Jump to content

mnalep

Honorary Members
  • Posts

    29
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

1,197 profile views
  1. Hi Ron, Yes, I am still here. I had a radiator hose bust on my car yesterday afternoon, and I've been fixing that. I got the hoses on, but have a misfire now, soIi'm trying to figure that out. I'll get back on this soon. Thanks, Matt
  2. Ron, A quick question while i finish your item list, is "Explorer.EXE" the same as "explorer.exe"?
  3. Ron, Regarding these three items: Adobe Reader 7.0.5 Language Support Adobe Reader 7.0.8 Netscape Communicator 4.79 I upgraded Adobe Reader, and I don't see Reader 7.0.5 Language support in my list of programs any longer? I guess it's gone with the update? Also, the Adobe Reader update put a program icon called Adobe AIR on my desktop. Looks like a programming tool, and I don't think I requested it with the Reader upgrade, any idea if I need it? Also, I was trying to uninstall Netscape Communicator in Add/Remove Programs, but it does not want to complete. It starts loading the Install Shield application, get 99% done and then hangs. When I get tired of waiting, and kill the application in Task Manager, an error box displays sayin gsomething about System error - the request to end the selcted 16 bit task has timed out. Press OK to terminate the Win 16 Subsytem or Cancel to leave it running. What does that mean, and is there a way for me to just manually remove that Netscape application?
  4. Hi Ron, I had to put this down for a bit also, I had a car problem. So far I have done step 0, and I have removed Limewire (step 3). I am getting the Adobe updates now (step 2). I will do the other steps afterwards. Regarding step 1 - is there a problem with Adaptec DirectCD, and is that why I should remove and replace it? Thanks, Matt
  5. I rebooted after running AntiMalware, and ran HijackThis, and here is that log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:21:07 PM, on 7/1/2009 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINNT\System32\CTsvcCDA.exe C:\WINNT\System32\svchost.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINNT\LogWatNT.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe c:\ora8i\bin\ORACLE.EXE c:\ora8i\BIN\OWASTSVR.EXE C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon.exe C:\WINNT\system32\stisvc.exe C:\WINNT\wanmpsvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\Explorer.EXE c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\WINNT\system32\devldr32.exe C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe C:\PROGRA~1\Adaptec\DirectCD\directcd.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\WINNT\system32\taskmgr.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINNT\system32\LVComsX.exe C:\Program Files\Mozilla Firefox\firefox.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://*.bcbsm.com O15 - Trusted Zone: http://*.freshchoicetobacco.com O15 - Trusted Zone: http://*.mcafee.com O15 - Trusted Zone: http://www.mibcn.com O15 - Trusted Zone: http://www.novastarmortgage.com O15 - Trusted Zone: http://www.ryomagazine.com O15 - Trusted Zone: http://www.universalorlando.com O15 - Trusted Zone: http://secure.universalstudios.com O16 - DPF: Microsoft WFC Forms Designer - file://D:\VJ98\wfcforms.cab O16 - DPF: Visual Studio 6 Extensibility Libraries - file://D:\VJ98\vstudio6.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200203...meInstaller.exe O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1241481548992 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1155667012657 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1164479759409 O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINNT\system32\drivers\KodakCCS.exe (file missing) O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINNT\LogWatNT.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: Oracle%ORACLE_HOME_SERVICE%ClientCache80 - Unknown owner - C:\ORANT\BIN\ONRSD80.EXE O23 - Service: Oracleora8iAgent - oracle - c:\ora8i\bin\dbsnmp.exe O23 - Service: Oracleora8iClientCache - Unknown owner - c:\ora8i\BIN\ONRSD.EXE O23 - Service: Oracleora8iDataGatherer - Unknown owner - c:\ora8i\bin\vppdc.exe O23 - Service: Oracleora8iTNSListener - Unknown owner - c:\ora8i\BIN\TNSLSNR.exe O23 - Service: OracleServiceORA8I - Oracle Corporation - c:\ora8i\bin\ORACLE.EXE O23 - Service: OracleWebAssistant1 - Oracle Corporation - c:\ora8i\BIN\OWASTSVR.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe O23 - Service: Service Request Monitor - Dell Computer Corporation - C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe -- End of file - 10260 bytes
  6. I Updated Anti-Malware, and it found acouple dozen files. It actually looks like anothre Malware tool my gf told me to run called Malwarebot. It seems that might actually be malware posing as anti-malware? Have you heard of it before? Here is the log: Malwarebytes' Anti-Malware 1.38 Database version: 2358 Windows 5.0.2195 Service Pack 4 7/1/2009 11:59:50 AM mbam-log-2009-07-01 (11-59-50).txt Scan type: Quick Scan Objects scanned: 114310 Time elapsed: 10 minute(s), 59 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 5 Files Infected: 22 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\MalwareBot (Rogue.MalwareBot) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\MalwareBot (Rogue.MalwareBot) -> Quarantined and deleted successfully. c:\documents and settings\All Users\Start Menu\Programs\MalwareBot (Rogue.MalwareBot) -> Quarantined and deleted successfully. c:\documents and settings\Administrator\Application Data\MalwareBot (Rogue.MalwareBot) -> Quarantined and deleted successfully. c:\documents and settings\administrator\application data\malwarebot\Log (Rogue.MalwareBot) -> Quarantined and deleted successfully. c:\documents and settings\administrator\application data\malwarebot\Settings (Rogue.MalwareBot) -> Quarantined and deleted successfully. Files Infected: c:\program files\malwarebot\unins000.dat (Rogue.MalwareBot) -> Quarantined and deleted successfully. c:\program files\malwarebot\unins000.exe (Rogue.MalwareBot) -> Quarantined and deleted successfully. c:\program files\malwarebot\license.rtf (Rogue.MalwareBot) -> Quarantined and deleted successfully. c:\program files\malwarebot\MalwareBot.exe (Rogue.MalwareBot) -> Quarantined and deleted successfully. c:\program files\malwarebot\MalwareBot.url (Rogue.MalwareBot) -> Quarantined and deleted successfully. c:\program files\malwarebot\DataBase.ref (Rogue.MalwareBot) -> Quarantined and deleted successfully. c:\documents and settings\all users\start menu\Programs\malwarebot\MalwareBot.lnk (Rogue.MalwareBot) -> Quarantined and deleted successfully. c:\documents and settings\all users\start menu\Programs\malwarebot\MalwareBot on the Web.lnk (Rogue.MalwareBot) -> Quarantined and deleted successfully. c:\documents and settings\all users\start menu\Programs\malwarebot\Uninstall MalwareBot.lnk (Rogue.MalwareBot) -> Quarantined and deleted successfully. c:\documents and settings\administrator\application data\malwarebot\rs.dat (Rogue.MalwareBot) -> Quarantined and deleted successfully. c:\documents and settings\administrator\application data\malwarebot\Log\2009 Jun 30 - 05_40_51 PM_853.log (Rogue.MalwareBot) -> Quarantined and deleted successfully. c:\documents and settings\administrator\application data\malwarebot\Log\2009 Jun 30 - 05_53_35 PM_991.log (Rogue.MalwareBot) -> Quarantined and deleted successfully. c:\documents and settings\administrator\application data\malwarebot\Log\2009 Jun 30 - 06_14_44 PM_596.log (Rogue.MalwareBot) -> Quarantined and deleted successfully. c:\documents and settings\administrator\application data\malwarebot\Log\2009 Jun 30 - 07_31_43 PM_893.log (Rogue.MalwareBot) -> Quarantined and deleted successfully. c:\documents and settings\administrator\application data\malwarebot\Log\2009 Jun 30 - 07_53_40 PM_379.log (Rogue.MalwareBot) -> Quarantined and deleted successfully. c:\documents and settings\administrator\application data\malwarebot\Log\2009 Jun 30 - 08_52_16 PM_168.log (Rogue.MalwareBot) -> Quarantined and deleted successfully. c:\documents and settings\administrator\application data\malwarebot\Log\2009 Jun 30 - 10_33_43 PM_636.log (Rogue.MalwareBot) -> Quarantined and deleted successfully. c:\documents and settings\administrator\application data\malwarebot\Log\2009 Jul 01 - 03_00_02 AM_943.log (Rogue.MalwareBot) -> Quarantined and deleted successfully. c:\documents and settings\administrator\application data\malwarebot\Log\2009 Jul 01 - 03_00_04 AM_035.log (Rogue.MalwareBot) -> Quarantined and deleted successfully. c:\documents and settings\administrator\application data\malwarebot\Log\2009 Jul 01 - 09_20_57 AM_737.log (Rogue.MalwareBot) -> Quarantined and deleted successfully. c:\documents and settings\administrator\application data\malwarebot\Settings\ScanResults.pie (Rogue.MalwareBot) -> Quarantined and deleted successfully. c:\WINNT\TASKS\MalwareBot Scheduled Scan.job (Rogue.MalwareBot) -> Quarantined and deleted successfully.
  7. I tried again to run a FULL SCAN with AnitMalware, and it locked up again with the "application error in mbam.exe - the instruction at 0x77fb7964 referenced mem0ry at 0x00000002 - the memory cannot be read" Why does this happen. Is it a problem with mbam.exe?
  8. I unstalled Avira, I could not get it run a second time on PC. I kept getting an Explorer.exe Application error, and then my system locks up. The error msg is " an instruction at 0x77fb7964 referenced memory at 0x0000000, and the memory could not be read". Here is DDS.txt: DDS (Ver_09-06-26.01) - FAT32x86 Run by Administrator at 15:14:58.50 on Tue 06/30/2009 Internet Explorer: 6.0.2800.1106 BrowserJavaVersion: 1.6.0_13 Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.510.236 [GMT -4:00] ============== Running Processes =============== C:\WINNT\system32\spoolsv.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINNT\System32\CTsvcCDA.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINNT\LogWatNT.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe c:\ora8i\BIN\TNSLSNR.exe c:\ora8i\bin\ORACLE.EXE c:\ora8i\BIN\OWASTSVR.EXE C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon.exe C:\WINNT\system32\stisvc.exe C:\WINNT\wanmpsvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\System32\mspmspsv.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\devldr32.exe C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe C:\PROGRA~1\Adaptec\DirectCD\directcd.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\WINNT\system32\taskmgr.exe C:\WINNT\system32\LVComsX.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Logitech\Video\AlbumDB2.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Download\DDS SCAN\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://google.com/ uWindow Title = Microsoft Internet Explorer provided by America Online uInternet Settings,ProxyOverride = 127.0.0.1;localhost BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {0494D0D9-F8E0-41AD-92A3-14154ECE70AC} - No File TB: Microsoft CommBand: {4d5c8c2a-d075-11d0-b416-00c04fb90376} - %SystemRoot%\system32\browseui.dll TB: {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - No File EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\system32\browseui.dll EB: {BE8D0059-D24D-4919-B76F-99F4A2203647} - No File EB: {E2BF1BF3-1FDB-4C93-8874-0B09E71C594C} - No File mRun: [madexe] c:\program files\dell\resolution assistant\motiveassistant\bin\mad.exe mRun: [synchronization Manager] mobsync.exe /logon mRun: [Adaptec DirectCD] c:\progra~1\adaptec\directcd\directcd.exe mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 7.0\avp.exe" dRunOnce: [^SetupICWDesktop] c:\program files\internet explorer\connection wizard\icwconn1.exe /desktop IE: {6224f700-cba3-4071-b251-47cb894244cd} - c:\program files\icq\ICQ.exe IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll Trusted Zone: bcbsm.com Trusted Zone: ca.com\www3 Trusted Zone: freshchoicetobacco.com Trusted Zone: ibm.com\www.elink.ibmlink Trusted Zone: investorvillage.com\www Trusted Zone: investorvillage.com\www1 Trusted Zone: live.com\safety Trusted Zone: mibcn.com\www Trusted Zone: microsoft.com\update Trusted Zone: microsoft.com\v4.windowsupdate Trusted Zone: microsoft.com\www.update Trusted Zone: novastarmortgage.com\www Trusted Zone: ryomagazine.com\www Trusted Zone: universalorlando.com\www Trusted Zone: universalstudios.com\secure DPF: DirectAnimation Java Classes - file://c:\winnt\java\classes\dajava.cab DPF: Microsoft WFC Forms Designer - file://d:\vj98\wfcforms.cab DPF: Microsoft XML Parser for Java - file://c:\winnt\java\classes\xmldso.cab DPF: Visual Studio 6 Extensibility Libraries - file://d:\vj98\vstudio6.cab DPF: {0000000A-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB DPF: {00000075-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/voxacm.CAB DPF: {00000161-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/msaudio.cab DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper2007261.dll DPF: {31564D57-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmvax.cab DPF: {32564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv8dmo.cab DPF: {3334504D-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/mpeg4ax.cab DPF: {33363249-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/i263_32.cab DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB DPF: {38F5F92F-BD40-40DF-A569-6C1FCB638190} - hxxp://www.powerleap.com/cab_files/InSPECS3_0.cab DPF: {41F17733-B041-4099-A042-B518BB6A408C} - hxxp://a1540.g.akamai.net/7/1540/52/20020323/qtinstall.info.apple.com/qt505/us/win/QuickTimeInstaller.exe DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab DPF: {56393399-041A-4650-94C7-13DFCB1F4665} - hxxp://www3.ca.com/securityadvisor/pestscan/pestscan.cab DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1241481548992 DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1155667012657 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1164479759409 DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www.ca.com/us/securityadvisor/virusinfo/webscan.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-1_4_1_01-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - c:\winnt\wc98pp.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll SEH: Microsoft.AntiSpyware.ShellExecuteHook.1: {9ef34ff2-3396-4527-9d27-04c8c1c67806} - c:\program files\microsoft antispyware\shellextension.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL LSA: Authentication Packages = msv1_0 c:\winnt\system32\opnkiHBR ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\6ip6a61p.default\ FF - plugin: c:\ign\download manager\npfpdlm.dll FF - plugin: c:\program files\netscape\communicator\program\plugins\np32dsw.dll FF - plugin: c:\program files\netscape\communicator\program\plugins\npaudio.dll FF - plugin: c:\program files\netscape\communicator\program\plugins\npavi32.dll FF - plugin: c:\program files\netscape\communicator\program\plugins\npbeatnk.dll FF - plugin: c:\program files\netscape\communicator\program\plugins\npdrmv2.dll FF - plugin: c:\program files\netscape\communicator\program\plugins\npdsplay.dll FF - plugin: c:\program files\netscape\communicator\program\plugins\NPJava11.dll FF - plugin: c:\program files\netscape\communicator\program\plugins\NPJava12.dll FF - plugin: c:\program files\netscape\communicator\program\plugins\NPJava13.dll FF - plugin: c:\program files\netscape\communicator\program\plugins\NPJava32.dll FF - plugin: c:\program files\netscape\communicator\program\plugins\NPJPI141_01.dll FF - plugin: c:\program files\netscape\communicator\program\plugins\NPMAsst41.dll FF - plugin: c:\program files\netscape\communicator\program\plugins\npnul32.dll FF - plugin: c:\program files\netscape\communicator\program\plugins\nppdf32.dll FF - plugin: c:\program files\netscape\communicator\program\plugins\nppl3260.dll FF - plugin: c:\program files\netscape\communicator\program\plugins\nprfxins.dll FF - plugin: c:\program files\netscape\communicator\program\plugins\nprjplug.dll FF - plugin: c:\program files\netscape\communicator\program\plugins\nprpjplug.dll FF - plugin: c:\program files\netscape\communicator\program\plugins\npswf32.dll FF - plugin: c:\program files\netscape\communicator\program\plugins\npwmsdrm.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R0 aaatimeo;aaatimeo;c:\winnt\system32\drivers\AAATIMEO.SYS [1980-1-1 4928] R1 Cdudf;Cdudf;c:\winnt\system32\drivers\CDUDF.SYS [2001-5-10 221376] R1 cmosa;cmosa;c:\winnt\system32\drivers\cmosa.sys [2001-5-10 29344] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-26 9968] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 72944] R2 AVP;Kaspersky Anti-Virus 7.0;c:\program files\kaspersky lab\kaspersky anti-virus 7.0\avp.exe [2008-2-8 227856] R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088] R2 LogWatch;Event Log Watch;c:\winnt\LogWatNT.exe [2000-6-8 50976] R2 Oracleora8iTNSListener;Oracleora8iTNSListener;c:\ora8i\bin\tnslsnr --> c:\ora8i\bin\TNSLSNR [?] R2 OracleServiceORA8I;OracleServiceORA8I;c:\ora8i\bin\oracle.exe ora8i --> c:\ora8i\bin\ORACLE.EXE ORA8I [?] R2 OracleWebAssistant1;OracleWebAssistant1;c:\ora8i\bin\OWASTSVR.EXE [1999-1-20 117248] R3 lne100v5;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\winnt\system32\drivers\lne100v5.sys [2006-8-1 36013] S0 cda1000;cda1000;c:\winnt\system32\drivers\CDA1000.SYS [1980-1-1 281024] S3 EL90BC;3Com EtherLink XL B/C Adapter Driver;c:\winnt\system32\drivers\el90xbc5.sys [1999-10-23 61712] S3 ISD200;USB Storage Adapter V2;c:\winnt\system32\drivers\ISD200.SYS [2004-1-10 26930] S3 Oracleora8iAgent;Oracleora8iAgent;c:\ora8i\bin\DBSNMP.EXE [2003-6-12 18944] S3 Oracleora8iClientCache;Oracleora8iClientCache;c:\ora8i\bin\ONRSD.EXE [1999-2-11 99328] S3 Oracleora8iDataGatherer;Oracleora8iDataGatherer;c:\ora8i\bin\vppdc.exe [2003-6-12 51200] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 7408] =============== Created Last 30 ================ 2009-06-30 15:14 16,384 a------- c:\winnt\system32\Perflib_Perfdata_438.dat 2009-06-30 13:21 16,384 a------- c:\winnt\system32\Perflib_Perfdata_280.dat 2009-06-30 13:11 16,384 a------- c:\winnt\system32\Perflib_Perfdata_250.dat 2009-06-30 12:55 16,384 a------- c:\winnt\system32\Perflib_Perfdata_4bc.dat 2009-06-30 12:50 <DIR> --d----- c:\program files\PowerTools Lite 2009-06-30 12:40 16,384 a------- c:\winnt\system32\Perflib_Perfdata_284.dat 2009-06-30 10:07 <DIR> --d----- C:\FOUND.002 2009-06-30 09:18 16,384 a------- c:\winnt\system32\Perflib_Perfdata_390.dat 2009-06-29 22:22 <DIR> --d----- C:\FOUND.001 2009-06-29 21:03 16,384 a------- c:\winnt\system32\Perflib_Perfdata_59c.dat 2009-06-29 16:35 16,384 a------- c:\winnt\system32\Perflib_Perfdata_51c.dat 2009-06-29 16:34 16,384 a------- c:\winnt\system32\Perflib_Perfdata_2e4.dat 2009-06-29 15:57 16,384 a------- c:\winnt\system32\Perflib_Perfdata_2e0.dat 2009-06-29 15:50 112,144 a------- c:\winnt\system32\drivers\kl1.sys 2009-06-29 15:22 <DIR> --d----- c:\program files\Kaspersky Lab 2009-06-29 15:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab 2009-06-29 13:51 16,384 a------- c:\winnt\system32\Perflib_Perfdata_2d8.dat 2009-06-29 12:10 16,384 a------- c:\winnt\system32\Perflib_Perfdata_2d0.dat 2009-06-29 10:45 65,240 a------- c:\winnt\system32\drivers\avgntflt.sys 2009-06-29 10:21 16,384 a------- c:\winnt\system32\Perflib_Perfdata_49c.dat 2009-06-29 10:21 16,384 a------- c:\winnt\system32\Perflib_Perfdata_290.dat 2009-06-29 09:41 16,384 a------- c:\winnt\system32\Perflib_Perfdata_2b0.dat 2009-06-28 22:30 16,384 a------- c:\winnt\system32\Perflib_Perfdata_2b8.dat 2009-06-27 12:09 <DIR> --d----- c:\program files\XoftSpySE 2009-06-26 20:04 <DIR> --d----- c:\program files\CCleaner 2009-06-25 19:36 16,384 a------- c:\winnt\system32\Perflib_Perfdata_2c0.dat 2009-06-25 19:17 16,384 a------- c:\winnt\system32\Perflib_Perfdata_2cc.dat 2009-06-25 18:44 16,384 a------- c:\winnt\system32\Perflib_Perfdata_868.dat 2009-06-25 18:44 410,984 a------- c:\winnt\system32\deploytk.dll 2009-06-25 18:44 73,728 a------- c:\winnt\system32\javacpl.cpl 2009-06-25 16:04 210,944 a------- C:\EDS GrayEagles Directory 06 16 2009.xls 2009-06-23 18:16 369,630 ----h--- c:\winnt\ShellIconCache 2009-06-23 14:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com 2009-06-23 14:21 <DIR> --d----- c:\program files\SUPERAntiSpyware 2009-06-23 14:21 <DIR> --d----- c:\docume~1\admini~1\applic~1\SUPERAntiSpyware.com 2009-06-23 14:20 <DIR> --d----- c:\program files\common files\Wise Installation Wizard 2009-06-19 12:06 <DIR> --d----- C:\FOUND.000 2009-06-17 22:11 <DIR> --d----- C:\Rooter$ 2009-06-17 21:24 0 a------- c:\winnt\system32\chkdsk 2009-06-17 21:12 <DIR> --d----- c:\program files\Trend Micro 2009-06-16 21:21 1,154 a------- C:\reregisterie.cmd 2009-06-15 11:38 1,022 a------- c:\winnt\AWMODEM.INF 2009-06-11 18:02 <DIR> --d----- C:\FOUND.062 2009-06-10 10:45 <DIR> --d----- C:\FOUND.061 2009-06-07 20:23 <DIR> --d----- C:\FOUND.060 ==================== Find3M ==================== 2009-06-17 11:27 38,160 a------- c:\winnt\system32\drivers\mbamswissarmy.sys 2009-06-17 11:27 18,456 a------- c:\winnt\system32\drivers\mbam.sys 2009-05-13 13:18 16,384 a------- c:\winnt\system32\Perflib_Perfdata_47c.dat 2009-05-07 02:41 263,440 a------- c:\winnt\system32\LOCALSPL.DLL 2009-05-07 02:41 263,440 -------- c:\winnt\system32\dllcache\localspl.dll 2009-05-01 11:28 462,336 a------- c:\winnt\system32\dllcache\URLMON.DLL 2009-04-24 05:54 95,504 a------- c:\winnt\system32\WIN32SPL.DLL 2009-04-24 05:54 95,504 a------- c:\winnt\system32\dllcache\win32spl.dll 2009-04-22 09:38 437,008 a------- c:\winnt\system32\rpcrt4.dll 2009-04-22 09:38 437,008 -------- c:\winnt\system32\dllcache\rpcrt4.dll 2009-04-21 16:10 132,096 a------- c:\winnt\system32\dllcache\MSRATING.DLL 2009-04-21 16:10 143,360 a------- c:\winnt\system32\dllcache\CDFVIEW.DLL 2009-04-21 16:10 1,018,368 a------- c:\winnt\system32\dllcache\BROWSEUI.DLL 2009-04-21 16:10 1,340,416 a------- c:\winnt\system32\dllcache\SHDOCVW.DLL 2009-04-21 16:10 402,944 a------- c:\winnt\system32\dllcache\SHLWAPI.DLL 2009-04-21 15:15 576,512 a------- c:\winnt\system32\WININET.DLL 2009-04-21 15:15 576,512 a------- c:\winnt\system32\dllcache\WININET.DLL 2009-04-21 15:15 12,288 a------- c:\winnt\system32\dllcache\JSPROXY.DLL 2009-04-21 15:15 69,632 a------- c:\winnt\system32\dllcache\INSENG.DLL 2009-04-21 15:14 236,032 a------- c:\winnt\system32\dllcache\IEPEERS.DLL 2009-04-21 15:14 2,707,456 a------- c:\winnt\system32\dllcache\MSHTML.DLL 2009-04-21 15:14 34,816 a------- c:\winnt\system32\dllcache\PNGFILT.DLL 2009-04-21 15:14 351,744 a------- c:\winnt\system32\dllcache\DXTMSFT.DLL 2009-04-21 15:14 192,512 a------- c:\winnt\system32\dllcache\DXTRANS.DLL 2009-04-21 15:14 498,176 a------- c:\winnt\system32\dllcache\MSTIME.DLL 2009-04-17 01:04 1,645,072 a------- c:\winnt\system32\WIN32K.SYS 2009-04-17 01:04 1,645,072 -------- c:\winnt\system32\dllcache\win32k.sys 2007-11-19 15:43 9 a------- c:\program files\install_log.dat 2003-09-28 13:52 21,952 a---h--- c:\program files\FOLDER.HTT 2003-09-28 13:52 271 a---h--- c:\program files\DESKTOP.INI 2002-06-05 17:20 7,432 a------- c:\program files\Pxu2.exe 2001-05-04 13:58 114,688 a------- c:\documents and settings\administrator\Fport.exe 2001-04-10 07:58 271 a---h--- c:\program files\common files\DESKTOP.INI 2000-07-26 17:00 32,528 a------- c:\winnt\inf\wbfirdma.sys ============= FINISH: 15:15:28.81 =============== AND HERE IS ATTACH.TXT: UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-06-26.01) Microsoft Windows 2000 Professional Boot Device: \Device\Harddisk0\Partition1 Install Date: System Uptime: 6/30/2009 10:38:34 AM (5 hours ago) Motherboard: Intel Corporation | | CA810E Processor: Intel Pentium III processor | J5H1 | 996/133mhz ==== Disk Partitions ========================= A: is Removable C: is FIXED (FAT32) - 112 GiB total, 78.784 GiB free. D: is CDROM () ==== Disabled Device Manager Items ============= Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318} Description: Logical Disk Manager Device ID: ROOT\DMIO\0001 Manufacturer: (Standard system devices) Name: Logical Disk Manager PNP Device ID: ROOT\DMIO\0001 Service: dmio ==== System Restore Points =================== No restore point in system. ==== Installed Programs ====================== Absolute Poker Actual Spy 3.0 Ad-aware 6 Personal Adaptec DirectCD Adobe Acrobat 5.0 Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 7.0.5 Language Support Adobe Reader 7.0.8 Adobe Shockwave Player 11.5 Adobe
  9. Here is the mbam log: (I'll look at that DDS next): Malwarebytes' Anti-Malware 1.38 Database version: 2299 Windows 5.0.2195 Service Pack 4 6/30/2009 11:50:18 AM mbam-log-2009-06-30 (11-50-18).txt Scan type: Full Scan (C:\|) Objects scanned: 261743 Time elapsed: 31 minute(s), 33 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\documents and settings\administrator\local settings\Temp\pft7~tmp\pp\ccinstaller.exe (Trojan.Agent) -> Quarantined and deleted successfully.
  10. Hi Ron, I ran the Avira AntiVir from that other file I downloaded that installs the software on my PC. (I could not get that CD disk to run in my son's Laptop, and that is an Acer with Vista , not a Dell with Win 2000, so I decided to run that Atnivir). Avira did find 46 items and quarantined them. I checked all threat categories, except unusual compression. I hope that was correct? Was running Avira from the desktop as complete as if I had run from the CD? I then ran Anti-Malware FULL SCAN, and it found nothing. So what's next? Below is the report from Avira Antivir:[/u] Avira AntiVir Personal Report file date: Monday, June 29, 2009 11:11 Scanning for 1439934 virus strains and unwanted programs. Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows 2000 Windows version : (Service Pack 4) [5.0.2195] Boot mode : Normally booted Username : SYSTEM Computer name : D8QX8L01 Version information: BUILD.DAT : 9.0.0.403 17961 Bytes 6/3/2009 17:05:00 AVSCAN.EXE : 9.0.3.6 466689 Bytes 5/11/2009 14:14:48 AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 15:58:26 LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 16:35:50 LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 15:58:54 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 17:30:38 ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 01:33:28 ANTIVIR2.VDF : 7.1.4.0 2336768 Bytes 5/20/2009 17:16:40 ANTIVIR3.VDF : 7.1.4.37 382976 Bytes 5/29/2009 17:25:18 Engineversion : 8.2.0.180 AEVDF.DLL : 8.1.1.1 106868 Bytes 4/30/2009 16:52:06 AESCRIPT.DLL : 8.1.2.0 389497 Bytes 5/27/2009 21:07:22 AESCN.DLL : 8.1.2.3 127347 Bytes 5/14/2009 16:02:02 AERDL.DLL : 8.1.1.3 438645 Bytes 10/29/2008 23:24:42 AEPACK.DLL : 8.1.3.18 401783 Bytes 5/27/2009 21:07:22 AEOFFICE.DLL : 8.1.0.36 196987 Bytes 2/27/2009 01:01:58 AEHEUR.DLL : 8.1.0.129 1761655 Bytes 5/14/2009 16:02:02 AEHELP.DLL : 8.1.2.2 119158 Bytes 5/29/2009 18:51:16 AEGEN.DLL : 8.1.1.44 348532 Bytes 5/14/2009 16:02:02 AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 19:32:40 AECORE.DLL : 8.1.6.12 180599 Bytes 5/27/2009 21:07:22 AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 19:32:40 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 13:48:00 AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 15:32:16 AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 19:34:30 AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 15:32:10 AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 20:05:42 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 15:37:10 SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 20:03:50 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 13:21:34 NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 15:32:12 RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 20:40:00 RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 15:19:50 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, Process scan........................: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Deviating risk categories...........: +APPL,+GAME,+JOKE,+SPR, Start of the scan: Monday, June 29, 2009 11:11 Starting search for hidden objects. c:\winnt\ [iNFO] The file is not visible. [NOTE] A backup was created as '4ab6db72.qua' ( QUARANTINE ) '57584' objects were checked, '1' hidden objects were found. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'taskmgr.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '0' Module(s) have been scanned Scan process 'directcd.exe' - '1' Module(s) have been scanned Scan process 'mad.exe' - '1' Module(s) have been scanned Scan process 'cctray.exe' - '1' Module(s) have been scanned Scan process 'CAVRID.exe' - '1' Module(s) have been scanned Scan process 'devldr32.exe' - '1' Module(s) have been scanned Scan process 'Explorer.EXE' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'mspmspsv.exe' - '1' Module(s) have been scanned Scan process 'WinMgmt.exe' - '1' Module(s) have been scanned Scan process 'wanmpsvc.exe' - '1' Module(s) have been scanned Scan process 'VetMsg.exe' - '1' Module(s) have been scanned Scan process 'stisvc.exe' - '1' Module(s) have been scanned Scan process 'RxMon.exe' - '1' Module(s) have been scanned Scan process 'MSTask.exe' - '1' Module(s) have been scanned Scan process 'regsvc.exe' - '1' Module(s) have been scanned Scan process 'OWASTSVR.EXE' - '1' Module(s) have been scanned Scan process 'TNSLSNR.exe' - '1' Module(s) have been scanned Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned Scan process 'LogWatNT.exe' - '1' Module(s) have been scanned Scan process 'jqs.exe' - '1' Module(s) have been scanned Scan process 'IntuitUpdateSer' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'CTsvcCDA.exe' - '1' Module(s) have been scanned Scan process 'ISafe.exe' - '1' Module(s) have been scanned Scan process 'mDNSResponder.e' - '1' Module(s) have been scanned Scan process 'sched.exe' - '0' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 35 processes with 35 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '65' files ). Starting the file scan: Begin scan in 'C:\' <DRV2_VOL1> C:\pagefile.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. C:\dist1.exe [DETECTION] Contains recognition pattern of the DR/Dldr.Agent.43 dropper C:\HXDLAZWM.exe [DETECTION] Contains recognition pattern of the ADSPY/HelpExpress adware or spyware C:\install_beakan01.exe --> Object [DETECTION] Contains a recognition pattern of the (harmful) BDS/PuriSCA.1 back-door program C:\superbarinstaller_wildmedia.exe [DETECTION] Contains recognition pattern of the ADSPY/GigatechSuperBar.A.3 adware or spyware C:\KeenValueInstall_with_track_117.exe [DETECTION] Is the TR/Dldr.Keenval.M.2 Trojan C:\TTIL_StarBlaster.exe [DETECTION] Contains recognition pattern of the ADSPY/eZula.A.11 adware or spyware C:\ss_IGN7_setup.exe [DETECTION] Contains recognition pattern of the DR/SideSearch.L dropper C:\winupdt2.exe [DETECTION] Contains recognition pattern of the DR/Dldr.TargetSoft.A.1 dropper C:\winTemp3c.exe [DETECTION] Contains recognition pattern of the DR/Dldr.VB.FJ dropper C:\WINNT\install044.exe [DETECTION] Is the TR/SecndThought.C.4 Trojan C:\WINNT\VerifierPolicy.exe [DETECTION] Contains recognition pattern of the ADSPY/Agent.BN.2 adware or spyware C:\WINNT\SYSTEM32\msmljp.dll [DETECTION] Contains recognition pattern of the ADSPY/WebSearch.BB.7 adware or spyware C:\WINNT\SYSTEM32\msiaih.dll [DETECTION] Contains recognition pattern of the ADSPY/Ipend.A adware or spyware C:\WINNT\SYSTEM32\msmene.dll [DETECTION] Contains recognition pattern of the ADSPY/WebSearch.BB.4 adware or spyware C:\WINNT\SYSTEM32\BPV2p.dll [DETECTION] Contains recognition pattern of the ADSPY/Getup.C.8 adware or spyware C:\WINNT\SYSTEM32\setup_silent_17307.exe [DETECTION] Contains recognition pattern of the DR/MDH.A.1 dropper C:\WINNT\SYSTEM32\winbpupd.exe [DETECTION] Contains recognition pattern of the ADSPY/WurldMedia adware or spyware C:\WINNT\SYSTEM32\mobupd.exe [DETECTION] Contains recognition pattern of the DR/WurldMedia.H.1 dropper C:\WINNT\SYSTEM32\mo030414s.dll [DETECTION] Contains recognition pattern of the ADSPY/WurldMedi.C.3 adware or spyware C:\WINNT\SYSTEM32\DRIVERS\sptd.sys [WARNING] The file could not be opened! C:\WINNT\SYSTEM32\msdrives\driverpp.sys [DETECTION] Is the TR/Rootkit.Gen Trojan C:\WINNT\Vbox\Installers\Symantec_Norton Antivirus 2002 for Windows_8.0_en-us(1)\Support\LUpdate\LUSETUP.EXE [0] Archive type: CAB SFX (self extracting) --> \S32LUWI1.DLL [WARNING] No further files can be extracted from this archive. The archive will be closed [WARNING] No further files can be extracted from this archive. The archive will be closed C:\WINNT\Temporary Internet Files\Content.IE5\KBU3Q947\AppWrap[1].exe --> Object [DETECTION] Contains recognition pattern of the DR/Small.OF.F dropper C:\Documents and Settings\Default User\My Documents\Data\all_files4b.exe [DETECTION] Contains recognition pattern of the DR/Scapur.G.3 dropper C:\Documents and Settings\Default User\My Documents\Data\MemoryWatcher.exe [DETECTION] Contains recognition pattern of the DR/Dldr.VB.Q.2 dropper C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4b.exe [DETECTION] Contains recognition pattern of the DR/Scapur.G.3 dropper C:\Documents and Settings\Default User\My Documents\Data\Data\MemoryWatcher.exe [DETECTION] Contains recognition pattern of the DR/Dldr.VB.Q.2 dropper C:\Documents and Settings\All Users\Start Menu\Programs\ActualSpy\ActualSpy.exe [DETECTION] Contains recognition pattern of the SPR/ActualSpy.CE program C:\Documents and Settings\Administrator\Application Data\poker.exe [DETECTION] Is the TR/Dldr.Malwar.AI Trojan C:\Documents and Settings\Administrator\.jpi_cache\jar\1.0\cnte-dhncgts.jar-1c71cb5c-60cb950a.zip [0] Archive type: ZIP --> BnnnnBaa.class [DETECTION] Is the TR/Java.Downloader.Gen Trojan --> VaannnaaBaa.class [DETECTION] Is the TR/ClassLoader Trojan --> Dnnny.class [DETECTION] Contains recognition pattern of the JAVA/Exploit.Bytverify.5 Java virus --> Bnnnnn.class [DETECTION] Is the TR/Java.ClassLoader.AS Trojan --> Den.class [DETECTION] Is the TR/Exploit.Bytverify Trojan --> Din.class [DETECTION] Is the TR/Exploit.Bytverify.A Trojan --> Dun.class [DETECTION] Is the TR/Exploit.Bytverify.B Trojan C:\Documents and Settings\mike\My Documents\Data\MemoryWatcher.exe [DETECTION] Contains recognition pattern of the DR/Dldr.VB.Q.2 dropper C:\Documents and Settings\mike\My Documents\Data\all_files4b.exe [DETECTION] Contains recognition pattern of the DR/Scapur.G.3 dropper C:\Documents and Settings\mike\My Documents\Data\Data\MemoryWatcher.exe [DETECTION] Contains recognition pattern of the DR/Dldr.VB.Q.2 dropper C:\Documents and Settings\mike\My Documents\Data\Data\all_files4b.exe [DETECTION] Contains recognition pattern of the DR/Scapur.G.3 dropper C:\Documents and Settings\mike2\My Documents\Data\all_files4b.exe [DETECTION] Contains recognition pattern of the DR/Scapur.G.3 dropper C:\Documents and Settings\mike2\My Documents\Data\MemoryWatcher.exe [DETECTION] Contains recognition pattern of the DR/Dldr.VB.Q.2 dropper C:\Documents and Settings\mike2\My Documents\Data\Data\MemoryWatcher.exe [DETECTION] Contains recognition pattern of the DR/Dldr.VB.Q.2 dropper C:\Documents and Settings\mike2\My Documents\Data\Data\all_files4b.exe [DETECTION] Contains recognition pattern of the DR/Scapur.G.3 dropper C:\Documents and Settings\miken\My Documents\Data\MemoryWatcher.exe [DETECTION] Contains recognition pattern of the DR/Dldr.VB.Q.2 dropper C:\Documents and Settings\miken\My Documents\Data\all_files4b.exe [DETECTION] Contains recognition pattern of the DR/Scapur.G.3 dropper C:\Documents and Settings\miken\My Documents\Data\Data\MemoryWatcher.exe [DETECTION] Contains recognition pattern of the DR/Dldr.VB.Q.2 dropper C:\Documents and Settings\miken\My Documents\Data\Data\all_files4b.exe [DETECTION] Contains recognition pattern of the DR/Scapur.G.3 dropper C:\Documents and Settings\mike3\My Documents\Data\MemoryWatcher.exe [DETECTION] Contains recognition pattern of the DR/Dldr.VB.Q.2 dropper C:\Documents and Settings\mike3\My Documents\Data\all_files4b.exe [DETECTION] Contains recognition pattern of the DR/Scapur.G.3 dropper C:\Documents and Settings\mike3\My Documents\Data\Data\MemoryWatcher.exe [DETECTION] Contains recognition pattern of the DR/Dldr.VB.Q.2 dropper C:\Documents and Settings\mike3\My Documents\Data\Data\all_files4b.exe [DETECTION] Contains recognition pattern of the DR/Scapur.G.3 dropper C:\Program Files\Common Files\Microsoft Shared\MSINFO\OFFPROV.EXE [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan C:\Program Files\Common Files\Microsoft Shared\Repostry\REPBROWS.EXE [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan C:\Program Files\Common Files\Microsoft Shared\Repostry\MIGREPV2.EXE [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan C:\Program Files\Microsoft Office\Office\1033\MSOWC.SLL [WARNING] An exception has been identified! [WARNING] In the module 'aecore.dll' an exception occured. Calling the function AVEPROC_TestFile in file: \\?\C:\Program Files\Microsoft Office\Office\1033\MSOWC.SLL Error description:ILLEGAL_INSTRUCTION EAX = 00000001 EBX = 00012000 ECX = 00002020 EDX = 00000001 ESI = 01307008 EDI = 013f4538 EIP = 019227F7 EBP = 000174DC ESP = 0B63E81C Flg = 00010213 CS = 00000023 SS = 0000001B Beginning disinfection: C:\dist1.exe [DETECTION] Contains recognition pattern of the DR/Dldr.Agent.43 dropper [NOTE] The file was moved to '4abbe5bd.qua'! C:\HXDLAZWM.exe [DETECTION] Contains recognition pattern of the ADSPY/HelpExpress adware or spyware [NOTE] The file was moved to '4a8ce5ac.qua'! C:\install_beakan01.exe [NOTE] The file was moved to '4abbe5c2.qua'! C:\superbarinstaller_wildmedia.exe [DETECTION] Contains recognition pattern of the ADSPY/GigatechSuperBar.A.3 adware or spyware [NOTE] The file was moved to '4ab8e5c9.qua'! C:\KeenValueInstall_with_track_117.exe [DETECTION] Is the TR/Dldr.Keenval.M.2 Trojan [NOTE] The file was moved to '4aade5b9.qua'! C:\TTIL_StarBlaster.exe [DETECTION] Contains recognition pattern of the ADSPY/eZula.A.11 adware or spyware [NOTE] The file was moved to '4a91e5a8.qua'! C:\ss_IGN7_setup.exe [DETECTION] Contains recognition pattern of the DR/SideSearch.L dropper [NOTE] The file was moved to '4aa7e5c7.qua'! C:\winupdt2.exe [DETECTION] Contains recognition pattern of the DR/Dldr.TargetSoft.A.1 dropper [NOTE] The file was moved to '4ab6e5bd.qua'! C:\winTemp3c.exe [DETECTION] Contains recognition pattern of the DR/Dldr.VB.FJ dropper [NOTE] The file was moved to '466661ce.qua'! C:\WINNT\install044.exe [DETECTION] Is the TR/SecndThought.C.4 Trojan [NOTE] The file was moved to '466a69fb.qua'! C:\WINNT\VerifierPolicy.exe [DETECTION] Contains recognition pattern of the ADSPY/Agent.BN.2 adware or spyware [NOTE] The file was moved to '4abae5b9.qua'! C:\WINNT\SYSTEM32\msmljp.dll [DETECTION] Contains recognition pattern of the ADSPY/WebSearch.BB.7 adware or spyware [NOTE] The file was moved to '4ab5e5c7.qua'! C:\WINNT\SYSTEM32\msiaih.dll [DETECTION] Contains recognition pattern of the ADSPY/Ipend.A adware or spyware [NOTE] The file was moved to '4ab1e5c7.qua'! C:\WINNT\SYSTEM32\msmene.dll [DETECTION] Contains recognition pattern of the ADSPY/WebSearch.BB.4 adware or spyware [NOTE] The file was moved to '5d1d58d0.qua'! C:\WINNT\SYSTEM32\BPV2p.dll [DETECTION] Contains recognition pattern of the ADSPY/Getup.C.8 adware or spyware [NOTE] The file was moved to '4a9ee5a4.qua'! C:\WINNT\SYSTEM32\setup_silent_17307.exe [DETECTION] Contains recognition pattern of the DR/MDH.A.1 dropper [NOTE] The file was moved to '4abce5b9.qua'! C:\WINNT\SYSTEM32\winbpupd.exe [DETECTION] Contains recognition pattern of the ADSPY/WurldMedia adware or spyware [NOTE] The file was moved to '5d1d31ce.qua'! C:\WINNT\SYSTEM32\mobupd.exe [DETECTION] Contains recognition pattern of the DR/WurldMedia.H.1 dropper [NOTE] The file was moved to '4aaae5c3.qua'! C:\WINNT\SYSTEM32\mo030414s.dll [DETECTION] Contains recognition pattern of the ADSPY/WurldMedi.C.3 adware or spyware [NOTE] The file was moved to '4a78e5c3.qua'! C:\WINNT\SYSTEM32\msdrives\driverpp.sys [DETECTION] Is the TR/Rootkit.Gen Trojan [NOTE] TR/Rootkit.Gen:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\driverpp] [NOTE] TR/Rootkit.Gen:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_driverpp] [NOTE] The file was moved to '4ab1e5c6.qua'! C:\WINNT\Temporary Internet Files\Content.IE5\KBU3Q947\AppWrap[1].exe [NOTE] The file was moved to '4ab8e5c4.qua'! C:\Documents and Settings\Default User\My Documents\Data\all_files4b.exe [DETECTION] Contains recognition pattern of the DR/Scapur.G.3 dropper [NOTE] The file was moved to '4ab4e5c0.qua'! C:\Documents and Settings\Default User\My Documents\Data\MemoryWatcher.exe [DETECTION] Contains recognition pattern of the DR/Dldr.VB.Q.2 dropper [NOTE] The file was moved to '4ab5e5ba.qua'! C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4b.exe [DETECTION] Contains recognition pattern of the DR/Scapur.G.3 dropper [NOTE] The file was moved to '4ab4e5c1.qua'! C:\Documents and Settings\Default User\My Documents\Data\Data\MemoryWatcher.exe [DETECTION] Contains recognition pattern of the DR/Dldr.VB.Q.2 dropper [NOTE] The file was moved to '46667853.qua'! C:\Documents and Settings\All Users\Start Menu\Programs\ActualSpy\ActualSpy.exe [DETECTION] Contains recognition pattern of the SPR/ActualSpy.CE program [NOTE] The file was moved to '4abce5b8.qua'! C:\Documents and Settings\Administrator\Application Data\poker.exe [DETECTION] Is the TR/Dldr.Malwar.AI Trojan [NOTE] The file was moved to '4ab3e5c4.qua'! C:\Documents and Settings\Administrator\.jpi_cache\jar\1.0\cnte-dhncgts.jar-1c71cb5c-60cb950a.zip [NOTE] The file was moved to '4abce5c3.qua'! C:\Documents and Settings\mike\My Documents\Data\MemoryWatcher.exe [DETECTION] Contains recognition pattern of the DR/Dldr.VB.Q.2 dropper [NOTE] The file was moved to '5d07e69b.qua'! C:\Documents and Settings\mike\My Documents\Data\all_files4b.exe [DETECTION] Contains recognition pattern of the DR/Scapur.G.3 dropper [NOTE] The file was moved to '528cdd9a.qua'! C:\Documents and Settings\mike\My Documents\Data\Data\MemoryWatcher.exe [DETECTION] Contains recognition pattern of the DR/Dldr.VB.Q.2 dropper [NOTE] The file was moved to '5d00ffc3.qua'! C:\Documents and Settings\mike\My Documents\Data\Data\all_files4b.exe [DETECTION] Contains recognition pattern of the DR/Scapur.G.3 dropper [NOTE] The file was moved to '5d041e9a.qua'! C:\Documents and Settings\mike2\My Documents\Data\all_files4b.exe [DETECTION] Contains recognition pattern of the DR/Scapur.G.3 dropper [NOTE] The file was moved to '5d07ef2a.qua'! C:\Documents and Settings\mike2\My Documents\Data\MemoryWatcher.exe [DETECTION] Contains recognition pattern of the DR/Dldr.VB.Q.2 dropper [NOTE] The file was moved to '5d03c7fb.qua'! C:\Documents and Settings\mike2\My Documents\Data\Data\MemoryWatcher.exe [DETECTION] Contains recognition pattern of the DR/Dldr.VB.Q.2 dropper [NOTE] The file was moved to '5d0cdc23.qua'! C:\Documents and Settings\mike2\My Documents\Data\Data\all_files4b.exe [DETECTION] Contains recognition pattern of the DR/Scapur.G.3 dropper [NOTE] The file was moved to '5d03cfca.qua'! C:\Documents and Settings\miken\My Documents\Data\MemoryWatcher.exe [DETECTION] Contains recognition pattern of the DR/Dldr.VB.Q.2 dropper [NOTE] The file was moved to '5d0dd46b.qua'! C:\Documents and Settings\miken\My Documents\Data\all_files4b.exe [DETECTION] Contains recognition pattern of the DR/Scapur.G.3 dropper [NOTE] The file was moved to '5d0ea4a2.qua'! C:\Documents and Settings\miken\My Documents\Data\Data\MemoryWatcher.exe [DETECTION] Contains recognition pattern of the DR/Dldr.VB.Q.2 dropper [NOTE] The file was moved to '4ab5e5bb.qua'! C:\Documents and Settings\miken\My Documents\Data\Data\all_files4b.exe [DETECTION] Contains recognition pattern of the DR/Scapur.G.3 dropper [NOTE] The file was moved to '4ab4e5c2.qua'! C:\Documents and Settings\mike3\My Documents\Data\MemoryWatcher.exe [DETECTION] Contains recognition pattern of the DR/Dldr.VB.Q.2 dropper [NOTE] The file was moved to '5d09b54c.qua'! C:\Documents and Settings\mike3\My Documents\Data\all_files4b.exe [DETECTION] Contains recognition pattern of the DR/Scapur.G.3 dropper [NOTE] The file was moved to '5d0a8543.qua'! C:\Documents and Settings\mike3\My Documents\Data\Data\MemoryWatcher.exe [DETECTION] Contains recognition pattern of the DR/Dldr.VB.Q.2 dropper [NOTE] The file was moved to '5d749264.qua'! C:\Documents and Settings\mike3\My Documents\Data\Data\all_files4b.exe [DETECTION] Contains recognition pattern of the DR/Scapur.G.3 dropper [NOTE] The file was moved to '5d0b8d8b.qua'! C:\Program Files\Common Files\Microsoft Shared\MSINFO\OFFPROV.EXE [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '4a8ee59c.qua'! C:\Program Files\Common Files\Microsoft Shared\Repostry\REPBROWS.EXE [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '4a98e59c.qua'! C:\Program Files\Common Files\Microsoft Shared\Repostry\MIGREPV2.EXE [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '4a8fe5a0.qua'! End of the scan: Monday, June 29, 2009 12:01 Used time: 34:49 Minute(s) The scan has been done completely. 11122 Scanned directories 231906 Files were scanned 46 Viruses and/or unwanted programs were found 7 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 48 Files were moved to quarantine 0 Files were renamed 2 Files cannot be scanned 231851 Files not concerned 2985 Archives were scanned 5 Warnings 49 Notes 57584 Objects were scanned with rootkit scan 1 Hidden objects were found
  11. Ron, I'm stumped again. When I boot that Cd I end up with a screen that has no visual readability at all. It's about 1" tall and almost as wide as the monitor - but just a series of lines, not even anty characters. I've tried every available selection while booting, and none give me a readble GUI. I've looked at the pages you suggested, and even tried to see if I could run in text/command line mode - but typing antivir --help does not give me the options available? (I am even getting the dashes correct by using the "/" character as the pages suggest). So I'm reluctant to try to run the command line "antivir --allfiles -z - ren /mnt/" as one of those pages suggests - I'm not sure what be instructing antivr to do? I'm lost! Matt
  12. RON, NEVER MIND POST ABOVE..I TRIED AN UNFORMATTED CD AND THE AVIRA SOFTWARE BURNED IT - I WAS TRYING WITH A FORMATTED CD (WHICH I THOUGHT WAS THE CORRECT APPROACH) - MY BAD.
  13. Hi Ron, Well, I tried that download. When I click on the ex file, I get a message box from the Avira software that says: "The inserted CD is not writeable" and the "BURN CD" button is not clickable. I clikc the EXIT button. and get a question askin me: "Do you want to save the ISO image in order to burn it using a different CD burning application" I've tried this on 3 different PC's (Windows 2000 and Windows Vista) with the same result. Sorry, but i'm lost again. Matt PS: EDS was a place I used to work - Electronic Data Systems, now owned byHP.
  14. Hi Ron, I went to that site, used my sons PC, and clicked on the DOWNLOAD button on that page. It downloaded a file called avira_antivir_personal_en.exe (not rescuecd.exe). I dowloaded anyway, and clicked on it expecting it would just start burning the CD, or ask me where to install and that I would specify the D: drive, but it just started installing on my son's PC. It then asked us to take the default or custom install wizard for a personal firewall, so I just cancelled out of that setup wizard. But when I clicked on the desktop icon it created, it looked like it was just an antivirus program (not a personal firewall), so I'm a bit confused. rescue_system-common-en.exe SO - I thought I needed to look further for rescuecd.exe) - and I saw a link labeled<< Free Tools List and clicked on that. The DOWNLOAD button there led me to a series of sites, eventually ending on a CNET.com site, but was the same file avira_antivir_personal_en.exe. I looked further donw that page and found links for free tools: Avira AntiVir Removal Tool Avira AntiRootkit Tool Avira Boot Sector Repair Tool Avira UnErase Personal Avira NTFS4DOS Personal Avira AntiVir Rescue System but noe of those were rescuecd.exe either? So I don't know which I was supposed to get that burns a CD when I click on it? THanks, Matt
  15. Hi Ron, I ran CCleaner. The program reported cleaning about 381 MB of unrequired files. I now have about 79GB available. I have not run a defrag in ages, was thinking perhaps I should? Any recommendations? I was wondering, why did you want me to burn Avira Antivir from another PC, vs just downloading it on my PC? The description on the Avira home page seems to indicate its useful for systems that can't be rebooted. I can reboot, but do you think that is where I may have a problem? (I am also not 100% sure my moms PC is virus free, if that is a consideration.) PS: I just noticed your name is Ron Lewis. I used to know a Ron Lewis who worked at EDS. You wouldn't be THAT Ron Lewis, would you? Thanks, Matt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.