got some strange stuff going on here plz help
Endlessnight
Norway
hi
the last days i have scaned and removes alot of viruses
my comp has gotten alot better but id love to fix this "last" problem..
i can seem to fix this
hope some one out there can help
tnx
the folder: C:\ProgramData is filling up with files named:
EXIT ANTI ANTI.7l1t20
EXIT ANTI ANTI.0r2s4z
EXIT ANTI ANTI.zlmm60o
there are 100 files there right now, i can delete them but thay will slowly
fill the folder up again..
here is my hijack this log..
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:54:18, on 10/05/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Razer\Lycosa\razerhid.exe
C:\Program Files (x86)\Razer\Lycosa\razertra.exe
C:\Program Files (x86)\Vuze\Azureus.exe
E:\appz\DisplayFusion\DisplayFusionHookx86.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - "C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEToolbar.dll" (file missing)
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [winloggon] C:\Users\Endless\AppData\Roaming\winlogon\winlogon.exe
O4 - HKLM\..\Run: [Lycosa] "C:\Program Files (x86)\Razer\Lycosa\razerhid.exe"
O4 - HKCU\..\Run: [DisplayFusion] "E:\appz\DisplayFusion\DisplayFusion.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [Google Update] "C:\Users\Endless\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKLM\..\Policies\Explorer\Run: [winloggon] C:\Users\Endless\AppData\Roaming\winlogon\winlogon.exe
O4 - HKCU\..\Policies\Explorer\Run: [winloggon] C:\Users\Endless\AppData\Roaming\winlogon\winlogon.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9264 bytes
thanks you..
the last days i have scaned and removes alot of viruses
my comp has gotten alot better but id love to fix this "last" problem..
i can seem to fix this
hope some one out there can help
tnxthe folder: C:\ProgramData is filling up with files named:
EXIT ANTI ANTI.7l1t20
EXIT ANTI ANTI.0r2s4z
EXIT ANTI ANTI.zlmm60o
there are 100 files there right now, i can delete them but thay will slowly
fill the folder up again..
here is my hijack this log..
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:54:18, on 10/05/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Razer\Lycosa\razerhid.exe
C:\Program Files (x86)\Razer\Lycosa\razertra.exe
C:\Program Files (x86)\Vuze\Azureus.exe
E:\appz\DisplayFusion\DisplayFusionHookx86.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - "C:\Program Files\BitDefender\BitDefender 2010\Antispam32\IEToolbar.dll" (file missing)
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [winloggon] C:\Users\Endless\AppData\Roaming\winlogon\winlogon.exe
O4 - HKLM\..\Run: [Lycosa] "C:\Program Files (x86)\Razer\Lycosa\razerhid.exe"
O4 - HKCU\..\Run: [DisplayFusion] "E:\appz\DisplayFusion\DisplayFusion.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [Google Update] "C:\Users\Endless\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKLM\..\Policies\Explorer\Run: [winloggon] C:\Users\Endless\AppData\Roaming\winlogon\winlogon.exe
O4 - HKCU\..\Policies\Explorer\Run: [winloggon] C:\Users\Endless\AppData\Roaming\winlogon\winlogon.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files (x86)\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9264 bytes
thanks you..
0
Comments
thanks im scanning now
im just gonna let it run and come back later today.
i dident seem to find a place to upload the file to, but il scan with escan and see if that helps ... thanks man
finished scanning and it found 23 errors, but the anti anti exit files are still there.
but i guess it helped alot anyway
gonna try uploading a file to the link..
also here is escan log if u wanted to see.. thank you for taking the time
12 May 2010 12:09:59 - **********************************************************
12 May 2010 12:09:59 - eScan Anti Virus & Spyware Toolkit Utility.
12 May 2010 12:09:59 - Copyright © MicroWorld Technologies
12 May 2010 12:09:59 - **********************************************************
12 May 2010 12:09:59 - Source: C:\Users\Endless\Documents\mwav.exe
12 May 2010 12:09:59 - Version 12.0.8 (C:\USERS\ENDLESS\APPDATA\LOCAL\TEMP\MEXE.COM)
12 May 2010 12:09:59 - Log File: C:\Users\Endless\AppData\Local\Temp\MWAV.LOG
12 May 2010 12:09:59 - MWAV Registered: TRUE
12 May 2010 12:09:59 - User Account: Endless (Administrator Mode)
12 May 2010 12:09:59 - OS Type: Windows Workstation
12 May 2010 12:09:59 - OS: Windows 7 64-Bit [OS Install Date: 24 Dec 2009 20:00:25]
12 May 2010 12:09:59 - Ver: Professional (Build 7600)
12 May 2010 12:09:59 - System Up Time: 19 Hours, 32 Minutes, 33 Seconds
12 May 2010 12:09:59 - Parent Process Name : C:\Users\Endless\Documents\mwav.exe
12 May 2010 12:09:59 - Windows Root Folder: C:\Windows
12 May 2010 12:09:59 - Windows Sys32 Folder: C:\Windows\system32
12 May 2010 12:09:59 - DHCP NameServer: 193.213.112.4 130.67.15.198
12 May 2010 12:09:59 - Interface0 DHCPNameServer: 193.213.112.4 130.67.15.198
12 May 2010 12:09:59 - Local Fixed Drives: c:\,e:\,h:\
12 May 2010 12:09:59 - MWAV Mode: Scan and Clean files (for viruses, adware and spyware)
12 May 2010 12:09:59 - [CREATED ZIP FILE: C:\Users\Endless\AppData\Local\Temp\pinfect.zip]
12 May 2010 12:09:59 - ****** Files/Folders created/modified during last fortnight in Windows and ROOT Folder ******
12 May 2010 12:10:00 - C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll (3072), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll to ZIP FILE]
12 May 2010 12:10:00 - C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll (3072), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll to ZIP FILE]
12 May 2010 12:10:00 - C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll (3072), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll to ZIP FILE]
12 May 2010 12:10:00 - C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll (3072), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll to ZIP FILE]
12 May 2010 12:10:00 - C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll (3072), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll to ZIP FILE]
12 May 2010 12:10:00 - C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll (3072), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll to ZIP FILE]
12 May 2010 12:10:00 - C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll (5120), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll to ZIP FILE]
12 May 2010 12:10:00 - C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll (3072), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll to ZIP FILE]
12 May 2010 12:10:00 - C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll (3584), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll to ZIP FILE]
12 May 2010 12:10:00 - C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll (3584), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll to ZIP FILE]
12 May 2010 12:10:00 - C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll (3072), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll to ZIP FILE]
12 May 2010 12:10:00 - C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll (3584), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll to ZIP FILE]
12 May 2010 12:10:00 - C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll (4096), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll to ZIP FILE]
12 May 2010 12:10:00 - C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll (4096), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll to ZIP FILE]
12 May 2010 12:10:00 - C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll (3584), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll to ZIP FILE]
12 May 2010 12:10:00 - C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll (4096), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll to ZIP FILE]
12 May 2010 12:10:00 - C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll (3584), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll to ZIP FILE]
12 May 2010 12:10:00 - C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll (3584), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll to ZIP FILE]
12 May 2010 12:10:00 - C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll (4608), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll to ZIP FILE]
12 May 2010 12:10:00 - C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll (3072), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll to ZIP FILE]
12 May 2010 12:10:00 - C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll (3072), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll to ZIP FILE]
12 May 2010 12:10:00 - C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll (3072), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll to ZIP FILE]
12 May 2010 12:10:00 - C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll (4096), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll to ZIP FILE]
12 May 2010 12:10:00 - C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll (4096), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll to ZIP FILE]
12 May 2010 12:10:00 - C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll (4608), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll to ZIP FILE]
12 May 2010 12:10:00 - C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll (3072), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll to ZIP FILE]
12 May 2010 12:10:00 - C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll (3584), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll to ZIP FILE]
12 May 2010 12:10:00 - C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll (6144), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll to ZIP FILE]
12 May 2010 12:10:00 - C:\Windows\system32\api-ms-win-security-lsalookup-l1-1-0.dll (3584), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-security-lsalookup-l1-1-0.dll to ZIP FILE]
12 May 2010 12:10:00 - C:\Windows\system32\api-ms-win-security-sddl-l1-1-0.dll (3072), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-security-sddl-l1-1-0.dll to ZIP FILE]
12 May 2010 12:10:00 - C:\Windows\system32\api-ms-win-service-core-l1-1-0.dll (2560), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-service-core-l1-1-0.dll to ZIP FILE]
12 May 2010 12:10:00 - C:\Windows\system32\api-ms-win-service-management-l1-1-0.dll (2560), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-service-management-l1-1-0.dll to ZIP FILE]
12 May 2010 12:10:00 - C:\Windows\system32\api-ms-win-service-management-l2-1-0.dll (2560), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-service-management-l2-1-0.dll to ZIP FILE]
12 May 2010 12:10:00 - C:\Windows\system32\api-ms-win-service-winsvc-l1-1-0.dll (3584), 13-Jul-2009 [H], Microsoft Corporation, Microsoft® Windows® Operating System [Added C:\Windows\system32\api-ms-win-service-winsvc-l1-1-0.dll to ZIP FILE]
12 May 2010 12:10:00 - C:\Windows\system32\Lycosa.cpl (65536), 07-May-2010, Razer Inc., Razer Control Panel Applet
12 May 2010 12:10:00 - C:\Windows\system32\PnkBstrB.exe (188704), 09-May-2010 [Added C:\Windows\system32\PnkBstrB.exe to ZIP FILE]
12 May 2010 12:10:00 - C:\Windows\system32\X3DAudio1_7.dll (22360), 12-May-2010, Microsoft Corporation, Microsoft® DirectX for Windows®
12 May 2010 12:10:00 - C:\Windows\system32\xactengine3_6.dll (238936), 12-May-2010, Microsoft Corporation, Microsoft® DirectX for Windows®
12 May 2010 12:10:00 - C:\Windows\system32\XAPOFX1_4.dll (74072), 12-May-2010, Microsoft Corporation, Microsoft® DirectX for Windows®
12 May 2010 12:10:00 - C:\Windows\system32\XAudio2_6.dll (528216), 12-May-2010, Microsoft Corporation, Microsoft® DirectX for Windows®
12 May 2010 12:10:00 - C:\Users\Endless\AppData\Local\Temp\AZU2967826499670467239.tmp (8877), 10-May-2010 [Added C:\Users\Endless\AppData\Local\Temp\AZU2967826499670467239.tmp to ZIP FILE]
12 May 2010 12:10:00 - C:\Users\Endless\AppData\Local\Temp\bdc.exe (91904), 12-May-2010, MicroWorld Tech, eScan
12 May 2010 12:10:00 - C:\Users\Endless\AppData\Local\Temp\bdfltlib2k.dll (231944), 12-May-2010, MicroWorld Technologies Inc., eScan for Windows
12 May 2010 12:10:00 - C:\Users\Endless\AppData\Local\Temp\clean.bat (11), 12-May-2010 [Added C:\Users\Endless\AppData\Local\Temp\clean.bat to ZIP FILE]
12 May 2010 12:10:01 - C:\Users\Endless\AppData\Local\Temp\download.exe (934920), 26-Apr-2010, MicroWorld Technologies Inc., eScan
12 May 2010 12:10:01 - C:\Users\Endless\AppData\Local\Temp\encdec.dll (120328), 26-Apr-2010, MicroWorld Technologies Inc., eScan/MailScan/eConceal
12 May 2010 12:10:01 - C:\Users\Endless\AppData\Local\Temp\erootdrv.sys (13832), 26-Apr-2010, MicroWorld Technologies Inc., eScan/MWAV
12 May 2010 12:10:01 - C:\Users\Endless\AppData\Local\Temp\mexe.com (2353736), 26-Apr-2010, MicroWorld Technologies Inc., MicroWorld AntiVirus Toolkit Utility (MWAV)
12 May 2010 12:10:01 - C:\Users\Endless\AppData\Local\Temp\msvclnt.dll (236040), 26-Apr-2010, MicroWorld Technologies Inc., MailScan
12 May 2010 12:10:01 - C:\Users\Endless\AppData\Local\Temp\MWAVSCAN.COM (2353736), 26-Apr-2010, MicroWorld Technologies Inc., MicroWorld AntiVirus Toolkit Utility (MWAV)
12 May 2010 12:10:01 - C:\Users\Endless\AppData\Local\Temp\red32.dll (10248), 26-Apr-2010, Microsoft Corporation, Microsoft® Windows® Operating System
12 May 2010 12:10:01 - C:\Users\Endless\AppData\Local\Temp\reload.exe (154632), 26-Apr-2010, MicroWorld Technologies Inc., eScan for Windows
12 May 2010 12:10:01 - C:\Users\Endless\AppData\Local\Temp\setpriv.exe (64008), 26-Apr-2010, MicroWorld Technologies Inc, eScan AntiVirus Toolkit Utility
12 May 2010 12:10:01 - C:\Users\Endless\AppData\Local\Temp\unregx.exe (61960), 26-Apr-2010, MicroWorld Technologies Inc, MicroWorld AntiVirus Toolkit Utility
12 May 2010 12:10:01 - C:\Users\Endless\AppData\Local\Temp\viewtcp.exe (573960), 26-Apr-2010, MicroWorld Technologies Inc., ViewTCP
12 May 2010 12:10:01 - C:\Windows\BitLockerDiscoveryVolumeContents, 14-Jul-2009 [HS] [Folder]
12 May 2010 12:10:01 - C:\Windows\Fonts, 14-Jul-2009 [SR] [Folder]
12 May 2010 12:10:01 - C:\Windows\ftpcache, 02-Apr-2010 [HS] [Folder]
12 May 2010 12:10:01 - C:\Windows\Media, 14-Jul-2009 [SR] [Folder]
12 May 2010 12:10:01 - C:\Windows\Minidump, 09-May-2010 [Folder]
12 May 2010 12:10:01 - C:\Windows\system32\winlogon, 08-Mar-2006 [HSR] [Folder]
12 May 2010 12:10:01 - C:\Documents and Settings, 24-Dec-2009 [HS] [Folder]
12 May 2010 12:10:01 - C:\ProgramData, 14-Jul-2009 [H] [Folder]
12 May 2010 12:10:01 - C:\Recovery, 24-Dec-2009 [HS] [Folder]
12 May 2010 12:10:01 - C:\Users\Endless\AppData\Local\Temp\Divinity2_Data_DFE, 11-May-2010 [Folder]
12 May 2010 12:10:01 - C:\Users\Endless\AppData\Local\Temp\e4j10B9.tmp_dir14105, 10-May-2010 [Folder]
12 May 2010 12:10:01 - C:\Users\Endless\AppData\Local\Temp\e4j85CD.tmp_dir16448, 12-May-2010 [Folder]
12 May 2010 12:10:01 - C:\Users\Endless\AppData\Local\Temp\e4jF8A.tmp_dir22811, 10-May-2010 [Folder]
12 May 2010 12:10:01 - C:\Users\Endless\AppData\Local\Temp\hsperfdata_Endless, 10-May-2010 [Folder]
12 May 2010 12:10:01 - C:\Users\Endless\AppData\Local\Temp\MessengerCache, 10-May-2010 [Folder]
12 May 2010 12:10:01 - C:\Users\Endless\AppData\Local\Temp\plugins, 12-May-2010 [Folder]
12 May 2010 12:10:01 - C:\Users\Endless\AppData\Local\Temp\WPDNSE, 11-May-2010 [Folder]
12 May 2010 12:10:01 - C:\Users\Endless\AppData\Roaming\.#, 16-Jan-2010 [HS] [Folder]
12 May 2010 12:10:01 - C:\Users\Endless\AppData\Roaming\BitDefender, 10-May-2010 [Folder]
12 May 2010 12:10:01 - C:\Users\Endless\AppData\Roaming\Command and Conquer 4, 26-Apr-2010 [Folder]
12 May 2010 12:10:01 - C:\Users\Endless\AppData\Roaming\Download Manager, 12-May-2010 [Folder]
12 May 2010 12:10:01 - C:\Users\Endless\AppData\Roaming\Google, 01-May-2010 [Folder]
12 May 2010 12:10:01 - C:\Users\Endless\AppData\Roaming\InstallShield, 07-May-2010 [Folder]
12 May 2010 12:10:01 - C:\Users\Endless\AppData\Roaming\Microsoft, 24-Dec-2009 [Folder]
12 May 2010 12:10:01 - C:\Users\Endless\AppData\Roaming\SecuROM, 30-Mar-2010 [Folder]
12 May 2010 12:10:01 - C:\Users\Endless\AppData\Roaming\winlogon, 31-Mar-2005 [HSR] [Folder]
12 May 2010 12:10:01 - C:\ProgramData\Application Data, 24-Dec-2009 [HS] [Folder]
12 May 2010 12:10:01 - C:\ProgramData\BitDefender, 10-May-2010 [Folder]
12 May 2010 12:10:01 - C:\ProgramData\Desktop, 24-Dec-2009 [HS] [Folder]
12 May 2010 12:10:01 - C:\ProgramData\Divinity 2, 01-May-2010 [Folder]
12 May 2010 12:10:01 - C:\ProgramData\Documents, 24-Dec-2009 [HS] [Folder]
12 May 2010 12:10:01 - C:\ProgramData\Google, 01-May-2010 [Folder]
12 May 2010 12:10:01 - C:\ProgramData\Microsoft, 14-Jul-2009 [Folder]
12 May 2010 12:10:01 - C:\ProgramData\MicroWorld, 12-May-2010 [Folder]
12 May 2010 12:10:01 - C:\ProgramData\Razer, 07-May-2010 [Folder]
12 May 2010 12:10:01 - C:\ProgramData\SecuROM, 20-Apr-2010 [HS] [Folder]
12 May 2010 12:10:01 - C:\ProgramData\Start Menu, 24-Dec-2009 [HS] [Folder]
12 May 2010 12:10:01 - C:\ProgramData\Templates, 24-Dec-2009 [HS] [Folder]
12 May 2010 12:10:01 - C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}, 25-Dec-2009 [HS] [Folder]
12 May 2010 12:10:01 - C:\ProgramData\..\Documents and Settings, 24-Dec-2009 [HS] [Folder]
12 May 2010 12:10:01 - C:\ProgramData\..\ProgramData, 14-Jul-2009 [H] [Folder]
12 May 2010 12:10:01 - C:\ProgramData\..\Recovery, 24-Dec-2009 [HS] [Folder]
12 May 2010 12:10:01 - C:\Program Files (x86)\Razer, 07-May-2010 [Folder]
12 May 2010 12:10:01 - C:\Program Files (x86)\Realtime Worlds, 02-May-2010 [Folder]
12 May 2010 12:10:01 - C:\Program Files (x86)\Trend Micro, 10-May-2010 [Folder]
12 May 2010 12:10:01 - C:\Program Files (x86)\View Body Lite, 01-May-2010 [Folder]
12 May 2010 12:10:01 - C:\Program Files (x86)\windowsUpdate, 27-Mar-2010 [HSR] [Folder]
12 May 2010 12:10:01 - C:\Program Files (x86)\WinZix, 01-May-2010 [Folder]
12 May 2010 12:10:01 - C:\Program Files (x86)\Common Files\BitDefender, 10-May-2010 [Folder]
12 May 2010 12:10:01 - *********************************************************************************************
12 May 2010 12:10:01 - Latest Date of files inside MWAV: Mon Apr 26 13:46:18 2010.
12 May 2010 12:10:01 - Plugins FileCount: 671 Sign Version: 7.31392
12 May 2010 12:10:02 - ** Create Value of "1001" in "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" : DWORD:1
12 May 2010 12:10:02 - ** Create Value of "1004" in "HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3" : DWORD:3
12 May 2010 12:10:02 - ** Changed Value of "HKEY_CLASSES_ROOT\.htm" from "ChromeHTML" to "htmlfile"
12 May 2010 12:10:02 - ** Changed Value of "HKEY_CLASSES_ROOT\.html" from "ChromeHTML" to "htmlfile"
12 May 2010 12:10:02 - Loading/Creating FileScan Database C:\ProgramData\MicroWorld\MWAV\ESCANDBX.MDB [Log: C:\Users\Endless\AppData\Local\Temp\ESCANDB.LOG]
12 May 2010 12:10:03 - Loaded/Created FileScan Database...
12 May 2010 12:10:03 - Loading AV Library [DB]...
12 May 2010 12:10:15 - AV Library Loaded [DB-DIRECT].
12 May 2010 12:10:15 - MWAV doing self scanning...
12 May 2010 12:10:15 - MWAV files are clean.
12 May 2010 12:10:18 - Virus Database Date: 26 Apr 2010
12 May 2010 12:10:18 - Virus Database Count: 5690871
12 May 2010 12:10:39 - Downloading AntiVirus and Anti-Spyware Databases...
12 May 2010 12:11:20 - Update Successful...
12 May 2010 12:11:23 - Indexed Spyware Databases Successfully Created...
12 May 2010 12:11:24 - Old Sign Version: 7.31392 New Sign Version: 7.31627
12 May 2010 12:11:34 - Reload of AntiVirus Signatures successfully done.
12 May 2010 12:11:34 - Virus Database Date: 12 May 2010
12 May 2010 12:11:34 - Virus Database Count: 5870174
12 May 2010 12:12:01 - **********************************************************
12 May 2010 12:12:01 - eScan Anti Virus & Spyware Toolkit Utility.
12 May 2010 12:12:01 - Copyright © MicroWorld Technologies
12 May 2010 12:12:01 -
12 May 2010 12:12:01 - Support: support@escanav.com
12 May 2010 12:12:01 - Web: http://www.escanav.com
12 May 2010 12:12:01 - **********************************************************
12 May 2010 12:12:01 - Version 12.0.8[DB] (C:\USERS\ENDLESS\APPDATA\LOCAL\TEMP\MEXE.COM)
12 May 2010 12:12:01 - Log File: C:\Users\Endless\AppData\Local\Temp\MWAV.LOG
12 May 2010 12:12:01 - User Account: Endless (Administrator Mode)
12 May 2010 12:12:01 - Parent Process Name : C:\Users\Endless\Documents\mwav.exe
12 May 2010 12:12:01 - Windows Root Folder: C:\Windows
12 May 2010 12:12:01 - Windows Sys32 Folder: C:\Windows\system32
12 May 2010 12:12:01 - OS: Windows 7 64-Bit [OS Install Date: 24 Dec 2009 20:00:25]
12 May 2010 12:12:01 - Ver: Professional (Build 7600)
12 May 2010 12:12:01 - Latest Date of files inside MWAV: Mon Apr 26 13:46:18 2010.
12 May 2010 12:12:01 - Plugins FileCount: 682 Sign Version: 7.31627
12 May 2010 12:12:01 - Options Selected by User:
12 May 2010 12:12:01 - Memory Check: Enabled
12 May 2010 12:12:01 - Registry Check: Enabled
12 May 2010 12:12:01 - StartUp Folder Check: Enabled
12 May 2010 12:12:01 - System Folder Check: Enabled
12 May 2010 12:12:01 - Services Check: Enabled
12 May 2010 12:12:01 - Scan Spyware: Enabled
12 May 2010 12:12:01 - Drive Check: Enabled
12 May 2010 12:12:01 - All Drive Check :Disabled
12 May 2010 12:12:01 - Drive Selected = C:\
12 May 2010 12:12:01 - Folder Check: Disabled
12 May 2010 12:12:01 - SCAN: All_Files
12 May 2010 12:12:01 - MWAV Mode: Scan and Clean files (for viruses, adware and spyware)
12 May 2010 12:12:02 - ***** Scanning Memory Files *****
12 May 2010 12:12:38 - ***** Scanning Registry Files *****
12 May 2010 12:14:58 - ERROR(3)!!! Invalid Entry StubPath = C:\Users\Endless\AppData\Roaming\winlogon\winlogon.exe (in key HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{3G3PV2K6-073N-MI5I-124B-1LW318E60QML}). Action Taken: Removing it.
12 May 2010 12:14:58 - ERROR(3)!!! Invalid Entry StubPath = C:\Program Files (x86)\windowsUpdate\server.exe Restart (in key HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{I24R3Q64-W24X-TOUQ-5DOE-L3PJ3M43D7R8}). Action Taken: Removing it.
12 May 2010 12:14:58 - ERROR(3)!!! Invalid Entry winloggon = C:\Users\Endless\AppData\Roaming\winlogon\winlogon.exe (in key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run). Action Taken: Removing it.
12 May 2010 12:14:58 - ERROR(3)!!! Invalid Entry winloggon = C:\Users\Endless\AppData\Roaming\winlogon\winlogon.exe (in key HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run). Action Taken: Removing it.
12 May 2010 12:15:00 - ERROR(3)!!! Invalid Entry winloggon = C:\Users\Endless\AppData\Roaming\winlogon\winlogon.exe (in key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). Action Taken: Removing it.
12 May 2010 12:15:02 - ***** Scanning StartUp Folders *****
12 May 2010 12:15:03 - ***** Scanning Service Files *****
12 May 2010 12:15:08 - ERROR(2)!!! Invalid Entry system32\DRIVERS\eamonm.sys. Action Taken: Removing HKLM\SYSTEM\CurrentControlSet\Services\eamonm.
12 May 2010 12:15:20 - ERROR(2)!!! Invalid Entry C:\Windows\System32\uxtuneup.dll. Action Taken: Removing HKLM\SYSTEM\CurrentControlSet\Services\UxTuneUp.
12 May 2010 12:15:24 - ***** Scanning Registry and File system for Adware/Spyware *****
12 May 2010 12:15:24 - Loading Spyware Signatures from new External Database [Name: C:\Users\Endless\AppData\Local\Temp\spydb.avs, Size: 941568]...
12 May 2010 12:15:24 - Indexed Spyware Databases Successfully Created...
12 May 2010 12:16:56 - Offending Key found: HKCR\.zix !!!
12 May 2010 12:16:56 - Deleting Registry Key: HKCR\.zix
12 May 2010 12:16:56 - Object "WinZix Spyware/Adware" found in File System! Action Taken: Entries Removed.
12 May 2010 12:16:56 - Offending Folder found: C:\Program Files (x86)\WinZix
12 May 2010 12:16:56 - Deltree of Folder C:\Program Files (x86)\WinZix...
12 May 2010 12:16:56 - Object "WinZix Spyware/Adware" found in File System! Action Taken: Entries Removed.
12 May 2010 12:16:57 - Offending file found: C:\Users\Endless\AppData\Roaming\Microsoft\Windows\Recent\games.lnk
12 May 2010 12:16:57 - System found infected with HotBar Spyware/Adware (games.lnk)! Action taken: File Deleted.
12 May 2010 12:16:57 - Object "HotBar Spyware/Adware" found in File System! Action Taken: File Deleted.
12 May 2010 12:17:00 - Offending file found: C:\Users\Endless\AppData\Local\Temp\AskBarDis\bar\Settings\prevcfg.htm
12 May 2010 12:17:00 - System found infected with IWon Spyware/Adware (prevcfg.htm)! Action taken: File Deleted.
12 May 2010 12:17:00 - Object "IWon Spyware/Adware" found in File System! Action Taken: File Deleted.
12 May 2010 12:17:05 - Offending Registry Entry found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved/{5E2121EE-0300-11D4-8D3B-444553540000}
12 May 2010 12:17:05 - System found infected with Your Protection Spyware/Adware (HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved/{5E2121EE-0300-11D4-8D3B-444553540000})! Action taken: Entries Removed.
12 May 2010 12:17:05 - Object "Your Protection Spyware/Adware" found in File System! Action Taken: Entries Removed.
12 May 2010 12:17:05 - Scanning MountPoints2 RegKey...
12 May 2010 12:17:05 - Invalid Command Found in {82784791-faec-11de-82c7-001a92b4dad9}\Name\shell\Autoplay\DropTarget\AutoRun\command: F:\INSTALLER.EXE
12 May 2010 12:17:05 - Offending Key found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82784791-faec-11de-82c7-001a92b4dad9} !!!
12 May 2010 12:17:05 - Deleting Registry Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82784791-faec-11de-82c7-001a92b4dad9}
12 May 2010 12:17:05 - Scanning ModuleUsage RegKey...
12 May 2010 12:17:05 - Scanning ExternalApp RegKey...
12 May 2010 12:17:05 - Scanning SharedDLL RegKey...
12 May 2010 12:17:06 - Scanning Installer RegKey...
12 May 2010 12:17:06 - Scanning FileExtension RegKey...
12 May 2010 12:17:06 - Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".001". Action Taken: Entries Removed.
12 May 2010 12:17:06 - Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".abc". Action Taken: Entries Removed.
12 May 2010 12:17:06 - Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".asi". Action Taken: Entries Removed.
12 May 2010 12:17:06 - Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".BAK". Action Taken: Entries Removed.
12 May 2010 12:17:06 - Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".bsa". Action Taken: Entries Removed.
12 May 2010 12:17:06 - Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cache". Action Taken: Entries Removed.
12 May 2010 12:17:06 - Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".esp". Action Taken: Entries Removed.
12 May 2010 12:17:06 - Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rpf". Action Taken: Entries Removed.
12 May 2010 12:17:06 - Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sfv". Action Taken: Entries Removed.
12 May 2010 12:17:06 - Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sid". Action Taken: Entries Removed.
12 May 2010 12:17:06 - Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".srt". Action Taken: Entries Removed.
12 May 2010 12:17:06 - Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".TMP". Action Taken: Entries Removed.
12 May 2010 12:17:06 - Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".uUu". Action Taken: Entries Removed.
12 May 2010 12:17:06 - Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".wft". Action Taken: Entries Removed.
12 May 2010 12:17:06 - Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".wtd". Action Taken: Entries Removed.
12 May 2010 12:17:06 - Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".xXx". Action Taken: Entries Removed.
12 May 2010 12:17:06 - Scanning ARPCache RegKey...
12 May 2010 12:17:06 - ***** Scanning Registry Files *****
12 May 2010 12:17:15 - ** Possible invalid line [127.0.0.1 www.amateurliveshow.com] in HOSTS file!
12 May 2010 12:17:15 - ** Renamed C:\Windows\system32\drivers\etc\hosts to C:\Windows\system32\drivers\etc\hosts.82337501
12 May 2010 12:17:15 - Clearing Temporary sub-folders as Spyware/Adware found in system...
12 May 2010 12:17:18 - Few files will be deleted *ONLY* on reboot...
12 May 2010 12:17:18 - ** Value in HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\main/Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
12 May 2010 12:17:18 - ** Deleted Value of "NoActiveDesktop" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer". Its value was DWORD:1.
12 May 2010 12:17:18 - ** Deleted Value of "ForceActiveDesktopOn" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer". Its value was DWORD:0.
12 May 2010 12:17:18 - ** Deleted Value of "NoComponents" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop". Its value was DWORD:1.
12 May 2010 12:17:18 - ** Deleted Value of "NoAddingComponents" in "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop". Its value was DWORD:1.
12 May 2010 12:17:18 - ** Value in HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main/Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
12 May 2010 12:17:18 - ***** Scanning System32 Folders *****
12 May 2010 12:17:33 - ScanFile took 9.20 Secs [C:\Windows\system32\atioglxx.dll]...
12 May 2010 12:19:03 - C:\Users\Endless\AppData\Local\Temp\flaAA3D.tmp not Scanned. Possibly password protected...
12 May 2010 12:19:16 - ***** Scanning Drive C:\ *****
12 May 2010 12:20:00 - C:\Program Files\BitDefender\BitDefender 2010\cdsigned.dat not Scanned. Possibly password protected...
12 May 2010 12:20:43 - C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\smartscn.inc2 not Scanned. Possibly password protected...
12 May 2010 12:20:43 - C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\smartscn.inc3 not Scanned. Possibly password protected...
12 May 2010 12:36:52 - C:\System Volume Information\Syscache.hve not Scanned. Possibly password protected...
12 May 2010 12:36:52 - C:\System Volume Information\Syscache.hve.LOG1 not Scanned. Possibly password protected...
12 May 2010 12:37:12 - C:\Users\Endless\AppData\Local\Google\Chrome\User Data\Default\Current Session not Scanned. Possibly password protected...
12 May 2010 12:37:12 - C:\Users\Endless\AppData\Local\Google\Chrome\User Data\Default\Visited Links not Scanned. Possibly password protected...
12 May 2010 12:37:29 - C:\Users\Endless\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 not Scanned. Possibly password protected...
12 May 2010 12:37:43 - C:\Users\Endless\AppData\Local\Microsoft\Windows Live Contacts\{a563204f-bcd6-4b51-a983-f3ee3f9609be}\DBStore\contacts.edb not Scanned. Possibly password protected...
12 May 2010 12:37:43 - C:\Users\Endless\AppData\Local\Microsoft\Windows Live Contacts\{a563204f-bcd6-4b51-a983-f3ee3f9609be}\DBStore\LogFiles\edb.log not Scanned. Possibly password protected...
12 May 2010 12:37:44 - C:\Users\Endless\AppData\Local\Microsoft\Windows Live Contacts\{a563204f-bcd6-4b51-a983-f3ee3f9609be}\DBStore\LogFiles\edbtmp.log not Scanned. Possibly password protected...
12 May 2010 12:37:44 - C:\Users\Endless\AppData\Local\Microsoft\Windows Live Contacts\{a563204f-bcd6-4b51-a983-f3ee3f9609be}\DBStore\tempedb.edb not Scanned. Possibly password protected...
12 May 2010 12:37:44 - C:\Users\Endless\AppData\Local\Microsoft\Windows Live Contacts\{efcad16e-6c6b-4156-a978-1392bf3d5851}\DBStore\contacts.edb not Scanned. Possibly password protected...
12 May 2010 12:37:44 - C:\Users\Endless\AppData\Local\Microsoft\Windows Live Contacts\{efcad16e-6c6b-4156-a978-1392bf3d5851}\DBStore\LogFiles\edb.log not Scanned. Possibly password protected...
12 May 2010 12:37:44 - C:\Users\Endless\AppData\Local\Microsoft\Windows Live Contacts\{efcad16e-6c6b-4156-a978-1392bf3d5851}\DBStore\LogFiles\edbtmp.log not Scanned. Possibly password protected...
12 May 2010 12:37:44 - C:\Users\Endless\AppData\Local\Microsoft\Windows Live Contacts\{efcad16e-6c6b-4156-a978-1392bf3d5851}\DBStore\tempedb.edb not Scanned. Possibly password protected...
12 May 2010 12:40:45 - C:\Users\Endless\ntuser.dat.LOG1 not Scanned. Possibly password protected...
12 May 2010 12:45:29 - C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat not Scanned. Possibly password protected...
12 May 2010 12:45:29 - C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat not Scanned. Possibly password protected...
12 May 2010 12:45:30 - C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1 not Scanned. Possibly password protected...
12 May 2010 12:45:32 - C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1 not Scanned. Possibly password protected...
12 May 2010 12:45:47 - C:\Windows\System32\catroot2\edb.log not Scanned. Possibly password protected...
12 May 2010 12:45:48 - C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb not Scanned. Possibly password protected...
12 May 2010 12:45:48 - C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb not Scanned. Possibly password protected...
12 May 2010 12:50:07 - C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl not Scanned. Possibly password protected...
12 May 2010 12:50:07 - C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl not Scanned. Possibly password protected...
12 May 2010 12:50:07 - C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl not Scanned. Possibly password protected...
12 May 2010 12:50:07 - C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl not Scanned. Possibly password protected...
12 May 2010 13:05:19 - ***** Checking for specific ITW Viruses *****
12 May 2010 13:05:19 - ***** Scanning complete. *****
12 May 2010 13:05:19 - Total Objects Scanned: 182009
12 May 2010 13:05:19 - Total Critical Objects: 5
12 May 2010 13:05:19 - Total Disinfected Objects: 0
12 May 2010 13:05:19 - Total Objects Renamed: 0
12 May 2010 13:05:19 - Total Deleted Objects: 21
12 May 2010 13:05:19 - Total Errors: 23
12 May 2010 13:05:19 - Time Elapsed: 00:52:17
12 May 2010 13:05:19 - Virus Database Date: 12 May 2010
12 May 2010 13:05:19 - Virus Database Count: 5870174
12 May 2010 13:05:19 - Scan Completed.
here are the info i got from uploading the file to virustotal
i dident understand alot more from that.. but mayby someone will
thanks
File EXIT_ANTI_ANTI.ov43n8m received on 2010.05.12 13:58:06 (UTC)
Current status: finished
Result: 0/41 (0%)
Compact
Print results
Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.05.10 -
AhnLab-V3 2010.05.12.01 2010.05.12 -
AntiVir 8.2.1.236 2010.05.12 -
Antiy-AVL 2.0.3.7 2010.05.12 -
Authentium 5.2.0.5 2010.05.12 -
Avast 4.8.1351.0 2010.05.12 -
Avast5 5.0.332.0 2010.05.12 -
AVG 9.0.0.787 2010.05.12 -
BitDefender 7.2 2010.05.12 -
CAT-QuickHeal 10.00 2010.05.12 -
ClamAV 0.96.0.3-git 2010.05.12 -
Comodo 4828 2010.05.12 -
DrWeb 5.0.2.03300 2010.05.12 -
eSafe 7.0.17.0 2010.05.11 -
eTrust-Vet 35.2.7483 2010.05.12 -
F-Prot 4.5.1.85 2010.05.12 -
F-Secure 9.0.15370.0 2010.05.12 -
Fortinet 4.1.133.0 2010.05.12 -
GData 21 2010.05.12 -
Ikarus T3.1.1.84.0 2010.05.12 -
Jiangmin 13.0.900 2010.05.12 -
Kaspersky 7.0.0.125 2010.05.12 -
McAfee 5.400.0.1158 2010.05.12 -
McAfee-GW-Edition 2010.1 2010.05.12 -
Microsoft 1.5703 2010.05.12 -
NOD32 5108 2010.05.12 -
Norman 6.04.12 2010.05.12 -
nProtect 2010-05-12.01 2010.05.12 -
Panda 10.0.2.7 2010.05.11 -
PCTools 7.0.3.5 2010.05.12 -
Prevx 3.0 2010.05.12 -
Rising 22.47.02.04 2010.05.12 -
Sophos 4.53.0 2010.05.12 -
Sunbelt 6294 2010.05.12 -
Symantec 20101.1.0.89 2010.05.12 -
TheHacker 6.5.2.0.279 2010.05.11 -
TrendMicro 9.120.0.1004 2010.05.12 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.12 -
VBA32 3.12.12.4 2010.05.12 -
ViRobot 2010.5.12.2312 2010.05.12 -
VirusBuster 5.0.27.0 2010.05.12 -
Additional information
File size: 405520 bytes
MD5...: 963a2078ff7f569e214bee881c6a3597
SHA1..: 85915ee016edd1a7d327d1f02a64014876e360f0
SHA256: 1f5f3c267f837e1d406e13e19c774e2635a5a96f7724f4af415f3dab4c333ba3
ssdeep: 6144:3KmrLnWZxjj77bQ+GxtH3o9VdqlnoQEkKcCB0/TzlU5JRzMFyHhXHS9BAm/
eMUEm:6GKjTbX/9SSQEBfBkn2X1HSFJQRE0nl
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
iv uninstalled bitdefender cuz its so slow any way..
cant find the file named AZU2967826499670467239.tmp in the temp folder..
and i tested if the anti anti exit files did replicate any more by deleting all but one.. they dont grow in numbers any more
thank you so much for all the help man
im gonna check for schedualed tasks later today..