immunization problem

**Zenobia** · 2009-08-26, 06:03

Originally Posted by piranha

i updated, uncompleted immunization again.....

i have printscreen if you wanna see, tell me where to host them

I generally use Imageshack:
http://imageshack.us/

**grenneam** · 2009-08-26, 14:00

Ok. Will do. Thanks.

**Zenobia** · 2009-08-27, 00:13

You're welcome.Good luck in Malware Removal.

**piranha** · 2009-08-29, 20:42

Originally Posted by Zenobia

I generally use Imageshack:
http://imageshack.us/

thanks

**Zenobia** · 2009-08-29, 23:37

Thanks.

Could you show me a startup list?
Open Spybot,click Mode,Advanced Mode,Tools,System Startup,rightclick in the window to the right,select Copy To Clipboard,then paste it here.

When you weren't able to Immunize everything,did a window come up from Spybot,about possible causes of not being able to immunize?

Are all your accounts admin accounts,or are some Limited Accounts?

**piranha** · 2009-08-29, 23:54

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2008-01-28 SDDelFile.exe (1.0.2.4)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2007-10-07 SDShred.exe (1.0.1.2)
2009-01-26 SDUpdate.exe (1.6.0.12)
2008-08-14 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-02-27 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-07-28 advcheck.dll (1.6.3.17)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-05-19 Includes\Adware.sbi
2009-08-18 Includes\AdwareC.sbi
2009-01-22 Includes\Cookies.sbi
2009-05-19 Includes\Dialer.sbi
2009-08-19 Includes\DialerC.sbi
2009-01-22 Includes\HeavyDuty.sbi
2009-05-26 Includes\Hijackers.sbi
2009-08-04 Includes\HijackersC.sbi
2009-06-23 Includes\Keyloggers.sbi
2009-07-30 Includes\KeyloggersC.sbi
2009-08-19 Includes\Malware.sbi
2009-08-19 Includes\MalwareC.sbi
2009-03-25 Includes\PUPS.sbi
2009-08-18 Includes\PUPSC.sbi
2009-01-22 Includes\Revision.sbi
2009-01-13 Includes\Security.sbi
2009-07-30 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2009-04-07 Includes\Spyware.sbi
2009-08-11 Includes\SpywareC.sbi
2009-06-08 Includes\Tracks.uti
2009-08-19 Includes\Trojans.sbi
2009-08-19 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

Located: HK_LM:Run, egui
command: "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
file: C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
size: 2029640
MD5: 03B1DC67F343BF2AF8CFEC3DCA09C943

Located: HK_LM:Run, OutpostFeedBack
command: "C:\Program Files\Agnitum\Outpost Free Firewall v6.5\feedback.exe" /dump:os_startup
file: C:\Program Files\Agnitum\Outpost Free Firewall v6.5\feedback.exe
size: 428032
MD5: 43129B804AC901F45DFDF3D3153B882D

Located: HK_LM:Run, OutpostMonitor
command: C:\PROGRA~1\Agnitum\OUTPOS~1.5\op_mon.exe /tray /noservice
file: C:\PROGRA~1\Agnitum\OUTPOS~1.5\op_mon.exe
size: 2374464
MD5: B4A1F482599FB41878B4EF8363282A4D

Located: HK_CU:Run, CTFMON.EXE
where: .DEFAULT...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 5584247B568C2E53934873F4B655FE6A

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-20...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 5584247B568C2E53934873F4B655FE6A

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-21-1547161642-688789844-842925246-500...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 5584247B568C2E53934873F4B655FE6A

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-18...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 5584247B568C2E53934873F4B655FE6A

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

******

no windows from spybot

***

1 admin account and 1 limited account

**Zenobia** · 2009-08-30, 00:43

Are you Immunizing on the administrator account?

**piranha** · 2009-08-30, 00:54

Originally Posted by Zenobia

Are you Immunizing on the administrator account?

Always. Not sure immunization works in limited account

**Zenobia** · 2009-08-30, 01:10

I don't see anything known to interfere with Immunization in your startup.
You could try immunizing in safe mode,though,and see what happens:
http://www.computerhope.com/issues/chsafe.htm#02
(Please make sure you pick safe mode,and not safe mode with networking.)

Please let me know how it goes.

Thread: immunization problem

Thread Tools

Display

Posting Permissions