Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Need help please *HIJACKTHIS INSIDE*

Status
Not open for further replies.
Impaq

Impaq

MIS
Feb 14, 2007
3
CA
Logfile of HijackThis v1.99.1
Scan saved at 9:19:47 PM, on 14/02/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\windows\system32\spool\printers\FireDaemon.exe
c:\windows\system32\spool\printers\events.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft Office\OFFICE11\MSTORDB.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\Documents and Settings\user\Desktop\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {642492d2-bf42-45c4-942c-cf67f6449a2a} - C:\WINDOWS\system32\avwC16.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunServices: [internet service] wmsmgs.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Printer Service Drivers] Adaptserv.exe
O4 - HKCU\..\Run: [Key] C:\DOCUME~1\user\LOCALS~1\Temp\29.tmp
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunServices: [Printer Service Drivers] Adaptserv.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Personal Coach.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - O17 - HKLM\System\CCS\Services\Tcpip\..\{28422CDB-019F-4EFD-B307-D5D4C6494B0D}: NameServer = 67.69.184.167 67.69.184.216
O17 - HKLM\System\CS1\Services\Tcpip\..\{28422CDB-019F-4EFD-B307-D5D4C6494B0D}: NameServer = 67.69.184.167 67.69.184.216
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: avwC16 - avwC16.dll (file missing)
O20 - Winlogon Notify: winsys2freg - C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O20 - Winlogon Notify: yabxw - C:\WINDOWS\System32\yabxw.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: FireDaemon Service: events (events) - Sublime Solutions Pty Ltd - C:\windows\system32\spool\printers\FireDaemon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
 
Sort by date Sort by votes
Sorry i didnt list my problems.. well for one i cant log on to msn or open quite i bit of stuff as it;ll shut off saying "this has incountered a problem and must shut down"..thanks inadvance
 
Upvote 0 Downvote
hi,



Click Start > Run > and type in:

services.msc

Click OK.

In the services window find Winlogon Notify: avwC16
Right click and choose "Properties". On the "General" tab under "Service
Status" click the "Stop" button to stop the service. Beside "Startup Type"
in the dropdown menu select "Disabled". Click Apply then OK. Exit the
Services utility.

Note: You may get an error here when trying to access the properties of the
service. If you do get an error, just select the service and look there in
the top left of the main service window and click "Stop" to stop the service. If that gives an error or it is already stopped, just skip this step and proceed with the rest.

Also disable these two as well!

Winlogon Notify: winsys2freg
Winlogon Notify: yabxw




MS AntiSpyware (MSAS) Beta

1. Right-click on the Microsoft Anti-Spyware icon in the system tray [it's the one with the red and yellow bulls-eye].
2. Click on "Security Agents Status".
3. Click on "Disable real-time protection".


Next right-click on the Microsoft Anti-Spyware icon in the system tray again to open Microsoft Anti-Spyware.

1. Click on the Options menu and choose Settings.
2. In the left pane column click on "Real Time Protection".
3. Under Startup Options, uncheck "Enable (MSAS) Security Agents on startup (recommended)"
4. Under Real-time spyware threat protection, uncheck and "Enable real-time spyware threat protection" (recommended).
5. Click the Save button and close Microsoft AntiSpyware.

Finally, right-click on the MSAS icon in the system tray and select "Shutdown Microsoft Antispyware".



First make a folder In C:\ & call it BFU then

please download BFU from



and save it to the folder you have just made.
Open the folder & double click BFU.exe to run it


Run the program and click the Web button.


Use this URL below and copy it into the address bar of the Download script
window:





Execute the script by clicking the Execute button.
Note that you should see a progress bar while the script is being executed.

If you have any questions about the use of BFU please read here:



Please download ComboFix from either of these two locations



* Double click combofix.exe & follow the prompts.
* When finished, it shall produce a log for you. Post that log in your next reply

Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


Post back with the log from ComboFix and a new HJT log please.



Download the pocket killbox




spysweeper.

Before you proceed with the removal directions below you need to turn off SpySweeper's realtime protection as it will interfere with the changes we are trying to make.

Open Spysweeper and click on Options > Program Options.
Uncheck "load at windows startup".
On the left click "shields" and then uncheck everything there.
Uncheck "home page shield".
Uncheck "automatically restore default without notification".
Exit the program.
Leave it disabled until we are finished here.



Download AVG Anti-Spyware



* Once you have downloaded AVG Anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
* Once the setup is complete you will need run AVG and update the definition files.
* On the main screen select the icon "Update" then select the "Update now" link.
* Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
* Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
* Once in the Settings screen click on "Recommended actions" and then select "Delete"
* Under "Reports"
* Select "Automatically generate report after every scan"
* Un-Select "Only if threats were found"


Close AVG Anti-Spyware. Anti-spyware, Do NOT run a scan yet. We will do that later in safe mode.



* Click here to download ATF Cleaner by Atribune and save it to your desktop.



* Double-click ATF-Cleaner.exe to run the program.
* Under Main choose: Select All
* Click the Empty Selected button.
o If you use Firefox:
+ Click Firefox at the top and choose: Select All
+ Click the Empty Selected button.
+ NOTE: If you would like to keep your saved passwords, please click No at the prompt.
o If you use Opera:
+ Click Opera at the top and choose: Select All
+ Click the Empty Selected button.
+ NOTE: If you would like to keep your saved passwords, please click No at the prompt.
* Click Exit on the Main menu to close the program.


* Click here for info on how to boot to safe mode if you don't already know
how.




* Now copy these instructions to notepad and save them to your desktop. You
will need them to refer to in safe mode.


* Restart your computer into safe mode now. Perform the following steps in
safe mode:



have hijack this fix these entries. close all browsers and programmes before
clicking FIX.



O2 - BHO: (no name) - {642492d2-bf42-45c4-942c-cf67f6449a2a} - C:\WINDOWS\system32\avwC16.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [internet service] wmsmgs.exe
O4 - HKCU\..\Run: [Printer Service Drivers] Adaptserv.exe
O4 - HKCU\..\Run: [Key] C:\DOCUME~1\user\LOCALS~1\Temp\29.tmp
O20 - Winlogon Notify: avwC16 - avwC16.dll (file missing)
O20 - Winlogon Notify: winsys2freg - C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll (file missing)
O20 - Winlogon Notify: yabxw - C:\WINDOWS\System32\yabxw.dll (file missing)




Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill.
In the Full Path of File to Delete box, copy and paste each of the following
lines one at a time then click on the button that has the red circle with the
X in the middle after you enter each file. It will ask for confirmation to
delete the file. Click Yes. Continue with that same procedure until you have
copied and pasted all of these in the Paste Full Path of File to Delete box.



Note: It is possible that Killbox will tell you that one or more files do not
exist. If that happens, just continue on with all the files. Be sure you
don't miss any.



C:\DOCUME~1\user\LOCALS~1\Temp\29.tmp
C:\WINDOWS\System32\avwC16.dll
C:\Documents and Settings\All
Users\Documents\Settings\winsys2f.dll
C:\Documents and Settings\All
Users\Documents\Settings\avwC16.dll
C:\WINDOWS\System32\yabxw.dll



Run AVG Anti-Spyware!

# IMPORTANT: Do not open any other windows or programs while AVG is scanning as it may interfere with the scanning process:
# Launch AVG Anti-spyware by double-clicking the icon on your desktop.
# Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
# AVG will now begin the scanning process. Be patient this may take a little time.
Once the scan is complete do the following:
# If you have any infections you will prompted, then select "Apply all actions"
# Next select the "Reports" icon at the top.
# Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
# Close AVG and reboot your system back into Normal Mode.



reboot to normal mode and run a few online scans!



Note: this is a stand alone, it doesn't install to start/programmes.

Download Mwav,



double click on it and it will extract to C:\kaspersky. Click
on the kaspersky folder and click on Kavupd, a black dos window will open
and it will update the programme for you, be patient it will take 5-10
minutes to download the new definitions. Once it's updated, click on mwavscan
to launch the programme.

Use the defaults of:

Memory
startup folders
Registry
system folders
services

Choose drive , all drives and, click scan all files
and then click scan/clean. After it finishes scanning and cleaning post
the log here with a new hijack this log.

Note: this is a very thorough scanner, it might take anything up to an hour
or more, depending on how many drives you have and how badly infected your
pc is.



Highlight the portion of the scan that lists infected items and hold
CTRL + C to Copy then paste it here. The whole log with be extremely
big so there is no way to copy the whole thing. I just need the
infected items list.




post another hijack this log,the combo fix the AVG Anti-Spyware log and the Mwav scan log.




Member of ASAP Alliance of Security Analysis Professionals

under the name khazars
 
Upvote 0 Downvote
Some of the things you wanted me to do i couldnt either cause i couldnt find it or the program wasnt working like that combo one..it said something about it having problems with its program. But here is the others.. thanks again for your help and sorry for the late response.
------------------------------------
Mon Feb 19 17:53:16 2007 => **********************************************************
Mon Feb 19 17:53:16 2007 => eScan AntiVirus Toolkit Utility.
Mon Feb 19 17:53:16 2007 => Copyright © 2003-2004, MicroWorld Technologies Inc.
Mon Feb 19 17:53:16 2007 => **********************************************************
Mon Feb 19 17:53:16 2007 => Version 4.4.7
Mon Feb 19 17:53:16 2007 => Log File: C:\KASPER~1\mwav.log
Mon Feb 19 17:53:16 2007 => Latest Date of files inside MWAV: 21 Jan 2007 02:14:34.
Mon Feb 19 17:53:29 2007 => AV Library Loaded...
Mon Feb 19 17:53:29 2007 => Scanning File C:\KASPER~1\kavss.exe
Mon Feb 19 17:53:29 2007 => Scanning File C:\KASPER~1\Getvlist.exe
Mon Feb 19 17:53:29 2007 => Scanning File C:\KASPER~1\kavss.dll
Mon Feb 19 17:53:30 2007 => Scanning File C:\KASPER~1\kavssdi.dll
Mon Feb 19 17:53:30 2007 => Scanning File C:\KASPER~1\kavssi.dll
Mon Feb 19 17:53:30 2007 => Scanning File C:\KASPER~1\kavvlg.dll
Mon Feb 19 17:53:30 2007 => Scanning File C:\KASPER~1\msvlclnt.dll
Mon Feb 19 17:53:30 2007 => Scanning File C:\KASPER~1\ipc.dll
Mon Feb 19 17:53:31 2007 => Scanning File C:\KASPER~1\main.avi
Mon Feb 19 17:53:31 2007 => Scanning File C:\KASPER~1\virus.avi
Mon Feb 19 17:53:31 2007 => Virus Database Date: 2007/01/21
Mon Feb 19 17:53:31 2007 => Virus Database Count: 260293

Mon Feb 19 17:54:27 2007 => **********************************************************
Mon Feb 19 17:54:27 2007 => eScan AntiVirus Toolkit Utility.
Mon Feb 19 17:54:27 2007 => Copyright © 2003-2004, MicroWorld Technologies Inc.
Mon Feb 19 17:54:27 2007 =>
Mon Feb 19 17:54:27 2007 => Support: support@mwti.net
Mon Feb 19 17:54:27 2007 => Web: Mon Feb 19 17:54:27 2007 => **********************************************************
Mon Feb 19 17:54:27 2007 => Version 4.4.7
Mon Feb 19 17:54:27 2007 => Log File: C:\KASPER~1\mwav.log
Mon Feb 19 17:54:27 2007 => Latest Date of files inside MWAV: 21 Jan 2007 02:14:34.

Mon Feb 19 17:54:27 2007 => Options Selected by User:
Mon Feb 19 17:54:27 2007 => Memory Check: Enabled
Mon Feb 19 17:54:27 2007 => Registry Check: Enabled
Mon Feb 19 17:54:27 2007 => StartUp Folder Check: Enabled
Mon Feb 19 17:54:27 2007 => System Folder Check: Enabled
Mon Feb 19 17:54:27 2007 => System Area Check: Disabled
Mon Feb 19 17:54:27 2007 => Services Check: Enabled
Mon Feb 19 17:54:27 2007 => Drive Check Option Disabled
Mon Feb 19 17:54:27 2007 => Scanning Type: Scan And Clean
Mon Feb 19 17:54:27 2007 => Folder Check: Disabled

Mon Feb 19 17:54:27 2007 => ***** Scanning Memory Files *****
Mon Feb 19 17:54:27 2007 => Scanning File C:\WINDOWS\system32\services.exe
Mon Feb 19 17:54:27 2007 => Scanning File C:\WINDOWS\system32\lsass.exe
Mon Feb 19 17:54:28 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Mon Feb 19 17:54:28 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 19 17:54:28 2007 => Scanning File C:\WINDOWS\system32\spoolsv.exe
Mon Feb 19 17:54:28 2007 => Scanning File C:\WINDOWS\Explorer.EXE
Mon Feb 19 17:54:28 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
Mon Feb 19 17:54:29 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
Mon Feb 19 17:54:29 2007 => Scanning File C:\PROGRA~1\Java\JRE15~2.0_0\bin\jusched.exe
Mon Feb 19 17:54:29 2007 => Scanning File C:\PROGRA~1\COMMON~1\Real\UPDATE~1\REALSC~1.EXE
Mon Feb 19 17:54:29 2007 => Scanning File C:\PROGRA~1\QUICKT~1\qttask.exe
Mon Feb 19 17:54:30 2007 => Scanning File C:\PROGRA~1\iTunes\ITUNES~1.EXE
Mon Feb 19 17:54:30 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGANT~1.5\avgas.exe
Mon Feb 19 17:54:31 2007 => Scanning File C:\PROGRA~1\MSNMES~1\msnmsgr.exe
Mon Feb 19 17:54:32 2007 => Scanning File C:\PROGRA~1\BRODER~1\MAVISB~1\MINIMA~1.EXE
Mon Feb 19 17:54:32 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGANT~1.5\guard.exe
Mon Feb 19 17:54:33 2007 => Scanning File C:\PROGRA~1\Yahoo!\MESSEN~1\YMSGR_~1.EXE
Mon Feb 19 17:54:33 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Mon Feb 19 17:54:33 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
Mon Feb 19 17:54:33 2007 => Scanning File C:\windows\system32\spool\printers\FireDaemon.exe
Mon Feb 19 17:54:34 2007 => Scanning File c:\windows\system32\spool\printers\events.exe
Mon Feb 19 17:54:37 2007 => File c:\windows\system32\spool\printers\events.exe tagged as not-a-virus:Server-FTP.Win32.Serv-U.5001. No Action Taken.

Mon Feb 19 17:54:37 2007 => Scanning File C:\PROGRA~1\Webroot\SPYSWE~1\WRSSSDK.exe
Mon Feb 19 17:54:37 2007 => Scanning File C:\PROGRA~1\MICROS~4\GCASDT~1.EXE
Mon Feb 19 17:54:37 2007 => Scanning File C:\PROGRA~1\iPod\bin\IPODSE~1.EXE
Mon Feb 19 17:54:38 2007 => Scanning File C:\WINDOWS\System32\wuauclt.exe
Mon Feb 19 17:54:38 2007 => Scanning File C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
Mon Feb 19 17:54:39 2007 => Scanning File C:\PROGRA~1\INTERN~1\iexplore.exe
Mon Feb 19 17:54:39 2007 => Scanning File C:\PROGRA~1\COMMON~1\MICROS~1\WINDOW~1\WLLOGI~1.EXE
Mon Feb 19 17:54:40 2007 => Scanning File C:\Kaspersky\mwavscan.com
Mon Feb 19 17:54:40 2007 => Scanning File C:\Kaspersky\kavss.exe
Mon Feb 19 17:54:40 2007 => Scanning File C:\DOCUME~1\user\Desktop\mwav.exe

Mon Feb 19 17:55:30 2007 => ***** Scanning Registry Files *****

Mon Feb 19 17:55:30 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
Mon Feb 19 17:55:30 2007 => *** File C:\WINDOWS\system32\SHELL32.dll having Size Restriction ***
Mon Feb 19 17:55:30 2007 => Scanning File C:\WINDOWS\system32\SHELL32.dll [**]
Mon Feb 19 17:55:30 2007 => *** File C:\WINDOWS\system32\SHELL32.dll having Size Restriction ***
Mon Feb 19 17:55:30 2007 => Scanning File C:\WINDOWS\system32\SHELL32.dll [**]
Mon Feb 19 17:55:30 2007 => Scanning File C:\WINDOWS\System32\webcheck.dll
Mon Feb 19 17:55:31 2007 => Scanning File C:\WINDOWS\System32\stobject.dll

Mon Feb 19 17:55:31 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
Mon Feb 19 17:55:31 2007 => {02478D38-C3F9-4EFB-9B51-7695ECA05670} = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
Mon Feb 19 17:55:31 2007 => Scanning File C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\yt.dll
Mon Feb 19 17:55:31 2007 => {9030D464-4C02-4ABF-8ECC-5164760863C6} = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Mon Feb 19 17:55:31 2007 => Scanning File C:\PROGRA~1\COMMON~1\MICROS~1\WINDOW~1\WINDOW~1.DLL

Mon Feb 19 17:55:31 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Mon Feb 19 17:55:31 2007 => Scanning File C:\WINDOWS\explorer.exe
Mon Feb 19 17:55:32 2007 => Scanning File C:\WINDOWS\system32\userinit.exe

Mon Feb 19 17:55:32 2007 => Scanning HKCU\Control Panel\Desktop
Mon Feb 19 17:55:32 2007 => Scanning File C:\WINDOWS\System32\logon.scr

Mon Feb 19 17:55:32 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Mon Feb 19 17:55:32 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
Mon Feb 19 17:55:32 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
Mon Feb 19 17:55:32 2007 => Scanning File C:\PROGRA~1\Java\JRE15~2.0_0\bin\jusched.exe
Mon Feb 19 17:55:33 2007 => Scanning File C:\PROGRA~1\COMMON~1\Real\UPDATE~1\REALSC~1.EXE
Mon Feb 19 17:55:33 2007 => Scanning File C:\PROGRA~1\MICROS~4\gcasServ.exe
Mon Feb 19 17:55:33 2007 => ERROR!!! Invalid Entry RecoverFromReboot = C:\WINDOWS\Temp\RecoverFromReboot.exe. Removing it.
Mon Feb 19 17:55:33 2007 => Scanning File C:\PROGRA~1\iTunes\ITUNES~1.EXE
Mon Feb 19 17:55:34 2007 => *** File C:\PROGRA~1\Grisoft\AVGANT~1.5\avgas.exe having Size Restriction ***
Mon Feb 19 17:55:34 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGANT~1.5\avgas.exe [**]

Mon Feb 19 17:55:34 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Mon Feb 19 17:55:34 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

Mon Feb 19 17:55:34 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

Mon Feb 19 17:55:34 2007 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Mon Feb 19 17:55:34 2007 => Scanning File C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
Mon Feb 19 17:55:35 2007 => ERROR!!! Invalid Entry Printer Service Drivers = Adaptserv.exe. Removing it.
Mon Feb 19 17:55:35 2007 => *** File C:\PROGRA~1\MSNMES~1\msnmsgr.exe having Size Restriction ***
Mon Feb 19 17:55:35 2007 => Scanning File C:\PROGRA~1\MSNMES~1\msnmsgr.exe [**]

Mon Feb 19 17:55:35 2007 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Mon Feb 19 17:55:35 2007 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

Mon Feb 19 17:55:35 2007 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Mon Feb 19 17:55:35 2007 => ERROR!!! Invalid Entry Printer Service Drivers = Adaptserv.exe. Removing it.

Mon Feb 19 17:55:36 2007 => Scanning HKCR\txtfile\shell\open\command

Mon Feb 19 17:55:36 2007 => Scanning HKCR\comfile\shell\open\command

Mon Feb 19 17:55:36 2007 => Scanning HKCR\exefile\shell\open\command

Mon Feb 19 17:55:36 2007 => Scanning HKCR\dllfile\shell\open\command

Mon Feb 19 17:55:36 2007 => Scanning HKCR\batfile\shell\open\command

Mon Feb 19 17:55:36 2007 => Scanning HKCR\piffile\shell\open\command

Mon Feb 19 17:55:36 2007 => Scanning HKCR\scrfile\shell\open\command

Mon Feb 19 17:55:36 2007 => Scanning HKCR\scrfile\shell\config\command

Mon Feb 19 17:55:36 2007 => Scanning HKCR\regfile\shell\open\command

Mon Feb 19 17:55:36 2007 => ***** Scanning StartUp Folders *****

Mon Feb 19 17:55:36 2007 => ***** Scanning C:\Documents and Settings\user\Start Menu\Programs\Startup Folder *****
Mon Feb 19 17:55:36 2007 => Scanning Folder: C:\Documents and Settings\user\Start Menu\Programs\Startup\*.*
Mon Feb 19 17:55:37 2007 => Scanning File C:\Documents and Settings\user\Start Menu\Programs\Startup\Adobe Gamma.lnk
Mon Feb 19 17:55:37 2007 => Scanning File C:\Documents and Settings\user\Start Menu\Programs\Startup\desktop.ini

Mon Feb 19 17:55:37 2007 => ***** Scanning C:\Documents and Settings\All Users\Start Menu\Programs\Startup Folder *****
Mon Feb 19 17:55:37 2007 => Scanning Folder: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\*.*
Mon Feb 19 17:55:37 2007 => Scanning File C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
Mon Feb 19 17:55:37 2007 => Scanning File C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
Mon Feb 19 17:55:37 2007 => Scanning File C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Personal Coach.lnk

Mon Feb 19 17:55:38 2007 => ***** Scanning C:\Documents and Settings\Administrator\Start menu\Programs\Startup Folder *****
Mon Feb 19 17:55:38 2007 => Scanning Folder: C:\DOCUME~1\ADMINI~1\STARTM~1\Programs\Startup\*.*
Mon Feb 19 17:55:38 2007 => Scanning File C:\DOCUME~1\ADMINI~1\STARTM~1\Programs\Startup\desktop.ini

Mon Feb 19 17:55:38 2007 => ***** Scanning C:\Documents and Settings\Default User\Start menu\Programs\Startup Folder *****
Mon Feb 19 17:55:38 2007 => Scanning Folder: C:\DOCUME~1\DEFAUL~1\STARTM~1\Programs\Startup\*.*
Mon Feb 19 17:55:38 2007 => Scanning File C:\DOCUME~1\DEFAUL~1\STARTM~1\Programs\Startup\desktop.ini

Mon Feb 19 17:55:38 2007 => ***** Scanning Service Files *****
Mon Feb 19 17:55:38 2007 => Scanning HKLM\SYSTEM\CurrentControlSet\Services
Mon Feb 19 17:55:38 2007 => Scanning File C:\PROGRA~1\COMMON~1\ADOBES~1\Service\ADOBEL~1.EXE
Mon Feb 19 17:55:38 2007 => Scanning File C:\WINDOWS\System32\drivers\aec.sys
Mon Feb 19 17:55:39 2007 => Scanning File C:\WINDOWS\System32\drivers\afd.sys
Mon Feb 19 17:55:39 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 19 17:55:39 2007 => Scanning File C:\WINDOWS\System32\alg.exe
Mon Feb 19 17:55:39 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Mon Feb 19 17:55:39 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\asyncmac.sys
Mon Feb 19 17:55:39 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\atapi.sys
Mon Feb 19 17:55:40 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\atmarpc.sys
Mon Feb 19 17:55:40 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 19 17:55:40 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\audstub.sys
Mon Feb 19 17:55:40 2007 => Scanning File C:\PROGRA~1\GRISOFT\AVGANT~1.5\GUARD.SYS
Mon Feb 19 17:55:40 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGANT~1.5\guard.exe
Mon Feb 19 17:55:40 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Mon Feb 19 17:55:41 2007 => Scanning File C:\WINDOWS\System32\Drivers\avg7core.sys
Mon Feb 19 17:55:41 2007 => Scanning File C:\WINDOWS\System32\Drivers\avg7rsw.sys
Mon Feb 19 17:55:41 2007 => Scanning File C:\WINDOWS\System32\Drivers\avg7rsxp.sys
Mon Feb 19 17:55:41 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
Mon Feb 19 17:55:41 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys
Mon Feb 19 17:55:41 2007 => Scanning File C:\WINDOWS\SYSTEM32\DRIVERS\AVGTDI.SYS
Mon Feb 19 17:55:42 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 19 17:55:42 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 19 17:55:42 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\cdrom.sys
Mon Feb 19 17:55:42 2007 => Scanning File C:\WINDOWS\System32\cisvc.exe
Mon Feb 19 17:55:42 2007 => Scanning File C:\WINDOWS\system32\clipsrv.exe
Mon Feb 19 17:55:42 2007 => Scanning File C:\WINDOWS\System32\dllhost.exe
Mon Feb 19 17:55:43 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Mon Feb 19 17:55:43 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 19 17:55:43 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\disk.sys
Mon Feb 19 17:55:43 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\DLKFET.sys
Mon Feb 19 17:55:43 2007 => Scanning File C:\WINDOWS\System32\dmadmin.exe
Mon Feb 19 17:55:44 2007 => Scanning File C:\WINDOWS\System32\drivers\dmboot.sys
Mon Feb 19 17:55:45 2007 => Scanning File C:\WINDOWS\System32\drivers\dmio.sys
Mon Feb 19 17:55:45 2007 => Scanning File C:\WINDOWS\System32\drivers\dmload.sys
Mon Feb 19 17:55:45 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 19 17:55:45 2007 => Scanning File C:\WINDOWS\System32\drivers\DMusic.sys
Mon Feb 19 17:55:46 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 19 17:55:46 2007 => Scanning File C:\WINDOWS\System32\drivers\drmkaud.sys
Mon Feb 19 17:55:46 2007 => Scanning File C:\WINDOWS\System32\drivers\ds1wdm.sys
Mon Feb 19 17:55:47 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 19 17:55:47 2007 => Scanning File C:\WINDOWS\system32\services.exe
Mon Feb 19 17:55:47 2007 => Scanning File C:\windows\system32\spool\printers\FireDaemon.exe
Mon Feb 19 17:55:47 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 19 17:55:48 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 19 17:55:48 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\fdc.sys
Mon Feb 19 17:55:48 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\fetnd5.sys
Mon Feb 19 17:55:48 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\flpydisk.sys
Mon Feb 19 17:55:48 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\ftdisk.sys
Mon Feb 19 17:55:48 2007 => Scanning File C:\WINDOWS\System32\drivers\gameenum.sys
Mon Feb 19 17:55:49 2007 => Scanning File C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
Mon Feb 19 17:55:49 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\msgpc.sys
Mon Feb 19 17:55:49 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 19 17:55:49 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 19 17:55:49 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\hidusb.sys
Mon Feb 19 17:55:49 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\i8042prt.sys
Mon Feb 19 17:55:50 2007 => Scanning File C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriverT.exe
Mon Feb 19 17:55:50 2007 => Scanning File C:\WINDOWS\System32\imapi.exe
Mon Feb 19 17:55:50 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys
Mon Feb 19 17:55:50 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\ipinip.sys
Mon Feb 19 17:55:50 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\ipnat.sys
Mon Feb 19 17:55:51 2007 => Scanning File C:\PROGRA~1\iPod\bin\IPODSE~1.EXE
Mon Feb 19 17:55:51 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\ipsec.sys
Mon Feb 19 17:55:51 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\irenum.sys
Mon Feb 19 17:55:51 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\isapnp.sys
Mon Feb 19 17:55:52 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\kbdclass.sys
Mon Feb 19 17:55:52 2007 => Scanning File C:\WINDOWS\System32\drivers\kmixer.sys
Mon Feb 19 17:55:52 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 19 17:55:52 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 19 17:55:52 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 19 17:55:52 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 19 17:55:52 2007 => Scanning File C:\WINDOWS\System32\mnmsrvc.exe
Mon Feb 19 17:55:53 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\mouclass.sys
Mon Feb 19 17:55:53 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\mouhid.sys
Mon Feb 19 17:55:53 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\mrxdav.sys
Mon Feb 19 17:55:53 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
Mon Feb 19 17:55:53 2007 => Scanning File C:\WINDOWS\System32\msdtc.exe
Mon Feb 19 17:55:54 2007 => Scanning File C:\WINDOWS\System32\msiexec.exe
Mon Feb 19 17:55:54 2007 => Scanning File C:\WINDOWS\System32\drivers\MSKSSRV.sys
Mon Feb 19 17:55:54 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\loop.sys
Mon Feb 19 17:55:54 2007 => Scanning File C:\WINDOWS\System32\drivers\MSPCLOCK.sys
Mon Feb 19 17:55:54 2007 => Scanning File C:\WINDOWS\System32\drivers\MSPQM.sys
Mon Feb 19 17:55:55 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\ndistapi.sys
Mon Feb 19 17:55:56 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\ndisuio.sys
Mon Feb 19 17:55:56 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\ndiswan.sys
Mon Feb 19 17:55:56 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\netbios.sys
Mon Feb 19 17:55:56 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\netbt.sys
Mon Feb 19 17:55:57 2007 => Scanning File C:\WINDOWS\system32\netdde.exe
Mon Feb 19 17:55:57 2007 => Scanning File C:\WINDOWS\system32\netdde.exe
Mon Feb 19 17:55:57 2007 => Scanning File C:\WINDOWS\System32\lsass.exe
Mon Feb 19 17:55:57 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 19 17:55:58 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 19 17:55:58 2007 => Scanning File C:\WINDOWS\SYSTEM32\NPKCRYPT.SYS
Mon Feb 19 17:55:58 2007 => Scanning File C:\WINDOWS\System32\npkcsvc.exe
Mon Feb 19 17:56:00 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\NtApm.sys
Mon Feb 19 17:56:00 2007 => Scanning File C:\WINDOWS\System32\lsass.exe
Mon Feb 19 17:56:00 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Mon Feb 19 17:56:00 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys
Mon Feb 19 17:56:00 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys
Mon Feb 19 17:56:00 2007 => Scanning File C:\PROGRA~1\COMMON~1\MICROS~1\SOURCE~1\OSE.EXE
Mon Feb 19 17:56:01 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\parport.sys
Mon Feb 19 17:56:01 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\pci.sys
Mon Feb 19 17:56:01 2007 => Scanning File C:\WINDOWS\system32\services.exe
Mon Feb 19 17:56:01 2007 => Scanning File C:\WINDOWS\System32\lsass.exe
Mon Feb 19 17:56:02 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\raspptp.sys
Mon Feb 19 17:56:02 2007 => Scanning File C:\WINDOWS\system32\lsass.exe
Mon Feb 19 17:56:02 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\psched.sys
Mon Feb 19 17:56:02 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\ptilink.sys
Mon Feb 19 17:56:02 2007 => Scanning File C:\WINDOWS\System32\Drivers\PxHelp20.sys
Mon Feb 19 17:56:02 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\rasacd.sys
Mon Feb 19 17:56:03 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 19 17:56:03 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
Mon Feb 19 17:56:03 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 19 17:56:03 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\raspppoe.sys
Mon Feb 19 17:56:03 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\raspti.sys
Mon Feb 19 17:56:03 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\rdbss.sys
Mon Feb 19 17:56:04 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Mon Feb 19 17:56:04 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\rdpdr.sys
Mon Feb 19 17:56:04 2007 => ERROR!!! Invalid Entry \??\C:\WINDOWS\system32\rdriv.sys in SYSTEM\CurrentControlSet\Services\rdriv...
Mon Feb 19 17:56:04 2007 => Scanning File C:\WINDOWS\system32\sessmgr.exe
Mon Feb 19 17:56:04 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\redbook.sys
Mon Feb 19 17:56:05 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 19 17:56:05 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Mon Feb 19 17:56:05 2007 => Scanning File C:\WINDOWS\System32\locator.exe
Mon Feb 19 17:56:05 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Mon Feb 19 17:56:05 2007 => Scanning File C:\WINDOWS\System32\rsvp.exe
Mon Feb 19 17:56:06 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\RTL8139.SYS
Mon Feb 19 17:56:06 2007 => Scanning File C:\WINDOWS\system32\lsass.exe
Mon Feb 19 17:56:06 2007 => Scanning File C:\WINDOWS\System32\SCardSvr.exe
Mon Feb 19 17:56:06 2007 => Scanning File C:\WINDOWS\System32\SCardSvr.exe
Mon Feb 19 17:56:06 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 19 17:56:07 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\secdrv.sys
Mon Feb 19 17:56:07 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 19 17:56:07 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Mon Feb 19 17:56:07 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\serenum.sys
Mon Feb 19 17:56:07 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\serial.sys
Mon Feb 19 17:56:07 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 19 17:56:07 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\SiSV.sys
Mon Feb 19 17:56:08 2007 => Scanning File C:\WINDOWS\System32\drivers\splitter.sys
Mon Feb 19 17:56:08 2007 => Scanning File C:\WINDOWS\system32\spoolsv.exe
Mon Feb 19 17:56:08 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\sr.sys
Mon Feb 19 17:56:08 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 19 17:56:08 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\srv.sys
Mon Feb 19 17:56:09 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 19 17:56:09 2007 => Scanning File C:\WINDOWS\System32\Drivers\SSI.SYS
Mon Feb 19 17:56:09 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 19 17:56:09 2007 => Scanning File C:\PROGRA~1\Webroot\SPYSWE~1\WRSSSDK.exe
Mon Feb 19 17:56:10 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\swenum.sys
Mon Feb 19 17:56:10 2007 => Scanning File C:\WINDOWS\System32\drivers\swmidi.sys
Mon Feb 19 17:56:10 2007 => Scanning File C:\WINDOWS\System32\dllhost.exe
Mon Feb 19 17:56:10 2007 => Scanning File C:\WINDOWS\System32\drivers\sysaudio.sys
Mon Feb 19 17:56:10 2007 => Scanning File C:\WINDOWS\system32\smlogsvc.exe
Mon Feb 19 17:56:11 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 19 17:56:11 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\tcpip.sys
Mon Feb 19 17:56:11 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\termdd.sys
Mon Feb 19 17:56:11 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 19 17:56:11 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 19 17:56:11 2007 => Scanning File C:\WINDOWS\System32\tlntsvr.exe
Mon Feb 19 17:56:12 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Mon Feb 19 17:56:12 2007 => Scanning File C:\WINDOWS\System32\wdfmgr.exe
Mon Feb 19 17:56:12 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\update.sys
Mon Feb 19 17:56:12 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 19 17:56:12 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 19 17:56:12 2007 => Scanning File C:\WINDOWS\System32\ups.exe
Mon Feb 19 17:56:13 2007 => Scanning File C:\WINDOWS\System32\drivers\usbaudio.sys
Mon Feb 19 17:56:13 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\usbhub.sys
Mon Feb 19 17:56:13 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
Mon Feb 19 17:56:13 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\usbuhci.sys
Mon Feb 19 17:56:14 2007 => Scanning File C:\PROGRA~1\MSNMES~1\usnsvc.exe
Mon Feb 19 17:56:14 2007 => Scanning File C:\WINDOWS\System32\drivers\vga.sys
Mon Feb 19 17:56:14 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\viaagp.sys
Mon Feb 19 17:56:15 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\viaide.sys
Mon Feb 19 17:56:15 2007 => Scanning File C:\WINDOWS\System32\vssvc.exe
Mon Feb 19 17:56:15 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 19 17:56:15 2007 => Scanning File C:\WINDOWS\System32\DRIVERS\wanarp.sys
Mon Feb 19 17:56:15 2007 => Scanning File C:\WINDOWS\System32\drivers\wdmaud.sys
Mon Feb 19 17:56:15 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 19 17:56:15 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Mon Feb 19 17:56:16 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 19 17:56:16 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
Mon Feb 19 17:56:16 2007 => Scanning File C:\WINDOWS\System32\wbem\wmiapsrv.exe
Mon Feb 19 17:56:16 2007 => Scanning File C:\WINDOWS\System32\Drivers\wpdusb.sys
Mon Feb 19 17:56:16 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
Mon Feb 19 17:56:16 2007 => Scanning File C:\WINDOWS\System32\svchost.exe

Mon Feb 19 17:56:17 2007 => ***** Scanning System32 Folders *****
Mon Feb 19 17:56:17 2007 => Scanning C:\WINDOWS Directory
Mon Feb 19 17:56:17 2007 => Scanning Folder: C:\WINDOWS\*.*
Mon Feb 19 17:56:17 2007 => Scanning File C:\WINDOWS\0.log [**]
Mon Feb 19 17:56:17 2007 => Scanning File C:\WINDOWS\Blue Lace 16.bmp
Mon Feb 19 17:56:17 2007 => Scanning File C:\WINDOWS\bootstat.dat
Mon Feb 19 17:56:17 2007 => Scanning File C:\WINDOWS\cina.ini
Mon Feb 19 17:56:17 2007 => Scanning File C:\WINDOWS\clock.avi
Mon Feb 19 17:56:17 2007 => Scanning File C:\WINDOWS\Coffee Bean.bmp
Mon Feb 19 17:56:17 2007 => Scanning File C:\WINDOWS\control.ini [**]
Mon Feb 19 17:56:17 2007 => Scanning File C:\WINDOWS\cxplib.dll
Mon Feb 19 17:56:18 2007 => Scanning File C:\WINDOWS\d3dx.dat
Mon Feb 19 17:56:18 2007 => Scanning File C:\WINDOWS\desktop.ini
Mon Feb 19 17:56:18 2007 => Scanning File C:\WINDOWS\emdat.tm [**]
Mon Feb 19 17:56:18 2007 => Scanning File C:\WINDOWS\emdat.tmp [**]
Mon Feb 19 17:56:18 2007 => Scanning File C:\WINDOWS\explorer.exe
Mon Feb 19 17:56:18 2007 => Scanning File C:\WINDOWS\explorer.scf
Mon Feb 19 17:56:18 2007 => Scanning File C:\WINDOWS\FeatherTexture.bmp
Mon Feb 19 17:56:18 2007 => Scanning File C:\WINDOWS\gimmygames.dat [**]
Mon Feb 19 17:56:18 2007 => Scanning File C:\WINDOWS\Gone Fishing.bmp
Mon Feb 19 17:56:18 2007 => Scanning File C:\WINDOWS\Greenstone.bmp
Mon Feb 19 17:56:18 2007 => Scanning File C:\WINDOWS\gui.hlp
Mon Feb 19 17:56:18 2007 => Scanning File C:\WINDOWS\harvest.bat
Mon Feb 19 17:56:19 2007 => Scanning File C:\WINDOWS\hh.exe
Mon Feb 19 17:56:19 2007 => Scanning File C:\WINDOWS\ieserver.bat
Mon Feb 19 17:56:19 2007 => Scanning File C:\WINDOWS\jautoexp.dat
Mon Feb 19 17:56:19 2007 => Scanning File C:\WINDOWS\libeay32.dll
Mon Feb 19 17:56:20 2007 => Scanning File C:\WINDOWS\Mavis Beacon Teaches Typing.INI [**]
Mon Feb 19 17:56:20 2007 => Scanning File C:\WINDOWS\mozver.dat
Mon Feb 19 17:56:20 2007 => Scanning File C:\WINDOWS\msdfmap.ini
Mon Feb 19 17:56:20 2007 => Scanning File C:\WINDOWS\MSINET.OCX
Mon Feb 19 17:56:20 2007 => Scanning File C:\WINDOWS\mswinsck.ocx
Mon Feb 19 17:56:20 2007 => Scanning File C:\WINDOWS\muninst.exe
Mon Feb 19 17:56:20 2007 => Scanning File C:\WINDOWS\nls8045_ADPERFORM.exe
Mon Feb 19 17:56:22 2007 => File C:\WINDOWS\nls8045_ADPERFORM.exe tagged as not-a-virus:AdWare.Win32.BargainBuddy.n. No Action Taken.

Mon Feb 19 17:56:22 2007 => Scanning File C:\WINDOWS\NOTEPAD.EXE
Mon Feb 19 17:56:22 2007 => Scanning File C:\WINDOWS\nsreg.dat [**]
Mon Feb 19 17:56:22 2007 => Scanning File C:\WINDOWS\ntbtlog.txt
Mon Feb 19 17:56:22 2007 => Scanning File C:\WINDOWS\ntsvc.ocx
Mon Feb 19 17:56:23 2007 => Scanning File C:\WINDOWS\ODBC.INI
Mon Feb 19 17:56:23 2007 => Scanning File C:\WINDOWS\ODBCINST.INI
Mon Feb 19 17:56:23 2007 => Scanning File C:\WINDOWS\oeuninst.exe
Mon Feb 19 17:56:23 2007 => Scanning File C:\WINDOWS\Prairie Wind.bmp
Mon Feb 19 17:56:23 2007 => Scanning File C:\WINDOWS\QTFont.for
Mon Feb 19 17:56:23 2007 => Scanning File C:\WINDOWS\QTFont.qfn
Mon Feb 19 17:56:24 2007 => Scanning File C:\WINDOWS\rararc.bat
Mon Feb 19 17:56:24 2007 => Scanning File C:\WINDOWS\regedit.exe
Mon Feb 19 17:56:24 2007 => Scanning File C:\WINDOWS\REGLOCS.OLD
Mon Feb 19 17:56:25 2007 => Scanning File C:\WINDOWS\Rhododendron.bmp
Mon Feb 19 17:56:25 2007 => Scanning File C:\WINDOWS\River Sumida.bmp
Mon Feb 19 17:56:25 2007 => Scanning File C:\WINDOWS\Santa Fe Stucco.bmp
Mon Feb 19 17:56:25 2007 => Scanning File C:\WINDOWS\SchedLgU.Txt
Mon Feb 19 17:56:25 2007 => ERROR!!! ScanFile fails for C:\WINDOWS\SchedLgU.Txt
Mon Feb 19 17:56:25 2007 => Scanning File C:\WINDOWS\SET3.tmp
Mon Feb 19 17:56:25 2007 => Scanning File C:\WINDOWS\SET7.tmp
Mon Feb 19 17:56:25 2007 => Scanning File C:\WINDOWS\setdebug.exe
Mon Feb 19 17:56:26 2007 => Scanning File C:\WINDOWS\SETUP1.EXE
Mon Feb 19 17:56:26 2007 => Scanning File C:\WINDOWS\Soap Bubbles.bmp
Mon Feb 19 17:56:26 2007 => Scanning File C:\WINDOWS\ssleay32.dll
Mon Feb 19 17:56:27 2007 => Scanning File C:\WINDOWS\Sti_Trace.log [**]
Mon Feb 19 17:56:27 2007 => Scanning File C:\WINDOWS\switchagreement.txt
Mon Feb 19 17:56:27 2007 => Scanning File C:\WINDOWS\system.ini
Mon Feb 19 17:56:27 2007 => Scanning File C:\WINDOWS\system.msc
Mon Feb 19 17:56:27 2007 => Scanning File C:\WINDOWS\TASKMAN.EXE
Mon Feb 19 17:56:27 2007 => Scanning File C:\WINDOWS\twain.dll
Mon Feb 19 17:56:27 2007 => Scanning File C:\WINDOWS\twainx.bin
Mon Feb 19 17:56:27 2007 => Scanning File C:\WINDOWS\twain_32.dll
Mon Feb 19 17:56:27 2007 => Scanning File C:\WINDOWS\twunk_16.exe
Mon Feb 19 17:56:28 2007 => Scanning File C:\WINDOWS\twunk_32.exe
Mon Feb 19 17:56:28 2007 => Scanning File C:\WINDOWS\UninstallFirefox.exe
Mon Feb 19 17:56:29 2007 => Scanning File C:\WINDOWS\vb.ini
Mon Feb 19 17:56:29 2007 => Scanning File C:\WINDOWS\vbaddin.ini
Mon Feb 19 17:56:29 2007 => Scanning File C:\WINDOWS\VER.DL
Mon Feb 19 17:56:29 2007 => Scanning File C:\WINDOWS\vmmreg32.dll
Mon Feb 19 17:56:29 2007 => Scanning File C:\WINDOWS\VTruck1.ini
Mon Feb 19 17:56:29 2007 => Scanning File C:\WINDOWS\VTruck2.ini
Mon Feb 19 17:56:29 2007 => Scanning File C:\WINDOWS\websvr.part1.exe
Mon Feb 19 17:56:33 2007 => Scanning File C:\WINDOWS\websvr.part2.rar
Mon Feb 19 17:56:33 2007 => File C:\WINDOWS\websvr.part2.rar tagged as not-a-virus:RemoteAdmin.PHP.RemView.a. No Action Taken.

Mon Feb 19 17:56:33 2007 => Scanning File C:\WINDOWS\win.ini
Mon Feb 19 17:56:33 2007 => Scanning File C:\WINDOWS\win.msc
Mon Feb 19 17:56:33 2007 => Scanning File C:\WINDOWS\WindowsShell.Manifest
Mon Feb 19 17:56:33 2007 => Scanning File C:\WINDOWS\WindowsUpdate.log
Mon Feb 19 17:56:33 2007 => ERROR!!! ScanFile fails for C:\WINDOWS\WindowsUpdate.log
Mon Feb 19 17:56:33 2007 => Scanning File C:\WINDOWS\winhelp.exe
Mon Feb 19 17:56:34 2007 => Scanning File C:\WINDOWS\winhlp32.exe
Mon Feb 19 17:56:34 2007 => Scanning File C:\WINDOWS\WinInit.Ini
Mon Feb 19 17:56:34 2007 => Scanning File C:\WINDOWS\winnt.bmp
Mon Feb 19 17:56:34 2007 => Scanning File C:\WINDOWS\winnt256.bmp
Mon Feb 19 17:56:34 2007 => Scanning File C:\WINDOWS\winsysupd111.dat [**]
Mon Feb 19 17:56:34 2007 => Scanning File C:\WINDOWS\WMSysPr9.prx
Mon Feb 19 17:56:34 2007 => Scanning File C:\WINDOWS\WMSysPrx.prx
Mon Feb 19 17:56:35 2007 => Scanning File C:\WINDOWS\WRUninstall.dll
Mon Feb 19 17:56:35 2007 => Scanning File C:\WINDOWS\Zapotec.bmp
Mon Feb 19 17:56:35 2007 => Scanning File C:\WINDOWS\_default.pif
Mon Feb 19 17:56:35 2007 => Scanning File C:\WINDOWS\€ [**]
Mon Feb 19 17:56:35 2007 => Scanning C:\WINDOWS\System32 Directory
Mon Feb 19 17:56:35 2007 => Scanning Folder: C:\WINDOWS\System32\*.*
Mon Feb 19 17:56:35 2007 => Scanning File C:\WINDOWS\System32\$winnt$.inf
Mon Feb 19 17:56:35 2007 => Scanning File C:\WINDOWS\System32\0ug6eb6h.ini
Mon Feb 19 17:56:36 2007 => Scanning File C:\WINDOWS\System32\12520437.cpx
Mon Feb 19 17:56:36 2007 => Scanning File C:\WINDOWS\System32\12520850.cpx
Mon Feb 19 17:56:36 2007 => Scanning File C:\WINDOWS\System32\3oi6hcnl.dat
Mon Feb 19 17:56:36 2007 => Scanning File C:\WINDOWS\System32\4fk540ip.dat
Mon Feb 19 17:56:36 2007 => Scanning File C:\WINDOWS\System32\6to4svc.dll
Mon Feb 19 17:56:36 2007 => Scanning File C:\WINDOWS\System32\aaaamon.dll
Mon Feb 19 17:56:36 2007 => Scanning File C:\WINDOWS\System32\access.cpl
Mon Feb 19 17:56:37 2007 => Scanning File C:\WINDOWS\System32\acctres.dll
Mon Feb 19 17:56:37 2007 => Scanning File C:\WINDOWS\System32\accwiz.exe
Mon Feb 19 17:56:37 2007 => Scanning File C:\WINDOWS\System32\acelpdec.ax
Mon Feb 19 17:56:37 2007 => Scanning File C:\WINDOWS\System32\acledit.dll
Mon Feb 19 17:56:37 2007 => Scanning File C:\WINDOWS\System32\aclui.dll
Mon Feb 19 17:56:38 2007 => Scanning File C:\WINDOWS\System32\activeds.dll
Mon Feb 19 17:56:38 2007 => Scanning File C:\WINDOWS\System32\activeds.tlb
Mon Feb 19 17:56:38 2007 => Scanning File C:\WINDOWS\System32\actmovie.exe
Mon Feb 19 17:56:39 2007 => Scanning File C:\WINDOWS\System32\actskn43.ocx
Mon Feb 19 17:56:39 2007 => Scanning File C:\WINDOWS\System32\actxprxy.dll
Mon Feb 19 17:56:39 2007 => Scanning File C:\WINDOWS\System32\admparse.dll
Mon Feb 19 17:56:39 2007 => Scanning File C:\WINDOWS\System32\adptif.dll
Mon Feb 19 17:56:39 2007 => Scanning File C:\WINDOWS\System32\adsldp.dll
Mon Feb 19 17:56:40 2007 => Scanning File C:\WINDOWS\System32\adsldpc.dll
Mon Feb 19 17:56:40 2007 => Scanning File C:\WINDOWS\System32\adsmsext.dll
Mon Feb 19 17:56:40 2007 => Scanning File C:\WINDOWS\System32\adsnds.dll
Mon Feb 19 17:56:40 2007 => Scanning File C:\WINDOWS\System32\adsnt.dll
Mon Feb 19 17:56:40 2007 => Scanning File C:\WINDOWS\System32\adsnw.dll
Mon Feb 19 17:56:41 2007 => Scanning File C:\WINDOWS\System32\advapi32.dll
Mon Feb 19 17:56:41 2007 => Scanning File C:\WINDOWS\System32\advpack.dll
Mon Feb 19 17:56:41 2007 => Scanning File C:\WINDOWS\System32\ahui.exe
Mon Feb 19 17:56:41 2007 => Scanning File C:\WINDOWS\System32\alg.exe
Mon Feb 19 17:56:41 2007 => Scanning File C:\WINDOWS\System32\alrsvc.dll
Mon Feb 19 17:56:42 2007 => Scanning File C:\WINDOWS\System32\amcompat.tlb
Mon Feb 19 17:56:42 2007 => Scanning File C:\WINDOWS\System32\amstream.dll
Mon Feb 19 17:56:42 2007 => Scanning File C:\WINDOWS\System32\ansi.cfg
Mon Feb 19 17:56:42 2007 => Scanning File C:\WINDOWS\System32\ansi.sys
Mon Feb 19 17:56:42 2007 => Scanning File C:\WINDOWS\System32\apcups.dll
Mon Feb 19 17:56:42 2007 => Scanning File C:\WINDOWS\System32\append.exe
Mon Feb 19 17:56:42 2007 => Scanning File C:\WINDOWS\System32\apphelp.dll
Mon Feb 19 17:56:42 2007 => Scanning File C:\WINDOWS\System32\appmgmts.dll
Mon Feb 19 17:56:43 2007 => Scanning File C:\WINDOWS\System32\appmgr.dll
Mon Feb 19 17:56:43 2007 => Scanning File C:\WINDOWS\System32\appwiz.cpl
Mon Feb 19 17:56:43 2007 => Scanning File C:\WINDOWS\System32\arp.exe
Mon Feb 19 17:56:43 2007 => Scanning File C:\WINDOWS\System32\asctrls.ocx
Mon Feb 19 17:56:44 2007 => Scanning File C:\WINDOWS\System32\asferror.dll
Mon Feb 19 17:56:44 2007 => Scanning File C:\WINDOWS\System32\asfsipc.dll
Mon Feb 19 17:56:45 2007 => Scanning File C:\WINDOWS\System32\asr_fmt.exe
Mon Feb 19 17:56:45 2007 => Scanning File C:\WINDOWS\System32\asr_ldm.exe
Mon Feb 19 17:56:45 2007 => Scanning File C:\WINDOWS\System32\asycfilt.dll
Mon Feb 19 17:56:45 2007 => Scanning File C:\WINDOWS\System32\at.exe
Mon Feb 19 17:56:45 2007 => Scanning File C:\WINDOWS\System32\atkctrs.dll
Mon Feb 19 17:56:46 2007 => Scanning File C:\WINDOWS\System32\atl.dll
Mon Feb 19 17:56:46 2007 => Scanning File C:\WINDOWS\System32\atl71.dll
Mon Feb 19 17:56:46 2007 => Scanning File C:\WINDOWS\System32\atmadm.exe
Mon Feb 19 17:56:47 2007 => Scanning File C:\WINDOWS\System32\atmfd.dll
Mon Feb 19 17:56:47 2007 => Scanning File C:\WINDOWS\System32\atmlib.dll
Mon Feb 19 17:56:47 2007 => Scanning File C:\WINDOWS\System32\atmpvcno.dll
Mon Feb 19 17:56:47 2007 => Scanning File C:\WINDOWS\System32\atrace.dll
Mon Feb 19 17:56:48 2007 => Scanning File C:\WINDOWS\System32\attrib.exe
Mon Feb 19 17:56:48 2007 => Scanning File C:\WINDOWS\System32\Atx45.ocx
Mon Feb 19 17:56:48 2007 => Scanning File C:\WINDOWS\System32\Audiodev.dll
Mon Feb 19 17:56:48 2007 => Scanning File C:\WINDOWS\System32\audiosrv.dll
Mon Feb 19 17:56:49 2007 => Scanning File C:\WINDOWS\System32\authz.dll
Mon Feb 19 17:56:49 2007 => Scanning File C:\WINDOWS\System32\autochk.exe
Mon Feb 19 17:56:49 2007 => Scanning File C:\WINDOWS\System32\autoconv.exe
Mon Feb 19 17:56:49 2007 => Scanning File C:\WINDOWS\System32\autodisc.dll
Mon Feb 19 17:56:49 2007 => Scanning File C:\WINDOWS\System32\AUTOEXEC.NT
Mon Feb 19 17:56:50 2007 => Scanning File C:\WINDOWS\System32\autofmt.exe
Mon Feb 19 17:56:50 2007 => Scanning File C:\WINDOWS\System32\autolfn.exe
Mon Feb 19 17:56:50 2007 => Scanning File C:\WINDOWS\System32\avicap.dll
Mon Feb 19 17:56:50 2007 => Scanning File C:\WINDOWS\System32\avicap32.dll
Mon Feb 19 17:56:50 2007 => Scanning File C:\WINDOWS\System32\avifil32.dll
Mon Feb 19 17:56:51 2007 => Scanning File C:\WINDOWS\System32\avifile.dll
Mon Feb 19 17:56:51 2007 => Scanning File C:\WINDOWS\System32\avmeter.dll
Mon Feb 19 17:56:51 2007 => Scanning File C:\WINDOWS\System32\avtapi.dll
Mon Feb 19 17:56:51 2007 => Scanning File C:\WINDOWS\System32\avwav.dll
Mon Feb 19 17:56:52 2007 => Scanning File C:\WINDOWS\System32\b0irlnja.ini
Mon Feb 19 17:56:52 2007 => File C:\WINDOWS\System32\b0irlnja.ini tagged as not-a-virus:AdWare.Win32.Sahat.ao. No Action Taken.

Mon Feb 19 17:56:52 2007 => Scanning File C:\WINDOWS\System32\basesrv.dll
Mon Feb 19 17:56:52 2007 => Scanning File C:\WINDOWS\System32\batmeter.dll
Mon Feb 19 17:56:52 2007 => Scanning File C:\WINDOWS\System32\batt.dll
Mon Feb 19 17:56:53 2007 => Scanning File C:\WINDOWS\System32\bidispl.dll
Mon Feb 19 17:56:53 2007 => Scanning File C:\WINDOWS\System32\bios1.rom
Mon Feb 19 17:56:53 2007 => Scanning File C:\WINDOWS\System32\bios4.rom
Mon Feb 19 17:56:53 2007 => Scanning File C:\WINDOWS\System32\bitsprx2.dll
Mon Feb 19 17:56:54 2007 => Scanning File C:\WINDOWS\System32\bitsprx3.dll
Mon Feb 19 17:56:54 2007 => Scanning File C:\WINDOWS\System32\blackbox.dll
Mon Feb 19 17:56:54 2007 => Scanning File C:\WINDOWS\System32\bootcfg.exe
Mon Feb 19 17:56:54 2007 => Scanning File C:\WINDOWS\System32\bootok.exe
Mon Feb 19 17:56:54 2007 => Scanning File C:\WINDOWS\System32\bootvid.dll
Mon Feb 19 17:56:55 2007 => Scanning File C:\WINDOWS\System32\bootvrfy.exe
Mon Feb 19 17:56:55 2007 => Scanning File C:\WINDOWS\System32\bopomofo.uce
Mon Feb 19 17:56:55 2007 => Scanning File C:\WINDOWS\System32\browselc.dll
Mon Feb 19 17:56:56 2007 => Scanning File C:\WINDOWS\System32\browser.dll
Mon Feb 19 17:56:56 2007 => Scanning File C:\WINDOWS\System32\BROWSEUI.DLL
Mon Feb 19 17:56:56 2007 => Scanning File C:\WINDOWS\System32\browsewm.dll
Mon Feb 19 17:56:56 2007 => Scanning File C:\WINDOWS\System32\cabinet.dll
Mon Feb 19 17:56:56 2007 => Scanning File C:\WINDOWS\System32\cabview.dll
Mon Feb 19 17:56:57 2007 => Scanning File C:\WINDOWS\System32\cacls.exe
Mon Feb 19 17:56:57 2007 => Scanning File C:\WINDOWS\System32\calc.exe
Mon Feb 19 17:56:57 2007 => Scanning File C:\WINDOWS\System32\camocx.dll
Mon Feb 19 17:56:57 2007 => Scanning File C:\WINDOWS\System32\CANBJMON(2).DLL
Mon Feb 19 17:56:58 2007 => Scanning File C:\WINDOWS\System32\CANONCA1.ZIP
Mon Feb 19 17:56:59 2007 => Scanning File C:\WINDOWS\System32\CANONCA2.ZIP
Mon Feb 19 17:57:03 2007 => Scanning File C:\WINDOWS\System32\CANONPF.ZIP
Mon Feb 19 17:57:04 2007 => Scanning File C:\WINDOWS\System32\capesnpn.dll
Mon Feb 19 17:57:04 2007 => Scanning File C:\WINDOWS\System32\cards.dll
Mon Feb 19 17:57:04 2007 => Scanning File C:\WINDOWS\System32\catsrv.dll
Mon Feb 19 17:57:05 2007 => Scanning File C:\WINDOWS\System32\catsrvps.dll
Mon Feb 19 17:57:05 2007 => Scanning File C:\WINDOWS\System32\catsrvut.dll
Mon Feb 19 17:57:05 2007 => Scanning File C:\WINDOWS\System32\ccfgnt.dll
Mon Feb 19 17:57:05 2007 => Scanning File C:\WINDOWS\System32\cdfview.dll
Mon Feb 19 17:57:06 2007 => Scanning File C:\WINDOWS\System32\cdm.dll
Mon Feb 19 17:57:06 2007 => Scanning File C:\WINDOWS\System32\cdmodem.dll
Mon Feb 19 17:57:06 2007 => Scanning File C:\WINDOWS\System32\cdosys.dll
Mon Feb 19 17:57:06 2007 => Scanning File C:\WINDOWS\System32\cdplayer.exe.manifest
Mon Feb 19 17:57:06 2007 => Scanning File C:\WINDOWS\System32\certcli.dll
Mon Feb 19 17:57:07 2007 => Scanning File C:\WINDOWS\System32\certmgr.dll
Mon Feb 19 17:57:07 2007 => Scanning File C:\WINDOWS\System32\certmgr.msc
Mon Feb 19 17:57:07 2007 => Scanning File C:\WINDOWS\System32\cewmdm.dll
Mon Feb 19 17:57:07 2007 => Scanning File C:\WINDOWS\System32\cfgbkend.dll
Mon Feb 19 17:57:07 2007 => Scanning File C:\WINDOWS\System32\cfgmgr32.dll
Mon Feb 19 17:57:08 2007 => Scanning File C:\WINDOWS\System32\charmap.exe
Mon Feb 19 17:57:08 2007 => Scanning File C:\WINDOWS\System32\chcp.com
Mon Feb 19 17:57:08 2007 => Scanning File C:\WINDOWS\System32\chkdsk.exe
Mon Feb 19 17:57:08 2007 => Scanning File C:\WINDOWS\System32\chkntfs.exe
Mon Feb 19 17:57:08 2007 => Scanning File C:\WINDOWS\System32\ciadmin.dll
Mon Feb 19 17:57:09 2007 => Scanning File C:\WINDOWS\System32\ciadv.msc
Mon Feb 19 17:57:09 2007 => Scanning File C:\WINDOWS\System32\cic.dll
Mon Feb 19 17:57:09 2007 => Scanning File C:\WINDOWS\System32\cidaemon.exe
Mon Feb 19 17:57:09 2007 => Scanning File C:\WINDOWS\System32\ciodm.dll
Mon Feb 19 17:57:09 2007 => Scanning File C:\WINDOWS\System32\cipher.exe
Mon Feb 19 17:57:10 2007 => Scanning File C:\WINDOWS\System32\cisvc.exe
Mon Feb 19 17:57:10 2007 => Scanning File C:\WINDOWS\System32\ckcnv.exe
Mon Feb 19 17:57:10 2007 => Scanning File C:\WINDOWS\System32\clb.dll
Mon Feb 19 17:57:10 2007 => Scanning File C:\WINDOWS\System32\clbcatex.dll
Mon Feb 19 17:57:10 2007 => Scanning File C:\WINDOWS\System32\clbcatq.dll
Mon Feb 19 17:57:10 2007 => Scanning File C:\WINDOWS\System32\cleanmgr.exe
Mon Feb 19 17:57:11 2007 => Scanning File C:\WINDOWS\System32\cliconf.chm
Mon Feb 19 17:57:17 2007 => Scanning File C:\WINDOWS\System32\cliconfg.dll
Mon Feb 19 17:57:17 2007 => Scanning File C:\WINDOWS\System32\cliconfg.exe
Mon Feb 19 17:57:17 2007 => Scanning File C:\WINDOWS\System32\cliconfg.rll
Mon Feb 19 17:57:17 2007 => Scanning File C:\WINDOWS\System32\clipbrd.exe
Mon Feb 19 17:57:18 2007 => Scanning File C:\WINDOWS\System32\clipsrv.exe
Mon Feb 19 17:57:18 2007 => Scanning File C:\WINDOWS\System32\clspack.exe
Mon Feb 19 17:57:18 2007 => Scanning File C:\WINDOWS\System32\clusapi.dll
Mon Feb 19 17:57:18 2007 => Scanning File C:\WINDOWS\System32\cmcfg32.dll
Mon Feb 19 17:57:18 2007 => Scanning File C:\WINDOWS\System32\cmd.exe
Mon Feb 19 17:57:19 2007 => Scanning File C:\WINDOWS\System32\cmdial32.dll
Mon Feb 19 17:57:19 2007 => Scanning File C:\WINDOWS\System32\cmdl32.exe
Mon Feb 19 17:57:19 2007 => Scanning File C:\WINDOWS\System32\cmdlib.wsc
Mon Feb 19 17:57:19 2007 => Scanning File C:\WINDOWS\System32\cmmgr32.hlp
Mon Feb 19 17:57:19 2007 => Scanning File C:\WINDOWS\System32\cmmon32.exe
Mon Feb 19 17:57:19 2007 => Scanning File C:\WINDOWS\System32\cmos.ram
Mon Feb 19 17:57:19 2007 => Scanning File C:\WINDOWS\System32\cmpbk32.dll
Mon Feb 19 17:57:20 2007 => Scanning File C:\WINDOWS\System32\cmprops.dll
Mon Feb 19 17:57:20 2007 => Scanning File C:\WINDOWS\System32\cmstp.exe
Mon Feb 19 17:57:20 2007 => Scanning File C:\WINDOWS\System32\cmutil.dll
Mon Feb 19 17:57:20 2007 => Scanning File C:\WINDOWS\System32\cnbjmon.dll
Mon Feb 19 17:57:20 2007 => Scanning File C:\WINDOWS\System32\cnetcfg.dll
Mon Feb 19 17:57:20 2007 => Scanning File C:\WINDOWS\System32\cnvfat.dll
Mon Feb 19 17:57:21 2007 => Scanning File C:\WINDOWS\System32\colbact.dll
Mon Feb 19 17:57:21 2007 => Scanning File C:\WINDOWS\System32\comaddin.dll
Mon Feb 19 17:57:21 2007 => Scanning File C:\WINDOWS\System32\comcat.dll
Mon Feb 19 17:57:21 2007 => Scanning File C:\WINDOWS\System32\comctl32.dll
Mon Feb 19 17:57:21 2007 => Scanning File C:\WINDOWS\System32\comdlg32.dll
Mon Feb 19 17:57:22 2007 => Scanning File C:\WINDOWS\System32\comdlg32.ocx
Mon Feb 19 17:57:22 2007 => Scanning File C:\WINDOWS\System32\comm.drv
Mon Feb 19 17:57:22 2007 => Scanning File C:\WINDOWS\System32\command.com
Mon Feb 19 17:57:22 2007 => Scanning File C:\WINDOWS\System32\commdlg.dll
Mon Feb 19 17:57:22 2007 => Scanning File C:\WINDOWS\System32\comp.exe
Mon Feb 19 17:57:22 2007 => Scanning File C:\WINDOWS\System32\compact.exe
Mon Feb 19 17:57:22 2007 => Scanning File C:\WINDOWS\System32\compatUI.dll
Mon Feb 19 17:57:23 2007 => Scanning File C:\WINDOWS\System32\compmgmt.msc
Mon Feb 19 17:57:23 2007 => Scanning File C:\WINDOWS\System32\compobj.dll
Mon Feb 19 17:57:23 2007 => Scanning File C:\WINDOWS\System32\compstui.dll
Mon Feb 19 17:57:23 2007 => Scanning File C:\WINDOWS\System32\comrepl.dll
Mon Feb 19 17:57:23 2007 => Scanning File C:\WINDOWS\System32\comres.dll
Mon Feb 19 17:57:24 2007 => Scanning File C:\WINDOWS\System32\comsnap.dll
Mon Feb 19 17:57:24 2007 => Scanning File C:\WINDOWS\System32\comsvcs.dll
Mon Feb 19 17:57:24 2007 => Scanning File C:\WINDOWS\System32\comuid.dll
Mon Feb 19 17:57:25 2007 => Scanning File C:\WINDOWS\System32\CONFIG.NT
Mon Feb 19 17:57:25 2007 => Scanning File C:\WINDOWS\System32\CONFIG.TMP
Mon Feb 19 17:57:25 2007 => Scanning File C:\WINDOWS\System32\confmsp.dll
Mon Feb 19 17:57:25 2007 => Scanning File C:\WINDOWS\System32\conime.exe
Mon Feb 19 17:57:25 2007 => Scanning File C:\WINDOWS\System32\console.dll
Mon Feb 19 17:57:26 2007 => Scanning File C:\WINDOWS\System32\control.exe
Mon Feb 19 17:57:26 2007 => Scanning File C:\WINDOWS\System32\convert.exe
Mon Feb 19 17:57:26 2007 => Scanning File C:\WINDOWS\System32\corpol.dll
Mon Feb 19 17:57:26 2007 => Scanning File C:\WINDOWS\System32\country.sys
Mon Feb 19 17:57:26 2007 => Scanning File C:\WINDOWS\System32\credui.dll
Mon Feb 19 17:57:26 2007 => Scanning File C:\WINDOWS\System32\crtdll.dll
Mon Feb 19 17:57:27 2007 => Scanning File C:\WINDOWS\System32\Crusher.dll
Mon Feb 19 17:57:27 2007 => Scanning File C:\WINDOWS\System32\crypt32.dll
Mon Feb 19 17:57:27 2007 => Scanning File C:\WINDOWS\System32\cryptdlg.dll
Mon Feb 19 17:57:28 2007 => Scanning File C:\WINDOWS\System32\cryptdll.dll
Mon Feb 19 17:57:28 2007 => Scanning File C:\WINDOWS\System32\cryptext.dll
Mon Feb 19 17:57:28 2007 => Scanning File C:\WINDOWS\System32\cryptnet.dll
Mon Feb 19 17:57:28 2007 => Scanning File C:\WINDOWS\System32\cryptsvc.dll
Mon Feb 19 17:57:28 2007 => Scanning File C:\WINDOWS\System32\cryptui.dll
Mon Feb 19 17:57:28 2007 => Scanning File C:\WINDOWS\System32\cscdll.dll
Mon Feb 19 17:57:29 2007 => Scanning File C:\WINDOWS\System32\cscript.exe
Mon Feb 19 17:57:29 2007 => Scanning File C:\WINDOWS\System32\cscui.dll
Mon Feb 19 17:57:29 2007 => Scanning File C:\WINDOWS\System32\csrsrv.dll
Mon Feb 19 17:57:29 2007 => Scanning File C:\WINDOWS\System32\csrss.exe
Mon Feb 19 17:57:29 2007 => Scanning File C:\WINDOWS\System32\csseqchk.dll
Mon Feb 19 17:57:30 2007 => Scanning File C:\WINDOWS\System32\ctfmon.exe
Mon Feb 19 17:57:30 2007 => Scanning File C:\WINDOWS\System32\ctl3d32.dll
Mon Feb 19 17:57:30 2007 => Scanning File C:\WINDOWS\System32\ctl3dv2.dll
Mon Feb 19 17:57:30 2007 => Scanning File C:\WINDOWS\System32\ctype.nls
Mon Feb 19 17:57:30 2007 => Scanning File C:\WINDOWS\System32\c_037.nls
Mon Feb 19 17:57:31 2007 => Scanning File C:\WINDOWS\System32\c_10000.nls
Mon Feb 19 17:57:31 2007 => Scanning File C:\WINDOWS\System32\c_10006.nls
Mon Feb 19 17:57:31 2007 => Scanning File C:\WINDOWS\System32\c_10007.nls
Mon Feb 19 17:57:31 2007 => Scanning File C:\WINDOWS\System32\c_10010.nls
Mon Feb 19 17:57:31 2007 => Scanning File C:\WINDOWS\System32\c_10017.nls
Mon Feb 19 17:57:31 2007 => Scanning File C:\WINDOWS\System32\c_10029.nls
Mon Feb 19 17:57:31 2007 => Scanning File C:\WINDOWS\System32\c_10079.nls
Mon Feb 19 17:57:31 2007 => Scanning File C:\WINDOWS\System32\c_10081.nls
Mon Feb 19 17:57:31 2007 => Scanning File C:\WINDOWS\System32\c_10082.nls
Mon Feb 19 17:57:31 2007 => Scanning File C:\WINDOWS\System32\c_1026.nls
Mon Feb 19 17:57:32 2007 => Scanning File C:\WINDOWS\System32\c_1250.nls
Mon Feb 19 17:57:32 2007 => Scanning File C:\WINDOWS\System32\c_1251.nls
Mon Feb 19 17:57:32 2007 => Scanning File C:\WINDOWS\System32\c_1252.nls
Mon Feb 19 17:57:32 2007 => Scanning File C:\WINDOWS\System32\c_1253.nls
Mon Feb 19 17:57:32 2007 => Scanning File C:\WINDOWS\System32\c_1254.nls
Mon Feb 19 17:57:32 2007 => Scanning File C:\WINDOWS\System32\c_1255.nls
Mon Feb 19 17:57:32 2007 => Scanning File C:\WINDOWS\System32\c_1256.nls
Mon Feb 19 17:57:32 2007 => Scanning File C:\WINDOWS\System32\c_1257.nls
Mon Feb 19 17:57:32 2007 => Scanning File C:\WINDOWS\System32\c_1258.nls
Mon Feb 19 17:57:32 2007 => Scanning File C:\WINDOWS\System32\c_20127.nls
Mon Feb 19 17:57:32 2007 => Scanning File C:\WINDOWS\System32\c_20261.nls
Mon Feb 19 17:57:32 2007 => Scanning File C:\WINDOWS\System32\c_20866.nls
Mon Feb 19 17:57:32 2007 => Scanning File C:\WINDOWS\System32\c_20905.nls
Mon Feb 19 17:57:32 2007 => Scanning File C:\WINDOWS\System32\c_21866.nls
Mon Feb 19 17:57:32 2007 => Scanning File C:\WINDOWS\System32\c_28591.nls
Mon Feb 19 17:57:32 2007 => Scanning File C:\WINDOWS\System32\c_28592.nls
Mon Feb 19 17:57:32 2007 => Scanning File C:\WINDOWS\System32\c_28593.nls
Mon Feb 19 17:57:32 2007 => Scanning File C:\WINDOWS\System32\C_28594.NLS
Mon Feb 19 17:57:32 2007 => Scanning File C:\WINDOWS\System32\C_28595.NLS
Mon Feb 19 17:57:33 2007 => Scanning File C:\WINDOWS\System32\C_28597.NLS
Mon Feb 19 17:57:33 2007 => Scanning File C:\WINDOWS\System32\c_28598.nls
Mon Feb 19 17:57:33 2007 => Scanning File C:\WINDOWS\System32\c_28599.nls
Mon Feb 19 17:57:33 2007 => Scanning File C:\WINDOWS\System32\c_28605.nls
Mon Feb 19 17:57:33 2007 => Scanning File C:\WINDOWS\System32\c_437.nls
Mon Feb 19 17:57:33 2007 => Scanning File C:\WINDOWS\System32\c_500.nls
Mon Feb 19 17:57:33 2007 => Scanning File C:\WINDOWS\System32\c_737.nls
Mon Feb 19 17:57:33 2007 => Scanning File C:\WINDOWS\System32\c_775.nls
Mon Feb 19 17:57:33 2007 => Scanning File C:\WINDOWS\System32\c_850.nls
Mon Feb 19 17:57:33 2007 => Scanning File C:\WINDOWS\System32\c_852.nls
Mon Feb 19 17:57:33 2007 => Scanning File C:\WINDOWS\System32\c_855.nls
Mon Feb 19 17:57:33 2007 => Scanning File C:\WINDOWS\System32\c_857.nls
Mon Feb 19 17:57:33 2007 => Scanning File C:\WINDOWS\System32\c_860.nls
Mon Feb 19 17:57:33 2007 => Scanning File C:\WINDOWS\System32\c_861.nls
Mon Feb 19 17:57:33 2007 => Scanning File C:\WINDOWS\System32\c_863.nls
Mon Feb 19 17:57:33 2007 => Scanning File C:\WINDOWS\System32\c_865.nls
Mon Feb 19 17:57:33 2007 => Scanning File C:\WINDOWS\System32\c_866.nls
Mon Feb 19 17:57:33 2007 => Scanning File C:\WINDOWS\System32\c_869.nls
Mon Feb 19 17:57:33 2007 => Scanning File C:\WINDOWS\System32\c_874.nls
Mon Feb 19 17:57:33 2007 => Scanning File C:\WINDOWS\System32\c_875.nls
Mon Feb 19 17:57:33 2007 => Scanning File C:\WINDOWS\System32\c_932.nls
Mon Feb 19 17:57:34 2007 => Scanning File C:\WINDOWS\System32\c_936.nls
Mon Feb 19 17:57:34 2007 => Scanning File C:\WINDOWS\System32\c_949.nls
Mon Feb 19 17:57:34 2007 => Scanning File C:\WINDOWS\System32\c_950.nls
Mon Feb 19 17:57:34 2007 => Scanning File C:\WINDOWS\System32\d3d8.dll
Mon Feb 19 17:57:34 2007 => Scanning File C:\WINDOWS\System32\d3d8caps.dat
Mon Feb 19 17:57:34 2007 => Scanning File C:\WINDOWS\System32\d3d8thk.dll
Mon Feb 19 17:57:35 2007 => Scanning File C:\WINDOWS\System32\d3dim.dll
Mon Feb 19 17:57:36 2007 => Scanning File C:\WINDOWS\System32\d3dim700.dll
Mon Feb 19 17:57:36 2007 => Scanning File C:\WINDOWS\System32\d3dpmesh.dll
Mon Feb 19 17:57:36 2007 => Scanning File C:\WINDOWS\System32\d3dramp.dll
Mon Feb 19 17:57:36 2007 => Scanning File C:\WINDOWS\System32\d3drm.dll
Mon Feb 19 17:57:37 2007 => Scanning File C:\WINDOWS\System32\d3dxof.dll
Mon Feb 19 17:57:37 2007 => Scanning File C:\WINDOWS\System32\danim.dll
Mon Feb 19 17:57:38 2007 => Scanning File C:\WINDOWS\System32\dataclen.dll
Mon Feb 19 17:57:38 2007 => Scanning File C:\WINDOWS\System32\datime.dll
Mon Feb 19 17:57:38 2007 => Scanning File C:\WINDOWS\System32\davclnt.dll
Mon Feb 19 17:57:38 2007 => Scanning File C:\WINDOWS\System32\daxctle.ocx
Mon Feb 19 17:57:39 2007 => Scanning File C:\WINDOWS\System32\dbgeng.dll
Mon Feb 19 17:57:39 2007 => Scanning File C:\WINDOWS\System32\dbghelp.dll
Mon Feb 19 17:57:39 2007 => Scanning File C:\WINDOWS\System32\dbmsadsn.dll
Mon Feb 19 17:57:39 2007 => Scanning File C:\WINDOWS\System32\dbmsrpcn.dll
Mon Feb 19 17:57:40 2007 => Scanning File C:\WINDOWS\System32\dbmsvinn.dLL
Mon Feb 19 17:57:40 2007 => Scanning File C:\WINDOWS\System32\DBnetlib.dll
Mon Feb 19 17:57:40 2007 => Scanning File C:\WINDOWS\System32\dbnmpntw.dll
Mon Feb 19 17:57:40 2007 => Scanning File C:\WINDOWS\System32\Dcache.bin
Mon Feb 19 17:57:40 2007 => Scanning File C:\WINDOWS\System32\dciman32.dll
Mon Feb 19 17:57:40 2007 => Scanning File C:\WINDOWS\System32\dcomcnfg.exe
Mon Feb 19 17:57:41 2007 => Scanning File C:\WINDOWS\System32\ddeml.dll
Mon Feb 19 17:57:41 2007 => Scanning File C:\WINDOWS\System32\ddeshare.exe
Mon Feb 19 17:57:41 2007 => Scanning File C:\WINDOWS\System32\ddraw.dll
Mon Feb 19 17:57:41 2007 => Scanning File C:\WINDOWS\System32\ddrawex.dll
Mon Feb 19 17:57:41 2007 => Scanning File C:\WINDOWS\System32\debug.exe
Mon Feb 19 17:57:41 2007 => Scanning File C:\WINDOWS\System32\defrag.exe
Mon Feb 19 17:57:42 2007 => Scanning File C:\WINDOWS\System32\desk.cpl
Mon Feb 19 17:57:42 2007 => Scanning File C:\WINDOWS\System32\deskadp.dll
Mon Feb 19 17:57:42 2007 => Scanning File C:\WINDOWS\System32\deskmon.dll
Mon Feb 19 17:57:42 2007 => Scanning File C:\WINDOWS\System32\deskperf.dll
Mon Feb 19 17:57:42 2007 => Scanning File C:\WINDOWS\System32\desktop.ini
Mon Feb 19 17:57:42 2007 => Scanning File C:\WINDOWS\System32\devenum.dll
Mon Feb 19 17:57:43 2007 => Scanning File C:\WINDOWS\System32\devmgmt.msc
Mon Feb 19 17:57:43 2007 => Scanning File C:\WINDOWS\System32\devmgr.dll
Mon Feb 19 17:57:43 2007 => Scanning File C:\WINDOWS\System32\DevMngr.vxd
Mon Feb 19 17:57:43 2007 => Scanning File C:\WINDOWS\System32\dfrg.msc
Mon Feb 19 17:57:43 2007 => Scanning File C:\WINDOWS\System32\dfrgfat.exe
Mon Feb 19 17:57:44 2007 => Scanning File C:\WINDOWS\System32\dfrgntfs.exe
Mon Feb 19 17:57:44 2007 => Scanning File C:\WINDOWS\System32\dfrgres.dll
Mon Feb 19 17:57:44 2007 => Scanning File C:\WINDOWS\System32\dfrgsnap.dll
Mon Feb 19 17:57:44 2007 => Scanning File C:\WINDOWS\System32\dfrgui.dll
Mon Feb 19 17:57:45 2007 => Scanning File C:\WINDOWS\System32\dfsshlex.dll
Mon Feb 19 17:57:45 2007 => Scanning File C:\WINDOWS\System32\dgnet.dll
Mon Feb 19 17:57:45 2007 => Scanning File C:\WINDOWS\System32\dgrpsetu.dll
Mon Feb 19 17:57:46 2007 => Scanning File C:\WINDOWS\System32\dgsetup.dll
Mon Feb 19 17:57:46 2007 => Scanning File C:\WINDOWS\System32\dhcpcsvc.dll
Mon Feb 19 17:57:46 2007 => Scanning File C:\WINDOWS\System32\dhcpmon.dll
Mon Feb 19 17:57:47 2007 => Scanning File C:\WINDOWS\System32\dhcpsapi.dll
Mon Feb 19 17:57:47 2007 => Scanning File C:\WINDOWS\System32\diactfrm.dll
Mon Feb 19 17:57:47 2007 => Scanning File C:\WINDOWS\System32\diantz.exe
Mon Feb 19 17:57:47 2007 => Scanning File C:\WINDOWS\System32\digest.dll
Mon Feb 19 17:57:48 2007 => Scanning File C:\WINDOWS\System32\dimap.dll
Mon Feb 19 17:57:48 2007 => Scanning File C:\WINDOWS\System32\dinput.dll
Mon Feb 19 17:57:48 2007 => Scanning File C:\WINDOWS\System32\dinput8.dll
Mon Feb 19 17:57:48 2007 => Scanning File C:\WINDOWS\System32\diskcomp.com
Mon Feb 19 17:57:48 2007 => Scanning File C:\WINDOWS\System32\diskcopy.com
Mon Feb 19 17:57:49 2007 => Scanning File C:\WINDOWS\System32\diskcopy.dll
Mon Feb 19 17:57:49 2007 => Scanning File C:\WINDOWS\System32\diskmgmt.msc
Mon Feb 19 17:57:49 2007 => Scanning File C:\WINDOWS\System32\diskpart.exe
Mon Feb 19 17:57:49 2007 => Scanning File C:\WINDOWS\System32\diskperf.exe
Mon Feb 19 17:57:49 2007 => Scanning File C:\WINDOWS\System32\dispex.dll
Mon Feb 19 17:57:49 2007 => Scanning File C:\WINDOWS\System32\DivX.dll
Mon Feb 19 17:57:53 2007 => Scanning File C:\WINDOWS\System32\divxdec.ax
Mon Feb 19 17:57:53 2007 => Scanning File C:\WINDOWS\System32\DivXMedia.ax
Mon Feb 19 17:57:53 2007 => Scanning File C:\WINDOWS\System32\DivXsm.exe
Mon Feb 19 17:57:55 2007 => Scanning File C:\WINDOWS\System32\divxsm.tlb
Mon Feb 19 17:57:55 2007 => Scanning File C:\WINDOWS\System32\divx_xx07.dll
Mon Feb 19 17:57:55 2007 => Scanning File C:\WINDOWS\System32\divx_xx0c.dll
Mon Feb 19 17:57:55 2007 => Scanning File C:\WINDOWS\System32\divx_xx11.dll
Mon Feb 19 17:57:56 2007 => Scanning File C:\WINDOWS\System32\dllhost.exe
Mon Feb 19 17:57:56 2007 => Scanning File C:\WINDOWS\System32\dllhst3g.exe
Mon Feb 19 17:57:56 2007 => Scanning File C:\WINDOWS\System32\dmadmin.exe
Mon Feb 19 17:57:56 2007 => Scanning File C:\WINDOWS\System32\dmband.dll
Mon Feb 19 17:57:57 2007 => Scanning File C:\WINDOWS\System32\dmcompos.dll
Mon Feb 19 17:57:57 2007 => Scanning File C:\WINDOWS\System32\dmconfig.dll
Mon Feb 19 17:57:58 2007 => Scanning File C:\WINDOWS\System32\dmdlgs.dll
Mon Feb 19 17:57:58 2007 => Scanning File C:\WINDOWS\System32\dmdskmgr.dll
Mon Feb 19 17:57:58 2007 => Scanning File C:\WINDOWS\System32\dmdskres.dll
Mon Feb 19 17:57:58 2007 => Scanning File C:\WINDOWS\System32\dmime.dll
Mon Feb 19 17:57:59 2007 => Scanning File C:\WINDOWS\System32\dmintf.dll
Mon Feb 19 17:57:59 2007 => Scanning File C:\WINDOWS\System32\dmloader.dll
Mon Feb 19 17:57:59 2007 => Scanning File C:\WINDOWS\System32\dmocx.dll
Mon Feb 19 17:57:59 2007 => Scanning File C:\WINDOWS\System32\dmremote.exe
Mon Feb 19 17:58:00 2007 => Scanning File C:\WINDOWS\System32\dmscript.dll
Mon Feb 19 17:58:00 2007 => Scanning File C:\WINDOWS\System32\dmserver.dll
Mon Feb 19 17:58:00 2007 => Scanning File C:\WINDOWS\System32\dmstyle.dll
Mon Feb 19 17:58:00 2007 => Scanning File C:\WINDOWS\System32\dmsynth.dll
Mon Feb 19 17:58:01 2007 => Scanning File C:\WINDOWS\System32\dmusic.dll
Mon Feb 19 17:58:01 2007 => Scanning File C:\WINDOWS\System32\dmutil.dll
Mon Feb 19 17:58:01 2007 => Scanning File C:\WINDOWS\System32\dmview.ocx
Mon Feb 19 17:58:01 2007 => Scanning File C:\WINDOWS\System32\dnsapi.dll
Mon Feb 19 17:58:01 2007 => Scanning File C:\WINDOWS\System32\dnsrslvr.dll
Mon Feb 19 17:58:02 2007 => Scanning File C:\WINDOWS\System32\docprop.dll
Mon Feb 19 17:58:02 2007 => Scanning File C:\WINDOWS\System32\docprop2.dll
Mon Feb 19 17:58:02 2007 => Scanning File C:\WINDOWS\System32\doskey.exe
Mon Feb 19 17:58:02 2007 => Scanning File C:\WINDOWS\System32\dosx.exe
Mon Feb 19 17:58:02 2007 => Scanning File C:\WINDOWS\System32\dpcdll.dll
Mon Feb 19 17:58:02 2007 => Scanning File C:\WINDOWS\System32\dpl100.dll
Mon Feb 19 17:58:03 2007 => Scanning File C:\WINDOWS\System32\dplay.dll
Mon Feb 19 17:58:03 2007 => Scanning File C:\WINDOWS\System32\dplaysvr.exe
Mon Feb 19 17:58:03 2007 => Scanning File C:\WINDOWS\System32\dplayx.dll
Mon Feb 19 17:58:04 2007 => Scanning File C:\WINDOWS\System32\dpmodemx.dll
Mon Feb 19 17:58:04 2007 => Scanning File C:\WINDOWS\System32\dpnaddr.dll
Mon Feb 19 17:58:05 2007 => Scanning File C:\WINDOWS\System32\dpnet.dll
Mon Feb 19 17:58:05 2007 => Scanning File C:\WINDOWS\System32\dpnhpast.dll
Mon Feb 19 17:58:06 2007 => Scanning File C:\WINDOWS\System32\dpnhupnp.dll
Mon Feb 19 17:58:06 2007 => Scanning File C:\WINDOWS\System32\dpnlobby.dll
Mon Feb 19 17:58:06 2007 => Scanning File C:\WINDOWS\System32\dpnmodem.dll
Mon Feb 19 17:58:06 2007 => Scanning File C:\WINDOWS\System32\dpnsvr.exe
Mon Feb 19 17:58:07 2007 => Scanning File C:\WINDOWS\System32\dpnwsock.dll
Mon Feb 19 17:58:07 2007 => Scanning File C:\WINDOWS\System32\dpserial.dll
Mon Feb 19 17:58:08 2007 => Scanning File C:\WINDOWS\System32\dpu10.dll
Mon Feb 19 17:58:08 2007 => Scanning File C:\WINDOWS\System32\dpu11.dll
Mon Feb 19 17:58:08 2007 => Scanning File C:\WINDOWS\System32\dpuGUI10.dll
Mon Feb 19 17:58:09 2007 => Scanning File C:\WINDOWS\System32\dpuGUI11.dll
Mon Feb 19 17:58:09 2007 => Scanning File C:\WINDOWS\System32\dpus11.dll
Mon Feb 19 17:58:10 2007 => Scanning File C:\WINDOWS\System32\dpv11.dll
Mon Feb 19 17:58:10 2007 => Scanning File C:\WINDOWS\System32\dpvacm.dll
Mon Feb 19 17:58:10 2007 => Scanning File C:\WINDOWS\System32\dpvoice.dll
Mon Feb 19 17:58:11 2007 => Scanning File C:\WINDOWS\System32\dpvsetup.exe
Mon Feb 19 17:58:11 2007 => Scanning File C:\WINDOWS\System32\dpvvox.dll
Mon Feb 19 17:58:11 2007 => Scanning File C:\WINDOWS\System32\dpwsock.dll
Mon Feb 19 17:58:12 2007 => Scanning File C:\WINDOWS\System32\dpwsockx.dll
Mon Feb 19 17:58:12 2007 => Scanning File C:\WINDOWS\System32\driverquery.exe
Mon Feb 19 17:58:13 2007 => Scanning File C:\WINDOWS\System32\drmclien.dll
Mon Feb 19 17:58:13 2007 => Scanning File C:\WINDOWS\System32\drmstor.dll
Mon Feb 19 17:58:14 2007 => Scanning File C:\WINDOWS\System32\drmv2clt.dll
Mon Feb 19 17:58:14 2007 => Scanning File C:\WINDOWS\System32\drprov.dll
Mon Feb 19 17:58:14 2007 => Scanning File C:\WINDOWS\System32\drwatson.exe
Mon Feb 19 17:58:14 2007 => Scanning File C:\WINDOWS\System32\drwtsn32.exe
Mon Feb 19 17:58:15 2007 => Scanning File C:\WINDOWS\System32\ds16gt.dLL
Mon Feb 19 17:58:15 2007 => Scanning File C:\WINDOWS\System32\ds32gt.dll
Mon Feb 19 17:58:15 2007 => Scanning File C:\WINDOWS\System32\dsauth.dll
Mon Feb 19 17:58:15 2007 => Scanning File C:\WINDOWS\System32\dsdmo.dll
Mon Feb 19 17:58:16 2007 => Scanning File C:\WINDOWS\System32\dsdmoprp.dll
Mon Feb 19 17:58:16 2007 => Scanning File C:\WINDOWS\System32\dskquota.dll
Mon Feb 19 17:58:17 2007 => Scanning File C:\WINDOWS\System32\dskquoui.dll
Mon Feb 19 17:58:17 2007 => Scanning File C:\WINDOWS\System32\dsm_de.qm
Mon Feb 19 17:58:17 2007 => Scanning File C:\WINDOWS\System32\dsm_fr.qm
Mon Feb 19 17:58:17 2007 => Scanning File C:\WINDOWS\System32\dsm_ja.qm
Mon Feb 19 17:58:17 2007 => Scanning File C:\WINDOWS\System32\dsound.dll
Mon Feb 19 17:58:18 2007 => Scanning File C:\WINDOWS\System32\dsound.vxd
Mon Feb 19 17:58:18 2007 => Scanning File C:\WINDOWS\System32\dsound3d.dll
Mon Feb 19 17:58:18 2007 => Scanning File C:\WINDOWS\System32\dsprop.dll
Mon Feb 19 17:58:19 2007 => Scanning File C:\WINDOWS\System32\dsquery.dll
Mon Feb 19 17:58:19 2007 => Scanning File C:\WINDOWS\System32\dssec.dat
Mon Feb 19 17:58:19 2007 => Scanning File C:\WINDOWS\System32\dssec.dll
Mon Feb 19 17:58:20 2007 => Scanning File C:\WINDOWS\System32\dssenh.dll
Mon Feb 19 17:58:20 2007 => Scanning File C:\WINDOWS\System32\dsuiext.dll
Mon Feb 19 17:58:20 2007 => Scanning File C:\WINDOWS\System32\dswave.dll
Mon Feb 19 17:58:21 2007 => Scanning File C:\WINDOWS\System32\dtu100.dll
Mon Feb 19 17:58:22 2007 => Scanning File C:\WINDOWS\System32\dumprep.exe
Mon Feb 19 17:58:22 2007 => Scanning File C:\WINDOWS\System32\duser.dll
Mon Feb 19 17:58:23 2007 => Scanning File C:\WINDOWS\System32\dvdplay.exe
Mon Feb 19 17:58:23 2007 => Scanning File C:\WINDOWS\System32\dvdupgrd.exe
Mon Feb 19 17:58:24 2007 => Scanning File C:\WINDOWS\System32\dwwin.exe
Mon Feb 19 17:58:24 2007 => Scanning File C:\WINDOWS\System32\dx3j.dll
Mon Feb 19 17:58:24 2007 => Scanning File C:\WINDOWS\System32\dx7vb.dll
Mon Feb 19 17:58:24 2007 => Scanning File C:\WINDOWS\System32\dx8vb.dll
Mon Feb 19 17:58:25 2007 => Scanning File C:\WINDOWS\System32\dxdiag.exe
Mon Feb 19 17:58:27 2007 => Scanning File C:\WINDOWS\System32\dxmasf.dll
Mon Feb 19 17:58:28 2007 => Scanning File C:\WINDOWS\System32\dxmrtp.dll
Mon Feb 19 17:58:28 2007 => Scanning File C:\WINDOWS\System32\dxtmsft.dll
Mon Feb 19 17:58:29 2007 => Scanning File C:\WINDOWS\System32\dxtrans.dll
Mon Feb 19 17:58:29 2007 => Scanning File C:\WIN
 
Upvote 0 Downvote
Can you post the other logs, and another hijakc this log?


Put these through the killbox! use the delete on reboot method.


Double-click on Killbox.exe to run it. Now put a tick by Delete on
Reboot. In the "Full Path of File to Delete" box, copy and paste each
of the following lines one at a time then click on the button that has
the red circle with the X in the middle after you enter each file.
It will ask for confimation to delete the file on next reboot. Click
Yes. It will then ask if you want to reboot now. Click No. Continue
with that same procedure until you have copied and pasted all of
these in the "Paste Full Path of File to Delete" box.Then click yes
to reboot after you entered the last one.


Note: It is possible that Killbox will tell you that one or more files do not
exist. If that happens, just continue on with all the files. Be sure you
don't miss any.


C:\WINDOWS\nls8045_ADPERFORM.exe
C:\WINDOWS\System32\b0irlnja.ini


Member of ASAP Alliance of Security Analysis Professionals

under the name khazars
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ChrisOfOz
  • Locked
  • Question
Lenovo startup problem please any ideas? 2
Replies
10
Views
768
Yoko Littner
Yoko Littner
BionicJohn
  • Locked
  • Question
URUASY.A Ransomware Trojan - Help needed with removal
Replies
6
Views
194
BionicJohn
BionicJohn
eightoheight
  • Locked
  • Question
Need help removing virus.
Replies
6
Views
384
goombawaho
goombawaho
waikhu
  • Locked
  • Question
Somebody help me out, when my pc st
Replies
3
Views
116
kjv1611
kjv1611
Sentrif
  • Locked
  • Question
New laptop win7, antivirus needed 2
2
Replies
21
Views
387
goombawaho
goombawaho

Part and Inventory Search

Sponsor

Back
Top