even though you say there was nothing on the ignore list, the 2nd log you posted is certainly much "fuller" than the first (which stopped after the R3 entry).
I myself am not doing log analysis and will be leaving the thread after this post... but I'll try to be sure one of the experts gets to it some time today. in the meantime, can you double check and give them the exact wording of the error/warning message you received; i.e., did it indicate any specific problem with the file msa46chk.dll ?
there wasnt anything on that list Logfile of HijackThis v1.99.1
Scan saved at 13:26:21, on 08/01/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
okay the message is: RUNDLL x error loading c:/windows/system32/msa64chk,dll the specified module could not be found. i have this mesage for a long time and just found out something is wrong when i wanted to loade some photos from a new digital camera and couldnt do it..i have no usb port and cant get it..so i think it has something to do with it. I'm trying good knows what and doing loads scans etc..but its still the same and it doesnt help that i havent a clues what i'm doing..but i'm learning anyway..lol thanks for your help i realy need it barbara
There are two things I can see right off the bat that we need to fix: One is the startup entry for the pop-up your receiving, and the other is a "lop" infection.
First, we need to remove(uninstall) the 'lop' infection by going to
here, then downloading and running the uninstaller(s) that relate to the application(s) your wanting to remove. The following selections are available: "
Start page", "
Search engine", "
Accessories Toolbar".
Run
HiJackThis and click "
Scan", then check(tick) the following, if present:
O3 - Toolbar: (no name) - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - (no file)
O4 - HKLM\..\Run: [greatdeleteruleford] C:\Documents and Settings\All Users\Application Data\win meta great delete\skipmess.exe O4 - HKLM\..\Run: [byte bat way camp] C:\Documents and Settings\All Users\Application Data\SAVEBIASBYTEBAT\List Noun.exe O4 - HKCU\..\Run: [EntertainmentVIP] rundll32.exe C:\WINDOWS\System32\MSA64CHK.dll,DllMostrar Matrix_HTML:EntertainmentVIP:t
new log;Logfile of HijackThis v1.99.1
Scan saved at 15:18:56, on 08/01/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
When you tried to download the uninstaller, it wouldn't download? or did it download, but didn't uninstall the "lop" software? Post back the names of the trojans that are being found on your system.
Let's see if they've left us another option on your system to uninstall their software:
1) Run HiJackThis.
2) Click "Config"
3) Click "Misc Tools"
4) Click "Open Uninstall Manager"
5) Click "Save List"
6) Select all the text that comes up in notepad, and paste it back here as a "Reply"
1. Double-click the
mwav.exe icon to run it (
it'll self extract).
2. Click "
Scan".
3. When it completes, post back the results from the 'Virus log information' pane.
Be sure to post back both logs and i'll see what we have to work with.
okay here is one:AccessDirect
Adobe Acrobat 5.0
Adobe Download Manager 2.0 (Remove Only)
AntiVir/XP
AOL Instant Messenger
ArcSoft PhotoImpression
BCM V.92 56K Modem
Broadcom Advanced Control Suite
CleanUp!
CustoMess
Dell Media Experience
Dell ResourceCD
Dell Solution Center
Dell Support 5.0.0 (630)
Eyeball Chat 2.2
HijackThis 1.99.1
ImageMixer VCD/DVD2 for OLYMPUS
iTunes
iTunes
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 3D 1.3.1 (DirectX) Runtime
Learn To Speak Spanish 8.0
McAfee Personal Firewall Plus
McAfee Privacy Service
McAfee SecurityCenter
McAfee VirusScan
Messenger Plus! 3
Microsoft .NET Framework 1.1
Microsoft AntiSpyware
Microsoft Works 7.0
Modem Helper
Mozilla Firefox (1.0.6)
MSN Messenger 7.0
MSN Search Toolbar
My Web Search Bar
NoAdware 2.0
NVIDIA Drivers
PowerDVD 5.1
QuickSet
QuickTime
Registry Cleaner
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB903235)
Serif 3DPlus 2.0
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
SpamExtract
Synaptics Pointing Device Driver
TrojanHunter 4.2
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Viewpoint Media Player
WildTangent Web Driver
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885932
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinMX
ZyXEL USB ADSL Modem
Just be sure to post the result from the "Virus Information Log" pane, not the entire log that's generated ... :)
The reason for the "lop" infection was (more than likely) a third party install that came with "Messenger Plus! 3". I'll should know more when I get the 'bad' files reported by MWAV.
ky331
3 Apprentice
•
15.6K Posts
0
August 1st, 2005 11:00
*NOT* taking ownership
even though you say there was nothing on the ignore list, the 2nd log you posted is certainly much "fuller" than the first (which stopped after the R3 entry).
I myself am not doing log analysis and will be leaving the thread after this post... but I'll try to be sure one of the experts gets to it some time today. in the meantime, can you double check and give them the exact wording of the error/warning message you received; i.e., did it indicate any specific problem with the file msa46chk.dll ?
florry
86 Posts
0
August 1st, 2005 11:00
ky331
3 Apprentice
•
15.6K Posts
0
August 1st, 2005 11:00
*NOT* taking ownership
florry,
this does not appear to be a complete log... please double check. if there's more, please post the entire log.
if this really is all that's being generated, I would guess that you may have HJT set to suppress/ignore the rest... try the following:
click on (open) HiJackThis
click on Open the Misc Tools Section
click on Ignore List
if you see ANY items list there (which are currently being ignored when you generate your scan), click on DELETE ALL
click on BACK
then generate a new SCAN
florry
86 Posts
0
August 1st, 2005 11:00
Scan saved at 13:26:21, on 08/01/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\AVPersonal\AVSched32.EXE
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Documents and Settings\barbara walsh\My Documents\chc_1.9b02\chc_1.9b02\chc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Dell\Media Experience\PCM2.exe
C:\PROGRA~1\DELLSU~1\DSAgnt.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0000.1082\en-us\bin\WindowsSearch.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0000.1082\en-us\bin\WindowsSearchIndexer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hjt\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://register.iol.ie/cgi-bin/anytimecd?affiliate=IA2220002
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://evhyvpipvcxvugiunaelxqov.com/b0FeCR_jjTk2htpo5XZUpe8rkNwOaHyAzH/kJZnj2MKkMsPd3etovfVe0bYXDRKu.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-us\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - (no file)
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-us\msntb.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [greatdeleteruleford] C:\Documents and Settings\All Users\Application Data\win meta great delete\skipmess.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [byte bat way camp] C:\Documents and Settings\All Users\Application Data\SAVEBIASBYTEBAT\List Noun.exe
O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /min
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [CentrinoHardwareControl] "C:\Documents and Settings\barbara walsh\My Documents\chc_1.9b02\chc_1.9b02\chc.exe" -quiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [EntertainmentVIP] rundll32.exe C:\WINDOWS\System32\MSA64CHK.dll,DllMostrar Matrix_HTML:EntertainmentVIP:t
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\PROGRA~1\DELLSU~1\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0000.1082\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZS
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1082\en-us\msntabres.dll/229?12677178ee794294a34fd933ca275eb3
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1082\en-us\msntabres.dll/230?12677178ee794294a34fd933ca275eb3
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: EntertainmentVIP - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\system32\EntertainmentVIP (file missing)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {46C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDPass Class) - http://www.cdpass.com/cdkey/CDPass.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} (Matrix Class) - http://acceso.masminutos.com/aplicacion.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
florry
86 Posts
0
August 1st, 2005 12:00
Midnight Star
4.8K Posts
0
August 1st, 2005 12:00
There are two things I can see right off the bat that we need to fix: One is the startup entry for the pop-up your receiving, and the other is a "lop" infection.
First, we need to remove(uninstall) the 'lop' infection by going to here, then downloading and running the uninstaller(s) that relate to the application(s) your wanting to remove. The following selections are available: " Start page", " Search engine", " Accessories Toolbar".
Run HiJackThis and click " Scan", then check(tick) the following, if present:
O3 - Toolbar: (no name) - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - (no file)
O4 - HKLM\..\Run: [greatdeleteruleford] C:\Documents and Settings\All Users\Application Data\win meta great delete\skipmess.exe
O4 - HKLM\..\Run: [byte bat way camp] C:\Documents and Settings\All Users\Application Data\SAVEBIASBYTEBAT\List Noun.exe
O4 - HKCU\..\Run: [EntertainmentVIP] rundll32.exe C:\WINDOWS\System32\MSA64CHK.dll,DllMostrar Matrix_HTML:EntertainmentVIP:t
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
Now, with all windows closed except HiJackThis, click " Fix checked".
When your done, post back a new HiJackThis log and i'll see what we have left to fix.
-----
Mike.
florry
86 Posts
0
August 1st, 2005 13:00
Scan saved at 15:18:56, on 08/01/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\AVPersonal\AVSched32.EXE
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Documents and Settings\barbara walsh\My Documents\chc_1.9b02\chc_1.9b02\chc.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\DELLSU~1\DSAgnt.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0000.1082\en-us\bin\WindowsSearch.exe
C:\Program Files\MSN Toolbar Suite\DS\02.05.0000.1082\en-us\bin\WindowsSearchIndexer.exe
C:\Program Files\TrojanHunter 4.2\TrojanHunter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hjt\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://register.iol.ie/cgi-bin/anytimecd?affiliate=IA2220002
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://evhyvpipvcxvugiunaelxqov.com/b0FeCR_jjTk2htpo5XZUpe8rkNwOaHyAzH/kJZnj2MKkMsPd3etovfVe0bYXDRKu.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-us\msntb.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-us\msntb.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [byte bat way camp] C:\Documents and Settings\All Users\Application Data\SAVEBIASBYTEBAT\List Noun.exe
O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /min
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [CentrinoHardwareControl] "C:\Documents and Settings\barbara walsh\My Documents\chc_1.9b02\chc_1.9b02\chc.exe" -quiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] C:\WINDOWS\system32\dumprep 0 -u
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\PROGRA~1\DELLSU~1\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0000.1082\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZS
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1082\en-us\msntabres.dll/229?12677178ee794294a34fd933ca275eb3
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1082\en-us\msntabres.dll/230?12677178ee794294a34fd933ca275eb3
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: EntertainmentVIP - {76DD9E77-F06C-4471-AB6C-CF03C5C6B5B0} - C:\WINDOWS\system32\EntertainmentVIP (file missing)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {46C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDPass Class) - http://www.cdpass.com/cdkey/CDPass.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} (Matrix Class) - http://acceso.masminutos.com/aplicacion.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
florry
86 Posts
0
August 1st, 2005 13:00
Midnight Star
4.8K Posts
0
August 1st, 2005 14:00
When you tried to download the uninstaller, it wouldn't download? or did it download, but didn't uninstall the "lop" software? Post back the names of the trojans that are being found on your system.
Let's see if they've left us another option on your system to uninstall their software:
1) Run HiJackThis.
2) Click "Config"
3) Click "Misc Tools"
4) Click "Open Uninstall Manager"
5) Click "Save List"
6) Select all the text that comes up in notepad, and paste it back here as a "Reply"
Download mwav.exe from MicroWorld, then:
1. Double-click the mwav.exe icon to run it ( it'll self extract).
2. Click " Scan".
3. When it completes, post back the results from the 'Virus log information' pane.
Be sure to post back both logs and i'll see what we have to work with.
-
Mike.
florry
86 Posts
0
August 1st, 2005 20:00
Adobe Acrobat 5.0
Adobe Download Manager 2.0 (Remove Only)
AntiVir/XP
AOL Instant Messenger
ArcSoft PhotoImpression
BCM V.92 56K Modem
Broadcom Advanced Control Suite
CleanUp!
CustoMess
Dell Media Experience
Dell ResourceCD
Dell Solution Center
Dell Support 5.0.0 (630)
Eyeball Chat 2.2
HijackThis 1.99.1
ImageMixer VCD/DVD2 for OLYMPUS
iTunes
iTunes
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 3D 1.3.1 (DirectX) Runtime
Learn To Speak Spanish 8.0
McAfee Personal Firewall Plus
McAfee Privacy Service
McAfee SecurityCenter
McAfee VirusScan
Messenger Plus! 3
Microsoft .NET Framework 1.1
Microsoft AntiSpyware
Microsoft Works 7.0
Modem Helper
Mozilla Firefox (1.0.6)
MSN Messenger 7.0
MSN Search Toolbar
My Web Search Bar
NoAdware 2.0
NVIDIA Drivers
PowerDVD 5.1
QuickSet
QuickTime
Registry Cleaner
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB903235)
Serif 3DPlus 2.0
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
SpamExtract
Synaptics Pointing Device Driver
TrojanHunter 4.2
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Viewpoint Media Player
WildTangent Web Driver
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885932
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinMX
ZyXEL USB ADSL Modem
Midnight Star
4.8K Posts
0
August 1st, 2005 21:00
Just be sure to post the result from the "Virus Information Log" pane, not the entire log that's generated ... :)
The reason for the "lop" infection was (more than likely) a third party install that came with "Messenger Plus! 3". I'll should know more when I get the 'bad' files reported by MWAV.
=====
Mike.
florry
86 Posts
0
August 1st, 2005 21:00
Mon Aug 01 22:46:43 2005 => MicroWorld AntiVirus & Spyware Toolkit Utility.
Mon Aug 01 22:46:43 2005 => Copyright © 2003-2005 MicroWorld Technologies Inc.
Mon Aug 01 22:46:43 2005 => **********************************************************
Mon Aug 01 22:46:43 2005 => Version 6.6.5 (C:\DOCUME~1\BARBAR~1\LOCALS~1\Temp\mwavscan.com)
Mon Aug 01 22:46:43 2005 => Log File: C:\DOCUME~1\BARBAR~1\LOCALS~1\Temp\MWAV.LOG
Mon Aug 01 22:46:43 2005 => MWAV Registered: FALSE.
Mon Aug 01 22:46:43 2005 => MWAV Mode: Only Scan files.
Mon Aug 01 22:46:43 2005 => Latest Date of files inside MWAV: 29 Jul 2005 13:20:34.
Mon Aug 01 22:46:46 2005 => AV Library Loaded...
Mon Aug 01 22:46:46 2005 => MWAV doing self scanning...
Mon Aug 01 22:46:46 2005 => Scanning File C:\DOCUME~1\BARBAR~1\LOCALS~1\Temp\kavss.exe
Mon Aug 01 22:46:46 2005 => Scanning File C:\DOCUME~1\BARBAR~1\LOCALS~1\Temp\Getvlist.exe
Mon Aug 01 22:46:46 2005 => Scanning File C:\DOCUME~1\BARBAR~1\LOCALS~1\Temp\kavss.dll
Mon Aug 01 22:46:46 2005 => Scanning File C:\DOCUME~1\BARBAR~1\LOCALS~1\Temp\kavssdi.dll
Mon Aug 01 22:46:46 2005 => Scanning File C:\DOCUME~1\BARBAR~1\LOCALS~1\Temp\kavssi.dll
Mon Aug 01 22:46:47 2005 => Scanning File C:\DOCUME~1\BARBAR~1\LOCALS~1\Temp\kavvlg.dll
Mon Aug 01 22:46:47 2005 => Scanning File C:\DOCUME~1\BARBAR~1\LOCALS~1\Temp\msvlclnt.dll
Mon Aug 01 22:46:47 2005 => Scanning File C:\DOCUME~1\BARBAR~1\LOCALS~1\Temp\ipc.dll
Mon Aug 01 22:46:47 2005 => Scanning File C:\DOCUME~1\BARBAR~1\LOCALS~1\Temp\main.avi
Mon Aug 01 22:46:47 2005 => Scanning File C:\DOCUME~1\BARBAR~1\LOCALS~1\Temp\virus.avi
Mon Aug 01 22:46:47 2005 => MWAV files are clean.
Mon Aug 01 22:46:53 2005 => Virus Database Date: 2005/07/29
Mon Aug 01 22:46:53 2005 => Virus Database Count: 140525
Mon Aug 01 22:47:30 2005 => **********************************************************
Mon Aug 01 22:47:30 2005 => MicroWorld AntiVirus & Spyware Toolkit Utility.
Mon Aug 01 22:47:30 2005 => Copyright © 2003-2005 MicroWorld Technologies Inc.
Mon Aug 01 22:47:30 2005 =>
Mon Aug 01 22:47:30 2005 => Support: support@mwti.net
Mon Aug 01 22:47:30 2005 => Web: http://www.mwti.net
Mon Aug 01 22:47:30 2005 => **********************************************************
florry
86 Posts
0
August 1st, 2005 21:00
florry
86 Posts
0
August 1st, 2005 21:00
Mon Aug 01 22:47:45 2005 => Scanning File C:\WINDOWS\system32\SPOOLSS.DLL
Mon Aug 01 22:47:45 2005 => Scanning File C:\WINDOWS\system32\localspl.dll
Mon Aug 01 22:47:45 2005 => Scanning File C:\WINDOWS\system32\cnbjmon.dll
Mon Aug 01 22:47:45 2005 => Scanning File C:\WINDOWS\system32\FXSMON.DLL
Mon Aug 01 22:47:45 2005 => Scanning File C:\WINDOWS\system32\FXSEVENT.dll
Mon Aug 01 22:47:45 2005 => Scanning File C:\WINDOWS\system32\pjlmon.dll
Mon Aug 01 22:47:45 2005 => Scanning File C:\WINDOWS\system32\tcpmon.dll
Mon Aug 01 22:47:45 2005 => Scanning File C:\WINDOWS\system32\usbmon.dll
Mon Aug 01 22:47:46 2005 => Scanning File C:\WINDOWS\system32\win32spl.dll
Mon Aug 01 22:47:46 2005 => Scanning File C:\WINDOWS\system32\NETRAP.dll
Mon Aug 01 22:47:46 2005 => Scanning File C:\WINDOWS\system32\inetpp.dll
Mon Aug 01 22:47:46 2005 => Scanning File C:\WINDOWS\Explorer.EXE
Mon Aug 01 22:47:46 2005 => Scanning File C:\WINDOWS\system32\BROWSEUI.dll
Mon Aug 01 22:47:46 2005 => Scanning File C:\WINDOWS\system32\SHDOCVW.dll
Mon Aug 01 22:47:46 2005 => Scanning File C:\WINDOWS\System32\themeui.dll
Mon Aug 01 22:47:46 2005 => Scanning File C:\WINDOWS\System32\MSIMG32.dll
Mon Aug 01 22:47:46 2005 => Scanning File C:\PROGRA~1\MSNTOO~1\DB\020500~1.108\en-us\deskbar.dll
Mon Aug 01 22:47:46 2005 => Scanning File C:\PROGRA~1\MSNTOO~1\DB\020500~1.108\en-us\dbres.dll
Mon Aug 01 22:47:46 2005 => Scanning File C:\PROGRA~1\MSNTOO~1\DB\020500~1.108\en-us\WORDWH~1.DLL
Mon Aug 01 22:47:47 2005 => Scanning File C:\WINDOWS\system32\MAPI32.dll
Mon Aug 01 22:47:47 2005 => Scanning File C:\PROGRA~1\MSNTOO~1\EXT\020500~1.108\en-us\MSNLEX~1.DLL
Mon Aug 01 22:47:47 2005 => Scanning File C:\PROGRA~1\MSNTOO~1\TEM\020500~1.108\en-us\Tem.dll
Mon Aug 01 22:47:47 2005 => Scanning File C:\WINDOWS\system32\mlang.dll
Mon Aug 01 22:47:47 2005 => Scanning File C:\PROGRA~1\MSNTOO~1\SL\020500~1.108\en-us\msn_slps.dll
Mon Aug 01 22:47:47 2005 => Scanning File C:\WINDOWS\system32\ntshrui.dll
Mon Aug 01 22:47:47 2005 => Scanning File C:\PROGRA~1\MICROS~3\SHELLE~1.DLL
Mon Aug 01 22:47:47 2005 => Scanning File C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoestb.dll
Mon Aug 01 22:48:04 2005 => File C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoestb.dll tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch". Action Taken: No Action Taken.
Mon Aug 01 22:48:04 2005 => Scanning File C:\WINDOWS\system32\LINKINFO.dll
Mon Aug 01 22:48:05 2005 => Scanning File C:\WINDOWS\System32\webcheck.dll
Mon Aug 01 22:48:05 2005 => Scanning File C:\WINDOWS\system32\SynTPFcs.dll
Mon Aug 01 22:48:05 2005 => Scanning File C:\WINDOWS\System32\stobject.dll
Mon Aug 01 22:48:05 2005 => Scanning File C:\WINDOWS\System32\BatMeter.dll
Mon Aug 01 22:48:05 2005 => Scanning File C:\WINDOWS\system32\upnpui.dll
Mon Aug 01 22:48:05 2005 => Scanning File C:\WINDOWS\System32\upnp.dll
Mon Aug 01 22:48:05 2005 => Scanning File C:\WINDOWS\System32\SSDPAPI.dll
Mon Aug 01 22:48:05 2005 => Scanning File C:\PROGRA~1\TROJAN~1.2\THSec.dll
Mon Aug 01 22:48:05 2005 => Scanning File C:\WINDOWS\System32\drprov.dll
Mon Aug 01 22:48:05 2005 => Scanning File C:\WINDOWS\System32\ntlanman.dll
Mon Aug 01 22:48:06 2005 => Scanning File C:\WINDOWS\System32\NETUI0.dll
Mon Aug 01 22:48:06 2005 => Scanning File C:\WINDOWS\System32\NETUI1.dll
Mon Aug 01 22:48:06 2005 => Scanning File C:\WINDOWS\System32\davclnt.dll
Mon Aug 01 22:48:06 2005 => Scanning File C:\WINDOWS\system32\fxsst.dll
Mon Aug 01 22:48:06 2005 => Scanning File C:\WINDOWS\system32\FXSAPI.dll
Mon Aug 01 22:48:06 2005 => Scanning File C:\WINDOWS\system32\browselc.dll
Mon Aug 01 22:48:06 2005 => Scanning File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
Mon Aug 01 22:48:06 2005 => Scanning File C:\WINDOWS\system32\DUSER.dll
Mon Aug 01 22:48:06 2005 => Scanning File C:\PROGRA~1\MSNMES~1\msgsc.dll
Mon Aug 01 22:48:06 2005 => Scanning File C:\WINDOWS\BCMSMMSG.exe
Mon Aug 01 22:48:07 2005 => Scanning File C:\PROGRA~1\Dell\ACCESS~1\dadapp.exe
Mon Aug 01 22:48:07 2005 => Scanning File C:\PROGRA~1\Dell\ACCESS~1\Dadkeyb.dll
Mon Aug 01 22:48:07 2005 => Scanning File C:\PROGRA~1\Dell\QuickSet\quickset.exe
Mon Aug 01 22:48:07 2005 => Scanning File C:\WINDOWS\system32\CFGMGR32.dll
Mon Aug 01 22:48:07 2005 => Scanning File C:\WINDOWS\system32\oledlg.dll
Mon Aug 01 22:48:07 2005 => Scanning File C:\WINDOWS\system32\OLEPRO32.DLL
Mon Aug 01 22:48:07 2005 => Scanning File C:\WINDOWS\system32\BMAPI.dll
Mon Aug 01 22:48:07 2005 => Scanning File C:\PROGRA~1\Dell\QuickSet\dadkeyb.dll
Mon Aug 01 22:48:07 2005 => Scanning File C:\PROGRA~1\SYNAPT~1\SynTP\SynTPLpr.exe
Mon Aug 01 22:48:08 2005 => Scanning File C:\WINDOWS\system32\SynCOM.dll
Mon Aug 01 22:48:08 2005 => Scanning File C:\PROGRA~1\SYNAPT~1\SynTP\SynTPEnh.exe
Mon Aug 01 22:48:08 2005 => Scanning File C:\WINDOWS\system32\SynTPAPI.dll
Mon Aug 01 22:48:08 2005 => Scanning File C:\WINDOWS\system32\dla\tfswctrl.exe
Mon Aug 01 22:48:08 2005 => Scanning File C:\WINDOWS\system32\tfswapi.dll
Mon Aug 01 22:48:08 2005 => Scanning File C:\WINDOWS\system32\dla\tfswcres.dll
Mon Aug 01 22:48:08 2005 => Scanning File C:\PROGRA~1\CYBERL~1\PowerDVD\DVDLAU~1.EXE
Mon Aug 01 22:48:08 2005 => Scanning File C:\WINDOWS\system32\MFC42.DLL
Mon Aug 01 22:48:08 2005 => Scanning File C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
Mon Aug 01 22:48:08 2005 => File C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch". Action Taken: No Action Taken.
Mon Aug 01 22:48:09 2005 => Scanning File C:\PROGRA~1\QUICKT~1\qttask.exe
Mon Aug 01 22:48:09 2005 => Scanning File C:\WINDOWS\system32\RUNDLL32.exe
Mon Aug 01 22:48:09 2005 => Scanning File C:\PROGRA~1\WILDTA~1\Apps\CDA\CDAENG~1.DLL
Mon Aug 01 22:48:09 2005 => Scanning File C:\PROGRA~1\WILDTA~1\COMPON~1\WTKERN~1.DLL
Mon Aug 01 22:48:09 2005 => Scanning File C:\PROGRA~1\WILDTA~1\COMPON~1\wtIO0200.dll
Mon Aug 01 22:48:09 2005 => Scanning File C:\PROGRA~1\WILDTA~1\COMPON~1\WTSYST~2.DLL
Mon Aug 01 22:48:09 2005 => Scanning File C:\PROGRA~1\WILDTA~1\COMPON~1\WTSERI~1.DLL
Mon Aug 01 22:48:09 2005 => Scanning File C:\PROGRA~1\WILDTA~1\COMPON~1\WTXML0~1.DLL
Mon Aug 01 22:48:10 2005 => Scanning File C:\PROGRA~1\WILDTA~1\COMPON~1\WTPROP~1.DLL
Mon Aug 01 22:48:10 2005 => Scanning File C:\PROGRA~1\WILDTA~1\COMPON~1\WTSTRE~1.DLL
Mon Aug 01 22:48:10 2005 => Scanning File C:\PROGRA~1\WILDTA~1\COMPON~1\WTLUA0~1.DLL
Mon Aug 01 22:48:10 2005 => Scanning File C:\PROGRA~1\WILDTA~1\COMPON~1\WTSCRI~1.DLL
Mon Aug 01 22:48:10 2005 => Scanning File C:\PROGRA~1\WILDTA~1\COMPON~1\WTCACH~1.DLL
Mon Aug 01 22:48:10 2005 => Scanning File C:\PROGRA~1\WILDTA~1\COMPON~1\WTDOWN~1.DLL
Mon Aug 01 22:48:10 2005 => Scanning File C:\PROGRA~1\WILDTA~1\COMPON~1\WTAPPC~1.DLL
Mon Aug 01 22:48:10 2005 => Scanning File C:\PROGRA~1\WILDTA~1\COMPON~1\WTCOOK~1.DLL
Mon Aug 01 22:48:10 2005 => Scanning File C:\PROGRA~1\WILDTA~1\COMPON~1\WTGAME~1.DLL
Mon Aug 01 22:48:11 2005 => Scanning File C:\PROGRA~1\WILDTA~1\COMPON~1\WTGUI0~1.DLL
Mon Aug 01 22:48:11 2005 => Scanning File C:\PROGRA~1\WILDTA~1\COMPON~1\WTNETW~1.DLL
Mon Aug 01 22:48:11 2005 => Scanning File C:\PROGRA~1\WILDTA~1\COMPON~1\WTUSER~1.DLL
Mon Aug 01 22:48:11 2005 => Scanning File C:\PROGRA~1\WILDTA~1\COMPON~1\WTSYST~1.DLL
Mon Aug 01 22:48:11 2005 => Scanning File C:\PROGRA~1\Java\JRE15~1.0_0\bin\jusched.exe
Mon Aug 01 22:48:11 2005 => Scanning File C:\PROGRA~1\AVPERS~1\AVSCHE~1.EXE
Mon Aug 01 22:48:11 2005 => Scanning File C:\WINDOWS\system32\LZ32.dll
Mon Aug 01 22:48:11 2005 => Scanning File C:\PROGRA~1\AVPERS~1\AVGetVer.dll
Mon Aug 01 22:48:11 2005 => Scanning File C:\PROGRA~1\AVPERS~1\AVSCHE~1.DLL
Mon Aug 01 22:48:11 2005 => Scanning File C:\PROGRA~1\AVPERS~1\AVGNT.EXE
Mon Aug 01 22:48:12 2005 => Scanning File C:\PROGRA~1\AVPERS~1\AVGCMSG.DLL
Mon Aug 01 22:48:12 2005 => Scanning File C:\PROGRA~1\MICROS~3\gcasServ.exe
Mon Aug 01 22:48:12 2005 => Scanning File C:\WINDOWS\system32\MSVBVM60.DLL
Mon Aug 01 22:48:12 2005 => Scanning File C:\PROGRA~1\MICROS~3\GCANTI~1.DLL
Mon Aug 01 22:48:12 2005 => Scanning File C:\DOCUME~1\BARBAR~1\MYDOCU~1\CHC_1~1.9B0\CHC_1~1.9B0\chc.exe
Mon Aug 01 22:48:13 2005 => Scanning File C:\WINDOWS\system32\mscoree.dll
Mon Aug 01 22:48:13 2005 => Scanning File C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
Mon Aug 01 22:48:13 2005 => Scanning File C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll
Mon Aug 01 22:48:13 2005 => Scanning File C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll
Mon Aug 01 22:48:13 2005 => Scanning File c:\windows\microsoft.net\framework\v1.1.4322\mscorlib.dll
Mon Aug 01 22:48:13 2005 => Scanning File c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_69e8710a\mscorlib.dll
Mon Aug 01 22:48:13 2005 => Scanning File C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
Mon Aug 01 22:48:14 2005 => Scanning File c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
florry
86 Posts
0
August 1st, 2005 21:00
Mon Aug 01 22:47:30 2005 => Copyright © 2003-2005 MicroWorld Technologies Inc.
Mon Aug 01 22:47:30 2005 =>
Mon Aug 01 22:47:30 2005 => Support: support@mwti.net
Mon Aug 01 22:47:30 2005 => Web: http://www.mwti.net
Mon Aug 01 22:47:30 2005 => **********************************************************
Mon Aug 01 22:47:30 2005 => Version 6.6.5 (C:\DOCUME~1\BARBAR~1\LOCALS~1\Temp\mwavscan.com)
Mon Aug 01 22:47:30 2005 => Log File: C:\DOCUME~1\BARBAR~1\LOCALS~1\Temp\MWAV.LOG
Mon Aug 01 22:47:30 2005 => User Account: barbara walsh
Mon Aug 01 22:47:31 2005 => Windows Root Folder: C:\WINDOWS
Mon Aug 01 22:47:31 2005 => Windows Sys32 Folder: C:\WINDOWS\system32
Mon Aug 01 22:47:31 2005 => OS: Windows NT
Mon Aug 01 22:47:31 2005 => Latest Date of files inside MWAV: 29 Jul 2005 13:20:34.
Mon Aug 01 22:47:31 2005 => StartUp Folder Check: Enabled
Mon Aug 01 22:47:31 2005 => System Folder Check: Enabled
Mon Aug 01 22:47:31 2005 => System Area Check: Disabled
Mon Aug 01 22:47:31 2005 => Services Check: Enabled
Mon Aug 01 22:47:31 2005 => Drive Check Option Disabled
Mon Aug 01 22:47:31 2005 => Folder Check: Disabled
Mon Aug 01 22:47:31 2005 => ***** Scanning Memory Files *****
Mon Aug 01 22:47:31 2005 => Scanning File C:\WINDOWS\System32\smss.exe
Mon Aug 01 22:47:32 2005 => Scanning File C:\WINDOWS\system32\ntdll.dll
Mon Aug 01 22:47:32 2005 => Scanning File C:\WINDOWS\SYSTEM32\CSRSS.EXE
Mon Aug 01 22:47:32 2005 => Scanning File C:\WINDOWS\system32\CSRSRV.dll
Mon Aug 01 22:47:32 2005 => Scanning File C:\WINDOWS\system32\basesrv.dll
Mon Aug 01 22:47:32 2005 => Scanning File C:\WINDOWS\system32\winsrv.dll
Mon Aug 01 22:47:32 2005 => Scanning File C:\WINDOWS\system32\GDI32.dll
Mon Aug 01 22:47:32 2005 => Scanning File C:\WINDOWS\system32\KERNEL32.dll
Mon Aug 01 22:47:32 2005 => Scanning File C:\WINDOWS\system32\USER32.dll
Mon Aug 01 22:47:32 2005 => Scanning File C:\WINDOWS\system32\sxs.dll
Mon Aug 01 22:47:32 2005 => Scanning File C:\WINDOWS\system32\ADVAPI32.dll
Mon Aug 01 22:47:32 2005 => Scanning File C:\WINDOWS\system32\RPCRT4.dll
Mon Aug 01 22:47:32 2005 => Scanning File C:\WINDOWS\system32\Apphelp.dll
Mon Aug 01 22:47:33 2005 => Scanning File C:\WINDOWS\system32\VERSION.dll
Mon Aug 01 22:47:33 2005 => Scanning File C:\WINDOWS\SYSTEM32\WINLOGON.EXE
Mon Aug 01 22:47:33 2005 => Scanning File C:\WINDOWS\system32\AUTHZ.dll
Mon Aug 01 22:47:33 2005 => Scanning File C:\WINDOWS\system32\msvcrt.dll
Mon Aug 01 22:47:33 2005 => Scanning File C:\WINDOWS\system32\CRYPT32.dll
Mon Aug 01 22:47:33 2005 => Scanning File C:\WINDOWS\system32\MSASN1.dll
Mon Aug 01 22:47:33 2005 => Scanning File C:\WINDOWS\system32\NDdeApi.dll
Mon Aug 01 22:47:33 2005 => Scanning File C:\WINDOWS\system32\PROFMAP.dll
Mon Aug 01 22:47:33 2005 => Scanning File C:\WINDOWS\system32\NETAPI32.dll
Mon Aug 01 22:47:33 2005 => Scanning File C:\WINDOWS\system32\USERENV.dll
Mon Aug 01 22:47:33 2005 => Scanning File C:\WINDOWS\system32\PSAPI.DLL
Mon Aug 01 22:47:33 2005 => Scanning File C:\WINDOWS\system32\REGAPI.dll
Mon Aug 01 22:47:33 2005 => Scanning File C:\WINDOWS\system32\Secur32.dll
Mon Aug 01 22:47:33 2005 => Scanning File C:\WINDOWS\system32\SETUPAPI.dll
Mon Aug 01 22:47:33 2005 => Scanning File C:\WINDOWS\system32\WINSTA.dll
Mon Aug 01 22:47:34 2005 => Scanning File C:\WINDOWS\system32\WINTRUST.dll
Mon Aug 01 22:47:34 2005 => Scanning File C:\WINDOWS\system32\IMAGEHLP.dll
Mon Aug 01 22:47:34 2005 => Scanning File C:\WINDOWS\system32\WS2_32.dll
Mon Aug 01 22:47:34 2005 => Scanning File C:\WINDOWS\system32\WS2HELP.dll
Mon Aug 01 22:47:34 2005 => Scanning File C:\WINDOWS\system32\MSGINA.dll
Mon Aug 01 22:47:34 2005 => Scanning File C:\WINDOWS\system32\SHELL32.dll
Mon Aug 01 22:47:34 2005 => Scanning File C:\WINDOWS\system32\SHLWAPI.dll
Mon Aug 01 22:47:34 2005 => Scanning File C:\WINDOWS\system32\COMCTL32.dll
Mon Aug 01 22:47:34 2005 => Scanning File C:\WINDOWS\system32\ODBC32.dll
Mon Aug 01 22:47:34 2005 => Scanning File C:\WINDOWS\system32\comdlg32.dll
Mon Aug 01 22:47:34 2005 => Scanning File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
Mon Aug 01 22:47:35 2005 => Scanning File C:\WINDOWS\system32\odbcint.dll
Mon Aug 01 22:47:35 2005 => Scanning File C:\WINDOWS\system32\SHSVCS.dll
Mon Aug 01 22:47:35 2005 => Scanning File C:\WINDOWS\system32\sfc.dll
Mon Aug 01 22:47:35 2005 => Scanning File C:\WINDOWS\system32\sfc_os.dll
Mon Aug 01 22:47:35 2005 => Scanning File C:\WINDOWS\system32\ole32.dll
Mon Aug 01 22:47:35 2005 => Scanning File C:\WINDOWS\system32\WINSCARD.DLL
Mon Aug 01 22:47:35 2005 => Scanning File C:\WINDOWS\system32\WTSAPI32.dll
Mon Aug 01 22:47:35 2005 => Scanning File C:\WINDOWS\system32\uxtheme.dll
Mon Aug 01 22:47:35 2005 => Scanning File C:\WINDOWS\system32\WINMM.dll
Mon Aug 01 22:47:35 2005 => Scanning File C:\WINDOWS\System32\cscdll.dll
Mon Aug 01 22:47:35 2005 => Scanning File C:\WINDOWS\System32\WlNotify.dll
Mon Aug 01 22:47:35 2005 => Scanning File C:\WINDOWS\system32\WINSPOOL.DRV
Mon Aug 01 22:47:35 2005 => Scanning File C:\WINDOWS\system32\MPR.dll
Mon Aug 01 22:47:35 2005 => Scanning File C:\WINDOWS\system32\rsaenh.dll
Mon Aug 01 22:47:35 2005 => Scanning File C:\WINDOWS\system32\SAMLIB.dll
Mon Aug 01 22:47:36 2005 => Scanning File C:\WINDOWS\system32\msv1_0.dll
Mon Aug 01 22:47:36 2005 => Scanning File C:\WINDOWS\system32\iphlpapi.dll
Mon Aug 01 22:47:36 2005 => Scanning File C:\WINDOWS\system32\cscui.dll
Mon Aug 01 22:47:36 2005 => Scanning File C:\WINDOWS\system32\xpsp2res.dll
Mon Aug 01 22:47:37 2005 => Scanning File C:\WINDOWS\system32\NTMARTA.DLL
Mon Aug 01 22:47:37 2005 => Scanning File C:\WINDOWS\system32\WLDAP32.dll
Mon Aug 01 22:47:37 2005 => Scanning File C:\WINDOWS\system32\wdmaud.drv
Mon Aug 01 22:47:37 2005 => Scanning File C:\WINDOWS\system32\msacm32.drv
Mon Aug 01 22:47:37 2005 => Scanning File C:\WINDOWS\system32\MSACM32.dll
Mon Aug 01 22:47:37 2005 => Scanning File C:\WINDOWS\system32\midimap.dll
Mon Aug 01 22:47:37 2005 => Scanning File C:\WINDOWS\system32\COMRes.dll
Mon Aug 01 22:47:37 2005 => Scanning File C:\WINDOWS\system32\OLEAUT32.dll
Mon Aug 01 22:47:38 2005 => Scanning File C:\WINDOWS\system32\CLBCATQ.DLL
Mon Aug 01 22:47:38 2005 => Scanning File C:\WINDOWS\system32\services.exe
Mon Aug 01 22:47:38 2005 => Scanning File C:\WINDOWS\system32\SCESRV.dll
Mon Aug 01 22:47:38 2005 => Scanning File C:\WINDOWS\system32\umpnpmgr.dll
Mon Aug 01 22:47:38 2005 => Scanning File C:\WINDOWS\system32\NCObjAPI.DLL
Mon Aug 01 22:47:38 2005 => Scanning File C:\WINDOWS\system32\MSVCP60.dll
Mon Aug 01 22:47:38 2005 => Scanning File C:\WINDOWS\system32\ShimEng.dll
Mon Aug 01 22:47:38 2005 => Scanning File C:\WINDOWS\AppPatch\AcGenral.DLL
Mon Aug 01 22:47:38 2005 => Scanning File C:\WINDOWS\system32\eventlog.dll
Mon Aug 01 22:47:38 2005 => Scanning File C:\WINDOWS\system32\Cabinet.dll
Mon Aug 01 22:47:38 2005 => Scanning File C:\WINDOWS\system32\lsass.exe
Mon Aug 01 22:47:38 2005 => Scanning File C:\WINDOWS\system32\LSASRV.dll
Mon Aug 01 22:47:38 2005 => Scanning File C:\WINDOWS\system32\NTDSAPI.dll
Mon Aug 01 22:47:38 2005 => Scanning File C:\WINDOWS\system32\DNSAPI.dll
Mon Aug 01 22:47:38 2005 => Scanning File C:\WINDOWS\system32\SAMSRV.dll
Mon Aug 01 22:47:39 2005 => Scanning File C:\WINDOWS\system32\cryptdll.dll
Mon Aug 01 22:47:39 2005 => Scanning File C:\WINDOWS\system32\msprivs.dll
Mon Aug 01 22:47:39 2005 => Scanning File C:\WINDOWS\system32\kerberos.dll
Mon Aug 01 22:47:39 2005 => Scanning File C:\WINDOWS\system32\netlogon.dll
Mon Aug 01 22:47:39 2005 => Scanning File C:\WINDOWS\system32\w32time.dll
Mon Aug 01 22:47:39 2005 => Scanning File C:\WINDOWS\system32\schannel.dll
Mon Aug 01 22:47:39 2005 => Scanning File C:\WINDOWS\system32\wdigest.dll
Mon Aug 01 22:47:39 2005 => Scanning File C:\WINDOWS\system32\scecli.dll
Mon Aug 01 22:47:39 2005 => Scanning File C:\WINDOWS\system32\pstorsvc.dll
Mon Aug 01 22:47:39 2005 => Scanning File C:\WINDOWS\system32\psbase.dll
Mon Aug 01 22:47:39 2005 => Scanning File C:\WINDOWS\system32\mclsp.dll
Mon Aug 01 22:47:39 2005 => Scanning File C:\WINDOWS\system32\SPORDER.dll
Mon Aug 01 22:47:39 2005 => Scanning File C:\WINDOWS\system32\mclsphlr\gdlsphlr.dll
Mon Aug 01 22:47:39 2005 => Scanning File C:\WINDOWS\system32\McRtl32.dll
Mon Aug 01 22:47:39 2005 => Scanning File C:\WINDOWS\system32\mswsock.dll
Mon Aug 01 22:47:39 2005 => Scanning File C:\WINDOWS\system32\hnetcfg.dll
Mon Aug 01 22:47:39 2005 => Scanning File C:\WINDOWS\System32\wshtcpip.dll
Mon Aug 01 22:47:39 2005 => Scanning File C:\WINDOWS\system32\dssenh.dll
Mon Aug 01 22:47:39 2005 => Scanning File C:\WINDOWS\system32\svchost.exe
Mon Aug 01 22:47:40 2005 => Scanning File c:\windows\system32\rpcss.dll
Mon Aug 01 22:47:40 2005 => Scanning File C:\WINDOWS\system32\msi.dll
Mon Aug 01 22:47:40 2005 => Scanning File c:\windows\system32\termsrv.dll
Mon Aug 01 22:47:40 2005 => Scanning File c:\windows\system32\ICAAPI.dll
Mon Aug 01 22:47:40 2005 => Scanning File c:\windows\system32\mstlsapi.dll
Mon Aug 01 22:47:40 2005 => Scanning File c:\windows\system32\ACTIVEDS.dll
Mon Aug 01 22:47:40 2005 => Scanning File c:\windows\system32\adsldpc.dll
Mon Aug 01 22:47:40 2005 => Scanning File c:\windows\system32\ATL.DLL
Mon Aug 01 22:47:40 2005 => Scanning File C:\WINDOWS\System32\winrnr.dll
Mon Aug 01 22:47:40 2005 => Scanning File C:\WINDOWS\system32\rasadhlp.dll
Mon Aug 01 22:47:40 2005 => Scanning File c:\windows\system32\dhcpcsvc.dll
Mon Aug 01 22:47:40 2005 => Scanning File c:\windows\system32\wzcsvc.dll
Mon Aug 01 22:47:40 2005 => Scanning File c:\windows\system32\rtutils.dll
Mon Aug 01 22:47:40 2005 => Scanning File c:\windows\system32\WMI.dll
Mon Aug 01 22:47:40 2005 => Scanning File c:\windows\system32\ESENT.dll
Mon Aug 01 22:47:40 2005 => Scanning File C:\WINDOWS\System32\rastls.dll
Mon Aug 01 22:47:40 2005 => Scanning File C:\WINDOWS\system32\CRYPTUI.dll
Mon Aug 01 22:47:40 2005 => Scanning File C:\WINDOWS\system32\WININET.dll
Mon Aug 01 22:47:40 2005 => Scanning File C:\WINDOWS\System32\MPRAPI.dll
Mon Aug 01 22:47:40 2005 => Scanning File C:\WINDOWS\System32\RASAPI32.dll
Mon Aug 01 22:47:41 2005 => Scanning File C:\WINDOWS\System32\rasman.dll
Mon Aug 01 22:47:41 2005 => Scanning File C:\WINDOWS\System32\TAPI32.dll
Mon Aug 01 22:47:41 2005 => Scanning File C:\WINDOWS\System32\raschap.dll
Mon Aug 01 22:47:41 2005 => Scanning File c:\windows\system32\schedsvc.dll
Mon Aug 01 22:47:41 2005 => Scanning File C:\WINDOWS\System32\MSIDLE.DLL
Mon Aug 01 22:47:41 2005 => Scanning File c:\windows\system32\audiosrv.dll
Mon Aug 01 22:47:41 2005 => Scanning File c:\windows\system32\wkssvc.dll
Mon Aug 01 22:47:41 2005 => Scanning File c:\windows\system32\qmgr.dll
Mon Aug 01 22:47:41 2005 => Scanning File c:\windows\system32\SHFOLDER.dll
Mon Aug 01 22:47:41 2005 => Scanning File c:\windows\system32\WINHTTP.dll
Mon Aug 01 22:47:41 2005 => Scanning File c:\windows\system32\cryptsvc.dll
Mon Aug 01 22:47:41 2005 => Scanning File c:\windows\system32\certcli.dll
Mon Aug 01 22:47:41 2005 => Scanning File c:\windows\system32\ersvc.dll
Mon Aug 01 22:47:41 2005 => Scanning File c:\windows\system32\es.dll
Mon Aug 01 22:47:41 2005 => Scanning File c:\windows\system32\srvsvc.dll
Mon Aug 01 22:47:41 2005 => Scanning File c:\windows\pchealth\helpctr\binaries\pchsvc.dll
Mon Aug 01 22:47:41 2005 => Scanning File c:\windows\system32\netman.dll
Mon Aug 01 22:47:41 2005 => Scanning File c:\windows\system32\netshell.dll
Mon Aug 01 22:47:41 2005 => Scanning File c:\windows\system32\credui.dll
Mon Aug 01 22:47:42 2005 => Scanning File c:\windows\system32\WZCSAPI.DLL
Mon Aug 01 22:47:42 2005 => Scanning File c:\windows\system32\wuauserv.dll
Mon Aug 01 22:47:42 2005 => Scanning File C:\WINDOWS\system32\wuaueng.dll
Mon Aug 01 22:47:42 2005 => Scanning File C:\WINDOWS\System32\ADVPACK.dll
Mon Aug 01 22:47:42 2005 => Scanning File C:\WINDOWS\System32\mspatcha.dll
Mon Aug 01 22:47:42 2005 => Scanning File c:\windows\system32\wbem\wmisvc.dll
Mon Aug 01 22:47:42 2005 => Scanning File C:\WINDOWS\system32\VSSAPI.DLL
Mon Aug 01 22:47:42 2005 => Scanning File c:\windows\system32\trkwks.dll
Mon Aug 01 22:47:42 2005 => Scanning File c:\windows\system32\tapisrv.dll
Mon Aug 01 22:47:42 2005 => Scanning File c:\windows\system32\srsvc.dll
Mon Aug 01 22:47:42 2005 => Scanning File c:\windows\system32\POWRPROF.dll
Mon Aug 01 22:47:42 2005 => Scanning File c:\windows\system32\sens.dll
Mon Aug 01 22:47:42 2005 => Scanning File c:\windows\system32\seclogon.dll
Mon Aug 01 22:47:42 2005 => Scanning File c:\windows\system32\wscsvc.dll
Mon Aug 01 22:47:42 2005 => Scanning File c:\windows\system32\ipnathlp.dll
Mon Aug 01 22:47:42 2005 => Scanning File C:\WINDOWS\System32\wbem\wbemcomn.dll
Mon Aug 01 22:47:42 2005 => Scanning File c:\windows\system32\browser.dll
Mon Aug 01 22:47:42 2005 => Scanning File c:\windows\system32\rasmans.dll
Mon Aug 01 22:47:43 2005 => Scanning File c:\windows\system32\WINIPSEC.DLL
Mon Aug 01 22:47:43 2005 => Scanning File c:\windows\system32\netcfgx.dll
Mon Aug 01 22:47:43 2005 => Scanning File c:\windows\system32\CLUSAPI.dll
Mon Aug 01 22:47:43 2005 => Scanning File C:\WINDOWS\system32\comsvcs.dll
Mon Aug 01 22:47:43 2005 => Scanning File C:\WINDOWS\system32\MTXCLU.DLL
Mon Aug 01 22:47:43 2005 => Scanning File C:\WINDOWS\system32\WSOCK32.dll
Mon Aug 01 22:47:43 2005 => Scanning File C:\WINDOWS\system32\colbact.DLL