"Bad Image"&"Unexpected Error" Messages,

N

northernunicorn

New member
Hi:
:confused: Im not sure if this is the forum I should be writing to for help, but I need to start somewhere . Im sure that some "bug" or "parasite" has done something but I dont want to do a reformat unless I absolutely have to.

SITUATION/PROBLEM:
1. Infected with Application.Adware.NewDotNet.Dropper according to [Bit Defender Virus scan].

2. "Bad Image", & "Unexpected Error" messages come up for various programs/applications-see below for list & particulars.

3. Cant access System Restore, Task Manager, or HiJack This.

HISTORY:
Starting on late evening Jan30/06, a message box showed up in the lower right side of task bar saying a chkdsk needed to be done. The message mentioned something about ICQ (ICQ is on the computer but hasnt been accessed in a few months).
I was told about the message 1&1/2 hours after it appeared; I clicked the 2 boxes in the chkdsk window from "tools", & restarted the computer so the chkdsk could run.
As soon as the chkdsk started, in the first section, all of a sudden there were "tons" of files scrolling down as if being added or accesssed. The chkdsk continued & finished.
NOTE:I'm never quick enough to read the report so I didnt see what it said. (Also, I dont even know how to access the report after the chkdsk is done).
When I opened up my user account, I noticed that the AVG icon on taskbar was grey. I clicked on it to update and a message said "no new updates".
When I clicked the desktop AVG icon , I received a message (see message 1).
I was able to open the AVG Control Center-Database said it hadnt been updated since Dec.17 2005(or approx.). However I KNOW I received an update just a few days before(I check daily for updates).
Antivirus AVG is now up to date(I was able to get the Jan31/2006 update late evening that night).
At first I kept receiving the "Bad Image" message for AVG desktop icon, but once the Jan31 update was on the computer, I dont get that message for AVG anymore.
I continue to receive the "Bad Image" message for various other applications/programs.

Windows Version: Windows XP SP2 Home Edition- 2 user Accounts set up (mine password controlled)

Firewall: WindowsXP SP2 default firewall

Anti virus program: AVG Free 7.1.375 database 267.15.0 249 02/02/2006-set to auto update daily but I check manually as well to make sure-auto scan daily.

Other Protection Software:
Spybot Search & Destroy1.4 detection date 2006-01-27 Default Mode-manual check daily for updates-scan daily

Spyware Blaster-manual daily check for updates(BEFORE when I could access the program)

Lavasoft Ad-Aware SE Personal Edition(downloaded Feb2/06(after the troubles happened-manual check daily for updates-scan daily-NO "Bad Image" or "Unexpected Error" message received-works great!!!

Content Advisor Program activated & password controlled by me(I have 2 late teen boys)

NOTE: Used to have Spyware Guard-deleted June2005 but I think restricted sites are still active on list.

Exact error message 1: "The application or DLL C:/Windows/system32/.......is not a valid Windows image. Please check your installation disk." (not sure what that is-installation disk cause computer came new with pre-programmed operating system).

Exact error message 2: "Unexpected Error".(for Spyware Blaster & HijackThis ONLY)

Programs/applications affected (ones that Ive noticed so far):

taskmgr.exe (see message1)...VDMDBG.dll . Task manager WONT load from right click on taskbar OR from CTRL ALT DEL keys.

spybotSD.exe (see message1) ...Srclient.dll Program DOES load, scan & update.

spywareblaster.exe see message 2)( Program tries to load page but then message appears.

rundll.exe(see message 1)

msnmgr.exe (see message1) ....msdmo.dll

HijackThis

System Restore (see message1) ...rstrui.exe
I cant access system restore to turn it off OR to go back to a restore point. The window loads for me to choose a previous point or to create a new one; however, the "Bad Image" message comes up when I choose "previous restore point". It appears that I may be able to create a NEW restore point though.



WHAT IVE DONE SO FAR:

1. "How to clean an infected computer" (AVG Free forum instructions) -followed all instructions-thats when I discovered that System Restore couldnt be accessed.

2. Ran Disk Cleanup utility [Cleanup]-program used 2X monthly
on my computer since May2005 when "little eagle"-Spybot Moderator instructed me to download & use it.

3. AVG Complete Scan (Normal & Safe modes)-NO VIRUSES

4. Spybot S&D scan (Normal & Safe modes)-up to date definitions-NO PROBLEMS

5. Ad-Aware scan-NO PROBLEMS

6. Defrag

7. Chkdsk -including fix & repair (Normal & Safe modes)

8. Feb 2/06 Posted for help on Antivirus free forum[http://forum.grisoft.cz/freeforum]

9. Directed from there to [aumha.org] to "The Parasite Fight" pages for info & a copy of Hijack his(I got it here instead)& told by moderator to go with info/situation to Spyware site where I trust the people.

10. Today Read at Spybot "Before you post a log", followed instructions, did scan at [Bit Defender Virus Scan] site, Spybot scan & downloaded HJT files into [C:Antispyware2006] folder(there is a previous "Antispyware" folder from when I got help here in May2005-didnt know if I was supposed to erase it.).

11. Attempted to use HJT to scan but got "Unexpected Error" message.

:o I sure hope that you can help me or direct me to where I can get help.
I also hope I didnt give TOO much info BUT that I gave enough.

Thank you from Dorothy-Im still hopeful that this situation can be fixed:bigthumb:
 
hi

can you install new programs ?

i'd like you to do the following:


Please download ewido anti malware it is a free version of the program.
  1. Install ewido security suite
  2. When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  3. Launch ewido, there should be an icon on your desktop, double-click it.
  4. The program will now open to the main screen.
  5. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  6. You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  7. The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:

reboot your computer in SafeMode by doing the following:
  1. Restart your computer
  2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  3. Instead of Windows loading as normal, a menu should appear
  4. Select the first option, to run Windows in Safe Mode.

then launch ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido security suite.

reboot back to normal mode, post the ewido report here

i'd really need to see the full contents of the error messages, especially if ther is a mention of a missing file.. could you try to write them ?
 
"Bad Image" & "Unexpected Error" messages

Hi "illukka":

Thank you for your reply and request. Yes...I can download new programs.:)

Sorry I took so long to get back to you.I had to go out of town for a few days. I will do as you requested and get back to you as soon as I've finished.

Thanks again.:) from Dorothy
 
"Bad Image" & "Unexpected Error" messages

Hi illukka:


Here are the "ewido anti malware reports that you requested.

I had to use the "manual updates" link.

There were 2 choices of update databases that seemed to be both the same size, (didnt know which to choose),so I installed the "most recent database" choice first ,rebooted into Safe Mode, chose "Complete System Scan".
A message came up that said "Remove"(I had no choice of "Clean") so I clicked it, saved the first scan in "My Documents".

I then went back to the manual updates link, installed the full update database, rebooted to safe mode, chose Complete Computer Scan-, and saved that report as well (2nd report).

ewido first report

--------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 2:17:33 AM, 12/02/2006
+ Report-Checksum: 42C5A90A

+ Scan result:

C:\WINDOWS\cpbrkpie.ocx -> Adware.Coupons : Cleaned with backup


::Report End

ewido 2nd report
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 3:41:52 AM, 12/02/2006
+ Report-Checksum: 71C78A61

+ Scan result:

C:\System Volume Information\_restore{4FB30166-1CDF-4883-93F0-E2BED21D25AA}\RP154\A0057426.ocx -> Adware.Coupons : Cleaned with backup


::Report End

Question:

Should I do another scan? It seems that there were 2 different things found.

Error Messages

I will write out the error messages just as they appear so you can see the file names. I'll be back to post them in another reply.

Thanks for your help. Please let me know what else I should do...another ewido scan, etc.

from Dorothy...still hopeful:)
 
hi

actually its the same detection, first its found in the filesystem> cleaned. then the second scan finds it in system restore

no malware, at least visible malware there

lets still check some more:
Download and Save Blacklight to your desktop:

Double-click blbeta.exe then accept the agreement, leave [X]scan through Windows Explorer checked, click > scan then > next

You'll see a list of all items found. There will also be a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).

Copy and paste this log in your next reply. Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there, such as "wbemtest.exe"
 
"Bad Image" & "Unexpected Error" Messages

Hi:

I downloaded & saved Blacklight as you requested.
:confused: I didnt see "scan through Windows Explorer";
I only saw a "box" for hidden processes,(:confused: was it supposed to scan more???)so I clicked scan, then next.

The results were no hidden processes.

Here is copy of the log that was on my desktop.

Log fsbl-2--6-215190329

02/15/06 14:03:29 [Info]: BlackLight Engine 1.0.30 initialized
02/15/06 14:03:29 [Info]: OS: 5.1 build 2600 (Service Pack 2)
02/15/06 14:03:29 [Note]: 7019 4
02/15/06 14:03:29 [Note]: 7005 0
02/15/06 14:04:02 [Note]: 7006 0
02/15/06 14:04:02 [Note]: 7011 472
02/15/06 14:04:03 [Note]: FSRAW library version 1.7.1014
02/15/06 14:05:41 [Note]: 7006 0
02/15/06 14:05:41 [Note]: 7011 472
02/15/06 14:05:41 [Note]: FSRAW library version 1.7.1014
02/15/06 14:07:13 [Note]: 7007 0


I hope this is okay & what you were looking for. Pls let me know.
Im going to post the "Unexpected Error " essages & "Bad Image" message in a separate reply, just to keep things organized.

Thanks...looking forward to hearing from you.
from Dorothy:)
 
"Bad Image" & "Unexpected Error" Messages

Hi again::)

Here are the particulars of the message boxes that appear:

1. Task Manager:

[taskmgr.exe-Bad Image]
[This application or DLL C:Windows/system32/VDMDBG.dll is not a valid Windows image. Please check this against your installation diskette.]

This is the message that appears for Task Manager when I hit
Ctrl>Alt>Delete. Nothing shows up when I right-click on the lower taskbar..
This message keeps coming up 4 to 5 times after clicking [ok] or [X], before it disappears.Task Manager window does not appear.

2. Spybot-Search & Destroy version 1.4:

[SpybotSD.exe-Bad Image]
[The application or DLL C:Windows/system32/SrClient.dll is not a valid Windows Image. Please check this against your installation diskette.]

This message box appears no matter what I click for Spybot(desktop icon,or from [start]>[all programs].
However, when you click [ok] or [X] to close the message, the program does load and check for updates and check for problems.

3. MSN Messenger version 7.5(Build 7.5.0324):

[msnmsgr.exe-Bad Image]
[The application or DLL C:Windows/system32/msdmo.dll is not a valid Windows image. Please check this against your installlation diskette.]

When you click [ok] or [X] to close the message, MSN does load and run without any problems as far as I know.

4. Spyware Blaster:

[SpywareBlaster]
[Unexpected error]

For a split second, I can see that the Spyware Blaster window is trying to open, but then the [Unexpected error] message appears. Spyware Blaster opening window does not load so I cant even check for updates....not sure if it is blocking the sites its supposed to and I dont know how to check if it is running.

5. System Restore:

[rstrui.exe-Bad Image]
[The application or DLL C:Windows/system32/srclient.dll is not a valid Windows image. Please check this against your installation diskette.]

Takes 6-7 clicks on [ok] or [X] to close this message box; then [Welcome to System Restore] window comes up, showing a dot in [Restore my computer to an earlier time]. I click [next], then this message box below appears:

[System restor:rstrui.exe-Bad Image]

I can click on link for [System Restore Settings] and access [System Properties]. I am afraid to click the box for [turn off system restore] because message comes up telling me all restore points will be lost.

I can click[Create a restore point]>[next] and the window comes up for me to create a restore point & type a description.

I can click [back], and click back and forth between [Restore computer...] and [Create a restore....]. The error messages dont show up, but I cant access calendars to choose a restore date.

As far as I know, these are the only messages and programs affected.

:scratch: Any ideas? Please let me know.

Thanks a lot for your help so far. Still hopeful.:)
from Dorothy
 
hi

this could be a fileinfector virus. lets try these tools first:

Please download the free MWAV antivirus tool from here:
ftp://ftp.microworldsystems.com/download/tools/mwav.exe
Save it to the desktop and run it. Follow the prompts to scan your system for viruses. Then please post for me the log of infected files from the BOTTOM panel of the scan window.

then:
Create a folder on your desktop called Sysclean.
Go to http://www.trendmicro.com/download/dcs.asp and download sysclean package to the folder you made.
Go to http://www.trendmicro.com/download/pattern.asp and download the Official Pattern Release for windows to your desktop.
This file will be called lptXXX.zip (XXX represents the version number)
Unzip lptXXX.zip and you'll get the file lpt$vpn.XXX.
Move the lpt$vpn.XXX to that Sysclean-folder you created on your desktop.

Turn off your antivirus which is installed on your system because it can interfere with the Sysclean-scan.

Open the sysclean-folder and doubleclick sysclean.com.
Check: Automatically clean or delete detected files.
Click scan.
When the scan is finished, open your sysclean-folder and copy and paste the contents of sysclean.log in your next reply.

is hijackthis still unavailable?

could you try this:
http://diamondcs.com.au/downloads/asviewer.zip

unzip, then launch the program
when it has loaded click file> save to save its logfile. post that here
 
"Bad Imaage"&"Unexpected Error" messages

Hi again:
I got your post of Feb.16. I was unavailable yesterday to follow your instructions. Doing them. Will get back to you with info when I'm finished.
Thanks from Dorothy:) ....still hopeful
 
"Bad Image"&"Unexpected Error" messages

Hi illukka:

Below is the log for the MWAV antivirus tool. I clicked on [view log] and copied from MWAV Notepad. Hope this is what you wanted.

By the way, a [Bad Image] message came up when I double-clicked the MWAV icon on my desktop but it appears to have run anyway. The DLL mentioned is the same one as mention for the Task Manager [Bad Image] message.(Just curious if this means anything).

MWAV antivirus tool message:

[mwavscan.com-Bad Image]

[The application DLL or C:windows/system32/VDMDBG.DLL is not a valid Windows image. Please check this against your installation diskette.]



Log for the MWAV antivirus tool:

Sat Feb 18 13:01:02 2006 => **********************************************************
Sat Feb 18 13:01:02 2006 => MicroWorld Anti Virus & Spyware Toolkit Utility.
Sat Feb 18 13:01:02 2006 => Copyright © 2003-2006, MicroWorld Technologies Inc.
Sat Feb 18 13:01:02 2006 => **********************************************************
Sat Feb 18 13:01:02 2006 => Source: C:\DOCUME~1\DOROTH~1\Desktop\mwav.exe
Sat Feb 18 13:01:03 2006 => Version 8.1.8 (C:\DOCUME~1\DOROTH~1\LOCALS~1\Temp\mwavscan.com)
Sat Feb 18 13:01:03 2006 => Log File: C:\DOCUME~1\DOROTH~1\LOCALS~1\Temp\MWAV.LOG
Sat Feb 18 13:01:03 2006 => MWAV Registered: FALSE.
Sat Feb 18 13:01:03 2006 => OS Type: Windows Workstation
Sat Feb 18 13:01:03 2006 => Local Fixed Drives: c:\
Sat Feb 18 13:01:03 2006 => MWAV Mode: Only Scan files.
Sat Feb 18 13:01:03 2006 => Latest Date of files inside MWAV: 16 Feb 2006 12:40:42.
Sat Feb 18 13:01:08 2006 => AV Library Loaded...
Sat Feb 18 13:01:08 2006 => MWAV doing self scanning...
Sat Feb 18 13:01:08 2006 => Scanning File C:\DOCUME~1\DOROTH~1\LOCALS~1\Temp\kavss.exe
Sat Feb 18 13:01:08 2006 => Scanning File C:\DOCUME~1\DOROTH~1\LOCALS~1\Temp\Getvlist.exe
Sat Feb 18 13:01:09 2006 => Scanning File C:\DOCUME~1\DOROTH~1\LOCALS~1\Temp\kavss.dll
Sat Feb 18 13:01:09 2006 => Scanning File C:\DOCUME~1\DOROTH~1\LOCALS~1\Temp\kavssdi.dll
Sat Feb 18 13:01:09 2006 => Scanning File C:\DOCUME~1\DOROTH~1\LOCALS~1\Temp\kavssi.dll
Sat Feb 18 13:01:09 2006 => Scanning File C:\DOCUME~1\DOROTH~1\LOCALS~1\Temp\kavvlg.dll
Sat Feb 18 13:01:09 2006 => Scanning File C:\DOCUME~1\DOROTH~1\LOCALS~1\Temp\msvlclnt.dll
Sat Feb 18 13:01:09 2006 => Scanning File C:\DOCUME~1\DOROTH~1\LOCALS~1\Temp\ipc.dll
Sat Feb 18 13:01:09 2006 => Scanning File C:\DOCUME~1\DOROTH~1\LOCALS~1\Temp\main.avi
Sat Feb 18 13:01:09 2006 => Scanning File C:\DOCUME~1\DOROTH~1\LOCALS~1\Temp\virus.avi
Sat Feb 18 13:01:09 2006 => MWAV files are clean.
Sat Feb 18 13:01:19 2006 => Virus Database Date: 2/16/2006
Sat Feb 18 13:01:19 2006 => Virus Database Count: 177018

Sat Feb 18 13:03:22 2006 => **********************************************************
Sat Feb 18 13:03:22 2006 => MicroWorld Anti Virus & Spyware Toolkit Utility.
Sat Feb 18 13:03:22 2006 => Copyright © 2003-2006, MicroWorld Technologies Inc.
Sat Feb 18 13:03:22 2006 =>
Sat Feb 18 13:03:22 2006 => Support: support@mwti.net
Sat Feb 18 13:03:22 2006 => Web: http://www.mwti.net
Sat Feb 18 13:03:22 2006 => **********************************************************
Sat Feb 18 13:03:22 2006 => Version 8.1.8 (C:\DOCUME~1\DOROTH~1\LOCALS~1\Temp\mwavscan.com)
Sat Feb 18 13:03:22 2006 => Log File: C:\DOCUME~1\DOROTH~1\LOCALS~1\Temp\MWAV.LOG
Sat Feb 18 13:03:22 2006 => User Account: Dorothy Blake
Sat Feb 18 13:03:22 2006 => Windows Root Folder: C:\WINDOWS
Sat Feb 18 13:03:22 2006 => Windows Sys32 Folder: C:\WINDOWS\system32
Sat Feb 18 13:03:22 2006 => OS: Windows XP
Sat Feb 18 13:03:23 2006 => Latest Date of files inside MWAV: 16 Feb 2006 12:40:42.

Sat Feb 18 13:03:23 2006 => Options Selected by User:
Sat Feb 18 13:03:23 2006 => Memory Check: Enabled
Sat Feb 18 13:03:23 2006 => Registry Check: Enabled
Sat Feb 18 13:03:23 2006 => StartUp Folder Check: Enabled
Sat Feb 18 13:03:23 2006 => System Folder Check: Enabled
Sat Feb 18 13:03:23 2006 => System Area Check: Disabled
Sat Feb 18 13:03:23 2006 => Services Check: Enabled
Sat Feb 18 13:03:23 2006 => Drive Check: Enabled
Sat Feb 18 13:03:23 2006 => All Drive Check :Disabled
Sat Feb 18 13:03:23 2006 => Drive Selected = C:\
Sat Feb 18 13:03:23 2006 => Folder Check: Disabled
Sat Feb 18 13:04:54 2006 => ERROR!!! Unable to Load Memory List...
Sat Feb 18 13:04:54 2006 => ERROR!!! LoadMemory Fails

Sat Feb 18 13:04:54 2006 => Total Objects Scanned: 0
Sat Feb 18 13:04:54 2006 => Total Critical Objects: 0
Sat Feb 18 13:04:54 2006 => Total Disinfected Objects: 0
Sat Feb 18 13:04:54 2006 => Total Objects Renamed: 0
Sat Feb 18 13:04:54 2006 => Total Deleted Objects: 0
Sat Feb 18 13:04:54 2006 => Total Errors: 2
Sat Feb 18 13:04:54 2006 => Time Elapsed: 00:01:31
Sat Feb 18 13:04:54 2006 => Virus Database Date: 2/16/2006
Sat Feb 18 13:04:54 2006 => Virus Database Count: 177018

Sat Feb 18 13:04:54 2006 => Scan Completed.

I will post this now; later I'll post the sysclean.log

Thanks again for your patience and help from Dorothy:) ...still hoping...
 
"Bad Image"&"Unexpected Error" messages

Hi illukka::)

This post refers to Sysclean. (Log is posted in separate post because I could only put in 20000 characters).

I followed instructions & links.
The Official Pattern Release file I downloaded was the Virus Pattern File 3.219.0. :o I hope this was the one you meant. There was also one called Spyware Pattern File.

I unzipped lpt219.zip and put it in the Sysclean folder on my desktop.

I turned off my AVG antivirus, as you instructed, to do the scan.(My antivirus is now re-activated).

(:scratch: I noticed there are tons of [Access denied] in the log. Did I forget to do something? There is also a [TSCDebug] text in the Sysclean folder. Do you need to see this?)

Thanks again from Dorothy:)
 
"Bad Image"&"Unexpected Error" messages

Sysclean logfrom Dorothy:) 2 posts required for the complete log

/--------------------------------------------------------------\
| Trend Micro Sysclean Package |
| Copyright 2002, Trend Micro, Inc. |
| http://www.trendmicro.com |
\--------------------------------------------------------------/


2006-02-18, 14:05:25, Auto-clean mode specified.
2006-02-18, 14:05:25, Running scanner "C:\Documents and Settings\Dorothy Blake\Desktop\Sysclean\TSC.BIN"...
2006-02-18, 14:05:42, Scanner "C:\Documents and Settings\Dorothy Blake\Desktop\Sysclean\TSC.BIN" has finished running.
2006-02-18, 14:05:42, TSC Log:

Damage Cleanup Engine (DCE) 3.98(Build 1012)
Windows XP(Build 2600: Service Pack 2)

Start time : Sat Feb 18 2006 14:05:27

Load Damage Cleanup Template (DCT) "C:\Documents and Settings\Dorothy Blake\Desktop\Sysclean\tsc.ptn" (version 708) [success]

Complete time : Sat Feb 18 2006 14:05:42
Execute pattern count(4727), Virus found count(0), Virus clean count(0), Clean failed count(0)

2006-02-18, 14:06:35, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp": Access is denied.
2006-02-18, 14:06:59, An error occurred while scanning file "C:\Documents and Settings\Dorothy Blake\ntuser.dat": Access is denied.
2006-02-18, 14:06:59, An error occurred while scanning file "C:\Documents and Settings\Dorothy Blake\ntuser.dat.LOG": Access is denied.
2006-02-18, 14:07:37, An error occurred while scanning file "C:\Documents and Settings\Dorothy Blake\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2006-02-18, 14:07:37, An error occurred while scanning file "C:\Documents and Settings\Dorothy Blake\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2006-02-18, 14:09:53, An error occurred while scanning file "C:\Documents and Settings\LocalService\NTUSER.DAT": Access is denied.
2006-02-18, 14:09:53, An error occurred while scanning file "C:\Documents and Settings\LocalService\ntuser.dat.LOG": Access is denied.
2006-02-18, 14:09:53, An error occurred while scanning file "C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2006-02-18, 14:09:53, An error occurred while scanning file "C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2006-02-18, 14:09:53, An error occurred while scanning file "C:\Documents and Settings\NetworkService\NTUSER.DAT": Access is denied.
2006-02-18, 14:09:53, An error occurred while scanning file "C:\Documents and Settings\NetworkService\ntuser.dat.LOG": Access is denied.
2006-02-18, 14:09:54, An error occurred while scanning file "C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2006-02-18, 14:09:54, An error occurred while scanning file "C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2006-02-18, 14:21:08, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll": Access is denied.
2006-02-18, 14:23:47, Could not set file for reading on "C:\WINDOWS\PCHEALTH\ErrorRep\UserDumps\svchost.exe.20050623-175825-00.hdmp": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\ACRORD32.EXE-13285B88.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\ACRORD32INFO.EXE-013EA364.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\AD-AWARE.EXE-2ED3360E.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\AGENTSVR.EXE-002E45AB.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\ALG.EXE-0F138680.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\ANTINYXEM-EN.EXE-37BA044C.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\ARENA106.EXE-03C79771.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGCC.EXE-36A38F59.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGINET.EXE-3038B75E.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGINET.EXE-3B0744C3.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGVV.EXE-0A3F8C17.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGVV.EXE-21F74736.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGW.EXE-00A2F684.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGW.EXE-011FD837.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGWB.DAT-01D5CE53.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGWB.DAT-25B8DD3B.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\BLBETA.EXE-05F7E9E5.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\BOOTSTRAP.EXE-029F9551.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\CLEANUP.EXE-1B0F5664.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\CLOKSPL.EXE-06FE98F1.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\CONTROL.EXE-013DBFB5.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\DEUSEX.EXE-36857429.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\DISCIPLES2.EXE-0D57C04B.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\DUMPREP.EXE-1B46F901.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\EWIDO-SETUP.EXE-32981F35.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\EWIDO-SIGNATURES-20060211.EXE-312F37A2.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\EWIDO-SIGNATURES-FULL-2006021-1CEA2D19.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\EWIDO-SIGNATURES-FULL-2006021-3B015D17.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\EWIDOCTRL.EXE-0EEA53F9.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\FCEU.EXE-2BC92791.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\FCEU.EXE-304D0E4F.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\GAME.EXE-2635C338.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\GOLEM.EXE-1872B826.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\HELPCTR.EXE-3862B6F5.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\HH.EXE-2D1A70B3.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-085E9953.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-1BC9B572.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-1F35F0D6.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\IDRIVER.EXE-3B6DD980.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\IUN3405.EXE-10F422FB.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\IUN507.EXE-092E1DB6.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\JAVA.EXE-2427EF62.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\JUCHECK.EXE-197A10BB.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\JUSCHED.EXE-2ABC3D1B.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\KHALMNPR.EXE-098E13FC.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\LAUNCHER.EXE-31F89DC2.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\Layout.ini": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\LOGON.SCR-151EFAEA.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\LVCOMS.EXE-2DC18031.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\MDM.EXE-07915C2C.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\MMC.EXE-1EF9AA05.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\MMC.EXE-3D93B3AE.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\MSGR0.EXE-3317DF91.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\MSIEXEC.EXE-2F8A8CAE.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\MSN6.EXE-2001F6AE.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\MSNMSGR.EXE-25A27ADA.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\MSNMSGR.EXE-366A1A81.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\MSPAINT.EXE-11CBB631.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\MSWORKS.EXE-31812CA4.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf": Access is denied.
2006-02-18, 14:24:05,

BALANCE TO FOLLOW
 
BALANCE OF SYSCLEAN LOG from Dorothy:) Hope this is ok.

Could not set file for reading on "C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\NTVDM.EXE-1A10A423.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\NWIZ.EXE-2D0F9FBC.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\OUTLOOK.EXE-108B0D14.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\OUTLOOK.EXE-3784AE71.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\PHOTOED.EXE-0F3CAA01.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\PSEMU.EXE-1E3C7BCC.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\QTTASK.EXE-342507FB.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\RAK3CFG.EXE-0724BE85.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\RSTRUI.EXE-03C49A96.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-12B3A3D4.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-13E68835.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-17D51176.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-1BC55A4F.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-22AE43CD.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-2341BBC5.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-247FE6B9.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-268BFF96.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-2905E326.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-2C7B5C4A.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-2CD85FD3.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-311943EE.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-3B684387.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-4CE10179.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-4D080F35.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\SBAUTOUPDATE.EXE-1D16DE15.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\SC3U.EXE-0485547C.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\SC3U.ICD-01AE1C6E.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\SCUNIN.EXE-02C5EED2.pf": Access is denied.
2006-02-18, 14:24:05, Could not set file for reading on "C:\WINDOWS\Prefetch\SECURITYSUITE.EXE-278F473B.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\SETUP.EXE-0667B060.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\SETUP.EXE-1FD0147E.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\SETUP.EXE-393E66AE.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\SIMCITY 3000 UNLIMITED_EREG.E-28CE4FE3.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\SK2000DM.EXE-357B3AFD.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\SKDAEMON.EXE-2C388FC6.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\SKIP98.EXE-20F220E3.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\SKTEMPDM.EXE-3855B182.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\SPYBOTSD.EXE-1344276B.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\SPYWAREBLASTER.EXE-20CF1E62.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\ST6UNST.EXE-1F77290E.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\SUN.EXE-359311A4.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\UNINS000.EXE-27E109E0.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\UNINSTALL.EXE-08514516.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\UPDATE.EXE-0BAC6EF2.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\UPDATE.EXE-2611013F.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\UPDATER.EXE-076075EE.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\UPDCON610.EXE-1DBC79A8.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\WINHLP32.EXE-2C18E975.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\WINWORD.EXE-10D55173.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\WSCNTFY.EXE-1B24F5EB.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\WUPDMGR.EXE-2F30BEAB.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\YMSGR_TRAY.EXE-256366BA.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\YPAGER.EXE-31587640.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\_INS5176._MP-23834F0A.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\_ISWUC.EXE-280CBA09.pf": Access is denied.
2006-02-18, 14:24:06, Could not set file for reading on "C:\WINDOWS\Prefetch\_IU14D2N.TMP-319F9C26.pf": Access is denied.
2006-02-18, 14:25:45, An error occurred while scanning file "C:\WINDOWS\system32\config\DEFAULT": Access is denied.
2006-02-18, 14:25:45, An error occurred while scanning file "C:\WINDOWS\system32\config\default.LOG": Access is denied.
2006-02-18, 14:25:45, An error occurred while scanning file "C:\WINDOWS\system32\config\SAM": Access is denied.
2006-02-18, 14:25:45, An error occurred while scanning file "C:\WINDOWS\system32\config\SAM.LOG": Access is denied.
2006-02-18, 14:25:45, An error occurred while scanning file "C:\WINDOWS\system32\config\SECURITY": Access is denied.
2006-02-18, 14:25:45, An error occurred while scanning file "C:\WINDOWS\system32\config\SECURITY.LOG": Access is denied.
2006-02-18, 14:25:45, An error occurred while scanning file "C:\WINDOWS\system32\config\SOFTWARE": Access is denied.
2006-02-18, 14:25:45, An error occurred while scanning file "C:\WINDOWS\system32\config\software.LOG": Access is denied.
2006-02-18, 14:25:45, An error occurred while scanning file "C:\WINDOWS\system32\config\SYSTEM": Access is denied.
2006-02-18, 14:25:45, An error occurred while scanning file "C:\WINDOWS\system32\config\system.LOG": Access is denied.
2006-02-18, 14:26:41, An error occurred while scanning file "C:\WINDOWS\Temp\Perflib_Perfdata_6b0.dat": Access is denied.
2006-02-18, 14:26:46, Running scanner "C:\Documents and Settings\Dorothy Blake\Desktop\Sysclean\VSCANTM.BIN"...
2006-02-18, 14:49:23, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 2/18/2006 14:26:50
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 219 (123436 Patterns) (2006/02/17) (321900)
Command Line: C:\Documents and Settings\Dorothy Blake\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Dorothy Blake\Desktop\Sysclean

58479 files have been read.
58479 files have been checked.
46316 files have been scanned.
82988 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 2/18/2006 14:49:22
---------*---------*---------*---------*---------*---------*---------*---------*
2006-02-18, 14:49:24, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 2/18/2006 14:26:50
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 219 (123436 Patterns) (2006/02/17) (321900)
Command Line: C:\Documents and Settings\Dorothy Blake\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Dorothy Blake\Desktop\Sysclean

58479 files have been read.
58479 files have been checked.
46316 files have been scanned.
82988 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 2/18/2006 14:49:22 22 minutes 31 seconds (1351.03 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-02-18, 14:49:24, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 2/18/2006 14:26:50
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 219 (123436 Patterns) (2006/02/17) (321900)
Command Line: C:\Documents and Settings\Dorothy Blake\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Dorothy Blake\Desktop\Sysclean

58479 files have been read.
58479 files have been checked.
46316 files have been scanned.
82988 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 2/18/2006 14:49:22 22 minutes 31 seconds (1351.03 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-02-18, 14:49:24, Scanner "C:\Documents and Settings\Dorothy Blake\Desktop\Sysclean\VSCANTM.BIN" has finished running.
 
thanks

nothing in it
those are normal ( access denied), those files are exclusively used(=locked) by the operating system.

lets see the other scan results then :)
again some of the logs can be large, i am interested in detected malware/ infected files , feel free to edit the logs to make them smaller.
 
"Bad Image"&"Unexpected Error" messages.

Hi illukka::) re: your Feb.16 post-final section

Hijackthis is still not available. I can unzip program & see [icon of dynamite], but i get the following message[Hijackthis][Unexpected error] when I double click.

Did you get my previous post about MWAV antivirus tool?
I read your response to the Sysclean log. Thanks for answering my question.

Please let me know what I have to do after this. Thanks again for your time & patience.:) from Dorothy

Here is logfile for diamondcs.com

DiamondCS Autostart Viewer (www.diamondcs.com.au) - Report for Dorothy Blake@BLAKESCOTT, 02-18-2006
c:\windows\system32\autoexec.nt
C:\WINDOWS\system32\mscdexnt.exe
C:\WINDOWS\system32\redir.exe
C:\WINDOWS\system32\dosx.exe
c:\windows\system32\config.nt
C:\WINDOWS\system32\himem.sys
c:\windows\wininit.ini [rename]
NUL=C:\Skip98\FILE_ID.DIZ
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=
NUL=C:\WINDOWS\downlo~1\ymsgrins.exe
c:\windows\system.ini [drivers]
timer=timer.drv
c:\windows\system.ini [boot]\shell
C:\WINDOWS\Explorer.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
C:\WINDOWS\Explorer.exe
HKCR\vbsfile\shell\open\command\
C:\WINDOWS\System32\WScript.exe "%1" %*
HKCR\vbefile\shell\open\command\
C:\WINDOWS\System32\WScript.exe "%1" %*
HKCR\jsfile\shell\open\command\
C:\WINDOWS\System32\WScript.exe "%1" %*
HKCR\jsefile\shell\open\command\
C:\WINDOWS\System32\WScript.exe "%1" %*
HKCR\wshfile\shell\open\command\
C:\WINDOWS\System32\WScript.exe "%1" %*
HKCR\wsffile\shell\open\command\
C:\WINDOWS\System32\WScript.exe "%1" %*
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Detect Kbd Daemon
C:\WINDOWS\system32\SK2000DM.EXE
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\LVCOMS
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\NvCplDaemon
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\nwiz
nwiz.exe /install
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\AVG7_CC
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Logitech Hardware Abstraction Layer
C:\WINDOWS\KHALMNPR.EXE
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\KernelFaultCheck
C:\WINDOWS\system32\dumprep 0 -k
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\UserFaultCheck
C:\WINDOWS\system32\dumprep 0 -u
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\QuickTime Task
C:\Program Files\QuickTime\qttask.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SunJavaUpdateSched
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
HKU\.Default\Software\Microsoft\Windows\CurrentVersion\Run\AVG7_Run
C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
C:\WINDOWS\System32\webcheck.dll
C:\WINDOWS\System32\stobject.dll
C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
autocheck autochk *
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
C:\WINDOWS\system32\userinit.exe
HKLM\System\CurrentControlSet\Control\WOW\cmdline
C:\WINDOWS\system32\ntvdm.exe
HKLM\System\CurrentControlSet\Control\WOW\wowcmdline
C:\WINDOWS\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\
C:\WINDOWS\system32\mswsock.dll
C:\WINDOWS\system32\rsvpsp.dll
HKLM\System\CurrentControlSet\Services\VxD\JAVASUP\
C:\WINDOWS\system32\JAVASUP.VXD
 
"Bad Image"&"Unexpected Error" messages

Hi illukka::)

I got your reply of Feb.19 (today.)

I downloaded the vdmdbg.dll and srclient.dll files from the links you provided. I saved them in [Program files](not sure where I was supposed to save them).

However, now I'm confused:scratch: . How do I replace the corrupted ones with the new ones?:
It's probably something REALLY easy, obvious & simple, but I can't think of how to do it. Sorry about that.:(

Could you please reply with instructions? I'd really appreciate that.

Thanks once again for your patience & sharing your knowledge.:angel:

from Dorothy...starting to see some light at the end of the tunnel...
 
"Bad Image"&"Unexpected Error" messages

Hi illukka::)

I got your reply about this morning. Thanks...I'll do what you suggested & get back to you with the results.

Thanks from Dorothy...here's hoping:)
 
"Bad Image"&"Unexpected Error" messages

:) Hi illukka::)

As I previously said, I downloaded the new files...vdmdbg.dll & srclient.dll (saved in Program files) from your links in Feb.19 post.

I replaced the corrupted ones in C:Windows/system32...with the new ones. and restarted computer after replacing each corrupted file.

SUCCESSES: :)

Taskmanager,MicroWorld Antivirus Spyware Toolkit Utility,Spybot-Search & Destroy, System Restore all load OKAY and no messages come up.YEAH:bigthumb:
Also, previously, in System Restore, a "Bad Image"message for file [rstrui.exe] was coming up when I would click [OK] for [Restore my computer...earlier time.]. That message no longer comes up either.:)

Problems: :(

Spyware Blaster still gets message [Unexpected Error] & a big red X (no file name given) and will not load & I cant check for updates.
Previous to writing to this forum, I had uninstalled & reinstalled Spyware Blaster hoping that that would correct the problem but, alas, it didnt.

HijackThis STILL gets the message [Unexpected Error] & a big red X. It will not load or run(not sure of the term to use for this).

I still have a file with HijackThis from 2005 when I received help. :confused: Im not sure if this is causing a problem. Since I have the contents saved on a floppy, should I just delete it from my computer?

MSN Messenger still gets the message:
[msnmsgr.exe] [The application or DLL C:Windows/system32/msdmo.dll is not a valid Windows image. Please check this against your installation diskette.]
The program loads though & we can use it.

It's GREAT that some of the issues are fixed. Thank you very much :)

Please let me know your ideas on fixing the others.

You're doing a terrific job, illukka.

Thanks from Dorothy:)
 
You must log in or register to reply here.
Back
Top