View Full Version : Is my system infected by virus?
Hi,
My comp is running very slow.. Some programs like yahoo messenger and
msn messenger abruptly stop. ?Yahoo messenger currently gives
messages memory could not be read etc and then ypager.exe has
generated errors and will have to be restarted..
I ran NAV with the latest updates and there were no viruses detected.
There is a file called folder.htt in the program files directory, Is this a indication of virus. When
i right click any file there is option shred file in the contextmenu . I
dont know from where this option came from.
Sometimes the system shuts down by itself after a popup comes up with
a message windows will shutdown in 60 seconds some message refereing
to lsass.exe.
Logfile for HijackThis is below
Logfile of HijackThis v1.99.1
Scan saved at 9:18:59 AM, on 10/11/2006
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\CTSvcCDA.exe
C:\Program Files\Symantec_Client_Security\Symantec
AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec_Client_Security\Symantec
AntiVirus\Rtvscan.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.exe
C:\WINNT\system32\starter.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINNT\System32\carpserv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\loadqm.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINNT\System32\drwtsn32.exe
C:\WINNT\System32\taskmgr.exe
D:\spyware\hijackthis\HijackThis.exe
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88}
- C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [EnsoniqMixer] C:\WINNT\system32\starter.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program
Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE"
/STARTUP
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free
Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN
Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program
Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program
Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program
Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program
Files\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word -
res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program
Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program
files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\Program
Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download all with Free Download Manager
- file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download
Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download
Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager -
file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program
files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English -
res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program
Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program
Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program
Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Login -
{2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program
Files\Yahoo!\Common\ylogin.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Login -
{2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program
Files\Yahoo!\Common\ylogin.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD}
- C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
{4528BBE0-4E08-11D5-AD55-00010333D0AD} -
C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology
Ltd - C:\WINNT\System32\CTSvcCDA.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program
Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) -
VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) -
Symantec Corporation - C:\Program
Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
Do let me know wat shd be done
Thanks
PRady
LonnyRJones
2006-10-15, 10:50
Welcome
Post another new log without its formating messed up, might have to turn off then on word wrap and also an online scan report as mentioned here
http://forums.spybot.info/showthread.php?t=288
Hi,
Here is the fresh log of HijackThis
Logfile of HijackThis v1.99.1
Scan saved at 7:42:09 AM, on 10/19/2006
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\CTSvcCDA.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.exe
C:\WINNT\system32\starter.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINNT\System32\carpserv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\loadqm.exe
C:\Program Files\DAP\DAP.EXE
C:\WINNT\System32\bootwiz.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
D:\spyware\hijackthis\HijackThis.exe
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [EnsoniqMixer] C:\WINNT\system32\starter.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [Windows Update Manager] bootwiz.exe
O4 - HKLM\..\RunServices: [Windows Update Manager] bootwiz.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3AB16DA-E008-4B79-831F-1DEC2D70BB5F}: NameServer = 61.1.128.65 61.1.128.5
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTSvcCDA.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
Thanks
Prady
LonnyRJones
2006-10-19, 07:58
* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found: http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
Hi LonnyRJones,
I think there is a problem with the link ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
The connection itself is not getting established while viewing from DAP.
Thanks
PRady
LonnyRJones
2006-10-20, 06:50
Try using your Browser rather than a download utility
Hi LonnyRJones,
Sorry for the delay in posting .. I was down with a viral infection. HEre is the log of DrWebCureit log
netmon.exe;c:\program files\network monitor;Trojan.DnsChange;Deleted.;
bootwiz.exe;c:\winnt\system32;Win32.HLLW.MyBot;Deleted.;
lrsys.exe;c:\winnt\system32;Win32.HLLW.MyBot;Deleted.;
lviss.exe;c:\winnt\system32;BackDoor.IRC.Sdbot.694;Deleted.;
yayvv.dll;C:\!KillBox;Trojan.Virtumod;Deleted.;
Process.exe;C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\SmitfraudFix;Tool.Prockill;Incurable.Moved.;
restart.exe;C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\SmitfraudFix;Tool.ShutDown.11;Incurable.Moved.;
fix[1].exe;C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\IJ2345O7;Adware.Zango;Incurable.Moved.;
Dc1.exe;C:\RECYCLER\S-1-5-21-854245398-1708537768-842925246-500;Adware.Zango;Incurable.Moved.;
setup_30556.exe;C:\WINNT\system32;BackDoor.IRC.Sdbot.694;Deleted.;
setup_64057.exe;C:\WINNT\system32;BackDoor.IRC.Sdbot.694;Deleted.;
setup_71854.exe;C:\WINNT\system32;Win32.HLLW.MyBot;Deleted.;
setup_77271.exe;C:\WINNT\system32;Win32.HLLW.MyBot;Deleted.;
win32.exe;C:\WINNT\system32;Trojan.Spambot;Deleted.;
backup-20060512-175510-200.dll;D:\spyware\hijackthis\backups;Trojan.Virtumod;Deleted.;
backup-20060825-014337-252.dll;D:\spyware\hijackthis\backups;Adware.Softomate;Incurable.Moved.;
backup-20060914-235513-828.dll;D:\spyware\hijackthis\backups;Adware.Softomate;Incurable.Moved.;
backup-20060915-162000-521.dll;D:\spyware\hijackthis\backups;Adware.Softomate;Incurable.Moved.;
Process.exe;D:\spyware\SmitfraudFix\SmitfraudFix;Tool.Prockill;Incurable.Moved.;
restart.exe;D:\spyware\SmitfraudFix\SmitfraudFix;Tool.ShutDown.11;Incurable.Moved.;
Thanks
Prady
LonnyRJones
2006-10-23, 11:19
Start Hijackthis and place a check next to these items If there.
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [Windows Update Manager] bootwiz.exe
O4 - HKLM\..\RunServices: [Windows Update Manager] bootwiz.exe
Optional fix >
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
====================================
Hit fix checked and close Hijackthis.
Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Post a fresh hijackthis log please, be sure to mention any current problems.
Hi,
I fixed the following using hijackThis
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
The logFile here
Logfile of HijackThis v1.99.1
Scan saved at 11:39:42 PM, on 10/23/2006
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\CTSvcCDA.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system\winlogon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.exe
C:\WINNT\system32\starter.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINNT\System32\carpserv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\WinZip\WZQKPICK.EXE
D:\spyware\hijackthis\HijackThis.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [EnsoniqMixer] C:\WINNT\system32\starter.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTSvcCDA.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Windows NT Logon Application (WINLOGON) - Unknown owner - C:\WINNT\system\winlogon.exe
The Problem with Lsas.exe still persists.. I still get the error memory could not be read click OK to terminate then another popup lsas.exe has generated error.Then the shutdown screen appears and the system has to be restarted..
Thanks
Prady
Other than the lsas.exe problemm There is also problem when i restart the system when i get the login screen, there is a popup with mstdc.exe Application error.. (This happens everytime we start the comp). Yahoo messenger also fails to run there is a popup with title YHiddenContentManagerWindow: Ypager.exe - Appklication error .. The instruction at o2XXXXXX referenced memory at oxfffff8. The memory could not be read
The applications sometimes dont respond, including the browsers
Not sure wats causing this
Thanks
Prady
LonnyRJones
2006-10-24, 06:18
Download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) and save it to your Desktop.
Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
Finally copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log
Here are the logs
Logfile of HijackThis v1.99.1
Scan saved at 12:24:38 AM, on 10/25/2006
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\CTSvcCDA.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.exe
C:\WINNT\system32\starter.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINNT\System32\carpserv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\WinZip\WZQKPICK.EXE
D:\spyware\hijackthis\HijackThis.exe
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [EnsoniqMixer] C:\WINNT\system32\starter.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTSvcCDA.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
======================
SDFix: Version 1.31
-------------------
Scan run on:
Tue 10/24/2006
Time:
5:25p
Microsoft Windows 2000 [Version 5.00.2195]
Running from: C:\Documents and Settings\Administrator\Desktop\SDFix
Stage One...
Checking Services...
Name:
-----
DcmHlp
Debug Config System
DLLHOST
dsrss
Network Confg System
smsmanger
SMSS
WINLOGON
Path:
----
"C:\WINNT\dcmhelp.exe"
"C:\WINNT\system32\lrsys.exe"
"C:\WINNT\system\dllhost.exe"
"C:\WINNT\dsrss.exe"
"C:\WINNT\system32\lviss.exe"
"C:\WINNT\smsmanger.exe"
"C:\WINNT\smss.exe"
"C:\WINNT\system\winlogon.exe"
DcmHlp Deleted...
Debug Config System Deleted...
DLLHOST Deleted...
dsrss Deleted...
Network Confg System Deleted...
smsmanger Deleted...
SMSS Deleted...
WINLOGON Deleted...
Repairing Registry...
Restoring Default Hosts File...
Stage One Complete
Rebooting...
Stage Two...
Checking For Malware:
--------------------
C:\WINNT\system32\edfimg_00636.exe
C:\WINNT\system32\edfimg_05255.exe
C:\WINNT\system32\edfimg_07840.exe
C:\WINNT\system32\edfimg_34088.exe
C:\WINNT\system32\edfimg_41154.exe
C:\WINNT\system32\edfimg_68250.exe
C:\WINNT\system32\edfimg_72555.exe
C:\WINNT\system32\eraseme_45662.exe
C:\WINNT\system32\eraseme_54310.exe
C:\WINNT\system32\eraseme_68168.exe
C:\WINNT\system\winlogon.exe
C:\WINNT\system32\i
Backing Up and Removing any Files Found...
Final Check:
Services:
---------
Files:
------
Any files removed are saved to the SDFix\backups Folder
FINISHED
=============
Thanks
Prady
Hi LonnyRJones,
The problemwith lsas.exe stil exists.. i stil get error lsas.exe has generated error and system shuts down
thanks
Prady
LonnyRJones
2006-10-26, 09:20
Lets get a look at recently created files with this tool.
Post a combofix log
1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
If the log is large You might need to post half in one reply half in another.
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Administrator\Desktop"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINNT\system32\taskmgr.com
C:\WINNT\uninstall_nmon.vbs
C:\Documents and Settings\Default User\Application Data\NetMon
C:\Program Files\Deskbar
C:\Program Files\network monitor
((((((((((((((((((((((((((((((( Files Created from 2006-09-27 to 2006-10-27 ))))))))))))))))))))))))))))))))))
2006-10-24 14:26 60,593 --a------ C:\WINNT\system32\x.exe
2006-10-24 00:08 0 --a------ C:\WINNT\system32\taskmgr32.exe
2006-10-23 11:22 0 --a------ C:\WINNT\system32\winwiz.exe
2006-10-11 09:11 0 --a------ C:\WINNT\system32\f.exe
2006-10-10 09:53 61,440 --a------ C:\WINNT\system32\dbnetlib.dll
2006-10-10 09:53 45,632 --a------ C:\WINNT\system32\cliconfg.exe
2006-10-10 09:53 44,032 --a------ C:\WINNT\system32\msxml3r.dll
2006-10-10 09:53 4,656 --a------ C:\WINNT\system32\ds16gt.dll
2006-10-10 09:53 385,024 --a------ C:\WINNT\system32\sqlsrv32.dll
2006-10-10 09:53 36,864 --a------ C:\WINNT\system32\mscpxl32.dll
2006-10-10 09:53 28,672 --a------ C:\WINNT\system32\dbnmpntw.dll
2006-10-10 09:53 26,224 --a------ C:\WINNT\system32\odbc16gt.dll
2006-10-10 09:53 24,576 --a------ C:\WINNT\system32\odbcbcp.dll
2006-10-10 09:53 24,576 --a------ C:\WINNT\system32\dbmsvinn.dll
2006-10-10 09:53 24,576 --a------ C:\WINNT\system32\dbmsrpcn.dll
2006-10-10 09:53 24,576 --a------ C:\WINNT\system32\dbmsgnet.dll
2006-10-10 09:53 20,480 --a------ C:\WINNT\system32\msorc32r.dll
2006-10-10 09:53 20,480 --a------ C:\WINNT\system32\dbmsadsn.dll
2006-10-10 09:53 180,800 --a------ C:\WINNT\system32\sqlunirl.dll
2006-10-10 09:53 131,072 --a------ C:\WINNT\system32\msorcl32.dll
2006-10-10 09:53 127,552 --a------ C:\WINNT\system32\cliconfg.dll
2006-10-10 09:53 1,122,304 --a------ C:\WINNT\system32\msxml3.dll
2006-10-10 09:52 94,208 --a------ C:\WINNT\system32\odbccp32.dll
2006-10-10 09:52 90,112 --a------ C:\WINNT\system32\odbcint.dll
2006-10-10 09:52 61,440 --a------ C:\WINNT\system32\odbccu32.dll
2006-10-10 09:52 61,440 --a------ C:\WINNT\system32\odbccr32.dll
2006-10-10 09:52 32,768 --a------ C:\WINNT\system32\odbcad32.exe
2006-10-10 09:52 200,704 --a------ C:\WINNT\system32\odbc32.dll
2006-10-10 09:52 16,384 --a------ C:\WINNT\system32\odbc32gt.dll
2006-10-10 09:52 16,384 --a------ C:\WINNT\system32\ds32gt.dll
2006-10-10 09:52 147,456 --a------ C:\WINNT\system32\odbctrac.dll
2006-10-10 09:52 126,976 --a------ C:\WINNT\system32\msdart.dll
2006-10-10 09:44 68,608 --a------ C:\WINNT\system32\logagent.exe
2006-10-10 09:44 498,960 --a------ C:\WINNT\system32\dxmasf.dll
2006-10-10 09:44 28,160 --a------ C:\WINNT\system32\laprxy.dll
2006-10-10 09:44 251,904 --a------ C:\WINNT\system32\strmdll.dll
2006-10-10 09:31 7,952 --a------ C:\WINNT\system32\snprfdll.dll
2006-10-10 09:31 6,416 --a------ C:\WINNT\system32\adsiisex.dll
2006-10-10 09:31 44,816 --a------ C:\WINNT\system32\fcachdll.dll
2006-10-10 09:31 24,336 --a------ C:\WINNT\system32\regtrace.exe
2006-10-10 09:31 15,632 --a------ C:\WINNT\system32\dt_ctrl.dll
2006-10-10 09:31 13,584 --a------ C:\WINNT\system32\smtpctrs.dll
2006-10-10 09:31 11,024 --a------ C:\WINNT\system32\smtpapi.dll
2006-10-10 09:31 11,024 --a------ C:\WINNT\system32\rwnh.dll
2006-10-10 09:29 9,488 --a------ C:\WINNT\system32\aspperf.dll
2006-10-10 09:29 8,464 --a------ C:\WINNT\system32\ftpctrs2.dll
2006-10-10 09:29 7,440 --a------ C:\WINNT\system32\wamregps.dll
2006-10-10 09:29 6,928 --a------ C:\WINNT\system32\w3svapi.dll
2006-10-10 09:29 6,928 --a------ C:\WINNT\system32\ftpsapi2.dll
2006-10-10 09:29 6,416 --a------ C:\WINNT\system32\iisrstap.dll
2006-10-10 09:29 57,616 --a------ C:\WINNT\system32\iismap.dll
2006-10-10 09:29 42,768 --a------ C:\WINNT\system32\iisext.dll
2006-10-10 09:29 32,528 --a------ C:\WINNT\system32\admwprox.dll
2006-10-10 09:29 32,016 --a------ C:\WINNT\system32\pwstray.exe
2006-10-10 09:29 244,496 --a------ C:\WINNT\system32\adsiis.dll
2006-10-10 09:29 20,752 --a------ C:\WINNT\system32\inetsloc.dll
2006-10-10 09:29 15,632 --a------ C:\WINNT\system32\w3ctrs.dll
2006-10-10 09:29 14,608 --a------ C:\WINNT\system32\iisreset.exe
2006-10-10 09:29 14,096 --a------ C:\WINNT\system32\exstrace.dll
2006-10-10 09:29 123,664 --a------ C:\WINNT\system32\iisRtl.dll
2006-10-10 09:29 12,560 --a------ C:\WINNT\system32\infoadmn.dll
2006-10-10 09:28 9,488 --a------ C:\WINNT\system32\infoctrs.dll
2006-10-10 09:28 8,464 --a------ C:\WINNT\system32\staxmem.dll
2006-10-10 09:28 67,856 --a------ C:\WINNT\system32\convlog.exe
2006-10-10 09:28 6,928 --a------ C:\WINNT\system32\admxprox.dll
2006-10-09 18:55 50,688 --a------ C:\WINNT\system32\wbhelp2.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-10-27 09:03 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Free Download Manager
2006-10-27 08:48 -------- d-a------ C:\Program Files\Mozilla Firefox
2006-10-27 08:09 -------- d-------- C:\Program Files\Yahoo!
2006-10-26 15:16 -------- d-------- C:\Program Files\Microsoft Visual Studio .NET
2006-10-26 15:16 -------- d-------- C:\Program Files\Common Files\Crystal Decisions
2006-10-26 15:15 -------- d-a------ C:\Program Files\Common Files\Microsoft Shared
2006-10-26 14:56 -------- d-------- C:\Program Files\Common Files\Merge Modules
2006-10-26 14:53 -------- d-a------ C:\Program Files\Common Files
2006-10-26 14:53 -------- d-------- C:\Program Files\Microsoft.NET
2006-10-18 16:31 -------- d-a------ C:\Program Files\Google
2006-10-14 22:58 -------- d-------- C:\Program Files\Terminal Services Client
2006-10-14 22:58 -------- d-------- C:\Program Files\CMAK
2006-10-11 08:10 75776 --a------ C:\WINNT\system32\VundoFix.exe
2006-10-10 17:48 -------- d-a------ C:\Program Files\Free Download Manager
2006-10-10 10:01 -------- d-a------ C:\Program Files\Internet Explorer
2006-10-10 09:53 -------- d--h----- C:\Program Files\Uninstall Information
2006-10-10 09:44 -------- d-a------ C:\Program Files\Outlook Express
2006-10-10 09:44 -------- d-a------ C:\Program Files\Common Files\System
2006-10-10 09:44 -------- d-a------ C:\Program Files\Common Files\Services
2006-10-09 18:58 -------- d-------- C:\Program Files\DAP
2006-10-08 11:36 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2006-10-08 10:37 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2006-10-08 09:35 -------- d-a------ C:\Program Files\Common Files\Adobe
2006-10-08 09:35 -------- d-a------ C:\Program Files\Adobe
2006-10-08 09:32 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-08 09:19 -------- d-------- C:\Program Files\Macromedia
2006-10-08 09:18 -------- d-a------ C:\Program Files\Common Files\InstallShield
2006-09-28 08:44 -------- d-------- C:\Program Files\WinRAR
2006-09-19 15:52 -------- d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2006-09-08 23:20 -------- d-------- C:\Program Files\SpywareBlaster
2006-08-29 19:45 0 --a------ C:\WINNT\system32\setup_58358.exe
2006-08-24 20:39 0 ---h----- C:\CONFIG.SYS
2006-08-24 20:39 0 ---h----- C:\AUTOEXEC.BAT
2006-08-24 20:38 271 ---h----- C:\Program Files\desktop.ini
2006-08-24 20:38 21952 ---h----- C:\Program Files\folder.htt
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Free Download Manager"="C:\\Program Files\\Free Download Manager\\fdm.exe -autorun"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe\" -quiet"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Synchronization Manager"="mobsync.exe /logon"
"EnsoniqMixer"="C:\\WINNT\\system32\\starter.exe"
"Disc Detector"="C:\\Program Files\\Creative\\ShareDLL\\CtNotify.exe"
"CARPService"="carpserv.exe"
"Anti-Virus Update Scheduler"=""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\SYMANT~1\\vptray.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"DownloadAccelerator"="\"C:\\Program Files\\DAP\\DAP.EXE\" /STARTUP"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000003
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Windows installer"="C:\\winstall.exe"
"eventwvr"="C:\\WINNT\\System32\\eventwvr.exe"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000095
"ntdll.dll"=dword:00000095
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000095
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"Network.ConnectionTray"="{7007ACCF-3202-11D1-AAD2-00805FC1270E}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
backup-20061023-233430-158
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
backup-20061023-233430-710
F2 - REG:system.ini: UserInit=userinit.exe
backup-20061015-125552-925
O23 - Service: Debug Config System - Unknown owner - C:\WINNT\system32\lrsys.exe
backup-20061010-182903-223
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
backup-20061010-182903-322
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
backup-20061010-174838-151
O2 - BHO: WgBHO Class - {67E9834D-B226-49E6-B6F6-85AA64E14BA3} - C:\Program Files\Free Download Manager\iefdm.dll
backup-20061009-112024-551
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3AB16DA-E008-4B79-831F-1DEC2D70BB5F}: NameServer = 61.1.128.65 61.1.128.5
backup-20061009-104135-103
O23 - Service: Network Confg System - Unknown owner - C:\WINNT\system32\lviss.exe
backup-20061008-231335-726
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3AB16DA-E008-4B79-831F-1DEC2D70BB5F}: NameServer = 61.1.128.65 61.1.128.5
backup-20061008-100142-682
O23 - Service: COM+ System Service (DLLHOST) - Unknown owner - C:\WINNT\system\dllhost.exe (file missing)
backup-20061008-100027-310
O23 - Service: COM+ System Service (DLLHOST) - Unknown owner - C:\WINNT\system\dllhost.exe (file missing)
backup-20061005-004541-552
O23 - Service: COM+ System Service (DLLHOST) - Unknown owner - C:\WINNT\system\dllhost.exe (file missing)
backup-20061005-002552-554
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3AB16DA-E008-4B79-831F-1DEC2D70BB5F}: NameServer = 61.1.128.65 61.1.128.5
backup-20061004-231740-683
O23 - Service: COM+ System Service (DLLHOST) - Unknown owner - C:\WINNT\system\dllhost.exe
backup-20061004-161707-154
O23 - Service: COM+ System Service (DLLHOST) - Unknown owner - C:\WINNT\system\dllhost.exe
backup-20060915-162000-521
O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
backup-20060915-161936-286
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_18.exe
backup-20060915-161936-688
O4 - HKLM\..\Run: [defender] C:\\dfndrff_e2.exe
backup-20060915-161936-986
O4 - HKLM\..\Run: [newname] C:\\nwnmff_18.exe
backup-20060915-161936-335
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
backup-20060914-235534-841
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\cHI\command.exe
backup-20060914-235534-971
R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
backup-20060914-235513-313
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3AB16DA-E008-4B79-831F-1DEC2D70BB5F}: NameServer = 61.1.128.65 61.1.128.5
backup-20060914-235513-828
O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
backup-20060914-235513-505
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
backup-20060910-233204-434
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3AB16DA-E008-4B79-831F-1DEC2D70BB5F}: NameServer = 61.1.128.65 61.1.128.5
backup-20060910-002140-108
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3AB16DA-E008-4B79-831F-1DEC2D70BB5F}: NameServer = 61.1.128.65 61.1.128.5
backup-20060901-130025-161
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
backup-20060827-005346-784
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3AB16DA-E008-4B79-831F-1DEC2D70BB5F}: NameServer = 61.1.128.65 61.1.128.5
backup-20060826-005406-771
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3AB16DA-E008-4B79-831F-1DEC2D70BB5F}: NameServer = 61.1.128.65 61.1.128.5
backup-20060825-014337-252
O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
backup-20060825-014254-867
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
backup-20060825-014231-456
O16 - DPF: {BADA82CB-BF48-4D76-9611-78E2C6F49F03} (BolDownloader Control) - http://messenger.rediff.com/newbol/Bol.CAB
backup-20060825-014231-590
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
backup-20060825-014032-880
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
backup-20060825-014032-495
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
backup-20060825-014032-497
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
backup-20060824-210226-887
O4 - HKLM\..\Run: [defender] C:\\dfndrff_12.exe
backup-20060824-210226-818
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_12.exe
backup-20060824-210226-121
O4 - HKLM\..\Run: [newname] C:\\nwnmff_11.exe
backup-20060822-021621-849
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
backup-20060822-021621-152
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
backup-20060816-001009-128
O4 - HKLM\..\Run: [keyboard] C:\\kybrdfh_10.exe
backup-20060816-001009-582
O4 - HKLM\..\Run: [defender] C:\\dfndrfh_10.exe
backup-20060816-001009-848
O4 - HKLM\..\Run: [newname] C:\\nwnmfh_10.exe
backup-20060814-111221-379
O4 - HKLM\..\Run: [keyboard] c:\\kybrdff_9.exe
backup-20060814-111221-412
O4 - HKLM\..\Run: [newname] C:\\nwnmff_9.exe
backup-20060814-111221-781
O4 - HKLM\..\Run: [defender] c:\\dfndrff_9.exe
backup-20060812-112607-424
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_8.exe
backup-20060812-112607-453
O4 - HKLM\..\Run: [newname] C:\\nwnmff_9.exe
backup-20060812-112607-208
O4 - HKLM\..\Run: [defender] C:\\dfndrff_8.exe
backup-20060729-095801-131
O4 - HKLM\..\Run: [defender] C:\\dfndref_7.exe
backup-20060729-022659-172
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\cHI\command.exe
backup-20060728-101402-989
O4 - HKLM\..\Run: [defender] c:\\dfndref_7.exe
backup-20060728-101402-441
O4 - HKLM\..\Run: [keyboard] c:\\kybrdef_7.exe
backup-20060728-101402-400
O4 - HKLM\..\Run: [newname] c:\\nwnmef_7.exe
backup-20060721-105338-916
O4 - HKLM\..\Run: [newname] c:\\nwnmac_6.exe
backup-20060721-105338-843
O4 - HKLM\..\Run: [keyboard] c:\\kybrdaca_6.exe
backup-20060721-105338-809
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
backup-20060721-105338-734
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
backup-20060719-010718-718
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
backup-20060719-010718-930
O4 - HKLM\..\Run: [keyboard] C:\\kybrdaca_6.exe
backup-20060719-010718-339
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00013.exe"
backup-20060719-010718-937
O4 - HKLM\..\Run: [newname] C:\\nwnmac_6.exe
backup-20060719-010718-909
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
backup-20060719-010718-626
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://(null)/
backup-20060719-010718-642
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
backup-20060719-010718-189
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
backup-20060719-010718-337
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
backup-20060719-010718-732
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
backup-20060719-010718-962
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
backup-20060719-010718-402
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
backup-20060719-004817-865
O4 - HKLM\..\Run: [keyboard] c:\\kybrdaca_6.exe
backup-20060719-004817-907
O4 - HKLM\..\Run: [defender] c:\\dfndrac_6.exe
backup-20060719-004817-654
O4 - HKLM\..\Run: [newname] c:\\nwnmac_6.exe
backup-20060719-004817-497
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
backup-20060719-004817-507
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
backup-20060719-003621-714
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\cHI\command.exe
backup-20060718-163631-767
O4 - HKLM\..\Run: [keyboard] C:\\kybrdaca_6.exe
backup-20060718-163631-944
O4 - HKLM\..\Run: [defender] C:\\dfndrac_6.exe
backup-20060718-163631-130
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
backup-20060718-163631-358
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
backup-20060718-163631-578
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
backup-20060718-163631-317
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
backup-20060717-160443-735
F2 - REG:system.ini: UserInit=userinit.exe
backup-20060717-160443-955
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
backup-20060717-160443-379
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
backup-20060715-092231-741
O4 - HKLM\..\Run: [defender] C:\\dfndrad_5.exe
backup-20060715-092231-464
O4 - HKLM\..\Run: [keyboard] C:\\kybrdad_5.exe
backup-20060715-092231-961
O4 - HKLM\..\Run: [newname] C:\\nwnmad_5.exe
backup-20060715-092150-119
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
backup-20060715-092150-608
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
backup-20060514-010431-845
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
backup-20060513-094713-839
O20 - Winlogon Notify: yayvv - C:\WINNT\System32\yayvv.dll (file missing)
backup-20060513-094713-711
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/242f4ec42d7a10f0e906/netzip/RdxIE601.cab
backup-20060513-094713-964
O9 - Extra button: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
backup-20060513-094713-719
O2 - BHO: (no name) - {34F41E65-9C7E-4156-BC57-156D4233970E} - C:\WINNT\System32\yayvv.dll (file missing)
backup-20060512-175510-290
O20 - Winlogon Notify: yayvv - C:\WINNT\System32\yayvv.dll
backup-20060512-175510-620
O4 - HKLM\..\Run: [ntdll.dll] C:\Program Files\paytime.exe
backup-20060512-175510-798
O4 - HKLM\..\Run: [Windows Task Manager] c:\winnt\system32\taskmgn.exe
backup-20060512-175510-200
O2 - BHO: (no name) - {B37FCBBF-2F5F-405D-BB6D-9EECDB1A1315} - C:\WINNT\System32\yayvv.dll
backup-20060512-175510-726
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
backup-20060512-175510-947
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
Completion time: Fri 2006-10-27 9:05:33.02
C:\ComboFix.txt ... 06-10-27 09:05
LonnyRJones
2006-10-27, 08:52
How old is your symantect virus program ?
Perhaps it is time to replace it with another less common program.
Download Pocket Killbox to the desktop (version 2.0.0.648)
http://www.downloads.subratam.org/KillBox.exe
If you already have killbox ensure it is the latest version. ?
Start Killbox place a tick next to [x]Delete on reboot Press the ALL Files button
Copy this whole list into the windows clipboard, all the Bolded below.
C:\WINNT\system32\x.exe
C:\WINNT\system32\taskmgr32.exe
C:\WINNT\system32\winwiz.exe
C:\WINNT\system32\f.exe
C:\WINNT\system32\setup_58358.exe
C:\WINNT\System32\eventwvr.exe
Back in Killbox go > file > paste from clipboard,
Click the red highlighted X button and say yes to the prompt to restart the pc.
Uninstall your Yahoo messenger program then redownload and install if you intend to use it in the furture
If you still see the errors you mentioned when the PC is starting(or otherwise) let me know and quote them word for word
I am using symantec antivirus corporate edition 2002, with the latest updates...
Which AV program would u suggest?
The following error i get just before the login screen comes
Application popup: msdtc.exe - Application Error : The instruction at "0x69a2ecba" referenced memory at "0x6b58648c". The memory could not be "written".
Click on OK to terminate the program
Click on CANCEL to debug the program
I tried removing and reinstalling afresh but i still get the same error
Application popup: YHiddenContentManagerWindow: YPager.exe - Application Error : The instruction at "0x02437251" referenced memory at "0xfffffff8". The memory could not be "read".
Click on OK to terminate the program
Click on CANCEL to debug the program
Ran Killbox as instructed
Thanks
Prady
LonnyRJones
2006-10-27, 10:08
"Which AV program would u suggest?"
Praticly anything besides norton/symantec or mcafee
If your willing to uninstall it reboot and install another do so, there are three free programs to choose from mentioned here
http://forums.spybot.info/showthread.php?t=279
If you can afford to pay id suggest either Kaspersky Nod32 or avg pro
Are you having any internet connection problems ?
these should not have been fixed
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3AB16DA-E008-4B79-831F-1DEC2D70BB5F}: NameServer = 61.1.128.65 61.1.128.5
Zip up the files killbox deleted, c:\!killbox and attach it here
http://www.thespykiller.co.uk/forum/index.php?board=1.0
Do you have the windows 2000 instalation cd ?
Hi,
Thanks for the info abt the AV's..
Are you having any internet connection problems ?
No, there is no problem with internet connection
YEs, i have win2k installion cd
Even after reinstalling yahoo the problem error still exists
Application popup: YHiddenContentManagerWindow: YPager.exe - Application Error : The instruction at "0x02437251" referenced memory at "0xfffffff8". The memory could not be "read".
Thanks
Prady
I forgot to mention.. i uploaded the files deleted using Killbox
http://www.thespykiller.co.uk/forum/index.php?topic=2903.0
Is this some kind of repository for these kinda files?
Thanks
Prady
LonnyRJones
2006-10-27, 22:25
Yes, Its a good place for us to have people attach there becouse the general public cannot access them.
I was thinking to suggest sfc scannow (systemfile checker) but first lets Try visiting windows update, get all crittical updates, always reboot when prompted then go back untill no futher updates are offered.
I hope updates are still available for you.
Hi,
I use a dial up connection but it takes a lot of time for me to get the updates done.. Is there anyway i can download the updates from some other place and run it inmy system..
Thanks
Prady
LonnyRJones
2006-10-29, 07:43
Windows update has windows update catolog where updates can be downloaded but that would probaly take just as long, perhaps you have a friend who can get them for you and burn to a cd.
Thanks, i was looking for a option to download it somewhere else and burn a cd of it.. i will reply u back once i have done it
Hi,
Its taking some time for me to get these downloads ready.. Please bear with me for the delay
Hi,
I have installed the updates..
Application popup: msdtc.exe - Application Error : The instruction at "0x69a2ecba" referenced memory at "0x6b58648c". The memory could not be "written".
Click on OK to terminate the program
Click on CANCEL to debug the program
This popup has gone now after the updates....
But still the problem with yahoo messenger still persistes.. I tried to unistall and reinstall yahoo but somehow that prob still persists...
Thanks
PRady
LonnyRJones
2006-11-04, 13:03
Post one more Hijackthis log please
If you realy want to keep yahoos messenger you should contact them about the problems.
The new Hijackthis log
Logfile of HijackThis v1.99.1
Scan saved at 3:05:12 PM, on 11/6/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\System32\CTSvcCDA.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINNT\system\winlogon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINNT\system32\starter.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINNT\system32\carpserv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Rediff Bol\RediffMessenger.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
D:\spyware\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://in.rediff.com/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://in.rediff.com/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://in.rediff.com/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://in.rediff.com/index.html
R3 - URLSearchHook: Rediff Toolbar - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - C:\Program Files\Rediff Toolbar\redifftoolbar.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: XBTP05399 - {4A41E0D2-D514-4ca6-A494-7EB8420A865F} - C:\PROGRA~1\REDIFF~2\REDIFF~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Rediff Toolbar - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - C:\Program Files\Rediff Toolbar\redifftoolbar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [EnsoniqMixer] C:\WINNT\system32\starter.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Bol IM] "C:\Program Files\Rediff Bol\RediffMessenger.exe"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll (file missing)
O9 - Extra button: Rediff Toolbar - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - C:\Program Files\Rediff Toolbar\redifftoolbar.dll
O9 - Extra 'Tools' menuitem: Rediff Toolbar - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - C:\Program Files\Rediff Toolbar\redifftoolbar.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3AB16DA-E008-4B79-831F-1DEC2D70BB5F}: NameServer = 61.1.128.65 61.1.128.5
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTSvcCDA.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Windows NT Logon Application (WINLOGON) - Unknown owner - C:\WINNT\system\winlogon.exe
Thanks
Prady
LonnyRJones
2006-11-06, 13:43
This returned
O23 - Service: Windows NT Logon Application (WINLOGON) - Unknown owner - C:\WINNT\system\winlogon.exe
Run SDfix and DRweb again, here are the instructions again if needed
Download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) and save it to your Desktop.
Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
Finally copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log
* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Doubleclick the drweb-cureit.exe file and Allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found: http://users.telenet.be/bluepatchy/miekiemoes/images/check.gif
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
http://users.telenet.be/bluepatchy/miekiemoes/images/move.gif
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
SDFix Report
SDFix: Version 1.31
-------------------
Scan run on:
Tue 11/07/2006
Time:
9:38a
Microsoft Windows 2000 [Version 5.00.2195]
Running from: C:\Documents and Settings\Administrator\Desktop\SDFix
Stage One...
Checking Services...
Name:
-----
WINLOGON
Path:
----
"C:\WINNT\system\winlogon.exe"
WINLOGON Deleted...
Repairing Registry...
Restoring Default Hosts File...
Stage One Complete
Rebooting...
Stage Two...
Checking For Malware:
--------------------
C:\WINNT\system\winlogon.exe
C:\WINNT\system32\i
Backing Up and Removing any Files Found...
Final Check:
Services:
---------
Files:
------
Any files removed are saved to the SDFix\backups Folder
FINISHED
Dr.Web(R) Scanner for Windows v4.33.2 (4.33.2.10060)
Copyright (c) Igor Daniloff, 1992-2006
Log generated on: 2006-10-23, 12:36:46 [PRADIP][Administrator]
Command-line: "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cureit.exe" /lng /ini:cureit_XP.ini
Operating system:Windows 2000 Professional x86 (Build 2195)
Engine version: 4.33 (4.33.4.07270)
Engine API version: 2.01
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crwtoday.cdb - 9 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43358.cdb - 1139 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43357.cdb - 1302 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43356.cdb - 1332 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43355.cdb - 2456 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43354.cdb - 1283 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43353.cdb - 795 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43352.cdb - 2016 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43351.cdb - 941 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43350.cdb - 1020 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43349.cdb - 1008 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43348.cdb - 1096 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43347.cdb - 707 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43346.cdb - 1429 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43345.cdb - 1358 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43344.cdb - 694 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43343.cdb - 1186 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43342.cdb - 744 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43341.cdb - 841 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43340.cdb - 822 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43339.cdb - 1071 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43338.cdb - 989 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43337.cdb - 855 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43336.cdb - 1297 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43335.cdb - 1195 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43334.cdb - 900 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43333.cdb - 1381 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43332.cdb - 1340 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43331.cdb - 2735 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43330.cdb - 2078 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43329.cdb - 2490 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43328.cdb - 743 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43327.cdb - 958 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43326.cdb - 793 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43325.cdb - 713 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43324.cdb - 655 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43323.cdb - 655 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43322.cdb - 778 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43321.cdb - 846 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43320.cdb - 808 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43319.cdb - 764 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43318.cdb - 838 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43317.cdb - 363 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43316.cdb - 730 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43315.cdb - 627 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43314.cdb - 824 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43313.cdb - 842 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43312.cdb - 830 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43311.cdb - 862 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43310.cdb - 853 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43309.cdb - 733 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43308.cdb - 708 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43307.cdb - 839 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43306.cdb - 930 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43305.cdb - 759 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43304.cdb - 721 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43303.cdb - 638 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43302.cdb - 806 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43301.cdb - 504 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43300.cdb - 24 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crwebase.cdb - 78674 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cwrtoday.cdb - 294 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cwr43301.cdb - 697 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crwrisky.cdb - 1271 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cwntoday.cdb - 85 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cwn43305.cdb - 752 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cwn43304.cdb - 793 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cwn43303.cdb - 766 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cwn43302.cdb - 850 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cwn43301.cdb - 773 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crwnasty.cdb - 4867 virus records
Total virus records: 149475
Key file: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cureit.key
License key number: 0000000010
Registered to: Dr.Web CureIt Project
License key activates: 2005-03-05
License key expires: 2007-03-05
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 0
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 0 Kb/s
Scan time: 00:00:00
--------------------------
[Scan path] c:\documents and settings\administrator\desktop\drweb-cureit.exe
[Scan path] c:\documents and settings\administrator\local settings\temp\rarsfx0\_start.exe
[Scan path] c:\documents and settings\administrator\local settings\temp\rarsfx0\cureit.exe
[Scan path] c:\program files\common files\adobe\calibration\adobe gamma loader.exe
[Scan path] c:\program files\common files\microsoft shared\vs7debug\mdm.exe
[Scan path] c:\program files\common files\microsoft shared\web components\10\owc10.dll
[Scan path] c:\program files\common files\microsoft shared\web folders\msonsext.dll
[Scan path] c:\program files\common files\microsoft shared\web folders\pkmcdo.dll
[Scan path] c:\program files\common files\real\update_ob\realsched.exe
[Scan path] c:\program files\common files\symantec shared\ssc\vpshell2.dll
[Scan path] c:\program files\common files\symantec shared\virusdefs\20061018.039\naveng.sys
[Scan path] c:\program files\common files\symantec shared\virusdefs\20061018.039\navex15.sys
[Scan path] c:\program files\common files\system\ole db\oledb32.dll
[Scan path] c:\program files\creative\sharedll\ctnotify.exe
[Scan path] c:\program files\creative\sharedll\mediadet.exe
[Scan path] c:\program files\dap\dap.exe
>c:\program files\dap\dap.exe
[Scan path] c:\program files\free download manager\fdm.exe
[Scan path] c:\program files\internet explorer\connection wizard\icwconn1.exe
[Scan path] c:\program files\microsoft office\office10\msohev.dll
[Scan path] c:\program files\microsoft office\office10\olkfstub.dll
[Scan path] c:\program files\mozilla firefox\firefox.exe
[Scan path] c:\program files\msn messenger\msnmsgr.exe
[Scan path] c:\program files\network monitor\netmon.exe
c:\program files\network monitor\netmon.exe infected with Trojan.DnsChange - deleted
[Scan path] c:\program files\outlook express\setup50.exe
[Scan path] c:\program files\outlook express\wabfind.dll
[Scan path] c:\program files\real\realplayer\rpshell.dll
[Scan path] c:\program files\symantec\symevent.sys
[Scan path] c:\program files\symantec_client_security\symantec antivirus\defwatch.exe
[Scan path] c:\program files\symantec_client_security\symantec antivirus\navap.sys
[Scan path] c:\program files\symantec_client_security\symantec antivirus\navapel.sys
[Scan path] c:\program files\symantec_client_security\symantec antivirus\rtvscan.exe
[Scan path] c:\program files\symantec_client_security\symantec antivirus\vptray.exe
[Scan path] c:\program files\winrar\rarext.dll
[Scan path] c:\program files\winzip\wzqkpick.exe
[Scan path] c:\program files\winzip\wzshlstb.dll
[Scan path] c:\program files\yahoo!\messenger\ypager.exe
[Scan path] c:\winnt\explorer.exe
[Scan path] c:\winnt\loadqm.exe
[Scan path] c:\winnt\microsoft.net\framework\v1.1.4322\aspnet_state.exe
[Scan path] c:\winnt\system32\advapi32.dll
[Scan path] c:\winnt\system32\advpack.dll
[Scan path] c:\winnt\system32\appwiz.cpl
[Scan path] c:\winnt\system32\autochk.exe
[Scan path] c:\winnt\system32\bootwiz.exe
c:\winnt\system32\bootwiz.exe infected with Win32.HLLW.MyBot - deleted
[Scan path] c:\winnt\system32\browseui.dll
[Scan path] c:\winnt\system32\cabview.dll
[Scan path] c:\winnt\system32\carpserv.exe
[Scan path] c:\winnt\system32\cdfview.dll
[Scan path] c:\winnt\system32\cisvc.exe
[Scan path] c:\winnt\system32\clipsrv.exe
[Scan path] c:\winnt\system32\cnbjmon.dll
[Scan path] c:\winnt\system32\comdlg32.dll
[Scan path] c:\winnt\system32\crypt32.dll
[Scan path] c:\winnt\system32\cryptext.dll
[Scan path] c:\winnt\system32\cryptnet.dll
[Scan path] c:\winnt\system32\cscdll.dll
[Scan path] c:\winnt\system32\cscui.dll
[Scan path] c:\winnt\system32\csrss.exe
[Scan path] c:\winnt\system32\ctsvccda.exe
[Scan path] c:\winnt\system32\deskadp.dll
[Scan path] c:\winnt\system32\deskmon.dll
[Scan path] c:\winnt\system32\deskperf.dll
[Scan path] c:\winnt\system32\diskcopy.dll
[Scan path] c:\winnt\system32\dmadmin.exe
[Scan path] c:\winnt\system32\docprop.dll
[Scan path] c:\winnt\system32\docprop2.dll
[Scan path] c:\winnt\system32\drivers\acpi.sys
[Scan path] c:\winnt\system32\drivers\afd.sys
[Scan path] c:\winnt\system32\drivers\asyncmac.sys
[Scan path] c:\winnt\system32\drivers\atapi.sys
[Scan path] c:\winnt\system32\drivers\atmarpc.sys
[Scan path] c:\winnt\system32\drivers\audstub.sys
[Scan path] c:\winnt\system32\drivers\cdrom.sys
[Scan path] c:\winnt\system32\drivers\disk.sys
[Scan path] c:\winnt\system32\drivers\dmboot.sys
[Scan path] c:\winnt\system32\drivers\dmio.sys
[Scan path] c:\winnt\system32\drivers\dmusic.sys
[Scan path] c:\winnt\system32\drivers\es1371mp.sys
[Scan path] c:\winnt\system32\drivers\fdc.sys
[Scan path] c:\winnt\system32\drivers\flpydisk.sys
[Scan path] c:\winnt\system32\drivers\ftdisk.sys
[Scan path] c:\winnt\system32\drivers\gameenum.sys
[Scan path] c:\winnt\system32\drivers\hsf_cnxt.sys
[Scan path] c:\winnt\system32\drivers\hsf_dp.sys
[Scan path] c:\winnt\system32\drivers\hsfhwbs2.sys
[Scan path] c:\winnt\system32\drivers\i8042prt.sys
[Scan path] c:\winnt\system32\drivers\i81xnt5.sys
[Scan path] c:\winnt\system32\drivers\ipfltdrv.sys
[Scan path] c:\winnt\system32\drivers\ipinip.sys
[Scan path] c:\winnt\system32\drivers\ipnat.sys
[Scan path] c:\winnt\system32\drivers\ipsec.sys
[Scan path] c:\winnt\system32\drivers\isapnp.sys
[Scan path] c:\winnt\system32\drivers\kbdclass.sys
[Scan path] c:\winnt\system32\drivers\kmixer.sys
[Scan path] c:\winnt\system32\drivers\mdmxsdk.sys
[Scan path] c:\winnt\system32\drivers\modemcsa.sys
[Scan path] c:\winnt\system32\drivers\mouclass.sys
[Scan path] c:\winnt\system32\drivers\mrxsmb.sys
[Scan path] c:\winnt\system32\drivers\msgpc.sys
[Scan path] c:\winnt\system32\drivers\mskssrv.sys
[Scan path] c:\winnt\system32\drivers\mspclock.sys
[Scan path] c:\winnt\system32\drivers\mspqm.sys
[Scan path] c:\winnt\system32\drivers\ndistapi.sys
[Scan path] c:\winnt\system32\drivers\ndiswan.sys
[Scan path] c:\winnt\system32\drivers\netbios.sys
[Scan path] c:\winnt\system32\drivers\netbt.sys
[Scan path] c:\winnt\system32\drivers\netdtect.sys
[Scan path] c:\winnt\system32\drivers\nwlnkflt.sys
[Scan path] c:\winnt\system32\drivers\nwlnkfwd.sys
[Scan path] c:\winnt\system32\drivers\parallel.sys
[Scan path] c:\winnt\system32\drivers\parport.sys
[Scan path] c:\winnt\system32\drivers\pci.sys
[Scan path] c:\winnt\system32\drivers\pciide.sys
[Scan path] c:\winnt\system32\drivers\ptilink.sys
[Scan path] c:\winnt\system32\drivers\pxhelp20.sys
[Scan path] c:\winnt\system32\drivers\rasacd.sys
[Scan path] c:\winnt\system32\drivers\rasl2tp.sys
[Scan path] c:\winnt\system32\drivers\raspptp.sys
[Scan path] c:\winnt\system32\drivers\raspti.sys
[Scan path] c:\winnt\system32\drivers\rca.sys
[Scan path] c:\winnt\system32\drivers\rdbss.sys
[Scan path] c:\winnt\system32\drivers\redbook.sys
[Scan path] c:\winnt\system32\drivers\rtl8139.sys
[Scan path] c:\winnt\system32\drivers\sbpci.sys
[Scan path] c:\winnt\system32\drivers\serenum.sys
[Scan path] c:\winnt\system32\drivers\serial.sys
[Scan path] c:\winnt\system32\drivers\srv.sys
[Scan path] c:\winnt\system32\drivers\strmdisp.sys
[Scan path] c:\winnt\system32\drivers\swenum.sys
[Scan path] c:\winnt\system32\drivers\swmidi.sys
[Scan path] c:\winnt\system32\drivers\sysaudio.sys
[Scan path] c:\winnt\system32\drivers\tcpip.sys
[Scan path] c:\winnt\system32\drivers\uhcd.sys
[Scan path] c:\winnt\system32\drivers\update.sys
[Scan path] c:\winnt\system32\drivers\usbhub.sys
[Scan path] c:\winnt\system32\drivers\usbstor.sys
[Scan path] c:\winnt\system32\drivers\vga.sys
[Scan path] c:\winnt\system32\drivers\wanarp.sys
[Scan path] c:\winnt\system32\drivers\wdmaud.sys
[Scan path] c:\winnt\system32\dsfolder.dll
[Scan path] c:\winnt\system32\dskquoui.dll
[Scan path] c:\winnt\system32\dsquery.dll
[Scan path] c:\winnt\system32\dssec.dll
[Scan path] c:\winnt\system32\dsuiext.dll
[Scan path] c:\winnt\system32\faxshell.dll
[Scan path] c:\winnt\system32\faxsvc.exe
[Scan path] c:\winnt\system32\fontext.dll
[Scan path] c:\winnt\system32\gdi32.dll
[Scan path] c:\winnt\system32\hticons.dll
[Scan path] c:\winnt\system32\icmui.dll
[Scan path] c:\winnt\system32\ie4uinit.exe
[Scan path] c:\winnt\system32\iedkcs32.dll
[Scan path] c:\winnt\system32\imagehlp.dll
[Scan path] c:\winnt\system32\inetcomm.dll
[Scan path] c:\winnt\system32\inetsrv\inetinfo.exe
[Scan path] c:\winnt\system32\inetsrv\w3ext.dll
[Scan path] c:\winnt\system32\itss.dll
[Scan path] c:\winnt\system32\kerberos.dll
[Scan path] c:\winnt\system32\kernel32.dll
[Scan path] c:\winnt\system32\localspl.dll
[Scan path] c:\winnt\system32\locator.exe
[Scan path] c:\winnt\system32\lrsys.exe
c:\winnt\system32\lrsys.exe infected with Win32.HLLW.MyBot - deleted
[Scan path] c:\winnt\system32\lsass.exe
[Scan path] c:\winnt\system32\lviss.exe
c:\winnt\system32\lviss.exe infected with BackDoor.IRC.Sdbot.694 - deleted
[Scan path] c:\winnt\system32\lz32.dll
[Scan path] c:\winnt\system32\mmcshext.dll
[Scan path] c:\winnt\system32\mmsys.cpl
[Scan path] c:\winnt\system32\mnmsrvc.exe
[Scan path] c:\winnt\system32\mobsync.exe
[Scan path] c:\winnt\system32\msafd.dll
[Scan path] c:\winnt\system32\mscoree.dll
[Scan path] c:\winnt\system32\mscories.dll
[Scan path] c:\winnt\system32\msdtc.exe
[Scan path] c:\winnt\system32\msdxm.ocx
[Scan path] c:\winnt\system32\msfaxmon.dll
[Scan path] c:\winnt\system32\mshtml.dll
[Scan path] c:\winnt\system32\msiexec.exe
[Scan path] c:\winnt\system32\mstask.dll
[Scan path] c:\winnt\system32\mstask.exe
[Scan path] c:\winnt\system32\msv1_0.dll
[Scan path] c:\winnt\system32\mydocs.dll
[Scan path] c:\winnt\system32\netdde.exe
[Scan path] c:\winnt\system32\netshell.dll
[Scan path] c:\winnt\system32\ntlanui2.dll
[Scan path] c:\winnt\system32\ntsd.exe
[Scan path] c:\winnt\system32\ntshrui.dll
[Scan path] c:\winnt\system32\occache.dll
[Scan path] c:\winnt\system32\ole32.dll
[Scan path] c:\winnt\system32\oleaut32.dll
[Scan path] c:\winnt\system32\olecli32.dll
[Scan path] c:\winnt\system32\olecnv32.dll
[Scan path] c:\winnt\system32\olesvr32.dll
[Scan path] c:\winnt\system32\olethk32.dll
[Scan path] c:\winnt\system32\pfmodnt.sys
[Scan path] c:\winnt\system32\pjlmon.dll
[Scan path] c:\winnt\system32\plustab.dll
[Scan path] c:\winnt\system32\printui.dll
[Scan path] c:\winnt\system32\regsvc.exe
[Scan path] c:\winnt\system32\regsvr32.exe
[Scan path] c:\winnt\system32\rpcrt4.dll
[Scan path] c:\winnt\system32\rpcss.dll
[Scan path] c:\winnt\system32\rshx32.dll
[Scan path] c:\winnt\system32\rsvp.exe
[Scan path] c:\winnt\system32\rsvpsp.dll
[Scan path] c:\winnt\system32\rundll32.exe
[Scan path] c:\winnt\system32\scardsvr.exe
[Scan path] c:\winnt\system32\scecli.dll
[Scan path] c:\winnt\system32\schannel.dll
[Scan path] c:\winnt\system32\sclgntfy.dll
[Scan path] c:\winnt\system32\sendmail.dll
[Scan path] c:\winnt\system32\services.exe
[Scan path] c:\winnt\system32\shdocvw.dll
[Scan path] c:\winnt\system32\shell32.dll
[Scan path] c:\winnt\system32\shscrap.dll
[Scan path] c:\winnt\system32\smlogsvc.exe
[Scan path] c:\winnt\system32\smss.exe
[Scan path] c:\winnt\system32\spoolsv.exe
[Scan path] c:\winnt\system32\starter.exe
[Scan path] c:\winnt\system32\stobject.dll
[Scan path] c:\winnt\system32\svchost.exe
[Scan path] c:\winnt\system32\syncui.dll
[Scan path] c:\winnt\system32\tcpmon.dll
[Scan path] c:\winnt\system32\thumbvw.dll
[Scan path] c:\winnt\system32\tlntsvr.exe
[Scan path] c:\winnt\system32\updcrl.exe
[Scan path] c:\winnt\system32\ups.exe
[Scan path] c:\winnt\system32\url.dll
[Scan path] c:\winnt\system32\urlmon.dll
[Scan path] c:\winnt\system32\usbmon.dll
[Scan path] c:\winnt\system32\user32.dll
[Scan path] c:\winnt\system32\userinit.exe
[Scan path] c:\winnt\system32\utilman.exe
[Scan path] c:\winnt\system32\verisignpub1.crl
[Scan path] c:\winnt\system32\version.dll
[Scan path] c:\winnt\system32\wbem\winmgmt.exe
[Scan path] c:\winnt\system32\webcheck.dll
[Scan path] c:\winnt\system32\wininet.dll
[Scan path] c:\winnt\system32\winlogon.exe
[Scan path] c:\winnt\system32\wldap32.dll
[Scan path] c:\winnt\system32\wlnotify.dll
[Scan path] c:\winnt\system32\wshext.dll
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 243
Infected objects found: 4
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 4
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 707 Kb/s
Scan time: 00:01:41
-----------------------------------------------------------------------------
[Scan path] C:\
>C:\!KillBox\yayvv.dll infected with Trojan.Virtumod - deleted
C:\Documents and Settings\Administrator\NTUSER.DAT - read error
C:\Documents and Settings\Administrator\NTUSER~1.LOG - read error
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8ugyg251.default\PARENT~1.LOC - read error
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\SmitfraudFix\Process.exe is hacktool program Tool.Prockill
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\SmitfraudFix\restart.exe is hacktool program Tool.ShutDown.11
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
>>C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\IJ2345O7\fix[1].exe is adware program Adware.Zango
>C:\Program Files\DAP\DAP.exeC:\Program Files\DAP\History\Administrator\_LASTH~1.DAT - read error
>C:\Program Files\DAP\Privacy Package\DAPPrivacyPackage.exe>C:\Program Files\DAP\Privacy Package\DAPShred.exe>C:\Program Files\DAP\Privacy Package\DAPTraceCleaner.exe>C:\Program Files\DivX\DivX Web Player\npdivx32.dll>>C:\RECYCLER\S-1-5-21-854245398-1708537768-842925246-500\Dc1.exe is adware program Adware.Zango
C:\WINNT\system32\setup_30556.exe infected with BackDoor.IRC.Sdbot.694 - deleted
C:\WINNT\system32\setup_64057.exe infected with BackDoor.IRC.Sdbot.694 - deleted
C:\WINNT\system32\setup_71854.exe infected with Win32.HLLW.MyBot - deleted
C:\WINNT\system32\setup_77271.exe infected with Win32.HLLW.MyBot - deleted
>>C:\WINNT\system32\win32.exe infected with Trojan.Spambot - deleted
C:\WINNT\system32\config\default - read error
C:\WINNT\system32\config\default.LOG - read error
C:\WINNT\system32\config\SAM - read error
C:\WINNT\system32\config\SAM.LOG - read error
C:\WINNT\system32\config\SECURITY - read error
C:\WINNT\system32\config\SECURITY.LOG - read error
C:\WINNT\system32\config\software - read error
C:\WINNT\system32\config\software.LOG - read error
C:\WINNT\system32\config\system - read error
C:\WINNT\system32\config\SYSTEM.ALT - read error
[Scan path] D:\
>D:\spyware\hijackthis\backups\backup-20060512-175510-200.dll infected with Trojan.Virtumod - deleted
D:\spyware\hijackthis\backups\backup-20060825-014337-252.dll is adware program Adware.Softomate
D:\spyware\hijackthis\backups\backup-20060914-235513-828.dll is adware program Adware.Softomate
D:\spyware\hijackthis\backups\backup-20060915-162000-521.dll is adware program Adware.Softomate
D:\spyware\SmitfraudFix\SmitfraudFix\Process.exe is hacktool program Tool.Prockill
D:\spyware\SmitfraudFix\SmitfraudFix\restart.exe is hacktool program Tool.ShutDown.11
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 69218
Infected objects found: 7
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 5
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 4
Objects cured: 0
Objects deleted: 7
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 504 Kb/s
Scan time: 01:37:59
-----------------------------------------------------------------------------
Scanning interrupted by user! - viruses found
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\SmitfraudFix\Process.exe - incurable - moved
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\SmitfraudFix\restart.exe - incurable - moved
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\IJ2345O7\fix[1].exe - incurable - moved
C:\RECYCLER\S-1-5-21-854245398-1708537768-842925246-500\Dc1.exe - incurable - moved
D:\spyware\hijackthis\backups\backup-20060825-014337-252.dll - incurable - moved
D:\spyware\hijackthis\backups\backup-20060914-235513-828.dll - incurable - moved
D:\spyware\hijackthis\backups\backup-20060915-162000-521.dll - incurable - moved
D:\spyware\SmitfraudFix\SmitfraudFix\Process.exe - incurable - moved
D:\spyware\SmitfraudFix\SmitfraudFix\restart.exe - incurable - moved
=============================================================================
Total session statistics
=============================================================================
Objects scanned: 0
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 9
Objects ignored: 0
Scan speed: 0 Kb/s
Scan time: 00:00:00
=============================================================================
=============================================================================
Dr.Web(R) Scanner for Windows v4.33.2 (4.33.2.10060)
Copyright (c) Igor Daniloff, 1992-2006
Log generated on: 2006-10-23, 15:19:53 [PRADIP][Administrator]
Command-line: "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cureit.exe" /lng /ini:cureit_XP.ini
Operating system:Windows 2000 Professional x86 (Build 2195)
=============================================================================
Engine version: 4.33 (4.33.4.07270)
Engine API version: 2.01
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crwtoday.cdb - 9 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43358.cdb - 1139 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43357.cdb - 1302 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43356.cdb - 1332 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43355.cdb - 2456 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43354.cdb - 1283 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43353.cdb - 795 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43352.cdb - 2016 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43351.cdb - 941 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43350.cdb - 1020 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43349.cdb - 1008 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43348.cdb - 1096 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43347.cdb - 707 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43346.cdb - 1429 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43345.cdb - 1358 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43344.cdb - 694 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43343.cdb - 1186 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43342.cdb - 744 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43341.cdb - 841 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43340.cdb - 822 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43339.cdb - 1071 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43338.cdb - 989 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43337.cdb - 855 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43336.cdb - 1297 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43335.cdb - 1195 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43334.cdb - 900 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43333.cdb - 1381 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43332.cdb - 1340 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43331.cdb - 2735 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43330.cdb - 2078 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43329.cdb - 2490 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43328.cdb - 743 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43327.cdb - 958 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43326.cdb - 793 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43325.cdb - 713 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43324.cdb - 655 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43323.cdb - 655 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43322.cdb - 778 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43321.cdb - 846 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43320.cdb - 808 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43319.cdb - 764 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43318.cdb - 838 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43317.cdb - 363 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43316.cdb - 730 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43315.cdb - 627 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43314.cdb - 824 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43313.cdb - 842 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43312.cdb - 830 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43311.cdb - 862 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43310.cdb - 853 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43309.cdb - 733 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43308.cdb - 708 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43307.cdb - 839 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43306.cdb - 930 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43305.cdb - 759 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43304.cdb - 721 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43303.cdb - 638 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43302.cdb - 806 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43301.cdb - 504 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43300.cdb - 24 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crwebase.cdb - 78674 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cwrtoday.cdb - 294 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cwr43301.cdb - 697 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crwrisky.cdb - 1271 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cwntoday.cdb - 85 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cwn43305.cdb - 752 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cwn43304.cdb - 793 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cwn43303.cdb - 766 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cwn43302.cdb - 850 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cwn43301.cdb - 773 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crwnasty.cdb - 4867 virus records
Total virus records: 149475
Key file: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cureit.key
License key number: 0000000010
Registered to: Dr.Web CureIt Project
License key activates: 2005-03-05
License key expires: 2007-03-05
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 0
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 0 Kb/s
Scan time: 00:00:00
-----------------------------------------------------------------------------
[Scan path] c:\documents and settings\administrator\desktop\drweb-cureit.exe
[Scan path] c:\documents and settings\administrator\local settings\temp\rarsfx0\_start.exe
[Scan path] c:\documents and settings\administrator\local settings\temp\rarsfx0\cureit.exe
[Scan path] c:\program files\common files\adobe\calibration\adobe gamma loader.exe
[Scan path] c:\program files\common files\microsoft shared\vs7debug\mdm.exe
[Scan path] c:\program files\common files\microsoft shared\web components\10\owc10.dll
[Scan path] c:\program files\common files\microsoft shared\web folders\msonsext.dll
[Scan path] c:\program files\common files\microsoft shared\web folders\pkmcdo.dll
[Scan path] c:\program files\common files\real\update_ob\realsched.exe
[Scan path] c:\program files\common files\symantec shared\ssc\vpshell2.dll
[Scan path] c:\program files\common files\symantec shared\virusdefs\20061018.039\naveng.sys
[Scan path] c:\program files\common files\symantec shared\virusdefs\20061018.039\navex15.sys
[Scan path] c:\program files\common files\system\ole db\oledb32.dll
[Scan path] c:\program files\creative\sharedll\ctnotify.exe
[Scan path] c:\program files\creative\sharedll\mediadet.exe
[Scan path] c:\program files\dap\dap.exe
>c:\program files\dap\dap.exe
[Scan path] c:\program files\free download manager\fdm.exe
[Scan path] c:\program files\internet explorer\connection wizard\icwconn1.exe
[Scan path] c:\program files\microsoft office\office10\msohev.dll
[Scan path] c:\program files\microsoft office\office10\olkfstub.dll
[Scan path] c:\program files\msn messenger\msnmsgr.exe
[Scan path] c:\program files\outlook express\setup50.exe
[Scan path] c:\program files\outlook express\wabfind.dll
[Scan path] c:\program files\real\realplayer\rpshell.dll
[Scan path] c:\program files\symantec\symevent.sys
[Scan path] c:\program files\symantec_client_security\symantec antivirus\defwatch.exe
[Scan path] c:\program files\symantec_client_security\symantec antivirus\navap.sys
[Scan path] c:\program files\symantec_client_security\symantec antivirus\navapel.sys
[Scan path] c:\program files\symantec_client_security\symantec antivirus\rtvscan.exe
[Scan path] c:\program files\symantec_client_security\symantec antivirus\vptray.exe
[Scan path] c:\program files\winrar\rarext.dll
[Scan path] c:\program files\winzip\wzqkpick.exe
[Scan path] c:\program files\winzip\wzshlstb.dll
[Scan path] c:\program files\yahoo!\messenger\ypager.exe
[Scan path] c:\winnt\explorer.exe
[Scan path] c:\winnt\loadqm.exe
[Scan path] c:\winnt\microsoft.net\framework\v1.1.4322\aspnet_state.exe
[Scan path] c:\winnt\system32\advapi32.dll
[Scan path] c:\winnt\system32\advpack.dll
[Scan path] c:\winnt\system32\appwiz.cpl
[Scan path] c:\winnt\system32\autochk.exe
[Scan path] c:\winnt\system32\browseui.dll
[Scan path] c:\winnt\system32\cabview.dll
[Scan path] c:\winnt\system32\carpserv.exe
[Scan path] c:\winnt\system32\cdfview.dll
[Scan path] c:\winnt\system32\cisvc.exe
[Scan path] c:\winnt\system32\clipsrv.exe
[Scan path] c:\winnt\system32\cnbjmon.dll
[Scan path] c:\winnt\system32\comdlg32.dll
[Scan path] c:\winnt\system32\crypt32.dll
[Scan path] c:\winnt\system32\cryptext.dll
[Scan path] c:\winnt\system32\cryptnet.dll
[Scan path] c:\winnt\system32\cscdll.dll
[Scan path] c:\winnt\system32\cscui.dll
[Scan path] c:\winnt\system32\csrss.exe
[Scan path] c:\winnt\system32\ctsvccda.exe
[Scan path] c:\winnt\system32\deskadp.dll
[Scan path] c:\winnt\system32\deskmon.dll
[Scan path] c:\winnt\system32\deskperf.dll
[Scan path] c:\winnt\system32\diskcopy.dll
[Scan path] c:\winnt\system32\dmadmin.exe
[Scan path] c:\winnt\system32\docprop.dll
[Scan path] c:\winnt\system32\docprop2.dll
[Scan path] c:\winnt\system32\drivers\acpi.sys
[Scan path] c:\winnt\system32\drivers\afd.sys
[Scan path] c:\winnt\system32\drivers\asyncmac.sys
[Scan path] c:\winnt\system32\drivers\atapi.sys
[Scan path] c:\winnt\system32\drivers\atmarpc.sys
[Scan path] c:\winnt\system32\drivers\audstub.sys
[Scan path] c:\winnt\system32\drivers\cdrom.sys
[Scan path] c:\winnt\system32\drivers\disk.sys
[Scan path] c:\winnt\system32\drivers\dmboot.sys
[Scan path] c:\winnt\system32\drivers\dmio.sys
[Scan path] c:\winnt\system32\drivers\dmusic.sys
[Scan path] c:\winnt\system32\drivers\es1371mp.sys
[Scan path] c:\winnt\system32\drivers\fdc.sys
[Scan path] c:\winnt\system32\drivers\flpydisk.sys
[Scan path] c:\winnt\system32\drivers\ftdisk.sys
[Scan path] c:\winnt\system32\drivers\gameenum.sys
[Scan path] c:\winnt\system32\drivers\hsf_cnxt.sys
[Scan path] c:\winnt\system32\drivers\hsf_dp.sys
[Scan path] c:\winnt\system32\drivers\hsfhwbs2.sys
[Scan path] c:\winnt\system32\drivers\i8042prt.sys
[Scan path] c:\winnt\system32\drivers\i81xnt5.sys
[Scan path] c:\winnt\system32\drivers\ipfltdrv.sys
[Scan path] c:\winnt\system32\drivers\ipinip.sys
[Scan path] c:\winnt\system32\drivers\ipnat.sys
[Scan path] c:\winnt\system32\drivers\ipsec.sys
[Scan path] c:\winnt\system32\drivers\isapnp.sys
[Scan path] c:\winnt\system32\drivers\kbdclass.sys
[Scan path] c:\winnt\system32\drivers\kmixer.sys
[Scan path] c:\winnt\system32\drivers\mdmxsdk.sys
[Scan path] c:\winnt\system32\drivers\modemcsa.sys
[Scan path] c:\winnt\system32\drivers\mouclass.sys
[Scan path] c:\winnt\system32\drivers\mrxsmb.sys
[Scan path] c:\winnt\system32\drivers\msgpc.sys
[Scan path] c:\winnt\system32\drivers\mskssrv.sys
[Scan path] c:\winnt\system32\drivers\mspclock.sys
[Scan path] c:\winnt\system32\drivers\mspqm.sys
[Scan path] c:\winnt\system32\drivers\ndistapi.sys
[Scan path] c:\winnt\system32\drivers\ndiswan.sys
[Scan path] c:\winnt\system32\drivers\netbios.sys
[Scan path] c:\winnt\system32\drivers\netbt.sys
[Scan path] c:\winnt\system32\drivers\netdtect.sys
[Scan path] c:\winnt\system32\drivers\nwlnkflt.sys
[Scan path] c:\winnt\system32\drivers\nwlnkfwd.sys
[Scan path] c:\winnt\system32\drivers\parallel.sys
[Scan path] c:\winnt\system32\drivers\parport.sys
[Scan path] c:\winnt\system32\drivers\pci.sys
[Scan path] c:\winnt\system32\drivers\pciide.sys
[Scan path] c:\winnt\system32\drivers\ptilink.sys
[Scan path] c:\winnt\system32\drivers\pxhelp20.sys
[Scan path] c:\winnt\system32\drivers\rasacd.sys
[Scan path] c:\winnt\system32\drivers\rasl2tp.sys
[Scan path] c:\winnt\system32\drivers\raspptp.sys
[Scan path] c:\winnt\system32\drivers\raspti.sys
[Scan path] c:\winnt\system32\drivers\rca.sys
[Scan path] c:\winnt\system32\drivers\rdbss.sys
[Scan path] c:\winnt\system32\drivers\redbook.sys
[Scan path] c:\winnt\system32\drivers\rtl8139.sys
[Scan path] c:\winnt\system32\drivers\sbpci.sys
[Scan path] c:\winnt\system32\drivers\serenum.sys
[Scan path] c:\winnt\system32\drivers\serial.sys
[Scan path] c:\winnt\system32\drivers\srv.sys
[Scan path] c:\winnt\system32\drivers\strmdisp.sys
[Scan path] c:\winnt\system32\drivers\swenum.sys
[Scan path] c:\winnt\system32\drivers\swmidi.sys
[Scan path] c:\winnt\system32\drivers\sysaudio.sys
[Scan path] c:\winnt\system32\drivers\tcpip.sys
[Scan path] c:\winnt\system32\drivers\uhcd.sys
[Scan path] c:\winnt\system32\drivers\update.sys
[Scan path] c:\winnt\system32\drivers\usbhub.sys
[Scan path] c:\winnt\system32\drivers\usbstor.sys
[Scan path] c:\winnt\system32\drivers\vga.sys
[Scan path] c:\winnt\system32\drivers\wanarp.sys
[Scan path] c:\winnt\system32\drivers\wdmaud.sys
[Scan path] c:\winnt\system32\dsfolder.dll
[Scan path] c:\winnt\system32\dskquoui.dll
[Scan path] c:\winnt\system32\dsquery.dll
[Scan path] c:\winnt\system32\dssec.dll
[Scan path] c:\winnt\system32\dsuiext.dll
[Scan path] c:\winnt\system32\faxshell.dll
[Scan path] c:\winnt\system32\faxsvc.exe
[Scan path] c:\winnt\system32\fontext.dll
[Scan path] c:\winnt\system32\gdi32.dll
[Scan path] c:\winnt\system32\hticons.dll
[Scan path] c:\winnt\system32\icmui.dll
[Scan path] c:\winnt\system32\ie4uinit.exe
[Scan path] c:\winnt\system32\iedkcs32.dll
[Scan path] c:\winnt\system32\imagehlp.dll
[Scan path] c:\winnt\system32\inetcomm.dll
[Scan path] c:\winnt\system32\inetsrv\inetinfo.exe
[Scan path] c:\winnt\system32\inetsrv\w3ext.dll
[Scan path] c:\winnt\system32\itss.dll
[Scan path] c:\winnt\system32\kerberos.dll
[Scan path] c:\winnt\system32\kernel32.dll
[Scan path] c:\winnt\system32\localspl.dll
[Scan path] c:\winnt\system32\locator.exe
[Scan path] c:\winnt\system32\lsass.exe
[Scan path] c:\winnt\system32\lz32.dll
[Scan path] c:\winnt\system32\mmcshext.dll
[Scan path] c:\winnt\system32\mmsys.cpl
[Scan path] c:\winnt\system32\mnmsrvc.exe
[Scan path] c:\winnt\system32\mobsync.exe
[Scan path] c:\winnt\system32\msafd.dll
[Scan path] c:\winnt\system32\mscoree.dll
[Scan path] c:\winnt\system32\mscories.dll
[Scan path] c:\winnt\system32\msdtc.exe
[Scan path] c:\winnt\system32\msdxm.ocx
[Scan path] c:\winnt\system32\msfaxmon.dll
[Scan path] c:\winnt\system32\mshtml.dll
[Scan path] c:\winnt\system32\msiexec.exe
[Scan path] c:\winnt\system32\mstask.dll
[Scan path] c:\winnt\system32\mstask.exe
[Scan path] c:\winnt\system32\msv1_0.dll
[Scan path] c:\winnt\system32\mydocs.dll
[Scan path] c:\winnt\system32\netdde.exe
[Scan path] c:\winnt\system32\netshell.dll
[Scan path] c:\winnt\system32\ntlanui2.dll
[Scan path] c:\winnt\system32\ntsd.exe
[Scan path] c:\winnt\system32\ntshrui.dll
[Scan path] c:\winnt\system32\occache.dll
[Scan path] c:\winnt\system32\ole32.dll
[Scan path] c:\winnt\system32\oleaut32.dll
[Scan path] c:\winnt\system32\olecli32.dll
[Scan path] c:\winnt\system32\olecnv32.dll
[Scan path] c:\winnt\system32\olesvr32.dll
[Scan path] c:\winnt\system32\olethk32.dll
[Scan path] c:\winnt\system32\pfmodnt.sys
[Scan path] c:\winnt\system32\pjlmon.dll
[Scan path] c:\winnt\system32\plustab.dll
[Scan path] c:\winnt\system32\printui.dll
[Scan path] c:\winnt\system32\regsvc.exe
[Scan path] c:\winnt\system32\regsvr32.exe
[Scan path] c:\winnt\system32\rpcrt4.dll
[Scan path] c:\winnt\system32\rpcss.dll
[Scan path] c:\winnt\system32\rshx32.dll
[Scan path] c:\winnt\system32\rsvp.exe
[Scan path] c:\winnt\system32\rsvpsp.dll
[Scan path] c:\winnt\system32\rundll32.exe
[Scan path] c:\winnt\system32\scardsvr.exe
[Scan path] c:\winnt\system32\scecli.dll
[Scan path] c:\winnt\system32\schannel.dll
[Scan path] c:\winnt\system32\sclgntfy.dll
[Scan path] c:\winnt\system32\sendmail.dll
[Scan path] c:\winnt\system32\services.exe
[Scan path] c:\winnt\system32\shdocvw.dll
[Scan path] c:\winnt\system32\shell32.dll
[Scan path] c:\winnt\system32\shscrap.dll
[Scan path] c:\winnt\system32\smlogsvc.exe
[Scan path] c:\winnt\system32\smss.exe
[Scan path] c:\winnt\system32\spoolsv.exe
[Scan path] c:\winnt\system32\starter.exe
[Scan path] c:\winnt\system32\stobject.dll
[Scan path] c:\winnt\system32\svchost.exe
[Scan path] c:\winnt\system32\syncui.dll
[Scan path] c:\winnt\system32\tcpmon.dll
[Scan path] c:\winnt\system32\thumbvw.dll
[Scan path] c:\winnt\system32\tlntsvr.exe
[Scan path] c:\winnt\system32\updcrl.exe
[Scan path] c:\winnt\system32\ups.exe
[Scan path] c:\winnt\system32\url.dll
[Scan path] c:\winnt\system32\urlmon.dll
[Scan path] c:\winnt\system32\usbmon.dll
[Scan path] c:\winnt\system32\user32.dll
[Scan path] c:\winnt\system32\userinit.exe
[Scan path] c:\winnt\system32\utilman.exe
[Scan path] c:\winnt\system32\verisignpub1.crl
[Scan path] c:\winnt\system32\version.dll
[Scan path] c:\winnt\system32\wbem\winmgmt.exe
[Scan path] c:\winnt\system32\webcheck.dll
[Scan path] c:\winnt\system32\wininet.dll
[Scan path] c:\winnt\system32\winlogon.exe
[Scan path] c:\winnt\system32\wldap32.dll
[Scan path] c:\winnt\system32\wlnotify.dll
[Scan path] c:\winnt\system32\wshext.dll
[Scan path] c:\winnt\system\winlogon.exe
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 239
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 879 Kb/s
Scan time: 00:01:13
-----------------------------------------------------------------------------
[Scan path] C:\
C:\Documents and Settings\Administrator\NTUSER.DAT - read error
C:\Documents and Settings\Administrator\NTUSER~1.LOG - read error
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
>C:\Program Files\DAP\DAP.exe>C:\Program Files\DAP\Privacy Package\DAPPrivacyPackage.exe>C:\Program Files\DAP\Privacy Package\DAPShred.exe>C:\Program Files\DAP\Privacy Package\DAPTraceCleaner.exe>C:\Program Files\DivX\DivX Web Player\npdivx32.dllC:\WINNT\system32\config\default - read error
C:\WINNT\system32\config\default.LOG - read error
C:\WINNT\system32\config\SAM - read error
C:\WINNT\system32\config\SAM.LOG - read error
C:\WINNT\system32\config\SECURITY - read error
C:\WINNT\system32\config\SECURITY.LOG - read error
C:\WINNT\system32\config\software - read error
C:\WINNT\system32\config\software.LOG - read error
C:\WINNT\system32\config\system - read error
C:\WINNT\system32\config\SYSTEM.ALT - read error
[Scan path] D:\
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 69498
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 439 Kb/s
Scan time: 01:52:29
-----------------------------------------------------------------------------
Kindly ingnore the earlier Dr.Web logs
I am posting the correct one now
Dr.Web(R) Scanner for Windows v4.33.2 (4.33.2.10060)
Copyright (c) Igor Daniloff, 1992-2006
Log generated on: 2006-11-07, 10:17:23 [PRADIP][Administrator]
Command-line: "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\cureit.exe" /lng /ini:cureit_XP.ini
Operating system:Windows 2000 Professional x86 (Build 2195), Service Pack 4
=============================================================================
Engine version: 4.33 (4.33.5.10110)
Engine API version: 2.01
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crwtoday.cdb - 123 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43360.cdb - 988 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43359.cdb - 1205 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43358.cdb - 1139 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43357.cdb - 1302 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43356.cdb - 1332 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43355.cdb - 2456 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43354.cdb - 1283 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43353.cdb - 795 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43352.cdb - 2016 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43351.cdb - 941 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43350.cdb - 1020 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43349.cdb - 1008 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43348.cdb - 1096 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43347.cdb - 707 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43346.cdb - 1429 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43345.cdb - 1358 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43344.cdb - 694 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43343.cdb - 1186 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43342.cdb - 744 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43341.cdb - 841 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43340.cdb - 822 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43339.cdb - 1071 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43338.cdb - 989 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43337.cdb - 855 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43336.cdb - 1297 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43335.cdb - 1195 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43334.cdb - 900 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43333.cdb - 1381 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43332.cdb - 1340 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43331.cdb - 2735 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43330.cdb - 2078 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43329.cdb - 2490 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43328.cdb - 743 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43327.cdb - 958 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43326.cdb - 793 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43325.cdb - 713 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43324.cdb - 655 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43323.cdb - 655 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43322.cdb - 778 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43321.cdb - 846 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43320.cdb - 808 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43319.cdb - 764 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43318.cdb - 838 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43317.cdb - 363 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43316.cdb - 730 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43315.cdb - 627 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43314.cdb - 824 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43313.cdb - 842 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43312.cdb - 830 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43311.cdb - 862 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43310.cdb - 853 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43309.cdb - 733 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43308.cdb - 708 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43307.cdb - 839 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43306.cdb - 930 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43305.cdb - 759 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43304.cdb - 721 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43303.cdb - 638 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43302.cdb - 806 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43301.cdb - 504 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crw43300.cdb - 24 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crwebase.cdb - 78674 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\cwrtoday.cdb - 301 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\cwr43301.cdb - 697 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crwrisky.cdb - 1271 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\cwntoday.cdb - 294 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\cwn43305.cdb - 752 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\cwn43304.cdb - 793 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\cwn43303.cdb - 766 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\cwn43302.cdb - 850 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\cwn43301.cdb - 772 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\crwnasty.cdb - 4867 virus records
Total virus records: 151997
Key file: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX4\cureit.key
License key number: 0000000010
Registered to: Dr.Web CureIt Project
License key activates: 2005-03-05
License key expires: 2007-03-05
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 0
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 0 Kb/s
Scan time: 00:00:00
-----------------------------------------------------------------------------
[Scan path] c:\documents and settings\administrator\desktop\cureit.exe
[Scan path] c:\documents and settings\administrator\local settings\temp\rarsfx4\_start.exe
[Scan path] c:\documents and settings\administrator\local settings\temp\rarsfx4\cureit.exe
[Scan path] c:\program files\common files\adobe\calibration\adobe gamma loader.exe
[Scan path] c:\program files\common files\microsoft shared\help\hxds.dll
[Scan path] c:\program files\common files\microsoft shared\information retrieval\msitss.dll
[Scan path] c:\program files\common files\microsoft shared\vs7debug\mdm.exe
[Scan path] c:\program files\common files\microsoft shared\web components\10\owc10.dll
[Scan path] c:\program files\common files\microsoft shared\web folders\msonsext.dll
[Scan path] c:\program files\common files\microsoft shared\web folders\pkmcdo.dll
[Scan path] c:\program files\common files\real\update_ob\realsched.exe
[Scan path] c:\program files\common files\symantec shared\ssc\vpshell2.dll
[Scan path] c:\program files\common files\symantec shared\virusdefs\20061018.039\naveng.sys
[Scan path] c:\program files\common files\symantec shared\virusdefs\20061018.039\navex15.sys
[Scan path] c:\program files\common files\system\ole db\oledb32.dll
[Scan path] c:\program files\creative\sharedll\ctnotify.exe
[Scan path] c:\program files\creative\sharedll\mediadet.exe
[Scan path] c:\program files\dap\dap.exe
>c:\program files\dap\dap.exe
[Scan path] c:\program files\free download manager\fdm.exe
[Scan path] c:\program files\google\google talk\googletalk.exe
[Scan path] c:\program files\internet explorer\connection wizard\icwconn1.exe
[Scan path] c:\program files\microsoft office\office10\msohev.dll
[Scan path] c:\program files\microsoft office\office10\olkfstub.dll
[Scan path] c:\program files\microsoft visual studio .net 2003\common7\packages\debugger\dbgproxy.exe
[Scan path] c:\program files\msn messenger\msnmsgr.exe
[Scan path] c:\program files\outlook express\setup50.exe
[Scan path] c:\program files\outlook express\wabfind.dll
[Scan path] c:\program files\real\realplayer\rpshell.dll
[Scan path] c:\program files\rediff bol\rediffmessenger.exe
[Scan path] c:\program files\rediff toolbar\redifftoolbar.dll
c:\program files\rediff toolbar\redifftoolbar.dll is adware program Adware.Softomate
[Scan path] c:\program files\spywareguard\dlprotect.dll
[Scan path] c:\program files\spywareguard\sgbhp.exe
[Scan path] c:\program files\spywareguard\sgmain.exe
[Scan path] c:\program files\spywareguard\spywareguard.dll
[Scan path] c:\program files\sunbelt software\personal firewall\kpf4gui.exe
[Scan path] c:\program files\sunbelt software\personal firewall\kpf4ss.exe
[Scan path] c:\program files\symantec\symevent.sys
[Scan path] c:\program files\symantec_client_security\symantec antivirus\defwatch.exe
[Scan path] c:\program files\symantec_client_security\symantec antivirus\navap.sys
[Scan path] c:\program files\symantec_client_security\symantec antivirus\navapel.sys
[Scan path] c:\program files\symantec_client_security\symantec antivirus\rtvscan.exe
[Scan path] c:\program files\symantec_client_security\symantec antivirus\vptray.exe
[Scan path] c:\program files\winrar\rarext.dll
[Scan path] c:\program files\winzip\wzqkpick.exe
[Scan path] c:\program files\winzip\wzshlstb.dll
[Scan path] c:\program files\yahoo!\messenger\ypager.exe
[Scan path] c:\winnt\explorer.exe
[Scan path] c:\winnt\microsoft.net\framework\v1.1.4322\aspnet_state.exe
[Scan path] c:\winnt\system32\advapi32.dll
[Scan path] c:\winnt\system32\advpack.dll
[Scan path] c:\winnt\system32\appwiz.cpl
[Scan path] c:\winnt\system32\autochk.exe
[Scan path] c:\winnt\system32\browseui.dll
[Scan path] c:\winnt\system32\cabview.dll
[Scan path] c:\winnt\system32\carpserv.exe
[Scan path] c:\winnt\system32\cdfview.dll
[Scan path] c:\winnt\system32\cisvc.exe
[Scan path] c:\winnt\system32\clipsrv.exe
[Scan path] c:\winnt\system32\cnbjmon.dll
[Scan path] c:\winnt\system32\comdlg32.dll
[Scan path] c:\winnt\system32\crypt32.dll
[Scan path] c:\winnt\system32\cryptext.dll
[Scan path] c:\winnt\system32\cryptnet.dll
[Scan path] c:\winnt\system32\cscdll.dll
[Scan path] c:\winnt\system32\cscui.dll
[Scan path] c:\winnt\system32\csrss.exe
[Scan path] c:\winnt\system32\ctsvccda.exe
[Scan path] c:\winnt\system32\deskadp.dll
[Scan path] c:\winnt\system32\deskmon.dll
[Scan path] c:\winnt\system32\deskperf.dll
[Scan path] c:\winnt\system32\diskcopy.dll
[Scan path] c:\winnt\system32\dmadmin.exe
[Scan path] c:\winnt\system32\docprop.dll
[Scan path] c:\winnt\system32\docprop2.dll
[Scan path] c:\winnt\system32\drivers\acpi.sys
[Scan path] c:\winnt\system32\drivers\afd.sys
[Scan path] c:\winnt\system32\drivers\asyncmac.sys
[Scan path] c:\winnt\system32\drivers\atapi.sys
[Scan path] c:\winnt\system32\drivers\atmarpc.sys
[Scan path] c:\winnt\system32\drivers\audstub.sys
[Scan path] c:\winnt\system32\drivers\cdrom.sys
[Scan path] c:\winnt\system32\drivers\disk.sys
[Scan path] c:\winnt\system32\drivers\dmboot.sys
[Scan path] c:\winnt\system32\drivers\dmio.sys
[Scan path] c:\winnt\system32\drivers\dmusic.sys
[Scan path] c:\winnt\system32\drivers\es1371mp.sys
[Scan path] c:\winnt\system32\drivers\fdc.sys
[Scan path] c:\winnt\system32\drivers\flpydisk.sys
[Scan path] c:\winnt\system32\drivers\ftdisk.sys
[Scan path] c:\winnt\system32\drivers\fwdrv.sys
[Scan path] c:\winnt\system32\drivers\gameenum.sys
[Scan path] c:\winnt\system32\drivers\hsf_cnxt.sys
[Scan path] c:\winnt\system32\drivers\hsf_dp.sys
[Scan path] c:\winnt\system32\drivers\hsfhwbs2.sys
[Scan path] c:\winnt\system32\drivers\i8042prt.sys
[Scan path] c:\winnt\system32\drivers\i81xnt5.sys
[Scan path] c:\winnt\system32\drivers\ipfltdrv.sys
[Scan path] c:\winnt\system32\drivers\ipinip.sys
[Scan path] c:\winnt\system32\drivers\ipnat.sys
[Scan path] c:\winnt\system32\drivers\ipsec.sys
[Scan path] c:\winnt\system32\drivers\irenum.sys
[Scan path] c:\winnt\system32\drivers\isapnp.sys
[Scan path] c:\winnt\system32\drivers\kbdclass.sys
[Scan path] c:\winnt\system32\drivers\khips.sys
[Scan path] c:\winnt\system32\drivers\kmixer.sys
[Scan path] c:\winnt\system32\drivers\mdmxsdk.sys
[Scan path] c:\winnt\system32\drivers\modemcsa.sys
[Scan path] c:\winnt\system32\drivers\mouclass.sys
[Scan path] c:\winnt\system32\drivers\mrxsmb.sys
[Scan path] c:\winnt\system32\drivers\msgpc.sys
[Scan path] c:\winnt\system32\drivers\mskssrv.sys
[Scan path] c:\winnt\system32\drivers\mspclock.sys
[Scan path] c:\winnt\system32\drivers\mspqm.sys
[Scan path] c:\winnt\system32\drivers\ndistapi.sys
[Scan path] c:\winnt\system32\drivers\ndisuio.sys
[Scan path] c:\winnt\system32\drivers\ndiswan.sys
[Scan path] c:\winnt\system32\drivers\netbios.sys
[Scan path] c:\winnt\system32\drivers\netbt.sys
[Scan path] c:\winnt\system32\drivers\netdtect.sys
[Scan path] c:\winnt\system32\drivers\nwlnkflt.sys
[Scan path] c:\winnt\system32\drivers\nwlnkfwd.sys
[Scan path] c:\winnt\system32\drivers\parallel.sys
[Scan path] c:\winnt\system32\drivers\parport.sys
[Scan path] c:\winnt\system32\drivers\pci.sys
[Scan path] c:\winnt\system32\drivers\pciide.sys
[Scan path] c:\winnt\system32\drivers\ptilink.sys
[Scan path] c:\winnt\system32\drivers\pxhelp20.sys
[Scan path] c:\winnt\system32\drivers\rasacd.sys
[Scan path] c:\winnt\system32\drivers\rasl2tp.sys
[Scan path] c:\winnt\system32\drivers\raspptp.sys
[Scan path] c:\winnt\system32\drivers\raspti.sys
[Scan path] c:\winnt\system32\drivers\rca.sys
[Scan path] c:\winnt\system32\drivers\rdbss.sys
[Scan path] c:\winnt\system32\drivers\redbook.sys
[Scan path] c:\winnt\system32\drivers\rtl8139.sys
[Scan path] c:\winnt\system32\drivers\sbpci.sys
[Scan path] c:\winnt\system32\drivers\serenum.sys
[Scan path] c:\winnt\system32\drivers\serial.sys
[Scan path] c:\winnt\system32\drivers\srv.sys
[Scan path] c:\winnt\system32\drivers\strmdisp.sys
[Scan path] c:\winnt\system32\drivers\swenum.sys
[Scan path] c:\winnt\system32\drivers\swmidi.sys
[Scan path] c:\winnt\system32\drivers\sysaudio.sys
[Scan path] c:\winnt\system32\drivers\tcpip.sys
[Scan path] c:\winnt\system32\drivers\uhcd.sys
[Scan path] c:\winnt\system32\drivers\update.sys
[Scan path] c:\winnt\system32\drivers\usbhub.sys
[Scan path] c:\winnt\system32\drivers\usbstor.sys
[Scan path] c:\winnt\system32\drivers\vga.sys
[Scan path] c:\winnt\system32\drivers\wanarp.sys
[Scan path] c:\winnt\system32\drivers\wdmaud.sys
[Scan path] c:\winnt\system32\dsfolder.dll
[Scan path] c:\winnt\system32\dskquoui.dll
[Scan path] c:\winnt\system32\dsquery.dll
[Scan path] c:\winnt\system32\dssec.dll
[Scan path] c:\winnt\system32\dsuiext.dll
[Scan path] c:\winnt\system32\faxshell.dll
[Scan path] c:\winnt\system32\faxsvc.exe
[Scan path] c:\winnt\system32\fontext.dll
[Scan path] c:\winnt\system32\gdi32.dll
[Scan path] c:\winnt\system32\hticons.dll
[Scan path] c:\winnt\system32\icmui.dll
[Scan path] c:\winnt\system32\ie4uinit.exe
[Scan path] c:\winnt\system32\iedkcs32.dll
[Scan path] c:\winnt\system32\imagehlp.dll
[Scan path] c:\winnt\system32\inetcomm.dll
[Scan path] c:\winnt\system32\inetsrv\inetinfo.exe
[Scan path] c:\winnt\system32\inetsrv\w3ext.dll
[Scan path] c:\winnt\system32\initpki.dll
[Scan path] c:\winnt\system32\itss.dll
[Scan path] c:\winnt\system32\kerberos.dll
[Scan path] c:\winnt\system32\kernel32.dll
[Scan path] c:\winnt\system32\localspl.dll
[Scan path] c:\winnt\system32\locator.exe
[Scan path] c:\winnt\system32\lsass.exe
[Scan path] c:\winnt\system32\lz32.dll
[Scan path] c:\winnt\system32\mmcshext.dll
[Scan path] c:\winnt\system32\mmsys.cpl
[Scan path] c:\winnt\system32\mnmsrvc.exe
[Scan path] c:\winnt\system32\mobsync.exe
[Scan path] c:\winnt\system32\msafd.dll
[Scan path] c:\winnt\system32\mscoree.dll
[Scan path] c:\winnt\system32\mscories.dll
[Scan path] c:\winnt\system32\msdtc.exe
[Scan path] c:\winnt\system32\msdxm.ocx
[Scan path] c:\winnt\system32\msfaxmon.dll
[Scan path] c:\winnt\system32\mshtml.dll
[Scan path] c:\winnt\system32\msiexec.exe
[Scan path] c:\winnt\system32\mstask.dll
[Scan path] c:\winnt\system32\mstask.exe
[Scan path] c:\winnt\system32\msv1_0.dll
[Scan path] c:\winnt\system32\mydocs.dll
[Scan path] c:\winnt\system32\netdde.exe
[Scan path] c:\winnt\system32\netshell.dll
[Scan path] c:\winnt\system32\notepad.exe
[Scan path] c:\winnt\system32\ntlanui2.dll
[Scan path] c:\winnt\system32\ntsd.exe
[Scan path] c:\winnt\system32\ntshrui.dll
[Scan path] c:\winnt\system32\occache.dll
[Scan path] c:\winnt\system32\ole32.dll
[Scan path] c:\winnt\system32\oleaut32.dll
[Scan path] c:\winnt\system32\olecli32.dll
[Scan path] c:\winnt\system32\olecnv32.dll
[Scan path] c:\winnt\system32\olesvr32.dll
[Scan path] c:\winnt\system32\olethk32.dll
[Scan path] c:\winnt\system32\pfmodnt.sys
[Scan path] c:\winnt\system32\pjlmon.dll
[Scan path] c:\winnt\system32\plustab.dll
[Scan path] c:\winnt\system32\printui.dll
[Scan path] c:\winnt\system32\regsvc.exe
[Scan path] c:\winnt\system32\regsvr32.exe
[Scan path] c:\winnt\system32\rpcrt4.dll
[Scan path] c:\winnt\system32\rpcss.dll
[Scan path] c:\winnt\system32\rshx32.dll
[Scan path] c:\winnt\system32\rsvp.exe
[Scan path] c:\winnt\system32\rsvpsp.dll
[Scan path] c:\winnt\system32\rundll32.exe
[Scan path] c:\winnt\system32\scardsvr.exe
[Scan path] c:\winnt\system32\scecli.dll
[Scan path] c:\winnt\system32\schannel.dll
[Scan path] c:\winnt\system32\sclgntfy.dll
[Scan path] c:\winnt\system32\sendmail.dll
[Scan path] c:\winnt\system32\services.exe
[Scan path] c:\winnt\system32\shdocvw.dll
[Scan path] c:\winnt\system32\shell32.dll
[Scan path] c:\winnt\system32\shmgrate.exe
[Scan path] c:\winnt\system32\shscrap.dll
[Scan path] c:\winnt\system32\smlogsvc.exe
[Scan path] c:\winnt\system32\smss.exe
[Scan path] c:\winnt\system32\spoolsv.exe
[Scan path] c:\winnt\system32\starter.exe
[Scan path] c:\winnt\system32\stobject.dll
[Scan path] c:\winnt\system32\svchost.exe
[Scan path] c:\winnt\system32\syncui.dll
[Scan path] c:\winnt\system32\tcpmon.dll
[Scan path] c:\winnt\system32\thumbvw.dll
[Scan path] c:\winnt\system32\tlntsvr.exe
[Scan path] c:\winnt\system32\updcrl.exe
[Scan path] c:\winnt\system32\ups.exe
[Scan path] c:\winnt\system32\url.dll
[Scan path] c:\winnt\system32\urlmon.dll
[Scan path] c:\winnt\system32\usbmon.dll
[Scan path] c:\winnt\system32\user32.dll
[Scan path] c:\winnt\system32\utilman.exe
[Scan path] c:\winnt\system32\verisignpub1.crl
[Scan path] c:\winnt\system32\version.dll
[Scan path] c:\winnt\system32\wbem\winmgmt.exe
[Scan path] c:\winnt\system32\webcheck.dll
[Scan path] c:\winnt\system32\wininet.dll
[Scan path] c:\winnt\system32\winlogon.exe
[Scan path] c:\winnt\system32\wldap32.dll
[Scan path] c:\winnt\system32\wlnotify.dll
[Scan path] c:\winnt\system32\wshext.dll
[Scan path] c:\winnt\system32\wzcdlg.dll
[Scan path] c:\winnt\web\related.htm
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 257
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 1
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 1523 Kb/s
Scan time: 00:00:51
-----------------------------------------------------------------------------
[Scan path] C:\
C:\!KillBox\x.exe infected with BackDoor.IRC.Sdbot - deleted
C:\Documents and Settings\Administrator\NTUSER.DAT - read error
C:\Documents and Settings\Administrator\NTUSER~1.LOG - read error
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
>C:\Program Files\DAP\DAP.exeC:\Program Files\DAP\History\Administrator\_LASTH~1.DAT - read error
>C:\Program Files\DAP\Privacy Package\DAPPrivacyPackage.exe>C:\Program Files\DAP\Privacy Package\DAPShred.exe>C:\Program Files\DAP\Privacy Package\DAPTraceCleaner.exe>C:\Program Files\DivX\DivX Web Player\npdivx32.dllC:\Program Files\Rediff Toolbar\redifftoolbar.dll is adware program Adware.Softomate
C:\WINNT\system32\config\default - read error
C:\WINNT\system32\config\default.LOG - read error
C:\WINNT\system32\config\SAM - read error
C:\WINNT\system32\config\SAM.LOG - read error
C:\WINNT\system32\config\SECURITY - read error
C:\WINNT\system32\config\SECURITY.LOG - read error
C:\WINNT\system32\config\software - read error
C:\WINNT\system32\config\software.LOG - read error
C:\WINNT\system32\config\system - read error
C:\WINNT\system32\config\SYSTEM.ALT - read error
[Scan path] D:\
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 99305
Infected objects found: 1
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 1
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 1
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 81 Kb/s
Scan time: 02:27:54
-----------------------------------------------------------------------------
c:\program files\rediff toolbar\redifftoolbar.dll - moved
C:\Program Files\Rediff Toolbar\redifftoolbar.dll
C:\Program Files\Rediff Toolbar\redifftoolbar.dll
C:\Program Files\Rediff Toolbar\redifftoolbar.dll
=============================================================================
Total session statistics
=============================================================================
Objects scanned: 99562
Infected objects found: 1
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 2
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 1
Objects renamed: 0
Objects moved: 1
Objects ignored: 0
Scan speed: 89 Kb/s
Scan time: 02:28:45
=============================================================================
LonnyRJones
2006-11-07, 16:33
Looks like you might have to reinstall that redifftoolbar program, although i wouldnt since drweb says it is adware.
After about a full day of using your pc post back with another hijackthis log and a startup list.
Post a startup list from hijackthis
Start Hijackthis click config misc tools >
plcase a check in [X] list also minor sections
and [X] list empty sections, then click gernerate startuplist log.
Its quite large you wll probaly need to post the Hijackthis log in one reply the startup list in another
The New HijackThis Log
Logfile of HijackThis v1.99.1
Scan saved at 8:31:30 AM, on 11/8/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\System32\CTSvcCDA.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINNT\system32\starter.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINNT\system32\carpserv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Rediff Bol\RediffMessenger.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINNT\system32\notepad.exe
D:\spyware\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://in.rediff.com/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://in.rediff.com/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://in.rediff.com/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://in.rediff.com/index.html
R3 - Default URLSearchHook is missing
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [EnsoniqMixer] C:\WINNT\system32\starter.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Bol IM] "C:\Program Files\Rediff Bol\RediffMessenger.exe"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll (file missing)
O9 - Extra button: Rediff Toolbar - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - (no file)
O9 - Extra 'Tools' menuitem: Rediff Toolbar - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - (no file)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTSvcCDA.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
The Startup list
StartupList report, 11/8/2006, 8:25:08 AM
StartupList version: 1.52.2
Started from : D:\spyware\hijackthis\HijackThis.EXE
Detected: Windows 2000 SP4 (WinNT 5.00.2195)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\System32\CTSvcCDA.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINNT\system32\starter.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINNT\system32\carpserv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Rediff Bol\RediffMessenger.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\spyware\hijackthis\HijackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\Administrator\Start Menu\Programs\Startup]
SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
Shell folders AltStartup:
*Folder not found*
User shell folders Startup:
*Folder not found*
User shell folders AltStartup:
*Folder not found*
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
Shell folders Common AltStartup:
*Folder not found*
User shell folders Common Startup:
*Folder not found*
User shell folders Alternate Common Startup:
*Folder not found*
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\system32\userinit.exe,
[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*
[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Synchronization Manager = mobsync.exe /logon
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Free Download Manager = C:\Program Files\Free Download Manager\fdm.exe -autorun
MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
Yahoo! Pager = "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
Bol IM = "C:\Program Files\Rediff Bol\RediffMessenger.exe"
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No values found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
[OptionalComponents]
*No values found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*
--------------------------------------------------
File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command
(Default) = "%1" %*
--------------------------------------------------
File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command
(Default) = "%1" /S
--------------------------------------------------
File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command
(Default) = C:\WINNT\System32\mshta.exe "%1" %*
--------------------------------------------------
File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command
(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1
--------------------------------------------------
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)
[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = "C:\WINNT\System32\shmgrate.exe" OCInstallUserConfigIE
[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = "C:\WINNT\System32\shmgrate.exe" OCInstallUserConfigOE
[{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\mplayer2.inf,PerUserStub.NT
[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
[{6A5110B5-E14B-4268-A065-EF89FF33C325}] *
StubPath = regsvr32.exe /s /n /i:"S 2 true 3 true 4 true 5 true 6 true 7 true" initpki.dll
[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll
[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\System32\ie4uinit.exe
[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINNT\System32\Rundll32.exe C:\WINNT\System32\mscories.dll,Install
[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = %SystemRoot%\System32\updcrl.exe -e -u %SystemRoot%\System32\verisignpub1.crl
--------------------------------------------------
Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps
*Registry key not found*
--------------------------------------------------
Load/Run keys from C:\WINNT\WIN.INI:
load=*INI section not found*
run=*INI section not found*
Load/Run keys from Registry:
HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=
--------------------------------------------------
Shell & screensaver key from C:\WINNT\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Checking for EXPLORER.EXE instances:
C:\WINNT\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
C:\WINNT\Explorer\Explorer.exe: not present
C:\WINNT\System\Explorer.exe: not present
C:\WINNT\System32\Explorer.exe: not present
C:\WINNT\Command\Explorer.exe: not present
C:\WINNT\Fonts\Explorer.exe: not present
--------------------------------------------------
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
--------------------------------------------------
Verifying REGEDIT.EXE integrity:
- Regedit.exe found in C:\WINNT
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'
Registry check passed
--------------------------------------------------
Enumerating Browser Helper Objects:
SpywareGuard Download Protection - C:\Program Files\SpywareGuard\dlprotect.dll - {4A368E80-174F-4872-96B5-0B27DDD11DB2}
--------------------------------------------------
Enumerating Task Scheduler jobs:
*No jobs found*
--------------------------------------------------
Enumerating Download Program Files:
[DirectAnimation Java Classes]
CODEBASE = file://C:\WINNT\Java\classes\dajava.cab
OSD = C:\WINNT\Downloaded Program Files\DirectAnimation Java Classes.osd
[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINNT\Java\classes\xmldso.cab
OSD = C:\WINNT\Downloaded Program Files\Microsoft XML Parser for Java.osd
[{31564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.microsoft.com/codecs/i386/wmvax.cab
[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
[Shockwave Flash Object]
InProcServer32 = C:\WINNT\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
--------------------------------------------------
Enumerating Winsock LSP files:
NameSpace #1: C:\WINNT\System32\rnr20.dll
NameSpace #2: C:\WINNT\System32\winrnr.dll
Protocol #1: C:\WINNT\system32\msafd.dll
Protocol #2: C:\WINNT\system32\msafd.dll
Protocol #3: C:\WINNT\system32\msafd.dll
Protocol #4: C:\WINNT\system32\rsvpsp.dll
Protocol #5: C:\WINNT\system32\rsvpsp.dll
Protocol #6: C:\WINNT\system32\msafd.dll
Protocol #7: C:\WINNT\system32\msafd.dll
Protocol #8: C:\WINNT\system32\msafd.dll
Protocol #9: C:\WINNT\system32\msafd.dll
Protocol #10: C:\WINNT\system32\msafd.dll
Protocol #11: C:\WINNT\system32\msafd.dll
Protocol #12: C:\WINNT\system32\msafd.dll
Protocol #13: C:\WINNT\system32\msafd.dll
Protocol #14: C:\WINNT\system32\msafd.dll
Protocol #15: C:\WINNT\system32\msafd.dll
--------------------------------------------------
Enumerating Windows NT/2000/XP services
Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (autostart)
Alerter: %SystemRoot%\System32\services.exe (manual start)
Application Management: %SystemRoot%\system32\services.exe (manual start)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k BITSgroup (manual start)
Computer Browser: %SystemRoot%\System32\services.exe (autostart)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (manual start)
Creative Service for CDROM Access: C:\WINNT\System32\CTSvcCDA.exe (autostart)
Visual Studio Debugger Proxy Service: C:\Program Files\Microsoft Visual Studio .NET 2003\Common7\Packages\Debugger\dbgproxy.exe (manual start)
DefWatch: C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe (autostart)
DHCP Client: %SystemRoot%\System32\services.exe (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager Driver: System32\DRIVERS\dmio.sys (system)
Logical Disk Manager: %SystemRoot%\System32\services.exe (autostart)
Microsoft DirectMusic SW Synth (WDM): system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\services.exe (autostart)
Creative AudioPCI (ES1371,ES1373) (WDM): system32\drivers\es1371mp.sys (manual start)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINNT\System32\svchost.exe -k netsvcs (manual start)
Fax Service: %systemroot%\system32\faxsvc.exe (manual start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
Firewall Driver: \SystemRoot\system32\drivers\fwdrv.sys (system)
Game Port Enumerator: System32\DRIVERS\gameenum.sys (manual start)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
HSFHWBS2: System32\DRIVERS\HSFHWBS2.sys (manual start)
HSF_DP: System32\DRIVERS\HSF_DP.sys (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
i81x: System32\DRIVERS\i81xnt5.sys (manual start)
IIS Admin Service: C:\WINNT\System32\inetsrv\inetinfo.exe (autostart)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (manual start)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Kerio HIPS Driver: \SystemRoot\system32\drivers\khips.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Sunbelt Kerio Personal Firewall 4: C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe (autostart)
Server: %SystemRoot%\System32\services.exe (autostart)
Workstation: %SystemRoot%\System32\services.exe (autostart)
TCP/IP NetBIOS Helper Service: %SystemRoot%\System32\services.exe (autostart)
Machine Debug Manager: "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe" (autostart)
mdmxsdk: System32\DRIVERS\mdmxsdk.sys (autostart)
Messenger: %SystemRoot%\System32\services.exe (disabled)
NetMeeting Remote Desktop Sharing: C:\WINNT\System32\mnmsrvc.exe (manual start)
Unimodem Streaming Filter Device: system32\drivers\MODEMCSA.sys (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINNT\System32\msdtc.exe (autostart)
FTP Publishing Service: C:\WINNT\System32\inetsrv\inetinfo.exe (autostart)
Windows Installer: C:\WINNT\System32\MsiExec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
NAVAP: \??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP.sys (manual start)
NAVAPEL: \??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS (autostart)
NAVENG: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061018.039\NAVENG.sys (manual start)
NAVEX15: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061018.039\NAVEX15.sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (manual start)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (manual start)
NetDetect: \SystemRoot\system32\drivers\netdtect.sys (manual start)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Symantec AntiVirus Client: C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe (autostart)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
Parallel class driver: System32\DRIVERS\parallel.sys (manual start)
Parallel port driver: System32\DRIVERS\parport.sys (system)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
PCIDATA: \??\E:\PCIDATA.sys (manual start)
PCIIde: System32\DRIVERS\pciide.sys (system)
PfModNT: \??\C:\WINNT\System32\PfModNT.sys (autostart)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Policy Agent: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Protected Storage: %SystemRoot%\system32\services.exe (autostart)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\Drivers\PxHelp20.sys (system)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Microsoft Streaming Network Raw Channel Access: system32\drivers\RCA.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Registry Service: %SystemRoot%\system32\regsvc.exe (disabled)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe -s (manual start)
Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver: System32\DRIVERS\RTL8139.SYS (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Sound Blaster AudioPCI 128 Driver (WDM): system32\drivers\sbpci.sys (manual start)
Smart Card Helper: %SystemRoot%\System32\SCardSvr.exe (manual start)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\system32\MSTask.exe (autostart)
RunAs Service: %SystemRoot%\system32\services.exe (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Simple Mail Transport Protocol (SMTP): C:\WINNT\System32\inetsrv\inetinfo.exe (autostart)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
StreamDispatcher: System32\DRIVERS\strmdisp.sys (autostart)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start)
Microsoft System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Telnet: %SystemRoot%\system32\tlntsvr.exe (manual start)
Distributed Link Tracking Client: %SystemRoot%\system32\services.exe (autostart)
Microsoft USB Universal Host Controller Driver: System32\DRIVERS\uhcd.sys (manual start)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB Standard Hub Driver: System32\DRIVERS\usbhub.sys (manual start)
USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)
Utility Manager: %SystemRoot%\System32\UtilMan.exe (manual start)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
Windows Time: %SystemRoot%\System32\services.exe (manual start)
World Wide Web Publishing Service: C:\WINNT\System32\inetsrv\inetinfo.exe (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
winachsf: System32\DRIVERS\HSF_CNXT.sys (manual start)
Windows Management Instrumentation: %SystemRoot%\System32\WBEM\WinMgmt.exe (autostart)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\system32\Services.exe (manual start)
Automatic Updates: %systemroot%\system32\svchost.exe -k wugroup (autostart)
Wireless Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
--------------------------------------------------
Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*
Windows NT checkdisk command:
BootExecute = autocheck autochk *
Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
Network.ConnectionTray: C:\WINNT\system32\NETSHELL.dll
WebCheck: C:\WINNT\System32\webcheck.dll
SysTray: stobject.dll
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*Registry key not found*
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
*Registry key not found*
--------------------------------------------------
End of report, 28,506 bytes
Report generated in 1.242 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
Hi LonnyRJones,
Thanks a lot for all the effort you are putting in... I really appreciate it...
You guys and this forum rocks
Thanks once again
Prady
LonnyRJones
2006-11-08, 09:36
Looks ok
Are you having any problems at all ?
Post a report from Panda ActiveScan-Free online scanner,
http://www.pandasoftware.com/products/activescan.htm
Do a full scan > Click the my computer button
After the scan click see report then Save the report and post it back here please.
i get this error
Internal Server Error - Read
The server encountered an internal error or misconfiguration and was unable to complete your request.
Thanks
Prady
LonnyRJones
2006-11-08, 18:47
When do you see that error ? while getting that online scan ?
If so just try again later.
yes .. i get this error when i do the online scan.. Will post the log once the prob is solved
Still getting the error which trying to do a online scan
Internal Server Error - Read
The server encountered an internal error or misconfiguration and was unable to complete your request.
Reference #3.483963f.1163099855.430769bf
Has it got to do anything with firewall??
Thanks
Prady
I think its coz of the firewall.. I can find in the logs all references to pandasoftware active scan has action as removed...
I am currently using Sunbelt kerio personal firewall
Thanks
Prady
LonnyRJones
2006-11-09, 21:07
Could be your firewall yes
there are alternatives we can try, although some dont have a save report option, Try F-secures
Panda ActiveScan-Free online scanner,
http://www.pandasoftware.com/products/activescan.htm
Do a full scan > Click the my computer button
After the scan click see report then Save the report and post it back here please.
Kaspersky Lab - Free Online scan:
http://www.kaspersky.com/virusscanner
Click scan settings and place a check next to use [x]extended this database etc etc. Click ok.
Then choose: my computer: scan all your hard drives and mapped disks.
when finished click save as text and post that in your reply.
We dont need to see item's listed as "Object is locked skipped" so edit those out.
We do not need to see items reported that are in an antivirus quorantine folder.
We do not need to see cookies
Please run the F-Secure Online Scanner (http://support.f-secure.com/enu/home/ols3.shtml#)
Note: This Scanner is for Internet Explorer Only!
Follow the Instruction Here (http://support.f-secure.com/enu/home/ols3.shtml) for installation.
Accept the License Agreement.
Once the ActiveX installs,Click Full System Scan
Once the download completes,the scan will begin automatically.
The scan will take some time to finish,so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and Copy&Paste the entire report in your next reply.
TrendMicro™ HouseCall Java Scan
Please go HERE (http://www.trendmicro.com/hc_intro/default.asp) to run the Trend Micro™ HouseCall Scan.
Click Scan now. It's free!
Read and put a Check next to Yes I accept the terms of use.
Click the Launching HouseCall>> button.
If confirmed that HouseCall can run on your system, under Using Java-based HouseCall kernel click the Starting HouseCall>> button.
You may receive a Security Warning about the TrendMicro Java applet, click YES.
Under Scan complete computer for malware, grayware, and vulnerabilities click the Next>> button.
Please be patient while it installs, updates, and scans your system.
Once the scan is complete, it will take you to the summary page.
Under Cleanup options, choose clean all detected infections automatically.
Click the Clean now>> button.
If anything was found you will prompted to run the scan again, you can just close the browser window.
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, November 12, 2006 5:13:14 PM
Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 12/11/2006
Kaspersky Anti-Virus database records: 227145
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 51522
Number of viruses found: 23
Number of infected objects: 202 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:56:29
Infected Object Name / Virus Name / Last Action
C:\!KillBox\!KillBox.zip/x.exe Infected: Backdoor.Win32.SdBot.xd skipped
C:\!KillBox\!KillBox.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8ugyg251.default\cert8.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8ugyg251.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8ugyg251.default\history.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8ugyg251.default\key3.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8ugyg251.default\parent.lock Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip/backups/backups.zip/backups/backups.zip/backups/i Infected: Trojan-Downloader.BAT.Ftp.ab skipped
C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip/backups/backups.zip/backups/backups.zip/backups/winlogon.exe Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip/backups/backups.zip/backups/backups.zip Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip/backups/backups.zip/backups/i Infected: Trojan-Downloader.BAT.Ftp.ab skipped
C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip/backups/backups.zip Infected: Trojan-Downloader.BAT.Ftp.ab skipped
C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip/backups/i Infected: Trojan-Downloader.BAT.Ftp.ab skipped
C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip/backups/winlogon.exe Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip ZIP: infected - 7 skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\Dc1.exe Infected: Trojan-Downloader.Win32.VB.ji skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\fix[1].exe Infected: Trojan-Downloader.Win32.VB.ji skipped
C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\taskwiz.exe Infected: Backdoor.Win32.PcClient.qf skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\8ugyg251.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\8ugyg251.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\8ugyg251.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\8ugyg251.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\JVM7.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF7774.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF9152.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\JGQNM015\smoking[4].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\JGQNM015\wub[4].gif Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OA7EAFZ0\unsure[5].gif Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\APTemp\AP0.exe.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03140000.VBN Infected: Email-Worm.Win32.Brontok.q skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03180000.VBN Infected: Email-Worm.Win32.Brontok.q skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\031C0000.VBN Infected: Backdoor.Win32.VanBot.w skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03200000.VBN Infected: Backdoor.Win32.VanBot.w skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\032C0000.VBN Infected: Backdoor.Win32.Agobot.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\032C0001.VBN Infected: Backdoor.Win32.VanBot.w skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\036C0000.VBN.mwt Infected: Backdoor.Win32.SdBot.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\037C0000.VBN Infected: Trojan-Downloader.Win32.Adload.fl skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800010.VBN.mwt Infected: Backdoor.Win32.Small.he skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800011.VBN.mwt Infected: Backdoor.Win32.Small.he skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0380001C.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0380001D.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0380001E.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0380001F.VBN.mwt Infected: Backdoor.Win32.IRCBot.rh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800020.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800021.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800022.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800023.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800024.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800025.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800026.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800027.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800028.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800029.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0380002A.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0380002B.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0380002C.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0380002D.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0380002E.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0380002F.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800030.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800031.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800032.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800033.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800034.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800035.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800036.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800037.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800038.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800039.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0380003A.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0380003B.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0380003C.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0380003D.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0380003E.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0380003F.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800040.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800041.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800042.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800043.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800044.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800045.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800046.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800047.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800048.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800049.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0380004A.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0380004B.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0380004C.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0380004D.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0380004E.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0380004F.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800050.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800051.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800052.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800053.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800054.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800055.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800056.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800057.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800058.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800059.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0380005A.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0380005B.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0380005C.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0380005D.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0380005E.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0380005F.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800060.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800061.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800062.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800063.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800064.VBN.mwt Infected: Backdoor.Win32.IRCBot.rh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800065.VBN.mwt Infected: Backdoor.Win32.IRCBot.rh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800066.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800067.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800068.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800069.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0380006A.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0380006B.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0380006C.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0380006D.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0380006E.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0380006F.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800070.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800071.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800072.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800073.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800074.VBN.mwt Infected: Backdoor.Win32.IRCBot.rh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800075.VBN.mwt Infected: Backdoor.Win32.IRCBot.rh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800076.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800077.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800078.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03800079.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0380007A.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0380007B.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0380007C.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0380007D.VBN.mwt Infected: Backdoor.Win32.SdBot.xd skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03900000.VBN Infected: Backdoor.Win32.VanBot.w skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03900001.VBN Infected: Backdoor.Win32.VanBot.w skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03940000.VBN Infected: Backdoor.Win32.VanBot.w skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03980000.VBN Infected: Backdoor.Win32.SdBot.aad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\039C0000.VBN Infected: Email-Worm.Win32.Brontok.q skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\039C0001.VBN Infected: Email-Worm.Win32.Brontok.q skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03A00000.VBN Infected: Backdoor.Win32.VanBot.w skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03A80000.VBN.mwt Infected: Exploit.JS.CVE-2006-1359.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03B80000.VBN.mwt/packed Infected: Exploit.JS.CVE-2006-1359.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03B80000.VBN.mwt GZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03B80000.VBN.mwt CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03B80001.VBN.mwt/packed Infected: Exploit.JS.CVE-2006-1359.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03B80001.VBN.mwt GZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03B80001.VBN.mwt CryptZ: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03B80002.VBN.mwt Infected: Exploit.JS.CVE-2006-1359.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03B80003.VBN.mwt Infected: Exploit.JS.CVE-2006-1359.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03B80006.VBN.mwt Infected: Backdoor.Win32.Agent.tk skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03B80007.VBN.mwt Infected: Backdoor.Win32.Agent.tk skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03B80008.VBN.mwt Infected: Backdoor.Win32.Agent.tk skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03B80009.VBN.mwt Infected: Backdoor.Win32.Agent.tk skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03B8000A.VBN.mwt Infected: Backdoor.Win32.Agent.tk skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03B8000B.VBN.mwt Infected: Backdoor.Win32.Agent.tk skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03B8000C.VBN.mwt Infected: Backdoor.Win32.Agent.tk skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03B8000D.VBN.mwt Infected: Backdoor.Win32.Agent.tk skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03B8000E.VBN.mwt Infected: Backdoor.Win32.Agent.tk skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03B8000F.VBN.mwt Infected: Backdoor.Win32.Agent.tk skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03C00000.VBN Infected: Backdoor.Win32.SdBot.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03D40001.VBN Infected: Backdoor.Win32.SdBot.aad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04080000.VBN.mwt Infected: Backdoor.Win32.Small.he skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04140000.VBN.mwt Infected: Backdoor.Win32.Agobot.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04180000.VBN Infected: Trojan-Downloader.Win32.Adload.fg skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04180002.VBN.mwt Infected: Backdoor.Win32.SdBot.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04180003.VBN.mwt Infected: Backdoor.Win32.SdBot.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04180004.VBN.mwt Infected: Backdoor.Win32.SdBot.aig skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04180005.VBN.mwt Infected: Backdoor.Win32.SdBot.aig skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04180006.VBN.mwt Infected: Backdoor.Win32.SdBot.aig skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04180007.VBN.mwt Infected: Backdoor.Win32.SdBot.aig skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04180008.VBN.mwt Infected: Backdoor.Win32.SdBot.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04180009.VBN.mwt Infected: Backdoor.Win32.SdBot.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04300000.VBN Infected: Trojan-Downloader.BAT.Ftp.cb skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04300000.VBN.mwt Infected: Backdoor.Win32.Agobot.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04340000.VBN Infected: Backdoor.Win32.VanBot.w skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04480000.VBN.mwt Infected: Backdoor.Win32.Agobot.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\046C0000.VBN Infected: Email-Worm.Win32.Brontok.q skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\046C0001.VBN Infected: Email-Worm.Win32.Brontok.q skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\047C0000.VBN.mwt Infected: Backdoor.Win32.SdBot.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04840000.VBN Infected: Backdoor.Win32.PcClient.qf skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04B80000.VBN.mwt Infected: Backdoor.Win32.IRCBot.rh skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04BC0000.VBN Infected: Trojan-Downloader.Win32.Adload.ff skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04BC0001.VBN Infected: Trojan-Downloader.Win32.Adload.ff skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04BC0002.VBN Infected: Trojan-Downloader.Win32.Adload.dg skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04BC0003.VBN Infected: Trojan-Downloader.Win32.Adload.dg skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04BC0004.VBN Infected: Trojan-Downloader.Win32.Adload.fl skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04BC0005.VBN Infected: Trojan-Downloader.Win32.Adload.fl skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04BC0006.VBN Infected: Backdoor.Win32.SdBot.aad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04BC0007.VBN Infected: Backdoor.Win32.SdBot.aad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04BC0008.VBN Infected: Trojan-Downloader.Win32.Adload.fl skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04BC0009.VBN Infected: Trojan-Downloader.Win32.Adload.fl skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04C80000.VBN Infected: Trojan-Downloader.BAT.Ftp.bw skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04CC0000.VBN Infected: Trojan-Downloader.BAT.Ftp.cb skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04F00000.VBN Infected: Backdoor.Win32.Agobot.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04F80000.VBN Infected: Backdoor.Win32.SdBot.gen skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05680000.VBN Infected: Backdoor.Win32.SdBot.awj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05B00000.VBN Infected: Backdoor.Win32.SdBot.aad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05B00002.VBN Infected: Backdoor.Win32.SdBot.aad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05B00004.VBN Infected: Backdoor.Win32.SdBot.aad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05B00006.VBN Infected: Trojan-Downloader.Win32.Adload.dj skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05B00008.VBN Infected: Backdoor.Win32.SdBot.aad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05B0000C.VBN Infected: Net-Worm.Win32.Nanspy.m skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05B0000E.VBN Infected: Backdoor.Win32.SdBot.aad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05B00010.VBN Infected: Backdoor.Win32.SdBot.aad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05B00012.VBN Infected: Backdoor.Win32.SdBot.aad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05B00014.VBN Infected: Backdoor.Win32.SdBot.aad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\05B00016.VBN Infected: Backdoor.Win32.SdBot.aad skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07600002.VBN Infected: Trojan-Downloader.Win32.Adload.dg skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07600003.VBN Infected: Trojan-Downloader.Win32.Adload.dg skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07600004.VBN Infected: Trojan-Downloader.Win32.Adload.dg skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07600005.VBN Infected: Trojan-Downloader.Win32.Adload.dg skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07600006.VBN Infected: Trojan-Downloader.Win32.Adload.fg skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\07600007.VBN Infected: Trojan-Downloader.Win32.Adload.fg skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log.idx Object is locked skipped
C:\WINNT\CSC\00000001 Object is locked skipped
C:\WINNT\Debug\ipsecpa.log Object is locked skipped
C:\WINNT\Debug\oakley.log Object is locked skipped
C:\WINNT\Debug\PASSWD.LOG Object is locked skipped
C:\WINNT\SchedLgU.Txt Object is locked skipped
C:\WINNT\security\logs\scepol.log Object is locked skipped
C:\WINNT\system32\config\AppEvent.Evt Object is locked skipped
C:\WINNT\system32\config\default Object is locked skipped
C:\WINNT\system32\config\default.LOG Object is locked skipped
C:\WINNT\system32\config\SAM Object is locked skipped
C:\WINNT\system32\config\SAM.LOG Object is locked skipped
C:\WINNT\system32\config\SecEvent.Evt Object is locked skipped
C:\WINNT\system32\config\SECURITY Object is locked skipped
C:\WINNT\system32\config\SECURITY.LOG Object is locked skipped
C:\WINNT\system32\config\software Object is locked skipped
C:\WINNT\system32\config\software.LOG Object is locked skipped
C:\WINNT\system32\config\SysEvent.Evt Object is locked skipped
C:\WINNT\system32\config\system Object is locked skipped
C:\WINNT\system32\config\SYSTEM.ALT Object is locked skipped
C:\WINNT\system32\DTCLog\MSDTC.LOG Object is locked skipped
Scan process completed.
LonnyRJones
2006-11-13, 06:11
Looks ok, any current problems ?
You can delete
C:\Documents and Settings\Administrator\Desktop\SDFix and the sdfix program
C:\!KillBox and the killbox program
C:\Documents and Settings\Administrator\DoctorWeb and the drweb program
No Problems at all.. everything is running smooth..
Thanks once again.. You have been a gr8 help!!! :bigthumb:
LonnyRJones
2006-11-13, 17:05
Good
Think Prevention: Put in place a good hosts file
http://www.mvps.org/winhelp2002/hosts.htm
How To Download and Extract the HOSTS file:
http://www.mvps.org/winhelp2002/hosts2.htm
Repeat that proccess about once or twice a month
To help avoid reinfection see "So how did I get infected in the first place?"
http://forums.spybot.info/showthread.php?t=279
LonnyRJones
2006-11-19, 02:44
Im Glad we could help
Since the problems are solved Im going to close the topic now, this keeps others with similar problems from posting there logs/question here, they should start a new topic.
If you should need to post another log for the same PC let one of us know via a PM (personal message).