17 dec 2010 23:06:48 - ********************************************************** 17 dec 2010 23:06:48 - eScan AntiVirus & Spyware Toolkit Utility. 17 dec 2010 23:06:48 - Copyright © MicroWorld Technologies 17 dec 2010 23:06:48 - ********************************************************** 17 dec 2010 23:06:48 - Source: C:\Users\Brian\Desktop\mwav.exe 17 dec 2010 23:06:48 - Version 12.0.64 (C:\USERS\BRIAN\APPDATA\LOCAL\TEMP\MEXE.COM) 17 dec 2010 23:06:48 - Log File: C:\Users\Brian\AppData\Local\Temp\MWAV.LOG 17 dec 2010 23:06:48 - Last Scan Date and Time: 12.12.2010 22:02:23 17 dec 2010 23:06:48 - MWAV Registered: TRUE 17 dec 2010 23:06:48 - User Account: Brian (Administrator Mode) 17 dec 2010 23:06:48 - OS Type: Windows Workstation 17 dec 2010 23:06:48 - OS: Windows Vista [OS Install Date: 20 Oct 2010 20:20:00] 17 dec 2010 23:06:48 - Ver: Personal Service Pack 2 (Build 6002) 17 dec 2010 23:06:48 - System Up Time: 2 Hours, 29 Minutes, 55 Seconds 17 dec 2010 23:06:48 - Parent Process Name : C:\Users\Brian\Desktop\mwav.exe 17 dec 2010 23:06:48 - Windows Root Folder: C:\Windows 17 dec 2010 23:06:48 - Windows Sys32 Folder: C:\Windows\system32 17 dec 2010 23:06:48 - DHCP NameServer: 10.0.0.1 17 dec 2010 23:06:48 - Interface0 NameServer: 10.0.0.1 17 dec 2010 23:06:48 - Interface0 DHCPNameServer: 10.0.0.1 17 dec 2010 23:06:48 - Local Fixed Drives: c:\,e:\ 17 dec 2010 23:06:48 - MWAV Mode: Scan and Clean files (for viruses, adware and spyware) 17 dec 2010 23:06:48 - [CREATED ZIP FILE: C:\Users\Brian\AppData\Local\Temp\pinfect.zip] 17 dec 2010 23:06:48 - ****** Files/Folders created/modified during last fortnight in Windows and ROOT Folder ****** 17 dec 2010 23:06:49 - C:\Windows\WRUninstall.dll (253440), 12-Dec-2010, Webroot Software, Inc 17 dec 2010 23:06:49 - C:\Windows\system32\atmfd.dll (292352), 15-Dec-2010, Adobe Systems Incorporated, Adobe Type Manager 17 dec 2010 23:06:49 - C:\Windows\system32\atmlib.dll (34304), 15-Dec-2010, Adobe Systems, Adobe Type Manager 17 dec 2010 23:06:49 - C:\Windows\system32\BtwRSupport.dll (229376), 13-Dec-2010, Broadcom Corporation., Bluetooth Software 17 dec 2010 23:06:49 - C:\Windows\system32\consent.exe (81920), 15-Dec-2010, Microsoft Corporation, Besturingssysteem Microsoft® Windows® 17 dec 2010 23:06:49 - C:\Windows\system32\fontsub.dll (72704), 15-Dec-2010, Microsoft Corporation, Microsoft® Windows® Operating System 17 dec 2010 23:06:49 - C:\Windows\system32\ie4uinit.exe (173568), 15-Dec-2010, Microsoft Corporation, Windows® Internet Explorer 17 dec 2010 23:06:49 - C:\Windows\system32\iedkcs32.dll (387584), 15-Dec-2010, Microsoft Corporation, Windows® Internet Explorer 17 dec 2010 23:06:49 - C:\Windows\system32\ieframe.dll (11080704), 15-Dec-2010, Microsoft Corporation, Windows® Internet Explorer 17 dec 2010 23:06:49 - C:\Windows\system32\iepeers.dll (184320), 15-Dec-2010, Microsoft Corporation, Windows® Internet Explorer 17 dec 2010 23:06:49 - C:\Windows\system32\iernonce.dll (55808), 15-Dec-2010, Microsoft Corporation, Windows® Internet Explorer 17 dec 2010 23:06:49 - C:\Windows\system32\iertutil.dll (1991680), 15-Dec-2010, Microsoft Corporation, Windows® Internet Explorer 17 dec 2010 23:06:49 - C:\Windows\system32\iesetup.dll (71680), 15-Dec-2010, Microsoft Corporation, Windows® Internet Explorer 17 dec 2010 23:06:49 - C:\Windows\system32\iesysprep.dll (109056), 15-Dec-2010, Microsoft Corporation, Windows® Internet Explorer 17 dec 2010 23:06:49 - C:\Windows\system32\ieui.dll (164352), 15-Dec-2010, Microsoft Corporation, Windows® Internet Explorer 17 dec 2010 23:06:49 - C:\Windows\system32\ieUnatt.exe (133632), 15-Dec-2010, Microsoft Corporation, Windows® Internet Explorer 17 dec 2010 23:06:49 - C:\Windows\system32\inetcpl.cpl (1469440), 15-Dec-2010, Microsoft Corporation, Windows® Internet Explorer 17 dec 2010 23:06:49 - C:\Windows\system32\jsproxy.dll (25600), 15-Dec-2010, Microsoft Corporation, Windows® Internet Explorer 17 dec 2010 23:06:49 - C:\Windows\system32\licmgr10.dll (43520), 15-Dec-2010, Microsoft Corporation, Windows® Internet Explorer 17 dec 2010 23:06:49 - C:\Windows\system32\mrt.exe (37366216), 15-Dec-2010, Microsoft Corporation, Microsoft Windows Hulpprogramma voor verwijderen van schadelijke software 17 dec 2010 23:06:49 - C:\Windows\system32\msfeeds.dll (602112), 15-Dec-2010, Microsoft Corporation, Windows® Internet Explorer 17 dec 2010 23:06:49 - C:\Windows\system32\msfeedsbs.dll (55296), 15-Dec-2010, Microsoft Corporation, Windows® Internet Explorer 17 dec 2010 23:06:49 - C:\Windows\system32\msfeedssync.exe (13312), 15-Dec-2010, Microsoft Corporation, Windows® Internet Explorer 17 dec 2010 23:06:49 - C:\Windows\system32\mshtml.dll (5959168), 15-Dec-2010, Microsoft Corporation, Windows® Internet Explorer 17 dec 2010 23:06:49 - C:\Windows\system32\mshtmled.dll (66560), 15-Dec-2010, Microsoft Corporation, Windows® Internet Explorer 17 dec 2010 23:06:49 - C:\Windows\system32\msshsq.dll (231424), 15-Dec-2010, Microsoft Corporation, Windows® Search 17 dec 2010 23:06:49 - C:\Windows\system32\mstime.dll (611840), 15-Dec-2010, Microsoft Corporation, Windows® Internet Explorer 17 dec 2010 23:06:49 - C:\Windows\system32\msxml6.dll (1401856), 13-Dec-2010, Microsoft Corporation, Microsoft(R) MSXML 6.0 SP2 17 dec 2010 23:06:51 - C:\Windows\system32\NTIBUN5.dll (1024), 08-May-2008 [HR] [Added C:\Windows\system32\NTIBUN5.dll to ZIP FILE] 17 dec 2010 23:06:51 - C:\Windows\system32\NTIOFM4.dll (1024), 08-May-2008 [HR] [Added C:\Windows\system32\NTIOFM4.dll to ZIP FILE] 17 dec 2010 23:06:51 - C:\Windows\system32\occache.dll (206848), 15-Dec-2010, Microsoft Corporation, Windows® Internet Explorer 17 dec 2010 23:06:51 - C:\Windows\system32\schedsvc.dll (601600), 15-Dec-2010, Microsoft Corporation, Besturingssysteem Microsoft® Windows® 17 dec 2010 23:06:51 - C:\Windows\system32\taskcomp.dll (270336), 15-Dec-2010, Microsoft Corporation, Besturingssysteem Microsoft® Windows® 17 dec 2010 23:06:51 - C:\Windows\system32\taskeng.exe (171520), 15-Dec-2010, Microsoft Corporation, Besturingssysteem Microsoft® Windows® 17 dec 2010 23:06:51 - C:\Windows\system32\taskschd.dll (352768), 15-Dec-2010, Microsoft Corporation, Besturingssysteem Microsoft® Windows® 17 dec 2010 23:06:51 - C:\Windows\system32\tzres.dll (2048), 15-Dec-2010, Microsoft Corporation, Besturingssysteem Microsoft® Windows® 17 dec 2010 23:06:51 - C:\Windows\system32\urlmon.dll (1210880), 15-Dec-2010, Microsoft Corporation, Windows® Internet Explorer 17 dec 2010 23:06:51 - C:\Windows\system32\win32k.sys (2038272), 15-Dec-2010, Microsoft Corporation, Besturingssysteem Microsoft® Windows® 17 dec 2010 23:06:51 - C:\Windows\system32\wininet.dll (916480), 15-Dec-2010, Microsoft Corporation, Windows® Internet Explorer 17 dec 2010 23:06:51 - C:\Windows\system32\wmicmiplugin.dll (345600), 15-Dec-2010, Microsoft Corporation, Microsoft® Windows® Operating System 17 dec 2010 23:06:51 - C:\Windows\system32\drivers\btwaudio.sys (79664), 13-Dec-2010, Broadcom Corporation., Bluetooth Software 17 dec 2010 23:06:51 - C:\Windows\system32\drivers\btwavdt.sys (81200), 13-Dec-2010, Broadcom Corporation., Bluetooth Software 17 dec 2010 23:06:51 - C:\Windows\system32\drivers\btwrchid.sys (16432), 13-Dec-2010, Broadcom Corporation., Bluetooth Software 17 dec 2010 23:06:51 - C:\Windows\system32\drivers\sskbfd.sys (14848), 12-Dec-2010, Webroot Software Inc (www.webroot.com), Spy Sweeper SDK 17 dec 2010 23:06:51 - C:\Users\Brian\AppData\Local\Temp\6C3.tmp (311248), 15-Dec-2010, Adobe Systems, Inc., Flash Player Helper 17 dec 2010 23:06:51 - C:\Users\Brian\AppData\Local\Temp\bdc.exe (91904), 17-Dec-2010, MicroWorld Tech, eScan 17 dec 2010 23:06:51 - C:\Users\Brian\AppData\Local\Temp\bdfltlib2k.dll (231944), 17-Dec-2010, MicroWorld Technologies Inc., eScan for Windows 17 dec 2010 23:06:51 - C:\Users\Brian\AppData\Local\Temp\clean.bat (11), 17-Dec-2010 [Added C:\Users\Brian\AppData\Local\Temp\clean.bat to ZIP FILE] 17 dec 2010 23:06:51 - C:\Users\Brian\AppData\Local\Temp\encdec.dll (163336), 17-Dec-2010, MicroWorld Technologies Inc., eScan/MailScan/eConceal 17 dec 2010 23:06:51 - C:\Users\Brian\AppData\Local\Temp\erootdrv.sys (13832), 17-Dec-2010, MicroWorld Technologies Inc., eScan/MWAV 17 dec 2010 23:06:51 - C:\Users\Brian\AppData\Local\Temp\mexe.com (2509384), 17-Dec-2010, MicroWorld Technologies Inc., MicroWorld AntiVirus Toolkit Utility (MWAV) 17 dec 2010 23:06:51 - C:\Users\Brian\AppData\Local\Temp\msvclnt.dll (240136), 17-Dec-2010, MicroWorld Technologies Inc., MailScan 17 dec 2010 23:06:51 - C:\Users\Brian\AppData\Local\Temp\mwavdwnl.exe (787976), 17-Dec-2010, MicroWorld Technologies Inc., eScan 17 dec 2010 23:06:51 - C:\Users\Brian\AppData\Local\Temp\MWAVSCAN.COM (2509384), 17-Dec-2010, MicroWorld Technologies Inc., MicroWorld AntiVirus Toolkit Utility (MWAV) 17 dec 2010 23:06:51 - C:\Users\Brian\AppData\Local\Temp\red32.dll (10248), 17-Dec-2010, Microsoft Corporation, Microsoft® Windows® Operating System 17 dec 2010 23:06:51 - C:\Users\Brian\AppData\Local\Temp\reload.exe (158728), 17-Dec-2010, MicroWorld Technologies Inc., eScan for Windows 17 dec 2010 23:06:51 - C:\Users\Brian\AppData\Local\Temp\setpriv.exe (65544), 17-Dec-2010, MicroWorld Technologies Inc., eScan AntiVirus Toolkit Utility 17 dec 2010 23:06:51 - C:\Users\Brian\AppData\Local\Temp\TFR36F.tmp (28670), 15-Dec-2010 [Added C:\Users\Brian\AppData\Local\Temp\TFR36F.tmp to ZIP FILE] 17 dec 2010 23:06:51 - C:\Users\Brian\AppData\Local\Temp\TFR535F.tmp (28670), 17-Dec-2010 [Added C:\Users\Brian\AppData\Local\Temp\TFR535F.tmp to ZIP FILE] 17 dec 2010 23:06:51 - C:\Users\Brian\AppData\Local\Temp\TFR6219.tmp (145710), 14-Dec-2010 [Added C:\Users\Brian\AppData\Local\Temp\TFR6219.tmp to ZIP FILE] 17 dec 2010 23:06:51 - C:\Users\Brian\AppData\Local\Temp\TFR97C.tmp (28670), 15-Dec-2010 [Added C:\Users\Brian\AppData\Local\Temp\TFR97C.tmp to ZIP FILE] 17 dec 2010 23:06:51 - C:\Users\Brian\AppData\Local\Temp\TFR9BE3.tmp (28670), 14-Dec-2010 [Added C:\Users\Brian\AppData\Local\Temp\TFR9BE3.tmp to ZIP FILE] 17 dec 2010 23:06:51 - C:\Users\Brian\AppData\Local\Temp\TFR9E18.tmp (28670), 15-Dec-2010 [Added C:\Users\Brian\AppData\Local\Temp\TFR9E18.tmp to ZIP FILE] 17 dec 2010 23:06:51 - C:\Users\Brian\AppData\Local\Temp\TFRB1D.tmp (28670), 17-Dec-2010 [Added C:\Users\Brian\AppData\Local\Temp\TFRB1D.tmp to ZIP FILE] 17 dec 2010 23:06:51 - C:\Users\Brian\AppData\Local\Temp\TFRB9C9.tmp (145710), 14-Dec-2010 [Added C:\Users\Brian\AppData\Local\Temp\TFRB9C9.tmp to ZIP FILE] 17 dec 2010 23:06:51 - C:\Users\Brian\AppData\Local\Temp\TFRBEF6.tmp (28670), 15-Dec-2010 [Added C:\Users\Brian\AppData\Local\Temp\TFRBEF6.tmp to ZIP FILE] 17 dec 2010 23:06:52 - C:\Users\Brian\AppData\Local\Temp\TFRC192.tmp (92801), 17-Dec-2010 [Added C:\Users\Brian\AppData\Local\Temp\TFRC192.tmp to ZIP FILE] 17 dec 2010 23:06:52 - C:\Users\Brian\AppData\Local\Temp\TFRC295.tmp (28670), 14-Dec-2010 [Added C:\Users\Brian\AppData\Local\Temp\TFRC295.tmp to ZIP FILE] 17 dec 2010 23:06:52 - C:\Users\Brian\AppData\Local\Temp\TFRC577.tmp (92801), 14-Dec-2010 [Added C:\Users\Brian\AppData\Local\Temp\TFRC577.tmp to ZIP FILE] 17 dec 2010 23:06:52 - C:\Users\Brian\AppData\Local\Temp\TFRCFC.tmp (28670), 15-Dec-2010 [Added C:\Users\Brian\AppData\Local\Temp\TFRCFC.tmp to ZIP FILE] 17 dec 2010 23:06:52 - C:\Users\Brian\AppData\Local\Temp\TFRD0B8.tmp (28670), 17-Dec-2010 [Added C:\Users\Brian\AppData\Local\Temp\TFRD0B8.tmp to ZIP FILE] 17 dec 2010 23:06:52 - C:\Users\Brian\AppData\Local\Temp\TFRE3CF.tmp (28670), 14-Dec-2010 [Added C:\Users\Brian\AppData\Local\Temp\TFRE3CF.tmp to ZIP FILE] 17 dec 2010 23:06:52 - C:\Users\Brian\AppData\Local\Temp\unregx.exe (76808), 17-Dec-2010, MicroWorld Technologies Inc., MicroWorld AntiVirus Toolkit Utility 17 dec 2010 23:06:52 - C:\Users\Brian\AppData\Local\Temp\ViewTCP.exe (1680904), 17-Dec-2010, MicroWorld Technologies Inc., ViewTCP 17 dec 2010 23:06:52 - C:\Users\Brian\AppData\Local\Temp\~DF2BD4.tmp (16384), 15-Dec-2010 [Added C:\Users\Brian\AppData\Local\Temp\~DF2BD4.tmp to ZIP FILE] 17 dec 2010 23:06:52 - C:\Windows\Fonts, 02-Nov-2006 [SR] [Folder] 17 dec 2010 23:06:52 - C:\Windows\Media, 02-Nov-2006 [SR] [Folder] 17 dec 2010 23:06:52 - C:\Windows\Minidump, 14-Dec-2010 [Folder] 17 dec 2010 23:06:52 - C:\Windows\system32\CanonIJ Uninstaller Information, 20-Oct-2010 [H] [Folder] 17 dec 2010 23:06:52 - C:\Windows\system32\es-AR, 13-Dec-2010 [Folder] 17 dec 2010 23:06:52 - C:\Windows\system32\es-MX, 13-Dec-2010 [Folder] 17 dec 2010 23:06:52 - C:\Windows\system32\Microsoft, 02-Nov-2006 [S] [Folder] 17 dec 2010 23:06:52 - C:\Documents and Settings, 02-Nov-2006 [HS] [Folder] 17 dec 2010 23:06:52 - C:\download, 13-Dec-2010 [Folder] 17 dec 2010 23:06:52 - C:\Users\Brian\AppData\Local\Temp\e4jCE39.tmp_dir20964, 17-Dec-2010 [Folder] 17 dec 2010 23:06:52 - C:\Users\Brian\AppData\Local\Temp\e4jD133.tmp_dir7714, 15-Dec-2010 [Folder] 17 dec 2010 23:06:52 - C:\Users\Brian\AppData\Local\Temp\eDatasecurity, 17-Dec-2010 [Folder] 17 dec 2010 23:06:52 - C:\Users\Brian\AppData\Local\Temp\hsperfdata_Brian, 12-Dec-2010 [Folder] 17 dec 2010 23:06:52 - C:\Users\Brian\AppData\Local\Temp\Low, 12-Dec-2010 [Folder] 17 dec 2010 23:06:52 - C:\Users\Brian\AppData\Local\Temp\MessengerCache, 12-Dec-2010 [Folder] 17 dec 2010 23:06:52 - C:\Users\Brian\AppData\Local\Temp\MsgrTemp, 15-Dec-2010 [Folder] 17 dec 2010 23:06:52 - C:\Users\Brian\AppData\Local\Temp\plugins, 17-Dec-2010 [Folder] 17 dec 2010 23:06:52 - C:\Users\Brian\AppData\Local\Temp\swtlib-32, 12-Dec-2010 [Folder] 17 dec 2010 23:06:52 - C:\Users\Brian\AppData\Local\Temp\WPDNSE, 17-Dec-2010 [Folder] 17 dec 2010 23:06:52 - C:\Users\Brian\AppData\Local\Temp\_avast5_, 17-Dec-2010 [Folder] 17 dec 2010 23:06:52 - C:\Users\Brian\AppData\Local\Temp\{37B60A8F-CD5B-466D-91CF-468109559BCA}, 17-Dec-2010 [Folder] 17 dec 2010 23:06:52 - C:\Users\Brian\AppData\Local\Temp\{E0E64BDA-236A-4443-B853-8F774C2C051A}, 17-Dec-2010 [Folder] 17 dec 2010 23:06:52 - C:\Users\Brian\AppData\Roaming\Agics, 04-Dec-2010 [Folder] 17 dec 2010 23:06:52 - C:\Users\Brian\AppData\Roaming\Microsoft, 20-Oct-2010 [S] [Folder] 17 dec 2010 23:06:52 - C:\Users\Brian\AppData\Roaming\Skype, 03-Dec-2010 [Folder] 17 dec 2010 23:06:52 - C:\Users\Brian\AppData\Roaming\skypePM, 03-Dec-2010 [Folder] 17 dec 2010 23:06:52 - C:\Users\Brian\AppData\Roaming\Template, 06-Dec-2010 [Folder] 17 dec 2010 23:06:52 - C:\ProgramData\Application Data, 02-Nov-2006 [HS] [Folder] 17 dec 2010 23:06:52 - C:\ProgramData\Bureaublad, 20-Oct-2010 [HS] [Folder] 17 dec 2010 23:06:52 - C:\ProgramData\CanonBJ, 20-Oct-2010 [H] [Folder] 17 dec 2010 23:06:52 - C:\ProgramData\Comodo, 10-Dec-2010 [Folder] 17 dec 2010 23:06:52 - C:\ProgramData\Desktop, 02-Nov-2006 [HS] [Folder] 17 dec 2010 23:06:52 - C:\ProgramData\Documenten, 20-Oct-2010 [HS] [Folder] 17 dec 2010 23:06:52 - C:\ProgramData\Documents, 02-Nov-2006 [HS] [Folder] 17 dec 2010 23:06:52 - C:\ProgramData\Favorieten, 20-Oct-2010 [HS] [Folder] 17 dec 2010 23:06:52 - C:\ProgramData\Menu Start, 20-Oct-2010 [HS] [Folder] 17 dec 2010 23:06:52 - C:\ProgramData\Microsoft, 02-Nov-2006 [S] [Folder] 17 dec 2010 23:06:52 - C:\ProgramData\Sjablonen, 20-Oct-2010 [HS] [Folder] 17 dec 2010 23:06:52 - C:\ProgramData\Skype, 03-Dec-2010 [Folder] 17 dec 2010 23:06:52 - C:\ProgramData\Start Menu, 02-Nov-2006 [HS] [Folder] 17 dec 2010 23:06:52 - C:\ProgramData\Templates, 02-Nov-2006 [HS] [Folder] 17 dec 2010 23:06:52 - C:\ProgramData\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}, 20-Oct-2010 [H] [Folder] 17 dec 2010 23:06:52 - C:\ProgramData\..\Documents and Settings, 02-Nov-2006 [HS] [Folder] 17 dec 2010 23:06:52 - C:\ProgramData\..\download, 13-Dec-2010 [Folder] 17 dec 2010 23:06:52 - C:\Program Files\CanonBJ, 20-Oct-2010 [H] [Folder] 17 dec 2010 23:06:52 - C:\Program Files\MSSOAP, 12-Dec-2010 [Folder] 17 dec 2010 23:06:52 - C:\Program Files\Webroot, 12-Dec-2010 [Folder] 17 dec 2010 23:06:52 - C:\Program Files\Common Files\MSSoap, 12-Dec-2010 [Folder] 17 dec 2010 23:06:52 - C:\Program Files\Common Files\Skype, 03-Dec-2010 [Folder] 17 dec 2010 23:06:52 - ********************************************************************************************* 17 dec 2010 23:06:52 - Latest Date of files inside MWAV: Tue Sep 7 10:52:44 2010. 17 dec 2010 23:06:52 - Plugins FileCount: 783 Sign Version: 7.33782 17 dec 2010 23:06:54 - Loading/Creating FileScan Database C:\ProgramData\MicroWorld\MWAV\ESCANDBX.MDB [Log: C:\Users\Brian\AppData\Local\Temp\ESCANDB.LOG] 17 dec 2010 23:06:55 - Loaded/Created FileScan Database... 17 dec 2010 23:06:55 - Loading AV Library [DB]... 17 dec 2010 23:07:11 - AV Library Loaded [DB-DIRECT]. 17 dec 2010 23:07:11 - MWAV doing self scanning... 17 dec 2010 23:07:11 - MWAV files are clean. 17 dec 2010 23:07:12 - Virus Database Date: 07 Sep 2010 17 dec 2010 23:07:12 - Virus Database Count: 6322680 17 dec 2010 23:07:17 - ********************************************************** 17 dec 2010 23:07:17 - eScan AntiVirus & Spyware Toolkit Utility. 17 dec 2010 23:07:17 - Copyright © MicroWorld Technologies 17 dec 2010 23:07:17 - 17 dec 2010 23:07:17 - Support: support@escanav.com 17 dec 2010 23:07:17 - Web: www.virusec.com 17 dec 2010 23:07:17 - ********************************************************** 17 dec 2010 23:07:17 - Version 12.0.64[DB] (C:\USERS\BRIAN\APPDATA\LOCAL\TEMP\MEXE.COM) 17 dec 2010 23:07:17 - Log File: C:\Users\Brian\AppData\Local\Temp\MWAV.LOG 17 dec 2010 23:07:17 - User Account: Brian (Administrator Mode) 17 dec 2010 23:07:17 - Parent Process Name : C:\Users\Brian\Desktop\mwav.exe 17 dec 2010 23:07:17 - Windows Root Folder: C:\Windows 17 dec 2010 23:07:17 - Windows Sys32 Folder: C:\Windows\system32 17 dec 2010 23:07:17 - OS: Windows Vista [OS Install Date: 20 Oct 2010 20:20:00] 17 dec 2010 23:07:17 - Ver: Personal Service Pack 2 (Build 6002) 17 dec 2010 23:07:17 - Latest Date of files inside MWAV: Tue Sep 7 10:52:44 2010. 17 dec 2010 23:07:17 - Plugins FileCount: 783 Sign Version: 7.33782 17 dec 2010 23:07:17 - Options Selected by User: 17 dec 2010 23:07:17 - Memory Check: Enabled 17 dec 2010 23:07:17 - Registry Check: Enabled 17 dec 2010 23:07:17 - StartUp Folder Check: Enabled 17 dec 2010 23:07:17 - System Folder Check: Enabled 17 dec 2010 23:07:17 - Services Check: Enabled 17 dec 2010 23:07:17 - Scan Spyware: Disabled 17 dec 2010 23:07:17 - Drive Check Option Disabled 17 dec 2010 23:07:17 - Folder Check: Enabled 17 dec 2010 23:07:17 - Folder Selected = E:\ 17 dec 2010 23:07:17 - SCAN: All_Files 17 dec 2010 23:07:17 - MWAV Mode: Scan and Clean files (for viruses, adware and spyware) 17 dec 2010 23:07:20 - ***** Scanning Memory Files ***** 17 dec 2010 23:07:25 - Please Wait Exiting Application... 17 dec 2010 23:07:25 - ***** Scanning complete. ***** 17 dec 2010 23:07:25 - Total Objects Scanned: 384 17 dec 2010 23:07:25 - Total Critical Objects: 0 17 dec 2010 23:07:25 - Total Disinfected Objects: 0 17 dec 2010 23:07:25 - Total Objects Renamed: 0 17 dec 2010 23:07:25 - Total Deleted Objects: 0 17 dec 2010 23:07:25 - Total Errors: 0 17 dec 2010 23:07:25 - Time Elapsed: 00:00:07 17 dec 2010 23:07:25 - Virus Database Date: 07 Sep 2010 17 dec 2010 23:07:25 - Virus Database Count: 6322680 17 dec 2010 23:07:25 - Scan Completed. 17 dec 2010 23:07:27 - Virus Database Date: 07 Sep 2010 17 dec 2010 23:07:27 - Virus Database Count: 6322680 17 dec 2010 23:07:46 - Options Selected by User: 17 dec 2010 23:07:46 - Memory Check: Enabled 17 dec 2010 23:07:46 - Registry Check: Enabled 17 dec 2010 23:07:46 - StartUp Folder Check: Enabled 17 dec 2010 23:07:46 - System Folder Check: Enabled 17 dec 2010 23:07:46 - Services Check: Enabled 17 dec 2010 23:07:46 - Scan Spyware: Enabled 17 dec 2010 23:07:46 - Drive Check: Enabled 17 dec 2010 23:07:46 - All Drive Check :Disabled 17 dec 2010 23:07:46 - Drive Selected = C:\ 17 dec 2010 23:07:46 - Folder Check: Enabled 17 dec 2010 23:07:46 - Folder Selected = E:\ 17 dec 2010 23:07:46 - SCAN: All_Files 17 dec 2010 23:07:46 - MWAV Mode: Scan and Clean files (for viruses, adware and spyware) 17 dec 2010 23:07:47 - ***** Scanning Memory Files ***** 17 dec 2010 23:07:52 - ***** Scanning Registry Files ***** 17 dec 2010 23:07:55 - ERROR!!! Invalid Entry AppInit_DLLs =  (in key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows). Action Taken: No Action Taken. 17 dec 2010 23:07:55 - ERROR(3)!!! Invalid Entry Run = Canon MP210 series Printer,winspool,Ne01: (in key HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows). Action Taken: Removing it. 17 dec 2010 23:07:55 - ERROR(3)!!! Invalid Entry Load = Canon MP210 series Printer,winspool,Ne01: (in key HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows). Action Taken: Removing it. 17 dec 2010 23:07:56 - ***** Scanning StartUp Folders ***** 17 dec 2010 23:07:56 - ***** Scanning Service Files ***** 17 dec 2010 23:08:00 - ***** Scanning Registry and File system for Adware/Spyware ***** 17 dec 2010 23:08:02 - Loading Spyware Signatures from new External Database [Name: C:\Users\Brian\AppData\Local\Temp\spydb.avs, Size: 950571]... 17 dec 2010 23:08:02 - Indexed Spyware Databases Successfully Created... 17 dec 2010 23:08:10 - Offending file found: C:\Users\Brian\AppData\Roaming\Convivea\Bit_Che\scripts\x.exe 17 dec 2010 23:08:10 - System found infected with MW.Susp_hb.virus Virus (x.exe)! Action taken: File Deleted. 17 dec 2010 23:08:10 - Object "MW.Susp_hb.virus Virus" found in File System! Action Taken: File Deleted. 17 dec 2010 23:08:14 - Offending file found: C:\ProgramData\Microsoft\Windows\GameExplorer\{00D8862B-6453-4957-A821-3D98D74C76BE}\SupportTasks\0\Home Page.lnk 17 dec 2010 23:08:14 - System found infected with User Account Control (Fake) Spyware/Adware (Home Page.lnk)! Action taken: File Deleted. 17 dec 2010 23:08:14 - Object "User Account Control (Fake) Spyware/Adware" found in File System! Action Taken: File Deleted. 17 dec 2010 23:08:14 - Offending file found: C:\ProgramData\Microsoft\Windows\GameExplorer\{205286E5-F5F2-4306-BDB1-864245E33227}\SupportTasks\0\Home Page.lnk 17 dec 2010 23:08:14 - System found infected with User Account Control (Fake) Spyware/Adware (Home Page.lnk)! Action taken: File Deleted. 17 dec 2010 23:08:14 - Object "User Account Control (Fake) Spyware/Adware" found in File System! Action Taken: File Deleted. 17 dec 2010 23:08:14 - Offending file found: C:\ProgramData\Microsoft\Windows\GameExplorer\{48DE2B25-A3A2-4121-808D-5DD991D9FEBB}\SupportTasks\0\Home Page.lnk 17 dec 2010 23:08:14 - System found infected with User Account Control (Fake) Spyware/Adware (Home Page.lnk)! Action taken: File Deleted. 17 dec 2010 23:08:14 - Object "User Account Control (Fake) Spyware/Adware" found in File System! Action Taken: File Deleted. 17 dec 2010 23:08:14 - Offending file found: C:\ProgramData\Microsoft\Windows\GameExplorer\{6C815596-821F-40b3-8A84-643B73A8EB16}\SupportTasks\0\Home Page.lnk 17 dec 2010 23:08:14 - System found infected with User Account Control (Fake) Spyware/Adware (Home Page.lnk)! Action taken: File Deleted. 17 dec 2010 23:08:14 - Object "User Account Control (Fake) Spyware/Adware" found in File System! Action Taken: File Deleted. 17 dec 2010 23:08:14 - Offending file found: C:\ProgramData\Microsoft\Windows\GameExplorer\{91CA4D38-EA2B-4f3c-94DE-36C1386182FC}\SupportTasks\0\Home Page.lnk 17 dec 2010 23:08:14 - System found infected with User Account Control (Fake) Spyware/Adware (Home Page.lnk)! Action taken: File Deleted. 17 dec 2010 23:08:14 - Object "User Account Control (Fake) Spyware/Adware" found in File System! Action Taken: File Deleted. 17 dec 2010 23:08:14 - Offending file found: C:\ProgramData\Microsoft\Windows\GameExplorer\{AF698A5B-24D6-4f78-AE95-204B09EDC7B6}\SupportTasks\0\Home Page.lnk 17 dec 2010 23:08:14 - System found infected with User Account Control (Fake) Spyware/Adware (Home Page.lnk)! Action taken: File Deleted. 17 dec 2010 23:08:14 - Object "User Account Control (Fake) Spyware/Adware" found in File System! Action Taken: File Deleted. 17 dec 2010 23:08:14 - Offending file found: C:\ProgramData\Microsoft\Windows\GameExplorer\{AFA7FF39-1DDF-4f70-A2D5-23FCFFF02E5F}\SupportTasks\0\Home Page.lnk 17 dec 2010 23:08:14 - System found infected with User Account Control (Fake) Spyware/Adware (Home Page.lnk)! Action taken: File Deleted. 17 dec 2010 23:08:14 - Object "User Account Control (Fake) Spyware/Adware" found in File System! Action Taken: File Deleted. 17 dec 2010 23:08:14 - Offending file found: C:\ProgramData\Microsoft\Windows\GameExplorer\{D1A7F7E0-D4E9-49e8-BF2C-CEAA01D2E670}\SupportTasks\0\Home Page.lnk 17 dec 2010 23:08:14 - System found infected with User Account Control (Fake) Spyware/Adware (Home Page.lnk)! Action taken: File Deleted. 17 dec 2010 23:08:14 - Object "User Account Control (Fake) Spyware/Adware" found in File System! Action Taken: File Deleted. 17 dec 2010 23:08:14 - Offending file found: C:\ProgramData\Microsoft\Windows\GameExplorer\{E91579C0-4EA9-4a2a-A9B2-04BEF1D6DC29}\SupportTasks\0\Home Page.lnk 17 dec 2010 23:08:14 - System found infected with User Account Control (Fake) Spyware/Adware (Home Page.lnk)! Action taken: File Deleted. 17 dec 2010 23:08:14 - Object "User Account Control (Fake) Spyware/Adware" found in File System! Action Taken: File Deleted. 17 dec 2010 23:08:15 - Offending Registry Entry found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AlwaysUnloadDLL 17 dec 2010 23:08:15 - System found infected with RegSort Corrupted Adware/Spyware (HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AlwaysUnloadDLL)! Action taken: Entries Removed. 17 dec 2010 23:08:15 - Object "RegSort Corrupted Adware/Spyware" found in File System! Action Taken: Entries Removed. 17 dec 2010 23:08:16 - Offending Registry Entry found: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon/Taskman 17 dec 2010 23:08:16 - System found infected with WORM_PALEVO.KK Worm (HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon/Taskman)! Action taken: Entries Removed. 17 dec 2010 23:08:16 - Object "WORM_PALEVO.KK Worm" found in File System! Action Taken: Entries Removed. 17 dec 2010 23:08:16 - ***** Scanning Registry Files ***** 17 dec 2010 23:08:17 - ERROR!!! Invalid Entry AppInit_DLLs =  (in key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows). Action Taken: No Action Taken. 17 dec 2010 23:08:17 - Clearing Temporary sub-folders as Spyware/Adware found in system... 17 dec 2010 23:08:18 - Few files will be deleted *ONLY* on reboot... 17 dec 2010 23:08:18 - Few files will be deleted *ONLY* on reboot... 17 dec 2010 23:08:18 - ** Value in HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = http://nl.intl.acer.yahoo.com 17 dec 2010 23:08:18 - ** Value in HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main/Start Page = http://google.nl/ 17 dec 2010 23:08:18 - ** Value in HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\main/Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome 17 dec 2010 23:08:18 - ***** Scanning System32 Folders ***** 17 dec 2010 23:08:36 - ***** Scanning Drive C:\ ***** 17 dec 2010 23:11:59 - C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb not Scanned. Possibly password protected... 17 dec 2010 23:13:31 - C:\Users\Brian\AppData\Local\Microsoft\Windows Live\Contacts\brian_werk@hotmail.com\15.4\DBStore\LogFiles\edbtmp.log not Scanned. Possibly password protected... 17 dec 2010 23:13:31 - C:\Users\Brian\AppData\Local\Microsoft\Windows Live\Contacts\brian_werk@hotmail.com\15.4\DBStore\tempedb.edb not Scanned. Possibly password protected... 17 dec 2010 23:13:33 - C:\Users\Brian\AppData\Local\Microsoft\Windows Live\Contacts\sranang_boy@hotmail.com\15.4\DBStore\tempedb.edb not Scanned. Possibly password protected... 17 dec 2010 23:14:40 - C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat not Scanned. Possibly password protected... 17 dec 2010 23:14:40 - C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat not Scanned. Possibly password protected... 17 dec 2010 23:15:17 - C:\Windows\SoftwareDistribution\EventCache\{0F4EF8E1-6A88-404D-9249-8A8C16F8C861}.bin not Scanned. Possibly password protected... 17 dec 2010 23:15:24 - C:\Windows\System32\config\RegBack\SOFTWARE not Scanned. Possibly password protected... 17 dec 2010 23:15:24 - C:\Windows\System32\config\RegBack\SYSTEM not Scanned. Possibly password protected... 17 dec 2010 23:15:25 - C:\Windows\System32\config\SOFTWARE not Scanned. Possibly password protected... 17 dec 2010 23:15:59 - C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl not Scanned. Possibly password protected... 17 dec 2010 23:21:48 - ***** Checking for specific ITW Viruses ***** 17 dec 2010 23:21:48 - ***** Scanning complete. ***** 17 dec 2010 23:21:48 - Total Objects Scanned: 200898 17 dec 2010 23:21:48 - Total Critical Objects: 12 17 dec 2010 23:21:48 - Total Disinfected Objects: 0 17 dec 2010 23:21:48 - Total Objects Renamed: 0 17 dec 2010 23:21:48 - Total Deleted Objects: 12 17 dec 2010 23:21:48 - Total Errors: 4 17 dec 2010 23:21:48 - Time Elapsed: 00:13:50 17 dec 2010 23:21:48 - Virus Database Date: 07 Sep 2010 17 dec 2010 23:21:48 - Virus Database Count: 6322680 17 dec 2010 23:21:48 - Scan Completed. 17 dec 2010 23:22:12 - Options Selected by User: 17 dec 2010 23:22:12 - Memory Check: Enabled 17 dec 2010 23:22:12 - Registry Check: Enabled 17 dec 2010 23:22:12 - StartUp Folder Check: Enabled 17 dec 2010 23:22:12 - System Folder Check: Enabled 17 dec 2010 23:22:12 - Services Check: Enabled 17 dec 2010 23:22:12 - Scan Spyware: Enabled 17 dec 2010 23:22:12 - Drive Check: Enabled 17 dec 2010 23:22:12 - All Drive Check :Disabled 17 dec 2010 23:22:12 - Drive Selected = C:\ 17 dec 2010 23:22:12 - Folder Check: Enabled 17 dec 2010 23:22:12 - Folder Selected = E:\ 17 dec 2010 23:22:12 - SCAN: All_Files 17 dec 2010 23:22:12 - MWAV Mode: Scan and Clean files (for viruses, adware and spyware) 17 dec 2010 23:22:13 - ***** Scanning Memory Files ***** 17 dec 2010 23:22:15 - ***** Scanning Registry Files ***** 17 dec 2010 23:22:16 - ERROR!!! Invalid Entry AppInit_DLLs =  (in key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows). Action Taken: No Action Taken. 17 dec 2010 23:22:17 - ***** Scanning StartUp Folders ***** 17 dec 2010 23:22:17 - ***** Scanning Service Files ***** 17 dec 2010 23:22:18 - ***** Scanning Registry and File system for Adware/Spyware ***** 17 dec 2010 23:22:18 - Loading Spyware Signatures from new External Database [Name: C:\Users\Brian\AppData\Local\Temp\spydb.avs, Size: 950571]... 17 dec 2010 23:22:18 - Indexed Spyware Databases Successfully Created...