disabled = 0


[TRACE] Activating job 'XoftSpy.job'
[TRACE] Printing all job properties

ApplicationName: 'C:\Program Files\XoftSpy\XoftSpy.exe'
Parameters: '-t'
WorkingDirectory: 'C:\Program Files\XoftSpy'
Comment: 'Runs XoftSpy at Scheduled Time.'
Creator: '---'
Priority: NORMAL
MaxRunTime: 259200000 (3d 0:00:00)
IdleWait: 10
IdleDeadline: 60
MostRecentRun: 00/00/0000 0:00:00
NextRun: 00/00/0000 0:00:00
StartError: SCHED_S_TASK_HAS_NOT_RUN
ExitCode: 0
Status: SCHED_S_TASK_NOT_SCHEDULED
ScheduledWorkItem Flags:
DeleteWhenDone = 0
Suspend = 0
StartOnlyIfIdle = 0
KillOnIdleEnd = 0
RestartOnIdleResume = 0
DontStartIfOnBatteries = 0
KillIfGoingOnBatteries = 0
RunOnlyIfLoggedOn = 1
SystemRequired = 0
Hidden = 0
TaskFlags: 0

No triggers
  • 0

#14
elite
Posted 12 June 2005 - 12:27 AM

elite

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Panda Log:


Incident Status Location

Adware:Adware/MyWebSearch No disinfected Windows Registry


Unfortunately, the comp shuts down while i run ewido so I cant give you a log for that :tazz:
  • 0

#15
Guest_thatman_*
Posted 12 June 2005 - 02:32 AM

Guest_thatman_*
  • Guest
Hi elite

We will deal with ewido after your next post.

http://www.worldstar.../regcleaner.exe

RegCleaner Download Now! (540KB)
Jouni Vuoro Software

In the search box copy and paste MyWebSearch and delete all referance's to this malware

Description:
RegCleaner is an easy to use program. With RegCleaner you can easily get rid of those old and obsolete registry entries created by software that you have destroyed ages ago. And by easily, I mean easily. You don´t have to be any expert to use this program.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00A6FAF1-
072E-44cf-8957-5838F569A31D}]
@="MyWebSearch Search Assistant BHO"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00A6FAF1-
072E-44cf-8957-5838F569A31D}\InprocServer32]
@="C:\\MWSSRCAS.DLL"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-
44cf-8957-5838F569A31D}] @="MyWebSearch Search Assistant BHO"

Post a new panda log and HJT.log

Kc :tazz:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP