Jump to content

Recommended Posts

This is what I posted earlier:

I just download anti-malware, ran a quick scan which removed one registry error. (Also my CA antivirus opened a window and said it deleted 12 viruses - i'm not sure why CA did not see those before?)

Then I tried to run a full scan. It failed when system reported an error with explorere.exe, illegal instructions 0xc000001d at location 0x77fb960. windows 200 froze, and I had to reboot.

Then i tried a 2nd time to run a full scan. This time windows reported that Anti-malware instruction at 0x77fb7964 at 0x00000002 - memory could not be read.

I have had this memory could not be read/written before, usually with IEXPLORE.exe.

I want to get a full scan to eliminate any malware on my pc, and have been following the guide on geekstogo.com, which has running a full scan as part of their process.

thanks,

matt

ps: i do get a buffer overrun, in caissdt.exe, every time I tart windows. I usually just ignore that error message.

AdvanceSetup had me run a 'chkdsk', then informed me to post the HiJackThis log and Anti-Malware logs here.

Here is my HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:13:19 PM, on 6/17/2009

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe

C:\WINNT\System32\CTsvcCDA.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\WINNT\LogWatNT.exe

c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

c:\ora8i\BIN\TNSLSNR.exe

c:\ora8i\bin\ORACLE.EXE

c:\ora8i\BIN\OWASTSVR.EXE

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon.exe

C:\WINNT\system32\stisvc.exe

C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINNT\wanmpsvc.exe

C:\WINNT\Explorer.EXE

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\System32\mspmspsv.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\devldr32.exe

C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE

C:\Program Files\Dell\Resolution Assistant\common\bin\RxUser.exe

C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\WINNT\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\WINNT\system32\taskmgr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\America Online 7.0\waol.exe

C:\WINNT\SYSTEM32\CMD.EXE

C:\WINNT\system32\notepad.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =

http://*.bcbsm.com

O15 - Trusted Zone: http://*.freshchoicetobacco.com

O15 - Trusted Zone: http://www.elink.ibmlink.ibm.com

O15 - Trusted Zone: http://www.investorvillage.com

O15 - Trusted Zone: http://www1.investorvillage.com

O15 - Trusted Zone: http://safety.live.com

O15 - Trusted Zone: http://www.mibcn.com

O15 - Trusted Zone: http://www.novastarmortgage.com

O15 - Trusted Zone: http://www.ryomagazine.com

O15 - Trusted Zone: http://www.universalorlando.com

O15 - Trusted Zone: http://secure.universalstudios.com

O16 - DPF: Microsoft WFC Forms Designer - file://D:\VJ98\wfcforms.cab

O16 - DPF: Visual Studio 6 Extensibility Libraries - file://D:\VJ98\vstudio6.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation

Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -

http://housecall65.trendmicro.com/housecal...ctivex/hcImpl.c

ab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program

Files\Yahoo!\Common\Yinsthelper2007261.dll

O16 - DPF: {38F5F92F-BD40-40DF-A569-6C1FCB638190} (InSPECS3_0 Control) -

http://www.powerleap.com/cab_files/InSPECS3_0.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -

http://a1540.g.akamai.net/7/1540/52/200203...5/us/win/QuickT

imeInstaller.exe

O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) -

http://www.linkedin.com/cab/LinkedInContactFinderControl.cab

O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) -

http://www3.ca.com/securityadvisor/pestscan/pestscan.cab

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) -

http://catalog.update.microsoft.com/v7/sit...gWebControl.cab?

1241481548992

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base

Module) - http://cdn.scan.onecare.live.com/resource/...lscbase1140.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -

http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/windowsupdate/...b_site.cab?1155

667012657

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftupdat...web_site.cab?11

64479759409

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -

http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{434E3AA0-4C69-499E-8446-07DDE38BFF1F}:

NameServer = 205.188.146.145

O17 - HKLM\System\CS2\Services\Tcpip\..\{434E3AA0-4C69-499E-8446-07DDE38BFF1F}:

NameServer = 205.188.146.145

O21 - SSODL: DCOM Server 2234 - {2C1CD3D7-86AC-4068-93BC-A02304BB2234} - (no file)

O21 - SSODL: SvcSys - {D3C785CB-F7A2-4302-A04B-8E2798337045} - (no file)

O21 - SSODL: DCOM Server 37389 - {2C1CD3D7-86AC-4068-93BC-A02304B37389} - (no file)

O22 - SharedTaskScheduler: DCOM Server 2234 - {2C1CD3D7-86AC-4068-93BC-A02304BB2234} -

(no file)

O22 - SharedTaskScheduler: DCOM Server 37389 - {2C1CD3D7-86AC-4068-93BC-A02304B37389} -

(no file)

O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program

Files\Bonjour\mDNSResponder.exe

O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\eTrust Internet Security

Suite\ccprovsp.exe

O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program

Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -

C:\WINNT\System32\CTsvcCDA.exe

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software

Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program

Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner -

C:\WINNT\system32\drivers\KodakCCS.exe (file missing)

O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINNT\LogWatNT.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common

files\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common

Files\Logitech\SrvLnch\SrvLnch.exe

O23 - Service: Oracle%ORACLE_HOME_SERVICE%ClientCache80 - Unknown owner -

C:\ORANT\BIN\ONRSD80.EXE

O23 - Service: Oracleora8iAgent - oracle - c:\ora8i\bin\dbsnmp.exe

O23 - Service: Oracleora8iClientCache - Unknown owner - c:\ora8i\BIN\ONRSD.EXE

O23 - Service: Oracleora8iDataGatherer - Unknown owner - c:\ora8i\bin\vppdc.exe

O23 - Service: Oracleora8iTNSListener - Unknown owner - c:\ora8i\BIN\TNSLSNR.exe

O23 - Service: OracleServiceORA8I - Oracle Corporation - c:\ora8i\bin\ORACLE.EXE

O23 - Service: OracleWebAssistant1 - Oracle Corporation - c:\ora8i\BIN\OWASTSVR.EXE

O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe

O23 - Service: Service Request Monitor - Dell Computer Corporation - C:\Program

Files\Dell\Resolution Assistant\Common\bin\RxMon.exe

O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust

Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program

Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. -

C:\WINNT\wanmpsvc.exe

--

End of file - 13825 bytes

Here is my Anti-Malware log:

Malwarebytes' Anti-Malware 1.38

Database version: 2299

Windows 5.0.2195 Service Pack 4

6/17/2009 6:55:13 PM

mbam-log-2009-06-17 (18-55-13).txt

Scan type: Quick Scan

Objects scanned: 111295

Time elapsed: 11 minute(s), 41 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Hello and Welcome to forums!

Sorry for the delay.

My name is Bio-Hazard and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:

  • I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • I f you don't know or understand something please don't hesitate to ask.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • It is important that you reply to this thread. Do not start a new topic.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Absence of symptoms does not mean that everything is clear.

No Reply Within 5 Days Will Result In Your Topic Being Closed!!

Could you please run Malwarebytes Antimalware quick scan and post that log for me to see.

Turn Off WordWrap

  • Click Start
  • All Programs
  • Accessories
  • Notepad
  • On the menu bar in Notepad select Format
  • Click on WordWrap so it appears unchecked

Could also post a new HijackThis log for me to see.

Link to post
Share on other sites

Hello BioHazard,

Thank you for your assistance.

Here is the Quick Scan log from AntiMalware:

Malwarebytes' Anti-Malware 1.38

Database version: 2299

Windows 5.0.2195 Service Pack 4

6/23/2009 8:54:51 PM

mbam-log-2009-06-23 (20-54-51).txt

Scan type: Quick Scan

Objects scanned: 111284

Time elapsed: 10 minute(s), 47 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

And here is the HiJackThis log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:58:08 PM, on 6/23/2009

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

Running processes:

C:\WINNT\System32\smss.exe

C:\WINNT\system32\winlogon.exe

C:\WINNT\system32\services.exe

C:\WINNT\system32\lsass.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\system32\spoolsv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe

C:\WINNT\System32\CTsvcCDA.exe

C:\WINNT\System32\svchost.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\WINNT\LogWatNT.exe

c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

c:\ora8i\BIN\TNSLSNR.exe

c:\ora8i\bin\ORACLE.EXE

c:\ora8i\BIN\OWASTSVR.EXE

C:\WINNT\system32\regsvc.exe

C:\WINNT\system32\MSTask.exe

C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon.exe

C:\WINNT\system32\stisvc.exe

C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe

C:\WINNT\wanmpsvc.exe

C:\WINNT\System32\WBEM\WinMgmt.exe

C:\WINNT\System32\mspmspsv.exe

C:\WINNT\system32\svchost.exe

C:\WINNT\Explorer.EXE

C:\WINNT\system32\devldr32.exe

C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE

C:\Program Files\Dell\Resolution Assistant\common\bin\RxUser.exe

C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\WINNT\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\CA\eTrust Internet Security Suite\cctray\cctray.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Dell\Resolution Assistant\MotiveAssistant\bin\mad.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINNT\system32\taskmgr.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://*.bcbsm.com

O15 - Trusted Zone: http://*.freshchoicetobacco.com

O15 - Trusted Zone: http://www.elink.ibmlink.ibm.com

O15 - Trusted Zone: http://www.investorvillage.com

O15 - Trusted Zone: http://www1.investorvillage.com

O15 - Trusted Zone: http://safety.live.com

O15 - Trusted Zone: http://www.mibcn.com

O15 - Trusted Zone: http://www.novastarmortgage.com

O15 - Trusted Zone: http://www.ryomagazine.com

O15 - Trusted Zone: http://www.universalorlando.com

O15 - Trusted Zone: http://secure.universalstudios.com

O16 - DPF: Microsoft WFC Forms Designer - file://D:\VJ98\wfcforms.cab

O16 - DPF: Visual Studio 6 Extensibility Libraries - file://D:\VJ98\vstudio6.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper2007261.dll

O16 - DPF: {38F5F92F-BD40-40DF-A569-6C1FCB638190} (InSPECS3_0 Control) - http://www.powerleap.com/cab_files/InSPECS3_0.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200203...meInstaller.exe

O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab

O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www3.ca.com/securityadvisor/pestscan/pestscan.cab

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1241481548992

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase1140.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1155667012657

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1164479759409

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe

O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe

O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINNT\system32\drivers\KodakCCS.exe (file missing)

O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINNT\LogWatNT.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe

O23 - Service: Oracle%ORACLE_HOME_SERVICE%ClientCache80 - Unknown owner - C:\ORANT\BIN\ONRSD80.EXE

O23 - Service: Oracleora8iAgent - oracle - c:\ora8i\bin\dbsnmp.exe

O23 - Service: Oracleora8iClientCache - Unknown owner - c:\ora8i\BIN\ONRSD.EXE

O23 - Service: Oracleora8iDataGatherer - Unknown owner - c:\ora8i\bin\vppdc.exe

O23 - Service: Oracleora8iTNSListener - Unknown owner - c:\ora8i\BIN\TNSLSNR.exe

O23 - Service: OracleServiceORA8I - Oracle Corporation - c:\ora8i\bin\ORACLE.EXE

O23 - Service: OracleWebAssistant1 - Oracle Corporation - c:\ora8i\BIN\OWASTSVR.EXE

O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe

O23 - Service: Service Request Monitor - Dell Computer Corporation - C:\Program Files\Dell\Resolution Assistant\Common\bin\RxMon.exe

O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

--

End of file - 12457 bytes

Thanks for helping me with this,

Matt

Link to post
Share on other sites

Hello!

Sorry for the delay.

What kind of problems are you still having?

ATF-Cleaner

Please download ATF Cleaner by Atribune.

  • Save it to your desktop
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
    If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords please click No at the prompt.
  • Click Exit on the Main menu to close the program.

Kaspersky Online Scan

You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives

    [*]Click on My Computer under Scan.

    [*]Once the scan is complete, it will display the results. Click on View Scan Report.

    [*]You will see a list of infected items there. Click on Save Report As....

    [*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

    [*]Please post this log in your next reply along with a fresh HijackThis log.

random's system information tool (RSIT)

  • Download random's system information tool (RSIT) by random/random from HERE and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt (<<will be maximized)
    • info.txt (<<will be minimized)

    [*]Post both of these logs in your next reply (Sometimes you have to make several post to get the logs posted.)

Logs/Information to Post in Next Reply

Please post the following logs/Information in your reply:

  • Kaspersky Log
  • RSIT Logs,log.txt (<<will be maximized) and info.txt (<<will be minimized)
  • A description of how your computer is behaving
Link to post
Share on other sites

Hello Biohazard,

I seem to get a lot of crashes trying to run applications, and clean up things, which is one of my problems. For example I cannot run A FULL CA AntiVirus Scan. Anti-malware QUICK SCAN now won't work, it ran a few times a few days ago. (Anti-Malware's FULL SCAN has never run on my PC without crashing it). AntiMalware now also freezese my PC, it begins hogging up to 98% of the CPU, and then gets an error that reads "application error, instruction at 0x77fb795a referenced memory at 0x0000ff8b. Memory could not be read".

My PC has just been running bad, crashing on different aplications. I gave up running IExplore.exe and am niw running Firefax, as Iexplore hogs up 98% of the CPU.

I ran the ATF cleaner. It took me 2 attempts because the first time it crashed with an "application error - exception privelege - instruction 0xc0000096 in application 0x130d7310".

Link to post
Share on other sites

Hello Biohazard,

I seem to get a lot of crashes trying to run applications, and clean up things, which is one of my problems. For example I cannot run A FULL CA AntiVirus Scan. Anti-malware QUICK SCAN now won't work, it ran a few times a few days ago. (Anti-Malware's FULL SCAN has never run on my PC without crashing it). AntiMalware now also freezese my PC, it begins hogging up to 98% of the CPU, and then gets an error that reads "application error, instruction at 0x77fb795a referenced memory at 0x0000ff8b. Memory could not be read".

My PC has just been running bad, crashing on different aplications. I gave up running IExplore.exe and am niw running Firefax, as Iexplore hogs up 98% of the CPU.

I ran the ATF cleaner. It took me 2 attempts because the first time it crashed with an "application error - exception privelege - instruction 0xc0000096 in application 0x130d7310".

I went to Kapersky site, and it did not work for me, it said something about "Starting of JAVA applet failed. PLease go online to use this program"

Link to post
Share on other sites

Hello Biohazard,

I seem to get a lot of crashes trying to run applications, and clean up things, which is one of my problems. For example I cannot run A FULL CA AntiVirus Scan. Anti-malware QUICK SCAN now won't work, it ran a few times a few days ago. (Anti-Malware's FULL SCAN has never run on my PC without crashing it). AntiMalware now also freezese my PC, it begins hogging up to 98% of the CPU, and then gets an error that reads "application error, instruction at 0x77fb795a referenced memory at 0x0000ff8b. Memory could not be read".

My PC has just been running bad, crashing on different aplications. I gave up running IExplore.exe and am niw running Firefax, as Iexplore hogs up 98% of the CPU.

I ran the ATF cleaner. It took me 2 attempts because the first time it crashed with an "application error - exception privelege - instruction 0xc0000096 in application 0x130d7310".

I went to Kapersky site, and it did not work for me. It started downloading, after I accepted some security box, but then it crashed woith a Firefox application error. and said there was an unhandled exception at instruction 0x6d423962. memeory could not be read at 0x00000000. or something like that. I then said no to accepting security from Kapersky site, and then the window said something about "Starting of JAVA applet failed. PLease go online to use this program"

Anyways, I keep getting this kind of error trying to run full system scans, sometimes even quickscans in various utilities.

Link to post
Share on other sites

Anyways, I keep getting this kind of error trying to run full system scans, sometimes even quickscans in various utilities.

Well, I am now donwloading Kapersky. I discovered I did not have the latest version of Java Runtime Environment (JRE). I had version 1.5, and i downloaded and installed version 1.6, and the Kapresky antivirus is now downloading to my PC.

Here is the SUN page I visited to VERIFY (tell me) what version of JAVA JRE I had installed:

http://java.com/en/download/installed.jsp

Link to post
Share on other sites

Well, I am now donwloading Kapersky. I discovered I did not have the latest version of Java Runtime Environment (JRE). I had version 1.5, and i downloaded and installed version 1.6, and the Kapresky antivirus is now downloading to my PC.

Here is the SUN page I visited to VERIFY (tell me) what version of JAVA JRE I had installed:

http://java.com/en/download/installed.jsp

So the Kapersky programs download, I click the SCAN CRITICAL AREAS button on the webpage, and the SCAN begins, runs for 10 to 15 minutes, then the PCffreezes up and I have to reboot. The scan had completed a few thousand files, maybe 4% of my hard drive.

This is typical of the problems, along with slow response times, i have with my PC.

Link to post
Share on other sites

  • Root Admin

Hi Matt,

Biohazard has asked me to pitch in and give you a hand.

It looks like you might possibly have either some hardware issues or some infection that is attacking most if not all the tools designed to detect and remove Malware.

Please click on START - RUN and Copy/Paste into the run line. It will not be able to run the check right now but will ask if you want to run it after a restart, press Y and hit enter and then reboot and let it do the disk check.

CMD /K CHKDSK C: /F

Do you have access to another system to burn a CD ?

Link to post
Share on other sites

Hi AdvancedSetup,

Thanks for pitching in to help.

I've done the chkdsk and will reboot in a few minutes.

I do have access to my mom's pc, and she has a CDR. (She has the same DELL system I have). What are you thinking?

I have not in a long time been able to do a full CA AV scan in a long time. (I get a buffer overrun on CAISSDT.exe on startup, so I've been thinking about reinstalling that, but from what I read it seems to be related to the tray icon, not the main scan, but I could be wrong.)

I just started thinking my CPU was getting overwhelmed by the size of the task (120GB hard drive). It seems my CPU goes to 100% a lot. But a majority of the error messages seem to be about memory - could not be read, or, could not be written.

One thing I noticed regarding CPU was that IExplore seemed to go to 98% CPU a lot. So I started using Firefox. But then yesterday I was using Windows Explore.exe looking at my files, and noticed the Favorites tab there, clicked on it, and opened a Yahoo.com window - which I've never done before - I would always click on that 'e' icon to browse the web. Anyway, I noticed that Explorer.exe seems to use a whole lot less CPU than IExplore does. (Is that normal?)

Thanks,

Matt

PS:

Link to post
Share on other sites

  • Root Admin

Did you complete the CHKDSK ? Did you take a look in the Event Logs and see what CHKDSK found?

After that please run the following.

    Download and install CCleaner
  • CCleaner
  • Double-click on the downloaded file "ccsetup220_slim.exe" and install the application.
  • Keep the default installation folder "C:\Program Files\CCleaner"
  • Click finish when done and close ALL PROGRAMS
  • Start the CCleaner program.
  • Click on Registry and Uncheck Registry Integrity so that it does not run (basically the very top, uncheck it)
  • Click on Options - Advanced and Uncheck "Only delete files in Windows Temp folders older than 48 hours"
  • Click back to Cleaner and under SYSTEM uncheck the Memory Dumps and Windows Log Files
  • Click on Run Cleaner button on the bottom right side of the program.
  • Click OK to any prompts

Then try to download and burn this CD from your Mom's PC and run it on your PC.

Avira AntiVir Rescue System

Requires access to a working computer with a CD/DVD burner to create a bootable CD.

  • Download the
    Avira AntiVir Rescue System
    from
    here
  • Place a blank CD in your burner and double-click on the downloaded file named
    rescuecd.exe

  • The program will automatically burn the CD for you.

  • Place the burned CD into the affected computer and start the computer from this CD.

  • On the bottom left side of the screen there are 2 flags. Using your mouse click on the British flag to use English.

  • Click on the
    Configuration
    button.

    • Select
      Scan all files
    • Select
      Try to repair infected files
      and
      Rename files, if they cannot be removed

    • Select
      Scan for dialers

    • Select
      Scan for joke programs (Jokes)

    • Select
      Scan for games

    • Select
      Scan for spyware (SPR)

    [*]
    Click on
    Virus scanner

    [*]
    Click on
    Start scanner
    at the bottom of the screen

    [*]
    Currently the program does not support saving a log. Write down the amount of items for Records, Suspect files, and Warnings

The Avira AntiVir Rescue System is a Linux-based application that allows accessing computers that cannot be booted anymore and is updated several times a day so that the most recent security updates are always available.

Possible solutions to Screen Resolution and other issues

  1. Please see the post
    here
    if you're unable to view the entire screen of Avira.
  2. You can also review this one
    Fixed Rescue CD Resolution Probs with Dell Video

  3. Currently only the German keyboard is supported.
    Command Line not working
    English keyboards require work arounds.

  4. Some computers attempt to mount the floppy even though they don't have one. You may need to go in to the BIOS and disable the floppy drive in order to mount your hard drive for scanning.

Link to post
Share on other sites

Hi advancedsetup,

I ran chkdsk. I had to look around a little to find the EVENT LOGS. I finally found that I have an EVENT VIEWER in Win 2000, so looked at those logs.

The CHKDSK log seemed to be ok, but there were some other log entries there that I'm not sure indicate a problem, or not.

Here are some of the log items I found in EVENT VIEWER:

APPLICATION LOG:

The description for Event ID ( 1 ) in Source ( Bonjour Service ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: mDNSResponder started

I have no idea what Bonjour Service is?

WMI ADAP was unable to process the PerfDisk performance library due to a time violation in the open function

WMI ADAP was unable to load the ASP.NET performance library because it returned invalid data: 0x0

Checking file system on C:

The type of the file system is FAT32.

A disk check has been scheduled.

Windows will now check the disk.

Volume Serial Number is 737F-2973

Windows has checked the file system and found no problem.

117189600 KB total disk space.

2268768 KB in 2655 hidden files.

417504 KB in 12925 folders.

31406784 KB in 139908 files.

83096512 KB are available.

32768 bytes in each allocation unit.

3662175 total allocation units on disk.

2596766 allocation units available on disk.

Windows cannot unload your registry file. If you have a roaming profile, your settings are not replicated. Contact your administrator.

DETAIL - Access is denied. , Build number ((2195)).

SYSTEM LOG ITEMS:

The Bonjour Service service hung on starting.

Application popup: firefox.exe - Application Error : The instruction at "0x6056cec4" referenced memory at "0x0000001a". The memory could not be "read".

I've downloaded CCLEANER.

Under the CLEANER button, and in the APPLICATIONS tab, there are checkmarks next to items like ADOBE ACROBAT, SUN JAVA, WINZIP, etc.

This CCLEANER program won't delete those APPLICATIONS - will it? (I am guessing it cleans temp data files associated with those applications?) Just want to be sure before I run it. ;-)

I will go to my mom's and put Avira Antivir on a CD.

Thanks,

Matt

Link to post
Share on other sites

  • Root Admin

No it will not delete them. What is does is remove the links to tracks of the program that were recently run by them.

You can uncheck all of those if you like as they're not important to the cleaning process.

The Bonjour Service is part of the Apple iTunes / iPod applications and should have nothing to do with any infection.

Link to post
Share on other sites

Hi Ron,

I ran CCleaner. The program reported cleaning about 381 MB of unrequired files.

I now have about 79GB available. I have not run a defrag in ages, was thinking perhaps I should? Any recommendations?

I was wondering, why did you want me to burn Avira Antivir from another PC, vs just downloading it on my PC? The description on the Avira home page seems to indicate its useful for systems that can't be rebooted. I can reboot, but do you think that is where I may have a problem? (I am also not 100% sure my moms PC is virus free, if that is a consideration.)

PS: I just noticed your name is Ron Lewis. I used to know a Ron Lewis who worked at EDS. You wouldn't be THAT Ron Lewis, would you?

Thanks,

Matt

Link to post
Share on other sites

  • Root Admin

I want you to run that because there are many Malware apps that block detection and removal and you were having trouble running just about every thing without having it crash.

Did you get a chance to run it yet? Are you able to run a Quick Scan with MBAM yet after running the Avira boot scanner?

Don't know who EDS is so don't think it was me.

Link to post
Share on other sites

Hi Ron,

I went to that site, used my sons PC, and clicked on the DOWNLOAD button on that page. It downloaded a file called avira_antivir_personal_en.exe (not rescuecd.exe).

I dowloaded anyway, and clicked on it expecting it would just start burning the CD, or ask me where to install and that I would specify the D: drive, but it just started installing on my son's PC.

It then asked us to take the default or custom install wizard for a personal firewall, so I just cancelled out of that setup wizard. But when I clicked on the desktop icon it created, it looked like it was just an antivirus program (not a personal firewall), so I'm a bit confused.

rescue_system-common-en.exe

SO - I thought I needed to look further for rescuecd.exe) - and I saw a link labeled<< Free Tools List and clicked on that. The DOWNLOAD button there led me to a series of sites, eventually ending on a CNET.com site, but was the same file avira_antivir_personal_en.exe.

I looked further donw that page and found links for free tools:

Avira AntiVir Removal Tool

Avira AntiRootkit Tool

Avira Boot Sector Repair Tool

Avira UnErase Personal

Avira NTFS4DOS Personal

Avira AntiVir Rescue System

but noe of those were rescuecd.exe either?

So I don't know which I was supposed to get that burns a CD when I click on it?

THanks,

Matt

Link to post
Share on other sites

Hi Ron,

Well, I tried that download. When I click on the ex file, I get a message box from the Avira software that says:

"The inserted CD is not writeable" and the "BURN CD" button is not clickable. I clikc the EXIT button. and get a question askin me:

"Do you want to save the ISO image in order to burn it using a different CD burning application"

I've tried this on 3 different PC's (Windows 2000 and Windows Vista) with the same result.

Sorry, but i'm lost again.

Matt

PS: EDS was a place I used to work - Electronic Data Systems, now owned byHP.

Link to post
Share on other sites

Ron,

I'm stumped again. When I boot that Cd I end up with a screen that has no visual readability at all. It's about 1" tall and almost as wide as the monitor - but just a series of lines, not even anty characters. I've tried every available selection while booting, and none give me a readble GUI.

I've looked at the pages you suggested, and even tried to see if I could run in text/command line mode - but typing antivir --help does not give me the options available? (I am even getting the dashes correct by using the "/" character as the pages suggest). So I'm reluctant to try to run the command line "antivir --allfiles -z - ren /mnt/" as one of those pages suggests - I'm not sure what be instructing antivr to do?

I'm lost!

Matt

Link to post
Share on other sites

  • Root Admin

Well here are some other ones you can take a look at.

LiveCD for Malware and Virus Removal

Here are links to Antivirus vendors that offer free LiveCD or Rescue CD files that are used to boot from for repair if needed.

All of them except Avira are in the ISO image file format. Avira uses an EXE that has built-in CD burning capability.

Avira AntiVir Rescue System

BitDefender LiveCD

Dr Web LiveCD

F-Secure Rescue CD

Kaspersky RescueDisk

For those users that need a FREE utility to properly burn the ISO image

ImgBurn

How to write an image file to a disc with ImgBurn

Link to post
Share on other sites

Hi Ron,

I ran the Avira AntiVir from that other file I downloaded that installs the software on my PC. (I could not get that CD disk to run in my son's Laptop, and that is an Acer with Vista , not a Dell with Win 2000, so I decided to run that Atnivir).

Avira did find 46 items and quarantined them.

I checked all threat categories, except unusual compression. I hope that was correct?

Was running Avira from the desktop as complete as if I had run from the CD?

I then ran Anti-Malware FULL SCAN, and it found nothing.

So what's next?

Below is the report from Avira Antivir:[/u]

Avira AntiVir Personal

Report file date: Monday, June 29, 2009 11:11

Scanning for 1439934 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows 2000

Windows version : (Service Pack 4) [5.0.2195]

Boot mode : Normally booted

Username : SYSTEM

Computer name : D8QX8L01

Version information:

BUILD.DAT : 9.0.0.403 17961 Bytes 6/3/2009 17:05:00

AVSCAN.EXE : 9.0.3.6 466689 Bytes 5/11/2009 14:14:48

AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 15:58:26

LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 16:35:50

LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 15:58:54

ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 17:30:38

ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 01:33:28

ANTIVIR2.VDF : 7.1.4.0 2336768 Bytes 5/20/2009 17:16:40

ANTIVIR3.VDF : 7.1.4.37 382976 Bytes 5/29/2009 17:25:18

Engineversion : 8.2.0.180

AEVDF.DLL : 8.1.1.1 106868 Bytes 4/30/2009 16:52:06

AESCRIPT.DLL : 8.1.2.0 389497 Bytes 5/27/2009 21:07:22

AESCN.DLL : 8.1.2.3 127347 Bytes 5/14/2009 16:02:02

AERDL.DLL : 8.1.1.3 438645 Bytes 10/29/2008 23:24:42

AEPACK.DLL : 8.1.3.18 401783 Bytes 5/27/2009 21:07:22

AEOFFICE.DLL : 8.1.0.36 196987 Bytes 2/27/2009 01:01:58

AEHEUR.DLL : 8.1.0.129 1761655 Bytes 5/14/2009 16:02:02

AEHELP.DLL : 8.1.2.2 119158 Bytes 5/29/2009 18:51:16

AEGEN.DLL : 8.1.1.44 348532 Bytes 5/14/2009 16:02:02

AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 19:32:40

AECORE.DLL : 8.1.6.12 180599 Bytes 5/27/2009 21:07:22

AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 19:32:40

AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 13:48:00

AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 15:32:16

AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 19:34:30

AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 15:32:10

AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 20:05:42

AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 15:37:10

SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 20:03:50

SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 13:21:34

NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 15:32:12

RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 5/15/2009 20:40:00

RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 15:19:50

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp

Logging.............................: low

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:,

Process scan........................: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

Deviating risk categories...........: +APPL,+GAME,+JOKE,+SPR,

Start of the scan: Monday, June 29, 2009 11:11

Starting search for hidden objects.

c:\winnt\

[iNFO] The file is not visible.

[NOTE] A backup was created as '4ab6db72.qua' ( QUARANTINE )

'57584' objects were checked, '1' hidden objects were found.

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'taskmgr.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '0' Module(s) have been scanned

Scan process 'directcd.exe' - '1' Module(s) have been scanned

Scan process 'mad.exe' - '1' Module(s) have been scanned

Scan process 'cctray.exe' - '1' Module(s) have been scanned

Scan process 'CAVRID.exe' - '1' Module(s) have been scanned

Scan process 'devldr32.exe' - '1' Module(s) have been scanned

Scan process 'Explorer.EXE' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'mspmspsv.exe' - '1' Module(s) have been scanned

Scan process 'WinMgmt.exe' - '1' Module(s) have been scanned

Scan process 'wanmpsvc.exe' - '1' Module(s) have been scanned

Scan process 'VetMsg.exe' - '1' Module(s) have been scanned

Scan process 'stisvc.exe' - '1' Module(s) have been scanned

Scan process 'RxMon.exe' - '1' Module(s) have been scanned

Scan process 'MSTask.exe' - '1' Module(s) have been scanned

Scan process 'regsvc.exe' - '1' Module(s) have been scanned

Scan process 'OWASTSVR.EXE' - '1' Module(s) have been scanned

Scan process 'TNSLSNR.exe' - '1' Module(s) have been scanned

Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned

Scan process 'LogWatNT.exe' - '1' Module(s) have been scanned

Scan process 'jqs.exe' - '1' Module(s) have been scanned

Scan process 'IntuitUpdateSer' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'CTsvcCDA.exe' - '1' Module(s) have been scanned

Scan process 'ISafe.exe' - '1' Module(s) have been scanned

Scan process 'mDNSResponder.e' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '0' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

35 processes with 35 modules were scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Starting to scan executable files (registry).

The registry was scanned ( '65' files ).

Starting the file scan:

Begin scan in 'C:\' <DRV2_VOL1>

C:\pagefile.sys

[WARNING] The file could not be opened!

[NOTE] This file is a Windows system file.

[NOTE] This file cannot be opened for scanning.

C:\dist1.exe

[DETECTION] Contains recognition pattern of the DR/Dldr.Agent.43 dropper

C:\HXDLAZWM.exe

[DETECTION] Contains recognition pattern of the ADSPY/HelpExpress adware or spyware

C:\install_beakan01.exe

--> Object

[DETECTION] Contains a recognition pattern of the (harmful) BDS/PuriSCA.1 back-door program

C:\superbarinstaller_wildmedia.exe

[DETECTION] Contains recognition pattern of the ADSPY/GigatechSuperBar.A.3 adware or spyware

C:\KeenValueInstall_with_track_117.exe

[DETECTION] Is the TR/Dldr.Keenval.M.2 Trojan

C:\TTIL_StarBlaster.exe

[DETECTION] Contains recognition pattern of the ADSPY/eZula.A.11 adware or spyware

C:\ss_IGN7_setup.exe

[DETECTION] Contains recognition pattern of the DR/SideSearch.L dropper

C:\winupdt2.exe

[DETECTION] Contains recognition pattern of the DR/Dldr.TargetSoft.A.1 dropper

C:\winTemp3c.exe

[DETECTION] Contains recognition pattern of the DR/Dldr.VB.FJ dropper

C:\WINNT\install044.exe

[DETECTION] Is the TR/SecndThought.C.4 Trojan

C:\WINNT\VerifierPolicy.exe

[DETECTION] Contains recognition pattern of the ADSPY/Agent.BN.2 adware or spyware

C:\WINNT\SYSTEM32\msmljp.dll

[DETECTION] Contains recognition pattern of the ADSPY/WebSearch.BB.7 adware or spyware

C:\WINNT\SYSTEM32\msiaih.dll

[DETECTION] Contains recognition pattern of the ADSPY/Ipend.A adware or spyware

C:\WINNT\SYSTEM32\msmene.dll

[DETECTION] Contains recognition pattern of the ADSPY/WebSearch.BB.4 adware or spyware

C:\WINNT\SYSTEM32\BPV2p.dll

[DETECTION] Contains recognition pattern of the ADSPY/Getup.C.8 adware or spyware

C:\WINNT\SYSTEM32\setup_silent_17307.exe

[DETECTION] Contains recognition pattern of the DR/MDH.A.1 dropper

C:\WINNT\SYSTEM32\winbpupd.exe

[DETECTION] Contains recognition pattern of the ADSPY/WurldMedia adware or spyware

C:\WINNT\SYSTEM32\mobupd.exe

[DETECTION] Contains recognition pattern of the DR/WurldMedia.H.1 dropper

C:\WINNT\SYSTEM32\mo030414s.dll

[DETECTION] Contains recognition pattern of the ADSPY/WurldMedi.C.3 adware or spyware

C:\WINNT\SYSTEM32\DRIVERS\sptd.sys

[WARNING] The file could not be opened!

C:\WINNT\SYSTEM32\msdrives\driverpp.sys

[DETECTION] Is the TR/Rootkit.Gen Trojan

C:\WINNT\Vbox\Installers\Symantec_Norton Antivirus 2002 for Windows_8.0_en-us(1)\Support\LUpdate\LUSETUP.EXE

[0] Archive type: CAB SFX (self extracting)

--> \S32LUWI1.DLL

[WARNING] No further files can be extracted from this archive. The archive will be closed

[WARNING] No further files can be extracted from this archive. The archive will be closed

C:\WINNT\Temporary Internet Files\Content.IE5\KBU3Q947\AppWrap[1].exe

--> Object

[DETECTION] Contains recognition pattern of the DR/Small.OF.F dropper

C:\Documents and Settings\Default User\My Documents\Data\all_files4b.exe

[DETECTION] Contains recognition pattern of the DR/Scapur.G.3 dropper

C:\Documents and Settings\Default User\My Documents\Data\MemoryWatcher.exe

[DETECTION] Contains recognition pattern of the DR/Dldr.VB.Q.2 dropper

C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4b.exe

[DETECTION] Contains recognition pattern of the DR/Scapur.G.3 dropper

C:\Documents and Settings\Default User\My Documents\Data\Data\MemoryWatcher.exe

[DETECTION] Contains recognition pattern of the DR/Dldr.VB.Q.2 dropper

C:\Documents and Settings\All Users\Start Menu\Programs\ActualSpy\ActualSpy.exe

[DETECTION] Contains recognition pattern of the SPR/ActualSpy.CE program

C:\Documents and Settings\Administrator\Application Data\poker.exe

[DETECTION] Is the TR/Dldr.Malwar.AI Trojan

C:\Documents and Settings\Administrator\.jpi_cache\jar\1.0\cnte-dhncgts.jar-1c71cb5c-60cb950a.zip

[0] Archive type: ZIP

--> BnnnnBaa.class

[DETECTION] Is the TR/Java.Downloader.Gen Trojan

--> VaannnaaBaa.class

[DETECTION] Is the TR/ClassLoader Trojan

--> Dnnny.class

[DETECTION] Contains recognition pattern of the JAVA/Exploit.Bytverify.5 Java virus

--> Bnnnnn.class

[DETECTION] Is the TR/Java.ClassLoader.AS Trojan

--> Den.class

[DETECTION] Is the TR/Exploit.Bytverify Trojan

--> Din.class

[DETECTION] Is the TR/Exploit.Bytverify.A Trojan

--> Dun.class

[DETECTION] Is the TR/Exploit.Bytverify.B Trojan

C:\Documents and Settings\mike\My Documents\Data\MemoryWatcher.exe

[DETECTION] Contains recognition pattern of the DR/Dldr.VB.Q.2 dropper

C:\Documents and Settings\mike\My Documents\Data\all_files4b.exe

[DETECTION] Contains recognition pattern of the DR/Scapur.G.3 dropper

C:\Documents and Settings\mike\My Documents\Data\Data\MemoryWatcher.exe

[DETECTION] Contains recognition pattern of the DR/Dldr.VB.Q.2 dropper

C:\Documents and Settings\mike\My Documents\Data\Data\all_files4b.exe

[DETECTION] Contains recognition pattern of the DR/Scapur.G.3 dropper

C:\Documents and Settings\mike2\My Documents\Data\all_files4b.exe

[DETECTION] Contains recognition pattern of the DR/Scapur.G.3 dropper

C:\Documents and Settings\mike2\My Documents\Data\MemoryWatcher.exe

[DETECTION] Contains recognition pattern of the DR/Dldr.VB.Q.2 dropper

C:\Documents and Settings\mike2\My Documents\Data\Data\MemoryWatcher.exe

[DETECTION] Contains recognition pattern of the DR/Dldr.VB.Q.2 dropper

C:\Documents and Settings\mike2\My Documents\Data\Data\all_files4b.exe

[DETECTION] Contains recognition pattern of the DR/Scapur.G.3 dropper

C:\Documents and Settings\miken\My Documents\Data\MemoryWatcher.exe

[DETECTION] Contains recognition pattern of the DR/Dldr.VB.Q.2 dropper

C:\Documents and Settings\miken\My Documents\Data\all_files4b.exe

[DETECTION] Contains recognition pattern of the DR/Scapur.G.3 dropper

C:\Documents and Settings\miken\My Documents\Data\Data\MemoryWatcher.exe

[DETECTION] Contains recognition pattern of the DR/Dldr.VB.Q.2 dropper

C:\Documents and Settings\miken\My Documents\Data\Data\all_files4b.exe

[DETECTION] Contains recognition pattern of the DR/Scapur.G.3 dropper

C:\Documents and Settings\mike3\My Documents\Data\MemoryWatcher.exe

[DETECTION] Contains recognition pattern of the DR/Dldr.VB.Q.2 dropper

C:\Documents and Settings\mike3\My Documents\Data\all_files4b.exe

[DETECTION] Contains recognition pattern of the DR/Scapur.G.3 dropper

C:\Documents and Settings\mike3\My Documents\Data\Data\MemoryWatcher.exe

[DETECTION] Contains recognition pattern of the DR/Dldr.VB.Q.2 dropper

C:\Documents and Settings\mike3\My Documents\Data\Data\all_files4b.exe

[DETECTION] Contains recognition pattern of the DR/Scapur.G.3 dropper

C:\Program Files\Common Files\Microsoft Shared\MSINFO\OFFPROV.EXE

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

C:\Program Files\Common Files\Microsoft Shared\Repostry\REPBROWS.EXE

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

C:\Program Files\Common Files\Microsoft Shared\Repostry\MIGREPV2.EXE

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

C:\Program Files\Microsoft Office\Office\1033\MSOWC.SLL

[WARNING] An exception has been identified!

[WARNING] In the module 'aecore.dll' an exception occured.

Calling the function AVEPROC_TestFile in file: \\?\C:\Program Files\Microsoft Office\Office\1033\MSOWC.SLL

Error description:ILLEGAL_INSTRUCTION

EAX = 00000001 EBX = 00012000

ECX = 00002020 EDX = 00000001

ESI = 01307008 EDI = 013f4538

EIP = 019227F7 EBP = 000174DC

ESP = 0B63E81C Flg = 00010213

CS = 00000023 SS = 0000001B

Beginning disinfection:

C:\dist1.exe

[DETECTION] Contains recognition pattern of the DR/Dldr.Agent.43 dropper

[NOTE] The file was moved to '4abbe5bd.qua'!

C:\HXDLAZWM.exe

[DETECTION] Contains recognition pattern of the ADSPY/HelpExpress adware or spyware

[NOTE] The file was moved to '4a8ce5ac.qua'!

C:\install_beakan01.exe

[NOTE] The file was moved to '4abbe5c2.qua'!

C:\superbarinstaller_wildmedia.exe

[DETECTION] Contains recognition pattern of the ADSPY/GigatechSuperBar.A.3 adware or spyware

[NOTE] The file was moved to '4ab8e5c9.qua'!

C:\KeenValueInstall_with_track_117.exe

[DETECTION] Is the TR/Dldr.Keenval.M.2 Trojan

[NOTE] The file was moved to '4aade5b9.qua'!

C:\TTIL_StarBlaster.exe

[DETECTION] Contains recognition pattern of the ADSPY/eZula.A.11 adware or spyware

[NOTE] The file was moved to '4a91e5a8.qua'!

C:\ss_IGN7_setup.exe

[DETECTION] Contains recognition pattern of the DR/SideSearch.L dropper

[NOTE] The file was moved to '4aa7e5c7.qua'!

C:\winupdt2.exe

[DETECTION] Contains recognition pattern of the DR/Dldr.TargetSoft.A.1 dropper

[NOTE] The file was moved to '4ab6e5bd.qua'!

C:\winTemp3c.exe

[DETECTION] Contains recognition pattern of the DR/Dldr.VB.FJ dropper

[NOTE] The file was moved to '466661ce.qua'!

C:\WINNT\install044.exe

[DETECTION] Is the TR/SecndThought.C.4 Trojan

[NOTE] The file was moved to '466a69fb.qua'!

C:\WINNT\VerifierPolicy.exe

[DETECTION] Contains recognition pattern of the ADSPY/Agent.BN.2 adware or spyware

[NOTE] The file was moved to '4abae5b9.qua'!

C:\WINNT\SYSTEM32\msmljp.dll

[DETECTION] Contains recognition pattern of the ADSPY/WebSearch.BB.7 adware or spyware

[NOTE] The file was moved to '4ab5e5c7.qua'!

C:\WINNT\SYSTEM32\msiaih.dll

[DETECTION] Contains recognition pattern of the ADSPY/Ipend.A adware or spyware

[NOTE] The file was moved to '4ab1e5c7.qua'!

C:\WINNT\SYSTEM32\msmene.dll

[DETECTION] Contains recognition pattern of the ADSPY/WebSearch.BB.4 adware or spyware

[NOTE] The file was moved to '5d1d58d0.qua'!

C:\WINNT\SYSTEM32\BPV2p.dll

[DETECTION] Contains recognition pattern of the ADSPY/Getup.C.8 adware or spyware

[NOTE] The file was moved to '4a9ee5a4.qua'!

C:\WINNT\SYSTEM32\setup_silent_17307.exe

[DETECTION] Contains recognition pattern of the DR/MDH.A.1 dropper

[NOTE] The file was moved to '4abce5b9.qua'!

C:\WINNT\SYSTEM32\winbpupd.exe

[DETECTION] Contains recognition pattern of the ADSPY/WurldMedia adware or spyware

[NOTE] The file was moved to '5d1d31ce.qua'!

C:\WINNT\SYSTEM32\mobupd.exe

[DETECTION] Contains recognition pattern of the DR/WurldMedia.H.1 dropper

[NOTE] The file was moved to '4aaae5c3.qua'!

C:\WINNT\SYSTEM32\mo030414s.dll

[DETECTION] Contains recognition pattern of the ADSPY/WurldMedi.C.3 adware or spyware

[NOTE] The file was moved to '4a78e5c3.qua'!

C:\WINNT\SYSTEM32\msdrives\driverpp.sys

[DETECTION] Is the TR/Rootkit.Gen Trojan

[NOTE] TR/Rootkit.Gen:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\driverpp]

[NOTE] TR/Rootkit.Gen:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_driverpp]

[NOTE] The file was moved to '4ab1e5c6.qua'!

C:\WINNT\Temporary Internet Files\Content.IE5\KBU3Q947\AppWrap[1].exe

[NOTE] The file was moved to '4ab8e5c4.qua'!

C:\Documents and Settings\Default User\My Documents\Data\all_files4b.exe

[DETECTION] Contains recognition pattern of the DR/Scapur.G.3 dropper

[NOTE] The file was moved to '4ab4e5c0.qua'!

C:\Documents and Settings\Default User\My Documents\Data\MemoryWatcher.exe

[DETECTION] Contains recognition pattern of the DR/Dldr.VB.Q.2 dropper

[NOTE] The file was moved to '4ab5e5ba.qua'!

C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4b.exe

[DETECTION] Contains recognition pattern of the DR/Scapur.G.3 dropper

[NOTE] The file was moved to '4ab4e5c1.qua'!

C:\Documents and Settings\Default User\My Documents\Data\Data\MemoryWatcher.exe

[DETECTION] Contains recognition pattern of the DR/Dldr.VB.Q.2 dropper

[NOTE] The file was moved to '46667853.qua'!

C:\Documents and Settings\All Users\Start Menu\Programs\ActualSpy\ActualSpy.exe

[DETECTION] Contains recognition pattern of the SPR/ActualSpy.CE program

[NOTE] The file was moved to '4abce5b8.qua'!

C:\Documents and Settings\Administrator\Application Data\poker.exe

[DETECTION] Is the TR/Dldr.Malwar.AI Trojan

[NOTE] The file was moved to '4ab3e5c4.qua'!

C:\Documents and Settings\Administrator\.jpi_cache\jar\1.0\cnte-dhncgts.jar-1c71cb5c-60cb950a.zip

[NOTE] The file was moved to '4abce5c3.qua'!

C:\Documents and Settings\mike\My Documents\Data\MemoryWatcher.exe

[DETECTION] Contains recognition pattern of the DR/Dldr.VB.Q.2 dropper

[NOTE] The file was moved to '5d07e69b.qua'!

C:\Documents and Settings\mike\My Documents\Data\all_files4b.exe

[DETECTION] Contains recognition pattern of the DR/Scapur.G.3 dropper

[NOTE] The file was moved to '528cdd9a.qua'!

C:\Documents and Settings\mike\My Documents\Data\Data\MemoryWatcher.exe

[DETECTION] Contains recognition pattern of the DR/Dldr.VB.Q.2 dropper

[NOTE] The file was moved to '5d00ffc3.qua'!

C:\Documents and Settings\mike\My Documents\Data\Data\all_files4b.exe

[DETECTION] Contains recognition pattern of the DR/Scapur.G.3 dropper

[NOTE] The file was moved to '5d041e9a.qua'!

C:\Documents and Settings\mike2\My Documents\Data\all_files4b.exe

[DETECTION] Contains recognition pattern of the DR/Scapur.G.3 dropper

[NOTE] The file was moved to '5d07ef2a.qua'!

C:\Documents and Settings\mike2\My Documents\Data\MemoryWatcher.exe

[DETECTION] Contains recognition pattern of the DR/Dldr.VB.Q.2 dropper

[NOTE] The file was moved to '5d03c7fb.qua'!

C:\Documents and Settings\mike2\My Documents\Data\Data\MemoryWatcher.exe

[DETECTION] Contains recognition pattern of the DR/Dldr.VB.Q.2 dropper

[NOTE] The file was moved to '5d0cdc23.qua'!

C:\Documents and Settings\mike2\My Documents\Data\Data\all_files4b.exe

[DETECTION] Contains recognition pattern of the DR/Scapur.G.3 dropper

[NOTE] The file was moved to '5d03cfca.qua'!

C:\Documents and Settings\miken\My Documents\Data\MemoryWatcher.exe

[DETECTION] Contains recognition pattern of the DR/Dldr.VB.Q.2 dropper

[NOTE] The file was moved to '5d0dd46b.qua'!

C:\Documents and Settings\miken\My Documents\Data\all_files4b.exe

[DETECTION] Contains recognition pattern of the DR/Scapur.G.3 dropper

[NOTE] The file was moved to '5d0ea4a2.qua'!

C:\Documents and Settings\miken\My Documents\Data\Data\MemoryWatcher.exe

[DETECTION] Contains recognition pattern of the DR/Dldr.VB.Q.2 dropper

[NOTE] The file was moved to '4ab5e5bb.qua'!

C:\Documents and Settings\miken\My Documents\Data\Data\all_files4b.exe

[DETECTION] Contains recognition pattern of the DR/Scapur.G.3 dropper

[NOTE] The file was moved to '4ab4e5c2.qua'!

C:\Documents and Settings\mike3\My Documents\Data\MemoryWatcher.exe

[DETECTION] Contains recognition pattern of the DR/Dldr.VB.Q.2 dropper

[NOTE] The file was moved to '5d09b54c.qua'!

C:\Documents and Settings\mike3\My Documents\Data\all_files4b.exe

[DETECTION] Contains recognition pattern of the DR/Scapur.G.3 dropper

[NOTE] The file was moved to '5d0a8543.qua'!

C:\Documents and Settings\mike3\My Documents\Data\Data\MemoryWatcher.exe

[DETECTION] Contains recognition pattern of the DR/Dldr.VB.Q.2 dropper

[NOTE] The file was moved to '5d749264.qua'!

C:\Documents and Settings\mike3\My Documents\Data\Data\all_files4b.exe

[DETECTION] Contains recognition pattern of the DR/Scapur.G.3 dropper

[NOTE] The file was moved to '5d0b8d8b.qua'!

C:\Program Files\Common Files\Microsoft Shared\MSINFO\OFFPROV.EXE

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] The file was moved to '4a8ee59c.qua'!

C:\Program Files\Common Files\Microsoft Shared\Repostry\REPBROWS.EXE

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] The file was moved to '4a98e59c.qua'!

C:\Program Files\Common Files\Microsoft Shared\Repostry\MIGREPV2.EXE

[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[NOTE] The file was moved to '4a8fe5a0.qua'!

End of the scan: Monday, June 29, 2009 12:01

Used time: 34:49 Minute(s)

The scan has been done completely.

11122 Scanned directories

231906 Files were scanned

46 Viruses and/or unwanted programs were found

7 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

48 Files were moved to quarantine

0 Files were renamed

2 Files cannot be scanned

231851 Files not concerned

2985 Archives were scanned

5 Warnings

49 Notes

57584 Objects were scanned with rootkit scan

1 Hidden objects were found

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.