CastleCops® e-scan finds 26 critical errors, Ad-aware finds none?

Need help? Click here to register for free! Absolutely zero advertisements on this site!

	Donation/Premium

	Donations. Become Premium Today!

	Security Central

	· Home · PIRT/Fried Phish · MIRT · SIRT · Deutsch · Wiki · Newsletter · O16/ActiveX · CLSID List · Contest2007 · Downloads · Feedback (send) · Forums · HijackThis · Hijacktrend · LSPs · My Downloads · O18 · O20 · O21 · O22 · O23 · O9 · Premium · Private Messages · Proxomitron · Reviews · Search · StartupList · Stories Archive · Submit News · WsIRT · Your Account · Acceptable Use Policy

Forum FAQ

Usergroups

Profile

Select FavForums

[IN PROGRESS]e-scan finds 26 critical errors, Ad-aware finds none?

All -> FavForums -> Trend Micro HijackThis Logs

[del.icio.us!] [digg it!] [reddit!]

View previous topic :: View next topic

Author

Message

jimsimon

Cadet
Cadet

Joined: Jul 15, 2007
Posts: 6
Location: USA

Posted: Tue Jul 17, 2007 1:19 am Post subject: e-scan finds 26 critical errors, Ad-aware finds none?

Hi: After running Ad-Aware, and had no bugs, I ran a scan with e-scan and it found registry files �System found infected with mybugfreepc Corrupted Adware/Spyware ({71a2702f-c7d8-11d2-bef8-525400dfb47a})!� located at C:\WINDOWS\system32\ssubtmr6.dll . I don�t understand why Ad-Aware doesn�t find this problem. I did a search on Google and couldn�t seem to find anything definite on whether I should delete this file or not. It�s a dll file and I fear that if I delete it Windows may not function properly. Is there a free software download removal tool that knows whether or not to delete it or any of those other error files and entries? I have reported this to Castlecops forum and they recommend that I make a log and send it to you. I have run HijackThis, SmitfraudFix.exe, AVG Anti-Spyware, Lavasoft Ad-aware and then I ran Microsoft Anti-spyware (mvav.exe.) also known as e-scan. All scans were bug free except for e-scan which has 26 critical errors. The HijackThis and the e-scan logs are provided below. Thank you for your time. e-scan log: Mon Jul 16 07:31:48 2007 => ******************************************************** Mon Jul 16 07:31:48 2007 => MicroWorld Anti Virus & Spyware Toolkit Utility. Mon Jul 16 07:31:48 2007 => Copyright � 2003-2006, MicroWorld Technologies Inc. Mon Jul 16 07:31:48 2007 => ****************************************************** Mon Jul 16 07:31:48 2007 => Source: C:\DOCUME~1\Darrel\Desktop\mwav.exe Mon Jul 16 07:31:48 2007 => Version 9.2.9 (C:\DOCUME~1\Darrel\LOCALS~1\Temp\mexe.com) Mon Jul 16 07:31:48 2007 => Log File: C:\DOCUME~1\Darrel\LOCALS~1\Temp\MWAV.LOG Mon Jul 16 07:31:48 2007 => Last Scan Date and Time: 14.07.2007 20:54:52 Mon Jul 16 07:31:48 2007 => MWAV Registered: FALSE. Mon Jul 16 07:31:48 2007 => User Account: Darrel Mon Jul 16 07:31:48 2007 => OS Type: Windows Workstation Mon Jul 16 07:31:48 2007 => OS: Windows XP Mon Jul 16 07:31:48 2007 => Ver: Service Pack 2 (Build 2600) Mon Jul 16 07:31:48 2007 => Windows Root Folder: C:\WINDOWS Mon Jul 16 07:31:48 2007 => Windows Sys32 Folder: C:\WINDOWS\system32 Mon Jul 16 07:31:48 2007 => Local Fixed Drives: c:\,d:\ Mon Jul 16 07:31:48 2007 => MWAV Mode: Only Scan files. Mon Jul 16 07:31:48 2007 => ****** Files created/modified in last fortnight in Windows Folder ****** Mon Jul 16 07:31:48 2007 => C:\WINDOWS\R.COM (146432), 10-Jul-2007, Microsoft Corporation, Microsoft� Windows� Operating System Mon Jul 16 07:31:48 2007 => C:\WINDOWS\REGEDIT.COM (146432), 10-Jul-2007, Microsoft Corporation, Microsoft� Windows� Operating System Mon Jul 16 07:31:48 2007 => C:\WINDOWS\win.ini (660), 10-Jul-2007 Mon Jul 16 07:31:48 2007 => C:\WINDOWS\system32\aUpdateNow.ocx (245760), 07-Jul-2007, LansSoft Studio, Advanced Live Update Activex control Mon Jul 16 07:31:48 2007 => C:\WINDOWS\system32\dumphive.exe (51200), 16-Jul-2007 Mon Jul 16 07:31:48 2007 => C:\WINDOWS\system32\mkcHyperlink.ocx (61440), 07-Jul-2007, MKC Computers, mkcHyperlink Control Mon Jul 16 07:31:48 2007 => C:\WINDOWS\system32\PerfStringBackup.INI (356120), 08-Jul-2007 Mon Jul 16 07:31:48 2007 => C:\WINDOWS\system32\Process.exe (53248), 16-Jul-2007, http://www.beyondlogic.org, Command Line Process Utility Mon Jul 16 07:31:48 2007 => C:\WINDOWS\system32\ServiceRepair.exe (32768), 07-Jul-2007, WareSoft Software, ServiceRepair Mon Jul 16 07:31:49 2007 => C:\WINDOWS\system32\SrchSTS.exe (288417), 16-Jul-2007, S!Ri, SrchSTS Mon Jul 16 07:31:49 2007 => C:\WINDOWS\system32\SSubTmr6.dll (53248), 07-Jul-2007, vbAccelerator, SSubTmr6 Mon Jul 16 07:31:49 2007 => C:\WINDOWS\system32\svcmgr.ocx (32768), 07-Jul-2007, Sanx Consulting, svcmgr Mon Jul 16 07:31:49 2007 => C:\WINDOWS\system32\swreg.exe (135168), 16-Jul-2007, SteelWerX, SteelWerX Registry Editor Mon Jul 16 07:31:50 2007 => C:\WINDOWS\system32\swsc.exe (40960), 16-Jul-2007 Mon Jul 16 07:31:50 2007 => C:\WINDOWS\system32\swxcacls.exe (79360), 16-Jul-2007, SteelWerX, SteelWerX Extended Configurator ACLists Mon Jul 16 07:31:50 2007 => C:\WINDOWS\system32\T.COM (135680), 10-Jul-2007, Microsoft Corporation, Microsoft� Windows� Operating System Mon Jul 16 07:31:50 2007 => C:\WINDOWS\system32\TASKMGR.COM (135680), 10-Jul-2007, Microsoft Corporation, Microsoft� Windows� Operating System Mon Jul 16 07:31:50 2007 => C:\WINDOWS\system32\vbalAVI6.ocx (49152), 07-Jul-2007, vbAccelerator, vbAccelerator Transparent AVI Control Mon Jul 16 07:31:50 2007 => C:\WINDOWS\system32\vbalExpBar6.ocx (200704), 07-Jul-2007, vbAccelerator, vbAccelerator VB6 Explorer Bar Control Mon Jul 16 07:31:50 2007 => C:\WINDOWS\system32\vbalIml6.ocx (94208), 07-Jul-2007, vbAccelerator, vbaIml - vbAccelerator Image List control Mon Jul 16 07:31:50 2007 => C:\WINDOWS\system32\vbaListView6.ocx (262144), 07-Jul-2007, vbAccelerator, vbAccelerator VB6 ListView Control Mon Jul 16 07:31:50 2007 => C:\WINDOWS\system32\vbalProgBar6.ocx (65536), 07-Jul-2007, vbAccelerator, vbAccelerator VB6 Progress Bar Control Mon Jul 16 07:31:50 2007 => C:\WINDOWS\system32\wmdmlog.dll (27136), 07-Jul-2007, Microsoft Corporation, Windows Media Device Manager Mon Jul 16 07:31:50 2007 => **************************************************************************** Mon Jul 16 07:31:50 2007 => Latest Date of files inside MWAV: 07 Jul 2007 12:05:0. Mon Jul 16 07:32:05 2007 => AV Library Loaded... Mon Jul 16 07:32:05 2007 => MWAV doing self scanning... Mon Jul 16 07:32:05 2007 => Scanning File C:\DOCUME~1\Darrel\LOCALS~1\Temp\getvlist.exe Mon Jul 16 07:32:06 2007 => Scanning File C:\DOCUME~1\Darrel\LOCALS~1\Temp\main.avi Mon Jul 16 07:32:06 2007 => Scanning File C:\DOCUME~1\Darrel\LOCALS~1\Temp\virus.avi Mon Jul 16 07:32:06 2007 => Scanning File C:\DOCUME~1\Darrel\LOCALS~1\Temp\ScanningProcess.exe Mon Jul 16 07:32:06 2007 => Scanning File C:\DOCUME~1\Darrel\LOCALS~1\Temp\kave.dll Mon Jul 16 07:32:06 2007 => Scanning File C:\DOCUME~1\Darrel\LOCALS~1\Temp\prloader.dll Mon Jul 16 07:32:06 2007 => MWAV files are clean. Mon Jul 16 07:32:07 2007 => Virus Database Date: 7/7/2007 Mon Jul 16 07:32:07 2007 => Virus Database Count: 359305 Mon Jul 16 07:32:13 2007 => ****************************************************** Mon Jul 16 07:32:13 2007 => MicroWorld Anti Virus & Spyware Toolkit Utility. Mon Jul 16 07:32:13 2007 => Copyright � 2003-2006, MicroWorld Technologies Inc. Mon Jul 16 07:32:13 2007 => Mon Jul 16 07:32:13 2007 => Support: support@mwti.net Mon Jul 16 07:32:13 2007 => Web: http://www.mwti.net Mon Jul 16 07:32:13 2007 => ****************************************************** Mon Jul 16 07:32:13 2007 => Version 9.2.9 (C:\DOCUME~1\Darrel\LOCALS~1\Temp\mexe.com) Mon Jul 16 07:32:13 2007 => Log File: C:\DOCUME~1\Darrel\LOCALS~1\Temp\MWAV.LOG Mon Jul 16 07:32:13 2007 => User Account: Darrel Mon Jul 16 07:32:13 2007 => Windows Root Folder: C:\WINDOWS Mon Jul 16 07:32:13 2007 => Windows Sys32 Folder: C:\WINDOWS\system32 Mon Jul 16 07:32:13 2007 => OS: Windows XP Mon Jul 16 07:32:13 2007 => Ver: Service Pack 2 (Build 2600) Mon Jul 16 07:32:14 2007 => Latest Date of files inside MWAV: 07 Jul 2007 12:05:0. Mon Jul 16 07:32:14 2007 => Options Selected by User: Mon Jul 16 07:32:14 2007 => Memory Check: Enabled Mon Jul 16 07:32:14 2007 => Registry Check: Enabled Mon Jul 16 07:32:14 2007 => StartUp Folder Check: Enabled Mon Jul 16 07:32:14 2007 => System Folder Check: Enabled Mon Jul 16 07:32:14 2007 => System Area Check: Disabled Mon Jul 16 07:32:14 2007 => Services Check: Enabled Mon Jul 16 07:32:14 2007 => Drive Check Option Disabled Mon Jul 16 07:32:14 2007 => Folder Check: Disabled Mon Jul 16 07:32:16 2007 => * Scanning Memory Files * Mon Jul 16 07:32:16 2007 => Scanning File C:\WINDOWS\System32\smss.exe Mon Jul 16 07:32:16 2007 => Scanning File C:\WINDOWS\system32\ntdll.dll Mon Jul 16 07:32:16 2007 => Scanning File C:\WINDOWS\SYSTEM32\CSRSS.EXE Mon Jul 16 07:32:16 2007 => Scanning File C:\WINDOWS\system32\CSRSRV.dll Mon Jul 16 07:32:16 2007 => Scanning File C:\WINDOWS\system32\basesrv.dll Mon Jul 16 07:32:16 2007 => Scanning File C:\WINDOWS\system32\winsrv.dll Mon Jul 16 07:32:17 2007 => Scanning File C:\WINDOWS\system32\GDI32.dll Mon Jul 16 07:32:17 2007 => Scanning File C:\WINDOWS\system32\KERNEL32.dll Mon Jul 16 07:32:17 2007 => Scanning File C:\WINDOWS\system32\USER32.dll Mon Jul 16 07:32:17 2007 => Scanning File C:\WINDOWS\system32\sxs.dll Mon Jul 16 07:32:17 2007 => Scanning File C:\WINDOWS\system32\ADVAPI32.dll Mon Jul 16 07:32:18 2007 => Scanning File C:\WINDOWS\system32\RPCRT4.dll Mon Jul 16 07:32:18 2007 => Scanning File C:\WINDOWS\system32\Apphelp.dll Mon Jul 16 07:32:18 2007 => Scanning File C:\WINDOWS\system32\VERSION.dll Mon Jul 16 07:32:18 2007 => Scanning File C:\WINDOWS\SYSTEM32\WINLOGON.EXE Mon Jul 16 07:32:18 2007 => Scanning File C:\WINDOWS\system32\AUTHZ.dll Mon Jul 16 07:32:18 2007 => Scanning File C:\WINDOWS\system32\msvcrt.dll Mon Jul 16 07:32:18 2007 => Scanning File C:\WINDOWS\system32\CRYPT32.dll Mon Jul 16 07:32:18 2007 => Scanning File C:\WINDOWS\system32\MSASN1.dll Mon Jul 16 07:32:19 2007 => Scanning File C:\WINDOWS\system32\NDdeApi.dll Mon Jul 16 07:32:19 2007 => Scanning File C:\WINDOWS\system32\PROFMAP.dll Mon Jul 16 07:32:19 2007 => Scanning File C:\WINDOWS\system32\NETAPI32.dll Mon Jul 16 07:32:19 2007 => Scanning File C:\WINDOWS\system32\USERENV.dll Mon Jul 16 07:32:19 2007 => Scanning File C:\WINDOWS\system32\PSAPI.DLL Mon Jul 16 07:32:19 2007 => Scanning File C:\WINDOWS\system32\REGAPI.dll Mon Jul 16 07:32:19 2007 => Scanning File C:\WINDOWS\system32\Secur32.dll Mon Jul 16 07:32:19 2007 => Scanning File C:\WINDOWS\system32\SETUPAPI.dll Mon Jul 16 07:32:19 2007 => Scanning File C:\WINDOWS\system32\WINSTA.dll Mon Jul 16 07:32:19 2007 => Scanning File C:\WINDOWS\system32\WINTRUST.dll Mon Jul 16 07:32:20 2007 => Scanning File C:\WINDOWS\system32\IMAGEHLP.dll Mon Jul 16 07:32:20 2007 => Scanning File C:\WINDOWS\system32\WS2_32.dll Mon Jul 16 07:32:20 2007 => Scanning File C:\WINDOWS\system32\WS2HELP.dll Mon Jul 16 07:32:20 2007 => Scanning File C:\WINDOWS\SYSTEM32\MSGINA.dll Mon Jul 16 07:32:20 2007 => Scanning File C:\WINDOWS\system32\SHELL32.dll Mon Jul 16 07:32:21 2007 => Scanning File C:\WINDOWS\system32\SHLWAPI.dll Mon Jul 16 07:32:21 2007 => Scanning File C:\WINDOWS\system32\COMCTL32.dll Mon Jul 16 07:32:21 2007 => Scanning File C:\WINDOWS\SYSTEM32\ODBC32.dll Mon Jul 16 07:32:22 2007 => Scanning File C:\WINDOWS\system32\comdlg32.dll Mon Jul 16 07:32:22 2007 => Scanning File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll Mon Jul 16 07:32:24 2007 => Scanning File C:\WINDOWS\SYSTEM32\odbcint.dll Mon Jul 16 07:32:24 2007 => Scanning File C:\WINDOWS\SYSTEM32\SHSVCS.dll Mon Jul 16 07:32:24 2007 => Scanning File C:\WINDOWS\system32\sfc.dll Mon Jul 16 07:32:24 2007 => Scanning File C:\WINDOWS\SYSTEM32\sfc_os.dll Mon Jul 16 07:32:24 2007 => Scanning File C:\WINDOWS\system32\ole32.dll Mon Jul 16 07:32:24 2007 => Scanning File C:\WINDOWS\SYSTEM32\WINSCARD.DLL Mon Jul 16 07:32:24 2007 => Scanning File C:\WINDOWS\SYSTEM32\WTSAPI32.dll Mon Jul 16 07:32:25 2007 => Scanning File C:\WINDOWS\SYSTEM32\uxtheme.dll Mon Jul 16 07:32:25 2007 => Scanning File C:\WINDOWS\SYSTEM32\cscdll.dll Mon Jul 16 07:32:25 2007 => Scanning File C:\WINDOWS\SYSTEM32\WlNotify.dll Mon Jul 16 07:32:25 2007 => Scanning File C:\WINDOWS\SYSTEM32\WINMM.dll Mon Jul 16 07:32:25 2007 => Scanning File C:\WINDOWS\SYSTEM32\WINSPOOL.DRV Mon Jul 16 07:32:25 2007 => Scanning File C:\WINDOWS\system32\MPR.dll Mon Jul 16 07:32:25 2007 => Scanning File C:\WINDOWS\SYSTEM32\rsaenh.dll Mon Jul 16 07:32:25 2007 => Scanning File C:\WINDOWS\SYSTEM32\SAMLIB.dll Mon Jul 16 07:32:25 2007 => Scanning File C:\WINDOWS\SYSTEM32\cscui.dll Mon Jul 16 07:32:26 2007 => Scanning File C:\WINDOWS\SYSTEM32\xpsp2res.dll Mon Jul 16 07:32:27 2007 => Scanning File C:\WINDOWS\SYSTEM32\NTMARTA.DLL Mon Jul 16 07:32:27 2007 => Scanning File C:\WINDOWS\system32\WLDAP32.dll Mon Jul 16 07:32:27 2007 => Scanning File C:\WINDOWS\system32\msv1_0.dll Mon Jul 16 07:32:27 2007 => Scanning File C:\WINDOWS\SYSTEM32\iphlpapi.dll Mon Jul 16 07:32:27 2007 => Scanning File C:\WINDOWS\SYSTEM32\wdmaud.drv Mon Jul 16 07:32:27 2007 => Scanning File C:\WINDOWS\SYSTEM32\msacm32.drv Mon Jul 16 07:32:27 2007 => Scanning File C:\WINDOWS\SYSTEM32\MSACM32.dll Mon Jul 16 07:32:28 2007 => Scanning File C:\WINDOWS\SYSTEM32\COMRes.dll Mon Jul 16 07:32:28 2007 => Scanning File C:\WINDOWS\system32\OLEAUT32.dll Mon Jul 16 07:32:28 2007 => Scanning File C:\WINDOWS\SYSTEM32\midimap.dll Mon Jul 16 07:32:28 2007 => Scanning File C:\WINDOWS\SYSTEM32\CLBCATQ.DLL Mon Jul 16 07:32:28 2007 => Scanning File C:\WINDOWS\system32\services.exe Mon Jul 16 07:32:28 2007 => Scanning File C:\WINDOWS\system32\SCESRV.dll Mon Jul 16 07:32:28 2007 => Scanning File C:\WINDOWS\system32\umpnpmgr.dll Mon Jul 16 07:32:28 2007 => Scanning File C:\WINDOWS\system32\NCObjAPI.DLL Mon Jul 16 07:32:28 2007 => Scanning File C:\WINDOWS\system32\MSVCP60.dll Mon Jul 16 07:32:29 2007 => Scanning File C:\WINDOWS\system32\ShimEng.dll Mon Jul 16 07:32:29 2007 => Scanning File C:\WINDOWS\AppPatch\AcGenral.DLL Mon Jul 16 07:32:29 2007 => Scanning File C:\WINDOWS\system32\eventlog.dll Mon Jul 16 07:32:29 2007 => Scanning File C:\WINDOWS\system32\lsass.exe Mon Jul 16 07:32:29 2007 => Scanning File C:\WINDOWS\system32\LSASRV.dll Mon Jul 16 07:32:30 2007 => Scanning File C:\WINDOWS\system32\NTDSAPI.dll Mon Jul 16 07:32:30 2007 => Scanning File C:\WINDOWS\system32\DNSAPI.dll Mon Jul 16 07:32:30 2007 => Scanning File C:\WINDOWS\system32\SAMSRV.dll Mon Jul 16 07:32:30 2007 => Scanning File C:\WINDOWS\system32\cryptdll.dll Mon Jul 16 07:32:30 2007 => Scanning File C:\WINDOWS\system32\msprivs.dll Mon Jul 16 07:32:30 2007 => Scanning File C:\WINDOWS\system32\kerberos.dll Mon Jul 16 07:32:30 2007 => Scanning File C:\WINDOWS\system32\netlogon.dll Mon Jul 16 07:32:31 2007 => Scanning File C:\WINDOWS\system32\w32time.dll Mon Jul 16 07:32:31 2007 => Scanning File C:\WINDOWS\system32\schannel.dll Mon Jul 16 07:32:31 2007 => Scanning File C:\WINDOWS\system32\wdigest.dll Mon Jul 16 07:32:31 2007 => Scanning File C:\WINDOWS\system32\scecli.dll Mon Jul 16 07:32:31 2007 => Scanning File C:\WINDOWS\system32\ipsecsvc.dll Mon Jul 16 07:32:31 2007 => Scanning File C:\WINDOWS\system32\oakley.DLL Mon Jul 16 07:32:31 2007 => Scanning File C:\WINDOWS\system32\WINIPSEC.DLL Mon Jul 16 07:32:31 2007 => Scanning File C:\WINDOWS\system32\pstorsvc.dll Mon Jul 16 07:32:31 2007 => Scanning File C:\WINDOWS\system32\psbase.dll Mon Jul 16 07:32:32 2007 => Scanning File C:\WINDOWS\system32\mswsock.dll Mon Jul 16 07:32:32 2007 => Scanning File C:\WINDOWS\system32\hnetcfg.dll Mon Jul 16 07:32:32 2007 => Scanning File C:\WINDOWS\System32\wshtcpip.dll Mon Jul 16 07:32:32 2007 => Scanning File C:\WINDOWS\system32\dssenh.dll Mon Jul 16 07:32:32 2007 => Scanning File C:\WINDOWS\system32\svchost.exe Mon Jul 16 07:32:32 2007 => Scanning File c:\windows\system32\rpcss.dll Mon Jul 16 07:32:32 2007 => Scanning File c:\windows\system32\termsrv.dll Mon Jul 16 07:32:32 2007 => Scanning File c:\windows\system32\ICAAPI.dll Mon Jul 16 07:32:32 2007 => Scanning File c:\windows\system32\mstlsapi.dll Mon Jul 16 07:32:33 2007 => Scanning File c:\windows\system32\ACTIVEDS.dll Mon Jul 16 07:32:33 2007 => Scanning File c:\windows\system32\adsldpc.dll Mon Jul 16 07:32:33 2007 => Scanning File c:\windows\system32\ATL.DLL Mon Jul 16 07:32:33 2007 => Scanning File C:\WINDOWS\System32\winrnr.dll Mon Jul 16 07:32:33 2007 => Scanning File C:\WINDOWS\system32\rasadhlp.dll Mon Jul 16 07:32:33 2007 => Scanning File c:\windows\system32\uxtuneup.dll Mon Jul 16 07:32:33 2007 => Scanning File c:\windows\system32\dbghelp.dll Mon Jul 16 07:32:33 2007 => Scanning File c:\windows\system32\dhcpcsvc.dll Mon Jul 16 07:32:33 2007 => Scanning File c:\windows\system32\wzcsvc.dll Mon Jul 16 07:32:34 2007 => Scanning File c:\windows\system32\rtutils.dll Mon Jul 16 07:32:34 2007 => Scanning File c:\windows\system32\WMI.dll Mon Jul 16 07:32:34 2007 => Scanning File c:\windows\system32\ESENT.dll Mon Jul 16 07:32:34 2007 => Scanning File C:\WINDOWS\System32\rastls.dll Mon Jul 16 07:32:34 2007 => Scanning File C:\WINDOWS\system32\CRYPTUI.dll Mon Jul 16 07:32:34 2007 => Scanning File C:\WINDOWS\system32\WININET.dll Mon Jul 16 07:32:34 2007 => Scanning File C:\WINDOWS\System32\MPRAPI.dll Mon Jul 16 07:32:34 2007 => Scanning File C:\WINDOWS\System32\RASAPI32.dll Mon Jul 16 07:32:35 2007 => Scanning File C:\WINDOWS\System32\rasman.dll Mon Jul 16 07:32:35 2007 => Scanning File C:\WINDOWS\System32\TAPI32.dll Mon Jul 16 07:32:35 2007 => Scanning File C:\WINDOWS\System32\raschap.dll Mon Jul 16 07:32:35 2007 => Scanning File c:\windows\system32\schedsvc.dll Mon Jul 16 07:32:35 2007 => Scanning File C:\WINDOWS\System32\MSIDLE.DLL Mon Jul 16 07:32:35 2007 => Scanning File c:\windows\system32\audiosrv.dll Mon Jul 16 07:32:35 2007 => Scanning File c:\windows\system32\wkssvc.dll Mon Jul 16 07:32:35 2007 => Scanning File c:\windows\system32\cryptsvc.dll Mon Jul 16 07:32:36 2007 => Scanning File c:\windows\system32\certcli.dll Mon Jul 16 07:32:36 2007 => Scanning File c:\windows\system32\es.dll Mon Jul 16 07:32:36 2007 => Scanning File c:\windows\system32\srvsvc.dll Mon Jul 16 07:32:36 2007 => Scanning File c:\windows\system32\netman.dll Mon Jul 16 07:32:36 2007 => Scanning File c:\windows\system32\netshell.dll Mon Jul 16 07:32:36 2007 => Scanning File c:\windows\system32\credui.dll Mon Jul 16 07:32:37 2007 => Scanning File c:\windows\system32\WZCSAPI.DLL Mon Jul 16 07:32:37 2007 => Scanning File c:\windows\system32\srsvc.dll Mon Jul 16 07:32:37 2007 => Scanning File c:\windows\system32\POWRPROF.dll Mon Jul 16 07:32:37 2007 => Scanning File c:\windows\system32\wbem\wmisvc.dll Mon Jul 16 07:32:37 2007 => Scanning File C:\WINDOWS\system32\VSSAPI.DLL Mon Jul 16 07:32:37 2007 => Scanning File c:\windows\system32\browser.dll Mon Jul 16 07:32:37 2007 => Scanning File c:\windows\system32\wuauserv.dll Mon Jul 16 07:32:37 2007 => Scanning File C:\WINDOWS\system32\wuaueng.dll Mon Jul 16 07:32:38 2007 => Scanning File C:\WINDOWS\System32\ADVPACK.dll Mon Jul 16 07:32:38 2007 => Scanning File C:\WINDOWS\System32\SHFOLDER.dll Mon Jul 16 07:32:38 2007 => Scanning File C:\WINDOWS\System32\WINHTTP.dll Mon Jul 16 07:32:38 2007 => Scanning File C:\WINDOWS\System32\Cabinet.dll Mon Jul 16 07:32:38 2007 => Scanning File C:\WINDOWS\System32\mspatcha.dll Mon Jul 16 07:32:38 2007 => Scanning File c:\windows\system32\sens.dll Mon Jul 16 07:32:38 2007 => Scanning File C:\WINDOWS\system32\comsvcs.dll Mon Jul 16 07:32:38 2007 => Scanning File C:\WINDOWS\system32\colbact.DLL Mon Jul 16 07:32:38 2007 => Scanning File C:\WINDOWS\system32\MTXCLU.DLL Mon Jul 16 07:32:39 2007 => Scanning File C:\WINDOWS\system32\WSOCK32.dll Mon Jul 16 07:32:39 2007 => Scanning File C:\WINDOWS\System32\CLUSAPI.DLL Mon Jul 16 07:32:39 2007 => Scanning File C:\WINDOWS\System32\RESUTILS.DLL Mon Jul 16 07:32:39 2007 => Scanning File c:\windows\system32\ipnathlp.dll Mon Jul 16 07:32:39 2007 => Scanning File C:\WINDOWS\System32\wbem\wbemcomn.dll Mon Jul 16 07:32:39 2007 => Scanning File C:\WINDOWS\SYSTEM32\WBEM\wbemcore.dll Mon Jul 16 07:32:39 2007 => Scanning File C:\WINDOWS\SYSTEM32\WBEM\esscli.dll Mon Jul 16 07:32:39 2007 => Scanning File C:\WINDOWS\SYSTEM32\WBEM\FastProx.dll Mon Jul 16 07:32:40 2007 => Scanning File C:\WINDOWS\System32\wbem\wmiutils.dll Mon Jul 16 07:32:40 2007 => Scanning File C:\WINDOWS\System32\wbem\repdrvfs.dll Mon Jul 16 07:32:40 2007 => Scanning File C:\WINDOWS\System32\wbem\wmiprvsd.dll Mon Jul 16 07:32:40 2007 => Scanning File C:\WINDOWS\System32\wbem\wbemess.dll Mon Jul 16 07:32:40 2007 => Scanning File c:\windows\system32\tapisrv.dll Mon Jul 16 07:32:41 2007 => Scanning File c:\windows\system32\rasmans.dll Mon Jul 16 07:32:41 2007 => Scanning File c:\windows\system32\netcfgx.dll Mon Jul 16 07:32:41 2007 => Scanning File C:\WINDOWS\System32\rastapi.dll Mon Jul 16 07:32:41 2007 => Scanning File C:\WINDOWS\System32\unimdm.tsp Mon Jul 16 07:32:41 2007 => Scanning File C:\WINDOWS\System32\uniplat.dll Mon Jul 16 07:32:41 2007 => Scanning File C:\WINDOWS\System32\unimdmat.dll Mon Jul 16 07:32:41 2007 => Scanning File C:\WINDOWS\system32\modemui.dll Mon Jul 16 07:32:41 2007 => Scanning File C:\WINDOWS\System32\kmddsp.tsp Mon Jul 16 07:32:42 2007 => Scanning File C:\WINDOWS\System32\ndptsp.tsp Mon Jul 16 07:32:42 2007 => Scanning File C:\WINDOWS\System32\ipconf.tsp Mon Jul 16 07:32:42 2007 => Scanning File C:\WINDOWS\System32\h323.tsp Mon Jul 16 07:32:42 2007 => Scanning File C:\WINDOWS\System32\hidphone.tsp Mon Jul 16 07:32:42 2007 => Scanning File C:\WINDOWS\System32\HID.DLL Mon Jul 16 07:32:42 2007 => Scanning File C:\WINDOWS\System32\rasppp.dll Mon Jul 16 07:32:42 2007 => Scanning File C:\WINDOWS\System32\ntlsapi.dll Mon Jul 16 07:32:42 2007 => Scanning File C:\WINDOWS\System32\wbem\ncprov.dll Mon Jul 16 07:32:42 2007 => Scanning File C:\WINDOWS\System32\wups.dll Mon Jul 16 07:32:42 2007 => Scanning File C:\WINDOWS\System32\msi.dll Mon Jul 16 07:32:44 2007 => Scanning File C:\WINDOWS\System32\RASDLG.dll Mon Jul 16 07:32:44 2007 => Scanning File c:\windows\system32\dnsrslvr.dll Mon Jul 16 07:32:44 2007 => Scanning File c:\windows\system32\lmhsvc.dll Mon Jul 16 07:32:44 2007 => Scanning File C:\WINDOWS\system32\ZoneLabs\vsmon.exe Mon Jul 16 07:32:45 2007 => Scanning File C:\WINDOWS\system32\VSUTIL.dll Mon Jul 16 07:32:45 2007 => Scanning File C:\WINDOWS\system32\VSINIT.dll Mon Jul 16 07:32:45 2007 => Scanning File C:\WINDOWS\system32\zpeng24.dll Mon Jul 16 07:32:45 2007 => Scanning File C:\WINDOWS\system32\ZoneLabs\dbghelp.dll Mon Jul 16 07:32:46 2007 => Scanning File C:\WINDOWS\system32\zonelabs\lib\pyd\signedDll.pyd Mon Jul 16 07:32:46 2007 => Scanning File C:\WINDOWS\system32\zonelabs\lib\pyd\pyvsinit.pyd Mon Jul 16 07:32:46 2007 => Scanning File C:\WINDOWS\system32\zonelabs\lib\pyd\pyexpat.pyd Mon Jul 16 07:32:46 2007 => Scanning File C:\WINDOWS\system32\zonelabs\lib\pyd\_socket.pyd Mon Jul 16 07:32:46 2007 => Scanning File C:\WINDOWS\system32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll Mon Jul 16 07:32:46 2007 => Scanning File C:\WINDOWS\system32\ZoneLabs\plugins\rpc_server\rpc_server.dll Mon Jul 16 07:32:46 2007 => Scanning File C:\WINDOWS\system32\ZoneLabs\vsmondll.dll Mon Jul 16 07:32:47 2007 => Scanning File C:\WINDOWS\system32\VSDATA.dll Mon Jul 16 07:32:47 2007 => Scanning File C:\WINDOWS\system32\ZoneLabs\ssleay32.dll Mon Jul 16 07:32:47 2007 => Scanning File C:\WINDOWS\system32\vsxml.dll Mon Jul 16 07:32:47 2007 => Scanning File C:\WINDOWS\system32\ZoneLabs\fbl.dll Mon Jul 16 07:32:47 2007 => Scanning File C:\WINDOWS\system32\zlcomm.dll Mon Jul 16 07:32:47 2007 => Scanning File C:\WINDOWS\system32\ZLCommDB.dll Mon Jul 16 07:32:47 2007 => Scanning File C:\WINDOWS\system32\ZoneLabs\vsdb.dll Mon Jul 16 07:32:48 2007 => Scanning File C:\WINDOWS\system32\ZoneLabs\VSRULEDB.DLL Mon Jul 16 07:32:48 2007 => Scanning File C:\WINDOWS\system32\ZoneLabs\vsvault.dll Mon Jul 16 07:32:48 2007 => Scanning File C:\WINDOWS\system32\vswmi.dll Mon Jul 16 07:32:48 2007 => Scanning File C:\WINDOWS\system32\ZoneLabs\av.dll Mon Jul 16 07:32:48 2007 => Scanning File C:\WINDOWS\system32\ZoneLabs\imsecure.dll Mon Jul 16 07:32:48 2007 => Scanning File C:\WINDOWS\system32\ZoneLabs\zlquarantine.dll Mon Jul 16 07:32:49 2007 => Scanning File C:\WINDOWS\system32\ZoneLabs\qrbase.dll Mon Jul 16 07:32:49 2007 => Scanning File C:\WINDOWS\system32\ZoneLabs\scheduler.dll Mon Jul 16 07:32:49 2007 => Scanning File C:\WINDOWS\system32\ZoneLabs\zlsre.dll Mon Jul 16 07:32:49 2007 => Scanning File C:\WINDOWS\system32\ZoneLabs\srescan.dll Mon Jul 16 07:32:50 2007 => Scanning File C:\WINDOWS\system32\ZoneLabs\zlupdate.dll Mon Jul 16 07:32:50 2007 => Scanning File C:\WINDOWS\system32\ZoneLabs\streamapi\httpblocker\httpblocker.dll Mon Jul 16 07:32:50 2007 => Scanning File C:\WINDOWS\system32\LIBEAY32_0.9.6l.dll Mon Jul 16 07:32:51 2007 => Scanning File C:\WINDOWS\system32\ZoneLabs\streamapi\imslsp\imslsp.dll Mon Jul 16 07:32:51 2007 => Scanning File C:\WINDOWS\system32\ZoneLabs\camupd.dll Mon Jul 16 07:32:51 2007 => Scanning File C:\WINDOWS\System32\wbem\wbemprox.dll Mon Jul 16 07:32:51 2007 => Scanning File C:\WINDOWS\System32\wbem\wbemsvc.dll Mon Jul 16 07:32:52 2007 => Scanning File C:\WINDOWS\system32\sensapi.dll Mon Jul 16 07:32:52 2007 => Scanning File C:\WINDOWS\Explorer.EXE Mon Jul 16 07:32:52 2007 => Scanning File C:\WINDOWS\system32\BROWSEUI.dll Mon Jul 16 07:32:52 2007 => Scanning File C:\WINDOWS\system32\SHDOCVW.dll Mon Jul 16 07:32:53 2007 => Scanning File C:\WINDOWS\System32\themeui.dll Mon Jul 16 07:32:53 2007 => Scanning File C:\WINDOWS\System32\MSIMG32.dll Mon Jul 16 07:32:53 2007 => Scanning File C:\WINDOWS\system32\LINKINFO.dll Mon Jul 16 07:32:53 2007 => Scanning File C:\WINDOWS\system32\ntshrui.dll Mon Jul 16 07:32:53 2007 => Scanning File C:\WINDOWS\system32\urlmon.dll Mon Jul 16 07:32:53 2007 => Scanning File C:\WINDOWS\System32\webcheck.dll Mon Jul 16 07:32:54 2007 => Scanning File C:\WINDOWS\System32\stobject.dll Mon Jul 16 07:32:54 2007 => Scanning File C:\WINDOWS\System32\BatMeter.dll Mon Jul 16 07:32:54 2007 => Scanning File C:\WINDOWS\system32\MSCTF.dll Mon Jul 16 07:32:54 2007 => Scanning File C:\WINDOWS\system32\mslbui.dll Mon Jul 16 07:32:54 2007 => Scanning File C:\WINDOWS\system32\browselc.dll Mon Jul 16 07:32:54 2007 => Scanning File C:\PROGRA~1\SPYBOT~1\SDHelper.dll Mon Jul 16 07:32:54 2007 => Scanning File C:\WINDOWS\system32\olepro32.dll Mon Jul 16 07:32:55 2007 => Scanning File C:\WINDOWS\system32\DUSER.dll Mon Jul 16 07:32:55 2007 => Scanning File C:\PROGRA~1\MICROS~2\Office10\msohev.dll Mon Jul 16 07:32:55 2007 => Scanning File C:\WINDOWS\system32\shimgvw.dll Mon Jul 16 07:32:56 2007 => Scanning File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll Mon Jul 16 07:32:56 2007 => Scanning File C:\WINDOWS\system32\wzcdlg.dll Mon Jul 16 07:32:56 2007 => Scanning File C:\WINDOWS\system32\spoolsv.exe Mon Jul 16 07:32:56 2007 => Scanning File C:\WINDOWS\system32\SPOOLSS.DLL Mon Jul 16 07:32:57 2007 => Scanning File C:\WINDOWS\system32\localspl.dll Mon Jul 16 07:32:57 2007 => Scanning File C:\WINDOWS\system32\cnbjmon.dll Mon Jul 16 07:32:57 2007 => Scanning File C:\WINDOWS\system32\E_SL2340.DLL Mon Jul 16 07:32:57 2007 => Scanning File C:\WINDOWS\system32\BiMMonNT.dll Mon Jul 16 07:32:57 2007 => Scanning File C:\WINDOWS\BIIMG.dll Mon Jul 16 07:32:57 2007 => Scanning File C:\WINDOWS\system32\pjlmon.dll Mon Jul 16 07:32:57 2007 => Scanning File C:\WINDOWS\system32\tcpmon.dll Mon Jul 16 07:32:57 2007 => Scanning File C:\WINDOWS\system32\usbmon.dll Mon Jul 16 07:32:58 2007 => Scanning File C:\WINDOWS\System32\spool\PRTPROCS\W32X86\BiMPront.dll Mon Jul 16 07:32:58 2007 => Scanning File C:\WINDOWS\system32\win32spl.dll Mon Jul 16 07:32:58 2007 => Scanning File C:\WINDOWS\system32\NETRAP.dll Mon Jul 16 07:32:58 2007 => Scanning File C:\WINDOWS\system32\inetpp.dll Mon Jul 16 07:32:58 2007 => Scanning File C:\PROGRA~1\Lavasoft\AD-AWA~2\AAWSER~1.EXE Mon Jul 16 07:32:58 2007 => Scanning File C:\PROGRA~1\Lavasoft\AD-AWA~2\CEAPI.dll Mon Jul 16 07:32:58 2007 => Scanning File C:\PROGRA~1\Lavasoft\AD-AWA~2\PKARCH~1.DLL Mon Jul 16 07:32:59 2007 => Scanning File C:\PROGRA~1\Lavasoft\AD-AWA~2\Update.dll Mon Jul 16 07:32:59 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe Mon Jul 16 07:33:00 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avgklib.dll Mon Jul 16 07:33:00 2007 => Scanning File C:\WINDOWS\system32\MSVCP71.dll Mon Jul 16 07:33:00 2007 => Scanning File C:\WINDOWS\system32\MSVCR71.dll Mon Jul 16 07:33:00 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avglog.dll Mon Jul 16 07:33:01 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avgcfg.dll Mon Jul 16 07:33:01 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avglng.dll Mon Jul 16 07:33:01 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avgamint.dll Mon Jul 16 07:33:01 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsps.dll Mon Jul 16 07:33:01 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe Mon Jul 16 07:33:01 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avgupd.dll Mon Jul 16 07:33:02 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avgklib.dll Mon Jul 16 07:33:02 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.dll Mon Jul 16 07:33:02 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe Mon Jul 16 07:33:02 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\libsasl.dll Mon Jul 16 07:33:02 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avgscan.dll Mon Jul 16 07:33:03 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avgunarc.dll Mon Jul 16 07:33:03 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\saslcrammd5.dll Mon Jul 16 07:33:03 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\sasldigestmd5.dll Mon Jul 16 07:33:03 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\sasllogin.dll Mon Jul 16 07:33:03 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\saslplain.dll Mon Jul 16 07:33:03 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avgmail.dll Mon Jul 16 07:33:03 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avgemcps.dll Mon Jul 16 07:33:03 2007 => Scanning File C:\WINDOWS\System32\alg.exe Mon Jul 16 07:33:03 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe Mon Jul 16 07:33:04 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\AvgTMgr.dll Mon Jul 16 07:33:04 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\AvgCtrl.dll Mon Jul 16 07:33:04 2007 => Scanning File C:\WINDOWS\system32\MFC71.DLL Mon Jul 16 07:33:05 2007 => Scanning File C:\WINDOWS\system32\MSVFW32.dll Mon Jul 16 07:33:05 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\AvgAbout.dll Mon Jul 16 07:33:05 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\AvgTest.dll Mon Jul 16 07:33:06 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\AvgTRes.dll Mon Jul 16 07:33:07 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\AvgSet.dll Mon Jul 16 07:33:16 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avgf.dll Mon Jul 16 07:33:17 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\AVGRES.DLL Mon Jul 16 07:33:20 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avgcckrn.dll Mon Jul 16 07:33:20 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avgvault.dll Mon Jul 16 07:33:20 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avgrep.dll Mon Jul 16 07:33:20 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avgemsui.dll Mon Jul 16 07:33:20 2007 => Scanning File C:\PROGRA~1\Java\JRE16~1.0_0\bin\jusched.exe Mon Jul 16 07:33:21 2007 => Scanning File C:\PROGRA~1\Java\JRE16~1.0_0\bin\MSVCR71.dll Mon Jul 16 07:33:21 2007 => Scanning File C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe Mon Jul 16 07:33:23 2007 => Scanning File C:\WINDOWS\system32\VSPUBAPI.dll Mon Jul 16 07:33:23 2007 => Scanning File C:\PROGRA~1\ZONELA~1\ZONEAL~1\framewrk.dll Mon Jul 16 07:33:23 2007 => Scanning File C:\WINDOWS\system32\ZoneLabs\lib\pyd\zpui.pyd Mon Jul 16 07:33:23 2007 => Scanning File C:\WINDOWS\system32\vsmonapi.dll Mon Jul 16 07:33:24 2007 => Scanning File C:\PROGRA~1\ZONELA~1\ZONEAL~1\alert.zap Mon Jul 16 07:33:24 2007 => Scanning File C:\PROGRA~1\ZONELA~1\ZONEAL~1\cam.zap Mon Jul 16 07:33:24 2007 => Scanning File C:\PROGRA~1\ZONELA~1\ZONEAL~1\email.zap Mon Jul 16 07:33:24 2007 => Scanning File C:\PROGRA~1\ZONELA~1\ZONEAL~1\filter.zap Mon Jul 16 07:33:24 2007 => Scanning File C:\PROGRA~1\ZONELA~1\ZONEAL~1\firewall.zap Mon Jul 16 07:33:24 2007 => Scanning File C:\PROGRA~1\ZONELA~1\ZONEAL~1\idlock.zap Mon Jul 16 07:33:24 2007 => Scanning File C:\PROGRA~1\ZONELA~1\ZONEAL~1\imsecure.zap Mon Jul 16 07:33:25 2007 => Scanning File C:\PROGRA~1\ZONELA~1\ZONEAL~1\privacy.zap Mon Jul 16 07:33:25 2007 => Scanning File C:\PROGRA~1\ZONELA~1\ZONEAL~1\programs.zap Mon Jul 16 07:33:25 2007 => Scanning File C:\PROGRA~1\ZONELA~1\ZONEAL~1\security.zap Mon Jul 16 07:33:25 2007 => Scanning File C:\WINDOWS\system32\ctfmon.exe Mon Jul 16 07:33:25 2007 => Scanning File C:\WINDOWS\system32\MSUTB.dll Mon Jul 16 07:33:26 2007 => Scanning File C:\PROGRA~1\MOZILL~1\firefox.exe Mon Jul 16 07:33:26 2007 => Scanning File C:\PROGRA~1\MOZILL~1\js3250.dll Mon Jul 16 07:33:26 2007 => Scanning File C:\PROGRA~1\MOZILL~1\nspr4.dll Mon Jul 16 07:33:27 2007 => Scanning File C:\PROGRA~1\MOZILL~1\XPCOM_~2.DLL Mon Jul 16 07:33:27 2007 => Scanning File C:\PROGRA~1\MOZILL~1\plc4.dll Mon Jul 16 07:33:27 2007 => Scanning File C:\PROGRA~1\MOZILL~1\plds4.dll Mon Jul 16 07:33:27 2007 => Scanning File C:\PROGRA~1\MOZILL~1\smime3.dll Mon Jul 16 07:33:27 2007 => Scanning File C:\PROGRA~1\MOZILL~1\nss3.dll Mon Jul 16 07:33:28 2007 => Scanning File C:\PROGRA~1\MOZILL~1\softokn3.dll Mon Jul 16 07:33:28 2007 => Scanning File C:\PROGRA~1\MOZILL~1\ssl3.dll Mon Jul 16 07:33:28 2007 => Scanning File C:\PROGRA~1\MOZILL~1\XPCOM_~1.DLL Mon Jul 16 07:33:28 2007 => Scanning File C:\PROGRA~1\MOZILL~1\COMPON~1\myspell.dll Mon Jul 16 07:33:28 2007 => Scanning File C:\PROGRA~1\MOZILL~1\COMPON~1\jar50.dll Mon Jul 16 07:33:28 2007 => Scanning File C:\PROGRA~1\MOZILL~1\EXTENS~1\TALKBA~1.ORG\COMPON~1\QFASER~1.DLL Mon Jul 16 07:33:29 2007 => Scanning File C:\PROGRA~1\MOZILL~1\EXTENS~1\TALKBA~1.ORG\COMPON~1\FULLSOFT.DLL Mon Jul 16 07:33:29 2007 => Scanning File C:\WINDOWS\System32\msimtf.dll Mon Jul 16 07:33:29 2007 => Scanning File C:\PROGRA~1\MOZILL~1\freebl3.dll Mon Jul 16 07:33:29 2007 => Scanning File C:\PROGRA~1\MOZILL~1\nssckbi.dll Mon Jul 16 07:33:29 2007 => Scanning File C:\PROGRA~1\MOZILL~1\COMPON~1\spellchk.dll Mon Jul 16 07:33:29 2007 => Scanning File C:\WINDOWS\System32\mlang.dll Mon Jul 16 07:33:30 2007 => Scanning File C:\WINDOWS\system32\IMM32.DLL Mon Jul 16 07:33:30 2007 => Scanning File C:\PROGRA~1\MICROS~2\Office10\WINWORD.EXE Mon Jul 16 07:33:31 2007 => Scanning File C:\PROGRA~1\COMMON~1\MICROS~1\office10\mso.dll Mon Jul 16 07:33:33 2007 => Scanning File C:\PROGRA~1\COMMON~1\MICROS~1\office10\riched20.dll Mon Jul 16 07:33:33 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avgoff2k.dll Mon Jul 16 07:33:33 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avgcore.dll Mon Jul 16 07:33:33 2007 => Scanning File C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\N2PUifnt.dll Mon Jul 16 07:33:34 2007 => Scanning File C:\DOCUME~1\Darrel\LOCALS~1\Temp\mexe.com Mon Jul 16 07:33:35 2007 => Scanning File C:\DOCUME~1\Darrel\LOCALS~1\Temp\msvl64.dll Mon Jul 16 07:33:36 2007 => Scanning File C:\DOCUME~1\Darrel\LOCALS~1\Temp\kave.dll Mon Jul 16 07:33:36 2007 => Scanning File C:\DOCUME~1\Darrel\LOCALS~1\Temp\fssync.dll Mon Jul 16 07:33:36 2007 => Scanning File C:\DOCUME~1\Darrel\LOCALS~1\Temp\MSVCR80.dll Mon Jul 16 07:33:36 2007 => Scanning File C:\DOCUME~1\Darrel\LOCALS~1\Temp\MSVCP80.dll Mon Jul 16 07:33:36 2007 => Scanning File C:\WINDOWS\system32\RICHED32.DLL Mon Jul 16 07:33:36 2007 => Scanning File C:\WINDOWS\system32\RICHED20.dll Mon Jul 16 07:33:37 2007 => Scanning File C:\WINDOWS\system32\VDMDBG.DLL Mon Jul 16 07:33:37 2007 => Scanning File C:\DOCUME~1\Darrel\LOCALS~1\Temp\ScanningProcess.exe Mon Jul 16 07:33:37 2007 => Scanning File C:\DOCUME~1\Darrel\LOCALS~1\Temp\prloader.dll Mon Jul 16 07:33:37 2007 => Scanning File C:\DOCUME~1\Darrel\LOCALS~1\Temp\prkernel.ppl Mon Jul 16 07:33:37 2007 => Scanning File c:\docume~1\darrel\locals~1\temp\avpmgr.ppl Mon Jul 16 07:33:37 2007 => Scanning File c:\docume~1\darrel\locals~1\temp\wdiskio.ppl Mon Jul 16 07:33:37 2007 => Scanning File c:\docume~1\darrel\locals~1\temp\nfio.ppl Mon Jul 16 07:33:37 2007 => Scanning File c:\docume~1\darrel\locals~1\temp\fsdrvplg.ppl Mon Jul 16 07:33:37 2007 => Scanning File c:\docume~1\darrel\locals~1\temp\avlib.ppl Mon Jul 16 07:33:37 2007 => Scanning File c:\docume~1\darrel\locals~1\temp\dtreg.ppl Mon Jul 16 07:33:38 2007 => Scanning File c:\docume~1\darrel\locals~1\temp\prutil.ppl Mon Jul 16 07:33:38 2007 => Scanning File c:\docume~1\darrel\locals~1\temp\avp1.ppl Mon Jul 16 07:33:38 2007 => Scanning File c:\docume~1\darrel\locals~1\temp\l_llio.ppl Mon Jul 16 07:33:38 2007 => Scanning File c:\docume~1\darrel\locals~1\temp\ichk2.ppl Mon Jul 16 07:33:38 2007 => Scanning File c:\docume~1\darrel\locals~1\temp\sfdb.ppl Mon Jul 16 07:33:38 2007 => Scanning File c:\docume~1\darrel\locals~1\temp\ichksa.ppl Mon Jul 16 07:33:38 2007 => Scanning File c:\docume~1\darrel\locals~1\temp\mkavio.ppl Mon Jul 16 07:33:38 2007 => Scanning File c:\docume~1\darrel\locals~1\temp\hashmd5.ppl Mon Jul 16 07:33:38 2007 => Scanning File c:\docume~1\darrel\locals~1\temp\hashcont.ppl Mon Jul 16 07:33:38 2007 => Scanning File c:\docume~1\darrel\locals~1\temp\hccmp.ppl Mon Jul 16 07:33:38 2007 => Scanning File c:\docume~1\darrel\locals~1\temp\iwgen.ppl Mon Jul 16 07:33:39 2007 => Scanning File c:\docume~1\darrel\locals~1\temp\uniarc.ppl Mon Jul 16 07:33:39 2007 => Scanning File c:\docume~1\darrel\locals~1\temp\minizip.ppl Mon Jul 16 07:33:39 2007 => Scanning File c:\docume~1\darrel\locals~1\temp\cab.ppl Mon Jul 16 07:33:39 2007 => Scanning File c:\docume~1\darrel\locals~1\temp\arj.ppl Mon Jul 16 07:33:39 2007 => Scanning File c:\docume~1\darrel\locals~1\temp\rar.ppl Mon Jul 16 07:33:39 2007 => Scanning File c:\docume~1\darrel\locals~1\temp\lha.ppl Mon Jul 16 07:33:39 2007 => Scanning File c:\docume~1\darrel\locals~1\temp\mdb.ppl Mon Jul 16 07:33:39 2007 => Scanning File C:\WINDOWS\system32\MAPI32.dll Mon Jul 16 07:33:39 2007 => Scanning File c:\docume~1\darrel\locals~1\temp\msoe.ppl Mon Jul 16 07:33:40 2007 => Scanning File c:\docume~1\darrel\locals~1\temp\tempfile.ppl Mon Jul 16 07:33:40 2007 => Scanning File c:\docume~1\darrel\locals~1\temp\avpgs.ppl Mon Jul 16 07:33:40 2007 => Scanning File c:\docume~1\darrel\locals~1\temp\thpimpl.ppl Mon Jul 16 07:33:40 2007 => Scanning File c:\docume~1\darrel\locals~1\temp\dmap.ppl Mon Jul 16 07:33:40 2007 => * Scanning Registry Files * Mon Jul 16 07:33:40 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad Mon Jul 16 07:33:40 2007 => (PostBootReminder) {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll Mon Jul 16 07:33:40 2007 => Scanning File C:\WINDOWS\system32\SHELL32.dll Mon Jul 16 07:33:40 2007 => (CDBurn) {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll Mon Jul 16 07:33:40 2007 => Scanning File C:\WINDOWS\system32\SHELL32.dll Mon Jul 16 07:33:40 2007 => (WebCheck) {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll Mon Jul 16 07:33:40 2007 => Scanning File C:\WINDOWS\System32\webcheck.dll Mon Jul 16 07:33:40 2007 => (SysTray) {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll Mon Jul 16 07:33:40 2007 => Scanning File C:\WINDOWS\System32\stobject.dll Mon Jul 16 07:33:40 2007 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad Mon Jul 16 07:33:40 2007 => Scanning HKLM\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension Mon Jul 16 07:33:40 2007 => Scanning HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar Mon Jul 16 07:33:40 2007 => Scanning HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units Mon Jul 16 07:33:40 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects Mon Jul 16 07:33:40 2007 => {53707962-6F74-2D53-2644-206D7942484F} = C:\PROGRA~1\SPYBOT~1\SDHelper.dll Mon Jul 16 07:33:40 2007 => Scanning File C:\PROGRA~1\SPYBOT~1\SDHelper.dll Mon Jul 16 07:33:40 2007 => {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll Mon Jul 16 07:33:40 2007 => Scanning File C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll Mon Jul 16 07:33:41 2007 => Scanning HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars Mon Jul 16 07:33:41 2007 => {4528BBE0-4E08-11D5-AD55-00010333D0AD} = NULL Mon Jul 16 07:33:41 2007 => {4D5C8C25-D075-11d0-B416-00C04FB90376} = %SystemRoot%\System32\shdocvw.dll Mon Jul 16 07:33:41 2007 => Scanning File C:\WINDOWS\System32\shdocvw.dll Mon Jul 16 07:33:41 2007 => Scanning HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions Mon Jul 16 07:33:41 2007 => {08B0E5C0-4FCB-11CF-AAA5-00401C608501} = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll Mon Jul 16 07:33:41 2007 => Scanning File C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll Mon Jul 16 07:33:41 2007 => {44627E97-789B-40d4-B5C2-58BD171129A1} = NULL Mon Jul 16 07:33:41 2007 => Scanning HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars Mon Jul 16 07:33:41 2007 => {32683183-48a0-441b-a342-7c2a440a9478} = NULL Mon Jul 16 07:33:41 2007 => {4528BBE0-4E08-11D5-AD55-00010333D0AD} = NULL Mon Jul 16 07:33:41 2007 => {C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} = %SystemRoot%\system32\SHELL32.dll Mon Jul 16 07:33:41 2007 => Scanning File C:\WINDOWS\system32\SHELL32.dll Mon Jul 16 07:33:41 2007 => {EFA24E64-B078-11D0-89E4-00C04FC9E26E} = %SystemRoot%\System32\shdocvw.dll Mon Jul 16 07:33:41 2007 => Scanning File C:\WINDOWS\System32\shdocvw.dll Mon Jul 16 07:33:41 2007 => Scanning HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping Mon Jul 16 07:33:41 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler Mon Jul 16 07:33:41 2007 => {438755C2-A8BA-11D1-B96B-00A0C90312E1} = %SystemRoot%\System32\browseui.dll Mon Jul 16 07:33:41 2007 => Scanning File C:\WINDOWS\System32\browseui.dll Mon Jul 16 07:33:41 2007 => {8C7461EF-2B13-11d2-BE35-3078302C2030} = %SystemRoot%\System32\browseui.dll Mon Jul 16 07:33:41 2007 => Scanning File C:\WINDOWS\System32\browseui.dll Mon Jul 16 07:33:41 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved Mon Jul 16 07:33:41 2007 => {00022613-0000-0000-C000-000000000046} = mmsys.cpl Mon Jul 16 07:33:41 2007 => Scanning File C:\WINDOWS\SYSTEM32\mmsys.cpl Mon Jul 16 07:33:41 2007 => {176d6597-26d3-11d1-b350-080036a75b03} = icmui.dll Mon Jul 16 07:33:41 2007 => Scanning File C:\WINDOWS\SYSTEM32\icmui.dll Mon Jul 16 07:33:41 2007 => {1F2E5C40-9550-11CE-99D2-00AA006E086C} = rshx32.dll Mon Jul 16 07:33:41 2007 => Scanning File C:\WINDOWS\SYSTEM32\rshx32.dll Mon Jul 16 07:33:42 2007 => {3EA48300-8CF6-101B-84FB-666CCB9BCD32} = docprop.dll Mon Jul 16 07:33:42 2007 => Scanning File C:\WINDOWS\SYSTEM32\docprop.dll Mon Jul 16 07:33:42 2007 => {40dd6e20-7c17-11ce-a804-00aa003ca9f6} = ntshrui.dll Mon Jul 16 07:33:42 2007 => Scanning File C:\WINDOWS\SYSTEM32\ntshrui.dll Mon Jul 16 07:33:42 2007 => {41E300E0-78B6-11ce-849B-444553540000} = %SystemRoot%\System32\themeui.dll Mon Jul 16 07:33:42 2007 => Scanning File C:\WINDOWS\System32\themeui.dll Mon Jul 16 07:33:42 2007 => {42071712-76d4-11d1-8b24-00a0c9068ff3} = deskadp.dll Mon Jul 16 07:33:42 2007 => Scanning File C:\WINDOWS\SYSTEM32\deskadp.dll Mon Jul 16 07:33:42 2007 => {42071713-76d4-11d1-8b24-00a0c9068ff3} = deskmon.dll Mon Jul 16 07:33:42 2007 => Scanning File C:\WINDOWS\SYSTEM32\deskmon.dll Mon Jul 16 07:33:42 2007 => {4E40F770-369C-11d0-8922-00A024AB2DBB} = dssec.dll Mon Jul 16 07:33:42 2007 => Scanning File C:\WINDOWS\SYSTEM32\dssec.dll Mon Jul 16 07:33:42 2007 => {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} = SlayerXP.dll Mon Jul 16 07:33:42 2007 => Scanning File C:\WINDOWS\SYSTEM32\SlayerXP.dll Mon Jul 16 07:33:42 2007 => {56117100-C0CD-101B-81E2-00AA004AE837} = shscrap.dll Mon Jul 16 07:33:42 2007 => Scanning File C:\WINDOWS\SYSTEM32\shscrap.dll Mon Jul 16 07:33:43 2007 => {59099400-57FF-11CE-BD94-0020AF85B590} = diskcopy.dll Mon Jul 16 07:33:43 2007 => Scanning File C:\WINDOWS\SYSTEM32\diskcopy.dll Mon Jul 16 07:33:43 2007 => {59be4990-f85c-11ce-aff7-00aa003ca9f6} = ntlanui2.dll Mon Jul 16 07:33:43 2007 => Scanning File C:\WINDOWS\SYSTEM32\ntlanui2.dll Mon Jul 16 07:33:43 2007 => {5DB2625A-54DF-11D0-B6C4-0800091AA605} = %SystemRoot%\System32\icmui.dll Mon Jul 16 07:33:43 2007 => Scanning File C:\WINDOWS\System32\icmui.dll Mon Jul 16 07:33:43 2007 => {675F097E-4C4D-11D0-B6C1-0800091AA605} = %SystemRoot%\system32\icmui.dll Mon Jul 16 07:33:43 2007 => Scanning File C:\WINDOWS\system32\icmui.dll Mon Jul 16 07:33:43 2007 => {77597368-7b15-11d0-a0c2-080036af3f03} = printui.dll Mon Jul 16 07:33:43 2007 => Scanning File C:\WINDOWS\SYSTEM32\printui.dll Mon Jul 16 07:33:44 2007 => {7988B573-EC89-11cf-9C00-00AA00A14F56} = dskquoui.dll Mon Jul 16 07:33:44 2007 => Scanning File C:\WINDOWS\SYSTEM32\dskquoui.dll Mon Jul 16 07:33:44 2007 => {85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll Mon Jul 16 07:33:44 2007 => Scanning File C:\WINDOWS\SYSTEM32\syncui.dll Mon Jul 16 07:33:44 2007 => {88895560-9AA2-1069-930E-00AA0030EBC8} = C:\WINDOWS\System32\hticons.dll Mon Jul 16 07:33:44 2007 => Scanning File C:\WINDOWS\System32\hticons.dll Mon Jul 16 07:33:44 2007 => {BD84B380-8CA2-1069-AB1D-08000948F534} = fontext.dll Mon Jul 16 07:33:44 2007 => Scanning File C:\WINDOWS\SYSTEM32\fontext.dll Mon Jul 16 07:33:45 2007 => {DBCE2480-C732-101B-BE72-BA78E9AD5B27} = %SystemRoot%\system32\icmui.dll Mon Jul 16 07:33:45 2007 => Scanning File C:\WINDOWS\system32\icmui.dll Mon Jul 16 07:33:45 2007 => {F37C5810-4D3F-11d0-B4BF-00AA00BBB723} = rshx32.dll Mon Jul 16 07:33:45 2007 => Scanning File C:\WINDOWS\SYSTEM32\rshx32.dll Mon Jul 16 07:33:45 2007 => {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll Mon Jul 16 07:33:45 2007 => Scanning File C:\WINDOWS\SYSTEM32\ntshrui.dll Mon Jul 16 07:33:45 2007 => {f92e8c40-3d33-11d2-b1aa-080036a75b03} = deskperf.dll Mon Jul 16 07:33:45 2007 => Scanning File C:\WINDOWS\SYSTEM32\deskperf.dll Mon Jul 16 07:33:45 2007 => {7444C717-39BF-11D1-8CD9-00C04FC29D45} = C:\WINDOWS\system32\cryptext.dll Mon Jul 16 07:33:45 2007 => Scanning File C:\WINDOWS\system32\cryptext.dll Mon Jul 16 07:33:46 2007 => {7444C719-39BF-11D1-8CD9-00C04FC29D45} = C:\WINDOWS\system32\cryptext.dll Mon Jul 16 07:33:46 2007 => Scanning File C:\WINDOWS\system32\cryptext.dll Mon Jul 16 07:33:46 2007 => {7007ACC7-3202-11D1-AAD2-00805FC1270E} = C:\WINDOWS\system32\NETSHELL.dll Mon Jul 16 07:33:46 2007 => Scanning File C:\WINDOWS\system32\NETSHELL.dll Mon Jul 16 07:33:46 2007 => {992CFFA0-F557-101A-88EC-00DD010CCC48} = C:\WINDOWS\system32\NETSHELL.dll Mon Jul 16 07:33:46 2007 => Scanning File C:\WINDOWS\system32\NETSHELL.dll Mon Jul 16 07:33:46 2007 => {E211B736-43FD-11D1-9EFB-0000F8757FCD} = wiashext.dll Mon Jul 16 07:33:46 2007 => Scanning File C:\WINDOWS\SYSTEM32\wiashext.dll Mon Jul 16 07:33:48 2007 => {FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD} = wiashext.dll Mon Jul 16 07:33:48 2007 => Scanning File C:\WINDOWS\SYSTEM32\wiashext.dll Mon Jul 16 07:33:48 2007 => {905667aa-acd6-11d2-8080-00805f6596d2} = wiashext.dll Mon Jul 16 07:33:48 2007 => Scanning File C:\WINDOWS\SYSTEM32\wiashext.dll Mon Jul 16 07:33:48 2007 => {3F953603-1008-4f6e-A73A-04AAC7A992F1} = wiashext.dll Mon Jul 16 07:33:48 2007 => Scanning File C:\WINDOWS\SYSTEM32\wiashext.dll Mon Jul 16 07:33:48 2007 => {83bbcbf3-b28a-4919-a5aa-73027445d672} = wiashext.dll Mon Jul 16 07:33:48 2007 => Scanning File C:\WINDOWS\SYSTEM32\wiashext.dll Mon Jul 16 07:33:48 2007 => {F0152790-D56E-4445-850E-4F3117DB740C} = C:\WINDOWS\System32\remotepg.dll Mon Jul 16 07:33:48 2007 => Scanning File C:\WINDOWS\System32\remotepg.dll Mon Jul 16 07:33:48 2007 => {5F327514-6C5E-4d60-8F16-D07FA08A78ED} = C:\WINDOWS\system32\wuaucpl.cpl Mon Jul 16 07:33:48 2007 => Scanning File C:\WINDOWS\system32\wuaucpl.cpl Mon Jul 16 07:33:48 2007 => {60254CA5-953B-11CF-8C96-00AA00B8708C} = C:\WINDOWS\System32\wshext.dll Mon Jul 16 07:33:48 2007 => Scanning File C:\WINDOWS\System32\wshext.dll Mon Jul 16 07:33:48 2007 => {2206CDB2-19C1-11D1-89E0-00C04FD7A829} = C:\Program Files\Common Files\System\Ole DB\oledb32.dll Mon Jul 16 07:33:48 2007 => Scanning File C:\PROGRA~1\COMMON~1\System\OLEDB~1\oledb32.dll Mon Jul 16 07:33:49 2007 => {DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} = C:\WINDOWS\System32\mstask.dll Mon Jul 16 07:33:49 2007 => Scanning File C:\WINDOWS\System32\mstask.dll Mon Jul 16 07:33:49 2007 => {797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} = C:\WINDOWS\System32\mstask.dll Mon Jul 16 07:33:49 2007 => Scanning File C:\WINDOWS\System32\mstask.dll Mon Jul 16 07:33:49 2007 => {D6277990-4C6A-11CF-8D87-00AA0060F5BF} = C:\WINDOWS\System32\mstask.dll Mon Jul 16 07:33:49 2007 => Scanning File C:\WINDOWS\System32\mstask.dll Mon Jul 16 07:33:49 2007 => {2559a1f0-21d7-11d4-bdaf-00c04f60b9f0} = %SystemRoot%\system32\shdocvw.dll Mon Jul 16 07:33:49 2007 => Scanning File C:\WINDOWS\system32\shdocvw.dll Mon Jul 16 07:33:49 2007 => {2559a1f1-21d7-11d4-bdaf-00c04f60b9f0} = %SystemRoot%\system32\shdocvw.dll Mon Jul 16 07:33:49 2007 => Scanning File C:\WINDOWS\system32\shdocvw.dll Mon Jul 16 07:33:49 2007 => {2559a1f2-21d7-11d4-bdaf-00c04f60b9f0} = %SystemRoot%\system32\shdocvw.dll Mon Jul 16 07:33:49 2007 => Scanning File C:\WINDOWS\system32\shdocvw.dll Mon Jul 16 07:33:49 2007 => {2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} = %SystemRoot%\system32\shdocvw.dll Mon Jul 16 07:33:49 2007 => Scanning File C:\WINDOWS\system32\shdocvw.dll Mon Jul 16 07:33:49 2007 => {2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} = %SystemRoot%\system32\shdocvw.dll Mon Jul 16 07:33:49 2007 => Scanning File C:\WINDOWS\system32\shdocvw.dll Mon Jul 16 07:33:49 2007 => {2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} = %SystemRoot%\system32\shdocvw.dll Mon Jul 16 07:33:49 2007 => Scanning File C:\WINDOWS\system32\shdocvw.dll Mon Jul 16 07:33:49 2007 => {D20EA4E1-3957-11d2-A40B-0C5020524152} = %SystemRoot%\system32\shdocvw.dll Mon Jul 16 07:33:49 2007 => Scanning File C:\WINDOWS\system32\shdocvw.dll Mon Jul 16 07:33:49 2007 => {D20EA4E1-3957-11d2-A40B-0C5020524153} = %SystemRoot%\system32\shdocvw.dll Mon Jul 16 07:33:49 2007 => Scanning File C:\WINDOWS\system32\shdocvw.dll Mon Jul 16 07:33:49 2007 => {875CB1A1-0F29-45de-A1AE-CFB4950D0B78} = %SystemRoot%\System32\shmedia.dll Mon Jul 16 07:33:49 2007 => Scanning File C:\WINDOWS\System32\shmedia.dll Mon Jul 16 07:33:49 2007 => {40C3D757-D6E4-4b49-BB41-0E5BBEA28817} = %SystemRoot%\System32\shmedia.dll Mon Jul 16 07:33:49 2007 => Scanning File C:\WINDOWS\System32\shmedia.dll Mon Jul 16 07:33:49 2007 => {E4B29F9D-D390-480b-92FD-7DDB47101D71} = %SystemRoot%\System32\shmedia.dll Mon Jul 16 07:33:49 2007 => Scanning File C:\WINDOWS\System32\shmedia.dll Mon Jul 16 07:33:49 2007 => {87D62D94-71B3-4b9a-9489-5FE6850DC73E} = %SystemRoot%\System32\shmedia.dll Mon Jul 16 07:33:49 2007 => Scanning File C:\WINDOWS\System32\shmedia.dll Mon Jul 16 07:33:49 2007 => {A6FD9E45-6E44-43f9-8644-08598F5A74D9} = %SystemRoot%\System32\shmedia.dll Mon Jul 16 07:33:49 2007 => Scanning File C:\WINDOWS\System32\shmedia.dll Mon Jul 16 07:33:49 2007 => {c5a40261-cd64-4ccf-84cb-c394da41d590} = %SystemRoot%\System32\shmedia.dll Mon Jul 16 07:33:49 2007 => Scanning File C:\WINDOWS\System32\shmedia.dll Mon Jul 16 07:33:49 2007 => {5E6AB780-7743-11CF-A12B-00AA004AE837} = %SystemRoot%\System32\browseui.dll Mon Jul 16 07:33:49 2007 => Scanning File C:\WINDOWS\System32\browseui.dll Mon Jul 16 07:33:49 2007 => {22BF0C20-6DA7-11D0-B373-00A0C9034938} = %SystemRoot%\System32\browseui.dll Mon Jul 16 07:33:49 2007 => Scanning File C:\WINDOWS\System32\browseui.dll Mon Jul 16 07:33:49 2007 => {91EA3F8B-C99B-11d0-9815-00C04FD91972} = %SystemRoot%\System32\browseui.dll Mon Jul 16 07:33:49 2007 => Scanning File C:\WINDOWS\System32\browseui.dll Mon Jul 16 07:33:49 2007 => {6413BA2C-B461-11d1-A18A-080036B11A03} = %SystemRoot%\System32\browseui.dll Mon Jul 16 07:33:49 2007 => Scanning File C:\WINDOWS\System32\browseui.dll Mon Jul 16 07:33:49 2007 => {F61FFEC1-754F-11d0-80CA-00AA005B4383} = %SystemRoot%\System32\browseui.dll Mon Jul 16 07:33:49 2007 => Scanning File C:\WINDOWS\System32\browseui.dll Mon Jul 16 07:33:49 2007 => {7BA4C742-9E81-11CF-99D3-00AA004AE837} = %SystemRoot%\System32\browseui.dll Mon Jul 16 07:33:49 2007 => Scanning File C:\WINDOWS\System32\browseui.dll Mon Jul 16 07:33:49 2007 => {30D02401-6A81-11d0-8274-00C04FD5AE38} = %SystemRoot%\System32\browseui.dll Mon Jul 16 07:33:49 2007 => Scanning File C:\WINDOWS\System32\browseui.dll Mon Jul 16 07:33:49 2007 => {169A0691-8DF9-11d1-A1C4-00C04FD75D13} = %SystemRoot%\System32\browseui.dll Mon Jul 16 07:33:49 2007 => Scanning File C:\WINDOWS\System32\browseui.dll Mon Jul 16 07:33:49 2007 => {07798131-AF23-11d1-9111-00A0C98BA67D} = %SystemRoot%\System32\browseui.dll Mon Jul 16 07:33:49 2007 => Scanning File C:\WINDOWS\System32\browseui.dll Mon Jul 16 07:33:49 2007 => {AF4F6510-F982-11d0-8595-00AA004CD6D8} = %SystemRoot%\System32\browseui.dll Mon Jul 16 07:33:49 2007 => Scanning File C:\WINDOWS\System32\browseui.dll Mon Jul 16 07:33:49 2007 => {01E04581-4EEE-11d0-BFE9-00AA005B4383} = %SystemRoot%\System32\browseui.dll Mon Jul 16 07:33:49 2007 => Scanning File C:\WINDOWS\System32\browseui.dll Mon Jul 16 07:33:49 2007 => {A08C11D2-A228-11d0-825B-00AA005B4383} = %SystemRoot%\System32\browseui.dll Mon Jul 16 07:33:49 2007 => Scanning File C:\WINDOWS\System32\browseui.dll Mon Jul 16 07:33:49 2007 => {00BB2763-6A77-11D0-A535-00C04FD7D062} = %SystemRoot%\System32\browseui.dll Mon Jul 16 07:33:49 2007 => Scanning File C:\WINDOWS\System32\browseui.dll Mon Jul 16 07:33:49 2007 => {7376D660-C583-11d0-A3A5-00C04FD706EC} = %SystemRoot%\System32\browseui.dll Mon Jul 16 07:33:49 2007 => Scanning File C:\WINDOWS\System32\browseui.dll Mon Jul 16 07:33:49 2007 => {6756A641-DE71-11d0-831B-00AA005B4383} = %SystemRoot%\System32\browseui.dll Mon Jul 16 07:33:49 2007 => Scanning File C:\WINDOWS\System32\browseui.dll Mon Jul 16 07:33:50 2007 => {6935DB93-21E8-4ccc-BEB9-9FE3C77A297A} = %SystemRoot%\System32\browseui.dll Mon Jul 16 07:33:50 2007 => Scanning File C:\WINDOWS\System32\browseui.dll Mon Jul 16 07:33:50 2007 => {7e653215-fa25-46bd-a339-34a2790f3cb7} = %SystemRoot%\System32\browseui.dll Mon Jul 16 07:33:50 2007 => Scanning File C:\WINDOWS\System32\browseui.dll Mon Jul 16 07:33:50 2007 => {acf35015-526e-4230-9596-becbe19f0ac9} = %SystemRoot%\System32\browseui.dll Mon Jul 16 07:33:50 2007 => Scanning File C:\WINDOWS\System32\browseui.dll Mon Jul 16 07:33:50 2007 => {E0E11A09-5CB8-4B6C-8332-E00720A168F2} = %SystemRoot%\System32\browseui.dll Mon Jul 16 07:33:50 2007 => Scanning File C:\WINDOWS\System32\browseui.dll Mon Jul 16 07:33:50 2007 => {00BB2764-6A77-11D0-A535-00C04FD7D062} = %SystemRoot%\System32\browseui.dll Mon Jul 16 07:33:50 2007 => Scanning File C:\WINDOWS\System32\browseui.dll Mon Jul 16 07:33:50 2007 => {03C036F1-A186-11D0-824A-00AA005B4383} = %SystemRoot%\System32\browseui.dll Mon Jul 16 07:33:50 2007 => Scanning File C:\WINDOWS\System32\browseui.dll Mon Jul 16 07:33:50 2007 => {00BB2765-6A77-11D0-A535-00C04FD7D062} = %SystemRoot%\System32\browseui.dll Mon Jul 16 07:33:50 2007 => Scanning File C:\WINDOWS\System32\browseui.dll Mon Jul 16 07:33:50 2007 => {ECD4FC4E-521C-11D0-B792-00A0C90312E1} = %SystemRoot%\System32\browseui.dll Mon Jul 16 07:33:50 2007 => Scanning File C:\WINDOWS\System32\browseui.dll Mon Jul 16 07:33:50 2007 => {3CCF8A41-5C85-11d0-9796-00AA00B90ADF} = %SystemRoot%\System32\browseui.dll Mon Jul 16 07:33:50 2007 => Scanning File C:\WINDOWS\System32\browseui.dll Mon Jul 16 07:33:50 2007 => {ECD4FC4C-521C-11D0-B792-00A0C90312E1} = %SystemRoot%\System32\browseui.dll Mon Jul 16 07:33:50 2007 => Scanning File C:\WINDOWS\System32\browseui.dll Mon Jul 16 07:33:50 2007 => {ECD4FC4D-521C-11D0-B792-00A0C90312E1} = %SystemRoot%\System32\browseui.dll Mon Jul 16 07:33:50 2007 => Scanning File C:\WINDOWS\System32\browseui.dll Mon Jul 16 07:33:50 2007 => {DD313E04-FEFF-11d1-8ECD-0000F87A470C} = %SystemRoot%\System32\browseui.dll Mon Jul 16 07:33:50 2007 => Scanning File C:\WINDOWS\System32\browseui.dll Mon Jul 16 07:33:50 2007 => {EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} = %SystemRoot%\System32\browseui.dll Mon Jul 16 07:33:50 2007 => Scanning File C:\WINDOWS\System32\browseui.dll Mon Jul 16 07:33:50 2007 => {EFA24E61-B078-11d0-89E4-00C04FC9E26E} = %SystemRoot%\System32\shdocvw.dll Mon Jul 16 07:33:50 2007 => Scanning File C:\WINDOWS\System32\shdocvw.dll Mon Jul 16 07:33:50 2007 => {0A89A860-D7B1-11CE-8350-444553540000} = %SystemRoot%\System32\shdocvw.dll Mon Jul 16 07:33:50 2007 => Scanning File C:\WINDOWS\System32\shdocvw.dll Mon Jul 16 07:33:50 2007 => {E7E4BC40-E76A-11CE-A9BB-00AA004AE837} = %SystemRoot%\System32\shdocvw.dll Mon Jul 16 07:33:50 2007 => Scanning File C:\WINDOWS\System32\shdocvw.dll Mon Jul 16 07:33:50 2007 => {A5E46E3A-8849-11D1-9D8C-00C04FC99D61} = %SystemRoot%\System32\shdocvw.dll Mon Jul 16 07:33:50 2007 => Scanning File C:\WINDOWS\System32\shdocvw.dll Mon Jul 16 07:33:50 2007 => {FBF23B40-E3F0-101B-8488-00AA003E56F8} = shdocvw.dll Mon Jul 16 07:33:50 2007 => Scanning File C:\WINDOWS\SYSTEM32\shdocvw.dll Mon Jul 16 07:33:50 2007 => {3C374A40-BAE4-11CF-BF7D-00AA006946EE} = %SystemRoot%\System32\shdocvw.dll Mon Jul 16 07:33:50 2007 => Scanning File C:\WINDOWS\System32\shdocvw.dll Mon Jul 16 07:33:50 2007 => {FF393560-C2A7-11CF-BFF4-444553540000} = %SystemRoot%\System32\shdocvw.dll Mon Jul 16 07:33:50 2007 => Scanning File C:\WINDOWS\System32\shdocvw.dll Mon Jul 16 07:33:50 2007 => {7BD29E00-76C1-11CF-9DD0-00A0C9034933} = %SystemRoot%\System32\shdocvw.dll Mon Jul 16 07:33:50 2007 => Scanning File C:\WINDOWS\System32\shdocvw.dll Mon Jul 16 07:33:50 2007 => {7BD29E01-76C1-11CF-9DD0-00A0C9034933} = %SystemRoot%\System32\shdocvw.dll Mon Jul 16 07:33:50 2007 => Scanning File C:\WINDOWS\System32\shdocvw.dll Mon Jul 16 07:33:50 2007 => {CFBFAE00-17A6-11D0-99CB-00C04FD64497} = %SystemRoot%\System32\shdocvw.dll Mon Jul 16 07:33:50 2007 => Scanning File C:\WINDOWS\System32\shdocvw.dll Mon Jul 16 07:33:50 2007 => {A2B0DD40-CC59-11d0-A3A5-00C04FD706EC} = %SystemRoot%\System32\shdocvw.dll Mon Jul 16 07:33:50 2007 => Scanning File C:\WINDOWS\System32\shdocvw.dll Mon Jul 16 07:33:50 2007 => {67EA19A0-CCEF-11d0-8024-00C04FD75D13} = %SystemRoot%\System32\shdocvw.dll Mon Jul 16 07:33:50 2007 => Scanning File C:\WINDOWS\System32\shdocvw.dll Mon Jul 16 07:33:50 2007 => {131A6951-7F78-11D0-A979-00C04FD705A2} = %SystemRoot%\System32\shdocvw.dll Mon Jul 16 07:33:50 2007 => Scanning File C:\WINDOWS\System32\shdocvw.dll Mon Jul 16 07:33:50 2007 => {9461b922-3c5a-11d2-bf8b-00c04fb93661} = %SystemRoot%\System32\shdocvw.dll Mon Jul 16 07:33:50 2007 => Scanning File C:\WINDOWS\System32\shdocvw.dll Mon Jul 16 07:33:50 2007 => {3DC7A020-0ACD-11CF-A9BB-00AA004AE837} = %SystemRoot%\System32\shdocvw.dll Mon Jul 16 07:33:50 2007 => Scanning File C:\WINDOWS\System32\shdocvw.dll Mon Jul 16 07:33:50 2007 => {871C5380-42A0-1069-A2EA-08002B30309D} = %SystemRoot%\System32\shdocvw.dll Mon Jul 16 07:33:50 2007 => Scanning File C:\WINDOWS\System32\shdocvw.dll Mon Jul 16 07:33:50 2007 => {EFA24E64-B078-11d0-89E4-00C04FC9E26E} = %SystemRoot%\System32\shdocvw.dll Mon Jul 16 07:33:50 2007 => Scanning File C:\WINDOWS\System32\shdocvw.dll Mon Jul 16 07:33:50 2007 => {9E56BE60-C50F-11CF-9A2C-00A0C90A90CE} = C:\WINDOWS\System32\sendmail.dll Mon Jul 16 07:33:50 2007 => Scanning File C:\WINDOWS\System32\sendmail.dll Mon Jul 16 07:33:50 2007 => {9E56BE61-C50F-11CF-9A2C-00A0C90A90CE} = C:\WINDOWS\System32\sendmail.dll Mon Jul 16 07:33:50 2007 => Scanning File C:\WINDOWS\System32\sendmail.dll Mon Jul 16 07:33:50 2007 => {88C6C381-2E85-11D0-94DE-444553540000} = %SystemRoot%\System32\occache.dll Mon Jul 16 07:33:50 2007 => Scanning File C:\WINDOWS\System32\occache.dll Mon Jul 16 07:33:50 2007 => {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll Mon Jul 16 07:33:50 2007 => Scanning File C:\WINDOWS\System32\webcheck.dll Mon Jul 16 07:33:50 2007 => {ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} = %SystemRoot%\System32\webcheck.dll Mon Jul 16 07:33:50 2007 => Scanning File C:\WINDOWS\System32\webcheck.dll Mon Jul 16 07:33:50 2007 => {F5175861-2688-11d0-9C5E-00AA00A45957} = %SystemRoot%\System32\webcheck.dll Mon Jul 16 07:33:50 2007 => Scanning File C:\WINDOWS\System32\webcheck.dll Mon Jul 16 07:33:50 2007 => {08165EA0-E946-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll Mon Jul 16 07:33:50 2007 => Scanning File C:\WINDOWS\System32\webcheck.dll Mon Jul 16 07:33:50 2007 => {E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB} = %SystemRoot%\System32\webcheck.dll Mon Jul 16 07:33:50 2007 => Scanning File C:\WINDOWS\System32\webcheck.dll Mon Jul 16 07:33:50 2007 => {E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7} = %SystemRoot%\System32\webcheck.dll Mon Jul 16 07:33:50 2007 => Scanning File C:\WINDOWS\System32\webcheck.dll Mon Jul 16 07:33:50 2007 => {7D559C10-9FE9-11d0-93F7-00AA0059CE02} = %SystemRoot%\System32\webcheck.dll Mon Jul 16 07:33:50 2007 => Scanning File C:\WINDOWS\System32\webcheck.dll Mon Jul 16 07:33:50 2007 => {E6CC6978-6B6E-11D0-BECA-00C04FD940BE} = %SystemRoot%\System32\webcheck.dll Mon Jul 16 07:33:50 2007 => Scanning File C:\WINDOWS\System32\webcheck.dll Mon Jul 16 07:33:50 2007 => {D8BD2030-6FC9-11D0-864F-00AA006809D9} = %SystemRoot%\System32\webcheck.dll Mon Jul 16 07:33:50 2007 => Scanning File C:\WINDOWS\System32\webcheck.dll Mon Jul 16 07:33:50 2007 => {7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} = %SystemRoot%\System32\webcheck.dll Mon Jul 16 07:33:50 2007 => Scanning File C:\WINDOWS\System32\webcheck.dll Mon Jul 16 07:33:50 2007 => {352EC2B7-8B9A-11D1-B8AE-006008059382} = %SystemRoot%\System32\appwiz.cpl Mon Jul 16 07:33:50 2007 => Scanning File C:\WINDOWS\System32\appwiz.cpl Mon Jul 16 07:33:51 2007 => {0B124F8F-91F0-11D1-B8B5-006008059382} = %SystemRoot%\System32\appwiz.cpl Mon Jul 16 07:33:51 2007 => Scanning File C:\WINDOWS\System32\appwiz.cpl Mon Jul 16 07:33:51 2007 => {CFCCC7A0-A282-11D1-9082-006008059382} = %SystemRoot%\System32\appwiz.cpl Mon Jul 16 07:33:51 2007 => Scanning File C:\WINDOWS\System32\appwiz.cpl Mon Jul 16 07:33:51 2007 => {e84fda7c-1d6a-45f6-b725-cb260c236066} = %SystemRoot%\system32\shimgvw.dll Mon Jul 16 07:33:51 2007 => Scanning File C:\WINDOWS\system32\shimgvw.dll Mon Jul 16 07:33:51 2007 => {66e4e4fb-f385-4dd0-8d74-a2efd1bc6178} = %SystemRoot%\system32\shimgvw.dll Mon Jul 16 07:33:51 2007 => Scanning File C:\WINDOWS\system32\shimgvw.dll Mon Jul 16 07:33:51 2007 => ** {3F30C968-480A-4C6C-862D-EFC0897BB84B} = C:\WINDOWS\system32\shimgvw.dll Mon Jul 16 07:33:51 2007 => Scanning File C:\W

YounGun

1st Responder
Site Moderator

Joined: Dec 11, 2004
Posts: 4368

Posted: Tue Jul 17, 2007 7:18 am Post subject:

Please click Here to download HijackThis to your desktop. Click the Download button. When the Trend Micro HJT install box appears, double click on the HJTInstall.exe. Click on Install. It will be installed by default here: C:\Program Files\Trend Micro\HijackThis A shortcut to the application will also be placed on your Desktop. The program will open automatically after installation. You can double-click the icon that was placed on the Desktop to run subsequent HijackThis scans or you can use the icon inside the folder. The folder HijackThis is where you will find the HJT logs that you save. When you use the application to remove anything, you will also find the backup copies made by HJT inside this folder. Click on "Do a system scan and save logfile" When the log pops up in Notepad, copy and paste that file back here. also, I need to see another type of log please. Go here and download Silent Runners.vbs to a new folder on your Desktop (Clicking the the download link works if you use IE. If you use FireFox, rightclick on the link and choose "Save Link As") and run it. It generates a log too. It takes a minute or two and it will notify you with a popup when your log is ready (make sure you wait for the popups please) Please post the information back in this thread too (you may need to make a couple of posts). If your antivirus program queries the script, allow it to run. It's not malicious. _________________ IT Stuff

jimsimon

Cadet
Cadet

Joined: Jul 15, 2007
Posts: 6
Location: USA

Posted: Tue Jul 17, 2007 1:15 pm Post subject: [IN PROGRESS]e-scan finds 26 critical errors, Ad-aware finds

"Silent Runners.vbs", revision R50, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "EPSON Stylus C40 Series" = "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "C:\WINDOWS\system32\E_SA1.tmp"" ["SEIKO EPSON CORPORATION"] "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."] "SunJavaUpdateSched" = "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" ["Sun Microsystems, Inc."] "KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" "ZoneAlarm Client" = ""C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"" ["Zone Labs, LLC"] HKLM\Software\Microsoft\Active Setup\Installed Components\ >{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express" \StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided) -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS] "{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail" -> {HKLM...CLSID} = "YMailShellExt Class" \InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."] "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension" -> {HKLM...CLSID} = "AVG7 Shell Extension Class" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."] "{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension" -> {HKLM...CLSID} = "AVG7 Find Extension Class" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}" = "TuneUp Shredder Shell Extension" -> {HKLM...CLSID} = "TuneUp Shredder Shell Extension" \InProcServer32\(Default) = "C:\PROGRA~1\TUNEUP~1\SDShelEx-win32.dll" ["TuneUp Software GmbH"] "{44440D00-FF19-4AFC-B765-9A0970567D97}" = "TuneUp Theme Extension" -> {HKLM...CLSID} = "TuneUp Theme Extension" \InProcServer32\(Default) = "C:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software GmbH"] "{D9872D13-7651-4471-9EEE-F0A00218BEBB}" = "Multiscan" -> {HKLM...CLSID} = "ZLAVShExt Class" \InProcServer32\(Default) = "C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"] HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\ <<!>> "AppInit_DLLs" = " C:\Program Files\Agnitum\Outpost Firewall 1.0\wl_hook.dll" [file not found] HKLM\System\CurrentControlSet\Control\Session Manager\ <<!>> "BootExecute" = "autocheck autochk "\|"lsdelete" [null data] HKLM\Software\Classes\\shellex\ContextMenuHandlers\ AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" -> {HKLM...CLSID} = "AVG7 Shell Extension Class" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."] digestIT 2004\(Default) = "{21EA22EF-1773-11D8-8EB8-0050BF643EE7}" -> {HKLM...CLSID} = "digestITShell Class" \InProcServer32\(Default) = "C:\Program Files\digestIT 2004\digestIT.dll" ["Kenneth Ballard"] TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}" -> {HKLM...CLSID} = "TuneUp Shredder Shell Extension" \InProcServer32\(Default) = "C:\PROGRA~1\TUNEUP~1\SDShelEx-win32.dll" ["TuneUp Software GmbH"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}" -> {HKLM...CLSID} = "YMailShellExt Class" \InProcServer32\(Default) = "C:\PROGRA~1\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."] ZLAVShExt\(Default) = "{D9872D13-7651-4471-9EEE-F0A00218BEBB}" -> {HKLM...CLSID} = "ZLAVShExt Class" \InProcServer32\(Default) = "C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}" -> {HKLM...CLSID} = "TuneUp Shredder Shell Extension" \InProcServer32\(Default) = "C:\PROGRA~1\TUNEUP~1\SDShelEx-win32.dll" ["TuneUp Software GmbH"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" -> {HKLM...CLSID} = "AVG7 Shell Extension Class" \InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data] ZLAVShExt\(Default) = "{D9872D13-7651-4471-9EEE-F0A00218BEBB}" -> {HKLM...CLSID} = "ZLAVShExt Class" \InProcServer32\(Default) = "C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll" ["Zone Labs, LLC"] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ "NoInternetOpenWith" = (REG_DWORD) hex:0x00000001 {unrecognized setting} "StartMenuLogOff" = (REG_DWORD) hex:0x00000001 {unrecognized setting} "NoLowDiskSpaceChecks" = (REG_DWORD) hex:0x00000001 {unrecognized setting} "NoRecentDocsNetHood" = (REG_DWORD) hex:0x00000001 {unrecognized setting} "NoResolveTrack" = (REG_DWORD) hex:0x00000001 {unrecognized setting} "NoInstrumentation" = (REG_DWORD) hex:0x00000001 {unrecognized setting} HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration\|Windows Settings\|Security Settings\|Local Policies\|Security Options\| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) hex:0x00000001 {Computer Configuration\|Windows Settings\|Security Settings\|Local Policies\|Security Options\| Devices: Allow undock without having to log on} "NoInternetOpenWith" = (REG_DWORD) hex:0x00000001 {unrecognized setting} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper2.bmp" Enabled Scheduled Tasks: ------------------------ "1-Click Maintenance" -> launches: "C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe /schedulestart" ["TuneUp Software GmbH"] "1-Klick-Wartung" -> launches: "C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe /schedulestart" ["TuneUp Software GmbH"] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.6.0_01" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.6.0_01" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll" ["Sun Microsystems, Inc."] {44627E97-789B-40D4-B5C2-58BD171129A1}\ "ButtonText" = "Outpost Firewall Pro Quick Tune" Miscellaneous IE Hijack Points ------------------------------ HKLM\Software\Microsoft\Internet Explorer\AboutURLs\ <<H>> "TuneUp" = "file://C\|/Documents and Settings/All Users/Application Data/TuneUp Software/Common/base.css" [file not found] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ad-Aware 2007 Service, aawservice, ""C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"" ["Lavasoft AB"] AVG E-mail Scanner, AVGEMS, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."] AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."] AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."] TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"] TuneUp Theme Extension, UxTuneUp, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software GmbH"]} Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ EPSON V3 2KMonitor340\Driver = "E_SL2340.DLL" ["SEIKO EPSON CORPORATION"] Ice Monitor M\Driver = "BiMMonNT.dll" ["Black Ice Software"] ---------- <<!>>: Suspicious data at a malware launch point. <<H>>: Suspicious data at a browser hijack point. + This report excludes default entries except where indicated. + To see everywhere the script checks and everything it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points, use the -supp parameter or answer "No" at the first message box and "Yes" at the second message box. ---------- (total run time: 163 seconds, including 18 seconds for message boxes) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:05:34 AM, on 7/17/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\system32\wscntfy.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: (no name) - {5b084ff8-5ce4-43dd-9319-55fbb4dddea3} - (no file) O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [EPSON Stylus C40 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "C:\WINDOWS\system32\E_SA1.tmp" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\WINDOWS\System32\shdocvw.dll O20 - AppInit_DLLs: C:\Program Files\Agnitum\Outpost Firewall 1.0\wl_hook.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 3794 bytes

YounGun

1st Responder
Site Moderator

Joined: Dec 11, 2004
Posts: 4368

Posted: Wed Jul 18, 2007 8:38 pm Post subject:

Hi Smile

Download and unzip Avenger to your desktop.

Start up Avenger.
Check the 'Input script manually' option.
Click the Magnifying Glass icon.
In the box that opens, copy,then paste all the text in the quote box below.

Quote:

Files to delete:
C:\WINDOWS\system32\shmgrate.exe

Then click on 'Done'.
Click the Traffic Light icon to start the program.
Then press OK at the prompts to reboot your PC.

Note: This script is for this topic only and should not be used for any other

After the reboot post a new hijackthis log and the avenger log.

Run HJT and click on Open the Misc Tools section.
In the next window, click on Open Uninstall Manager...
In the final window, click on Save list... and save it to your Desktop.
Post this file : uninstall_list.txt

_________________
IT Stuff

jimsimon

Cadet
Cadet

Joined: Jul 15, 2007
Posts: 6
Location: USA

Posted: Thu Jul 19, 2007 2:24 am Post subject:

Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\wioecxrj ***************** Script file located at: \??\C:\WINDOWS\kyqhmydh.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger *************** Beginning to process script file: File C:\WINDOWS\system32\shmgrate.exe deleted successfully. Completed script processing. ***************** Finished! Terminate. _________________ Ad-Aware 2007 AVG Free Edition CCleaner (remove only) digestIT 2004 EasyCleaner EPSON Printer Software e-Sword Foxit Reader HijackThis 2.0.2 Ink Monitor Java(TM) SE Runtime Environment 6 Update 1 Messenger Control Plugin for Ad-aware Microsoft Office XP Professional with FrontPage Mozilla Firefox (2.0.0.4) Nero - Burning Rom Net2Phone CommCenter PIXELA ImageMixer Security Task Manager 1.7e Skype 3.0 Spybot - Search & Destroy 1.4 TuneUp Utilities 2007 Windows Genuine Advantage v1.3.0254.0 WinRAR archiver XP Smoker 5.3 ZoneAlarm