Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Trojan Horse SHeur.DKL

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby Perkypen » August 5th, 2007, 3:39 pm

Okay here is the combofix log.

ComboFix 07-08-03.2 - "Owner" 2007-08-05 10:43:56.3 [GMT -4:00] - NTFS
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.True
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\ipxokbro.dll


((((((((((((((((((((((((( Files Created from 2007-07-05 to 2007-08-05 )))))))))))))))))))))))))))))))


2007-08-03 23:29 <DIR> d-------- C:\DOCUME~1\Owner\DoctorWeb
2007-08-03 20:07 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-08-02 19:13 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-01 19:39 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\vlc
2007-08-01 19:38 <DIR> d-------- C:\Program Files\VideoLAN
2007-07-23 10:40 <DIR> d-------- C:\Program Files\Kaplan
2007-07-22 19:33 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-07-17 16:49 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-17 16:49 208,248 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-17 16:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-07-16 08:42 <DIR> d-------- C:\Program Files\iTunes
2007-07-15 11:15 <DIR> d-------- C:\ARENA
2007-07-14 19:46 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-07-14 19:42 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-07-10 11:10 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\WinRAR
2007-07-08 00:38 83,552 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll
2007-07-08 00:38 63,040 --a------ C:\WINDOWS\system32\LMIinit.dll
2007-07-08 00:38 46,112 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2007-07-08 00:38 26,176 --a------ C:\WINDOWS\system32\LMIport.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-03 23:21 63 --a------ C:\WINDOWS\popcinfo.dat
2007-08-03 06:57 --------- d-------- C:\Program Files\MSN Messenger
2007-08-01 20:46 40452 --a------ C:\WINDOWS\system32\upsexcmd.dll
2007-08-01 06:49 --------- d-------- C:\Program Files\Viewpoint
2007-08-01 06:45 --------- d-------- C:\Program Files\PokerStars
2007-07-30 20:43 --------- d-------- C:\Program Files\Common Files\Ahead
2007-07-24 17:02 --------- d-------- C:\Program Files\TaxCut06
2007-07-24 17:01 --------- d-------- C:\Program Files\Yahoo!
2007-07-24 17:01 --------- d-------- C:\Program Files\Trillian
2007-07-24 16:48 --------- d-------- C:\Program Files\Activision Value
2007-07-24 16:43 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-24 14:12 --------- d-------- C:\Program Files\Google
2007-07-17 16:45 --------- d-------- C:\Program Files\Microsoft Works
2007-07-16 08:42 --------- d-------- C:\Program Files\iPod
2007-07-16 08:35 --------- d-------- C:\Program Files\QuickTime
2007-07-13 13:52 12 --a------ C:\WINDOWS\Recorder.dat
2007-07-09 11:53 --------- d-------- C:\Program Files\Apple Software Update
2007-07-08 01:03 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\uTorrent
2007-07-01 00:21 --------- d-------- C:\Program Files\BitComet
2007-07-01 00:09 --------- d-------- C:\Program Files\Common Files\Apple
2007-06-29 10:51 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Real
2007-06-27 19:05 972072 --a------ C:\WINDOWS\UNNeroMediaHome.exe
2007-06-27 10:12 3755 --a------ C:\WINDOWS\mozver.dat
2007-06-27 10:12 --------- d-------- C:\Program Files\DivX
2007-06-27 09:55 --------- d-------- C:\DOCUME~1\Owner\APPLIC~1\Ahead
2007-06-27 08:47 --------- d-------- C:\Program Files\Conquer 2.0
2007-06-27 06:58 --------- d-------- C:\Program Files\Nero
2007-06-27 06:44 --------- d-------- C:\Program Files\Ahead
2007-06-26 14:12 972072 --a------ C:\WINDOWS\UNNeroVision.exe
2007-06-16 22:35 --------- d-------- C:\Program Files\Audible
2007-05-25 15:22 24000 --a------ C:\WINDOWS\system32\lmimirr.dll
2007-05-25 15:22 10304 --a------ C:\WINDOWS\system32\lmimirr2.dll
2007-05-16 11:12 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 11:12 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 11:12 683520 --a--c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 11:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 11:12 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 11:12 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-08 05:24 3583488 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll
2006-03-12 12:31 154 --a------ C:\DOCUME~1\Owner\APPLIC~1\wklnhst.dat


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-04-10 09:57]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 09:18]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-24 14:12]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 17:17]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-10-24 17:10]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-05-25 15:22 63040 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Audible Download Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk
backup=C:\WINDOWS\pss\Audible Download Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^DotColor.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\DotColor.lnk
backup=C:\WINDOWS\pss\DotColor.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
"C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
C:\WINDOWS\system32\WLTRAY

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1138249094\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
C:\Program Files\McAfee.com\VSO\oasclnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
"C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
%WINDIR%\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\REGSHAVE]
C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
%WINDIR%\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
C:\Program Files\McAfee.com\VSO\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

R1 Cdr4_xp;Cdr4_xp;C:\WINDOWS\system32\drivers\Cdr4_xp.sys
R2 BTSLBCSP;Bluetooth Port Client Driver;\??\C:\WINDOWS\system32\drivers\btslbcsp.sys
R2 CdaD10BA;CdaD10BA;\??\C:\WINDOWS\system32\drivers\CdaD10BA.SYS
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
R3 CAMCAUD;Conexant AMC Audio;C:\WINDOWS\system32\drivers\camc6aud.sys
R3 CAMCHALA;CAMCHALA;C:\WINDOWS\system32\drivers\camc6hal.sys
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys
R3 lmimirr;lmimirr;C:\WINDOWS\system32\DRIVERS\lmimirr.sys
R3 sdbus;sdbus;C:\WINDOWS\system32\DRIVERS\sdbus.sys
R3 StillCam;Still Serial Digital Camera Driver;C:\WINDOWS\system32\DRIVERS\serscan.sys
R3 SynTP;Synaptics TouchPad Driver;C:\WINDOWS\system32\DRIVERS\SynTP.sys
R3 tifm21;tifm21;C:\WINDOWS\system32\drivers\tifm21.sys
R3 wanatw;WAN Miniport (ATW);C:\WINDOWS\system32\DRIVERS\wanatw4.sys
S2 LMIInfo;LogMeIn Kernel Information Provider;\??\C:\Program Files\LogMeIn\x86\RaInfo.sys
S3 mxnic;Macronix MX987xx Family Fast Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\mxnic.sys
S3 odserv;Microsoft Office Diagnostics Service;"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"
S3 tcpip_patcher;tcpip_patcher;\??\C:\Program Files\Ares\tcpip_patcher.sys
S3 usbsermpt;Motorola USB Modem Driver for MPT;C:\WINDOWS\system32\DRIVERS\usbsermpt.sys


Contents of the 'Scheduled Tasks' folder
2007-07-16 12:30:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-05 14:35:18 C:\WINDOWS\Tasks\User_Feed_Synchronization-{78A2C800-3087-4B74-8AE7-36CBA37B3BB5}.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-05 10:44:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\\24\xe1\21]
"DisplayName"="\x1d10\x21b\x1d10\x21b\1"
"DeviceDesc"="\x1d10\x21b\x1d10\x21b\1"
"ProviderName"="\xfed4\21\xee18\x7c90\xff44\21\b"
"MFG"="\x548"
"ReinstallString"="C:\WINDOWS\System32\ReinstallBackups\\xe114\21\x80\xc010\DriverFiles\.INF"
"DeviceInstanceIds"=str(7):"d:\i386\apps\app22467\sbdrv\smbus\smbusati.inf"

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-05 10:45:10
C:\ComboFix-quarantined-files.txt ... 2007-08-05 10:44
C:\ComboFix2.txt ... 2007-08-05 10:34
C:\ComboFix3.txt ... 2007-08-02 19:18

--- E O F ---


I restarted in Safe Mode to run the Cureit scan. It once again shut itself off after about 5 minutes of scanning. So, I don't have a log from that scan. Let me know if you still want a new HJT log.

Penny
Perkypen
Regular Member
 
Posts: 180
Joined: February 9th, 2005, 12:07 pm
Location: Catawba, NC
Advertisement
Register to Remove

Unread postby silver » August 5th, 2007, 8:56 pm

Hi Perkypen,

When the computer shuts itself off, does the computer shut down as if you pressed Start->Turn Off Computer, or does it turn itself off like when there is a power cut?

Please post a new HijackThis log, also do this:

Check hard drive for errors
  • Select Start->My Computer
  • Right click the icon for the C:\ drive and choose Properties
  • On the Tools tab, click Check Now
  • In the Check Disk dialog box, don't check any boxes and click Start
  • This could take a very long time (hours). Don't attempt to stop the process until it's done. It cannot be stopped except with the power switch.
  • You will see a report when it's done. If it finds no errors it will just notify you that disk check is complete. If it finds errors it will list them.
  • Please make a note of what it reports and post it in your next response


Once complete, please post a new HijackThis log and let me know about the disk check report.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Unread postby Perkypen » August 10th, 2007, 2:55 pm

I don't mean to be impatient, but I was a little concerned that I haven't gotten a reply.
I'm sure there's a good reason, but I really want some help.
If you're looking into it, then please let me know, so I at least know you haven't forgotten about me.
Thank you. :)
Perkypen
Regular Member
 
Posts: 180
Joined: February 9th, 2005, 12:07 pm
Location: Catawba, NC

Unread postby Perkypen » August 10th, 2007, 3:00 pm

I'm sorry, I was looking on the wrong page when looking for your reply and did not see it.

In answer to your question it normally shuts itself off just as if it was a power cut. It has not shut itself off recently, but when it did it also would not start up again for a while. When it finally would restart, if I went to use Mozilla Firefox it would ask if I wanted to restore the session, so it still saved that information if that helps at all.

I'm working on the scan, and I will post that when it is through, I just wanted to apologize for not posting earlier.
Perkypen
Regular Member
 
Posts: 180
Joined: February 9th, 2005, 12:07 pm
Location: Catawba, NC

Unread postby Perkypen » August 10th, 2007, 3:48 pm

The first time I ran the scan it got to Phase 2 and then stopped and an alert box came up saying "Windows was unable to complete the disk check."
The second time it went all the way through the scan, and only took a couple of minutes, but it gave me no report.
The third time it repeated the same thing, by getting to Phase 2 and then saying it could not complete the disk check.
I even tried it a fourth and fifth time. These two times it completed the scan, but gave me no report.
I'm sorry I cannot provide you with that, but here is a new HijackThis log:



Logfile of HijackThis v1.99.1
Scan saved at 3:47:28 PM, on 8/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-U ... E_UNO1.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v45/be ... eweled.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://ez-ftz.webex.com/client/T23L/webex/ieatgpc.cab
O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - http://na.inquiero.com/inquiero/mod/set ... 118_24.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
Perkypen
Regular Member
 
Posts: 180
Joined: February 9th, 2005, 12:07 pm
Location: Catawba, NC

Unread postby silver » August 10th, 2007, 10:05 pm

Hi Perkypen,

The shutdown issue you are describing sounds very much like a hardware problem. It could be that the virus scanning is stressing your system - sustained high CPU and hard drive use - and this is causing the shutdown to occur.

One implication of this, especially since your hard drive could be part of the issue, is that you should consider what important information you have on your computer and make a backup of anything you need to keep.

The best and fastest way to confirm and resolve a potential hardware issue like this is with the help of specialists in the area - for this reason I may refer you to a different forum to get continued help.

Before that however I'd like to get rid of any remaining malware on your system but an antivirus scan is the next step and there are a couple of things we can try:

Try using chkdsk and repairing errors:

Check hard drive for errors
  • Select Start->My Computer
  • Right click the icon for the C:\ drive and choose Properties
  • On the Tools tab, click Check Now
  • In the Check Disk dialog box, check the box marked Automatically fix file system errors and press Start
  • When asked if you want to schedule the disk check for the next reboot, say Yes
  • Now reboot your computer, the disk check should start automatically
  • Please make a note of what it reports and post it in your next response

Once the disk check is complete, please try scanning with Dr Web once more.

If Dr Web completes, please save and post the full log file as per the previous instructions, if however your computer shuts off, please do this to get the partial log file:
Next press Start->Run, copy/paste the following command (it's one long command) into the box and press OK:
cmd /c copy "C:\Documents and Settings\Owner\DoctorWeb\CureIt.log" "%userprofile%\desktop\CureIt.txt"

A file called CureIt.txt should appear on your Desktop, please post a copy of this in your next response.

Once complete, please post any details you have from the disk check, the Dr Web scan log and a new HijackThis log.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Unread postby Perkypen » August 12th, 2007, 11:46 am

The scan goes too fast for me to write it down or remember, and I was wondering if there was a way it could make it's own report?
The scan completes itself without a problem, I just don't have a report to post.

I have not done the other scans yet, I have to go to the store, but when I get back I will post those scans as well.
Perkypen
Regular Member
 
Posts: 180
Joined: February 9th, 2005, 12:07 pm
Location: Catawba, NC

Unread postby silver » August 12th, 2007, 9:30 pm

Hi Perkypen,

The scan goes too fast for me to write it down or remember

Don't worry, if it completes without a problem, then that's fine. Please try scanning with Dr Web again and let me know how it goes.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Unread postby Perkypen » August 13th, 2007, 12:50 pm

The Dr Web scan again cut itself off. It got to about 27% before doing so.


Here are my three attempts from the Run command you gave me:
=============================================================================
Dr.Web(R) Scanner for Windows v4.33.2 (4.33.2.10067)
Copyright (c) Igor Daniloff, 1992-2006
Log generated on: 2007-08-13, 10:56:49 [Owner]
Command-line: "C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\cureit.exe" /lng /ini:cureit_XP.ini
Operating system:Windows XP Home Edition x86 (Build 2600), Service Pack 2
=============================================================================
Engine version: 4.33 (4.33.5.10110)
Engine API version: 2.01
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crwtoday.cdb - 101 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw4339a.cdb - 3494 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw433100.cdb - skipped
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43399.cdb - 2660 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43398.cdb - 1938 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43397.cdb - 3389 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43396.cdb - 4255 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43395.cdb - 1566 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43394.cdb - 3970 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43393.cdb - 2626 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43392.cdb - 1866 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43391.cdb - 4089 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43390.cdb - 2323 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43389.cdb - 1300 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43388.cdb - 2411 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43387.cdb - 1529 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43386.cdb - 1303 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43385.cdb - 1396 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43384.cdb - 2530 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43383.cdb - 3927 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43382.cdb - 1811 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43381.cdb - 1262 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43380.cdb - 906 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43379.cdb - 1485 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43378.cdb - 2545 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43377.cdb - 1030 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43376.cdb - 1390 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43375.cdb - 1633 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43374.cdb - 2090 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43373.cdb - 1252 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43372.cdb - 1289 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43371.cdb - 2370 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43370.cdb - 2022 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43369.cdb - 687 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43368.cdb - 1099 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43367.cdb - 1834 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43366.cdb - 4015 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43365.cdb - 1342 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43364.cdb - 1335 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43363.cdb - 1152 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43362.cdb - 1006 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43361.cdb - 878 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43360.cdb - 988 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43359.cdb - 1205 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43358.cdb - 1139 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43357.cdb - 1302 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43356.cdb - 1332 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43355.cdb - 2456 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43354.cdb - 1283 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43353.cdb - 795 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43352.cdb - 2016 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43351.cdb - 941 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43350.cdb - 1020 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43349.cdb - 1008 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43348.cdb - 1096 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43347.cdb - 707 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43346.cdb - 1428 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43345.cdb - 1358 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43344.cdb - 694 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43343.cdb - 1186 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43342.cdb - 744 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43341.cdb - 841 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43340.cdb - 822 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43339.cdb - 1071 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43338.cdb - 989 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43337.cdb - 855 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43336.cdb - 1297 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43335.cdb - 1195 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43334.cdb - 900 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43333.cdb - 1381 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43332.cdb - 1340 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43331.cdb - 2735 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43330.cdb - 2078 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43329.cdb - 2490 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43328.cdb - 743 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43327.cdb - 958 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43326.cdb - 793 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43325.cdb - 713 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43324.cdb - 655 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43323.cdb - 655 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43322.cdb - 778 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43321.cdb - 846 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43320.cdb - 808 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43319.cdb - 764 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43318.cdb - 838 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43317.cdb - 363 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43316.cdb - 730 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43315.cdb - 627 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43314.cdb - 824 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43313.cdb - 842 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43312.cdb - 830 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43311.cdb - 862 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43310.cdb - 853 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43309.cdb - 733 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43308.cdb - 708 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43307.cdb - 839 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43306.cdb - 930 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43305.cdb - 759 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43304.cdb - 721 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43303.cdb - 638 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43302.cdb - 806 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43301.cdb - 504 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crw43300.cdb - 24 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crwebase.cdb - 78674 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\cwrtoday.cdb - 81 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\cwr43302.cdb - 576 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\cwr43301.cdb - 697 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crwrisky.cdb - 1271 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\cwntoday.cdb - 186 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\cwn43310.cdb - 764 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\cwn43309.cdb - 774 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\cwn43308.cdb - 838 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\cwn43307.cdb - 854 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\cwn43306.cdb - 781 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\cwn43305.cdb - 752 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\cwn43304.cdb - 793 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\cwn43303.cdb - 766 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\cwn43302.cdb - 850 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\cwn43301.cdb - 772 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\crwnasty.cdb - 4867 virus records
Total virus records: 237238
Key file: C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX5\cureit.key
License key number: 0010092936
Registered to: Dr.Web CureIt Project
License key activates: 2007-02-05
License key expires: 2010-02-11

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 0
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 0 Kb/s
Scan time: 00:00:00
-----------------------------------------------------------------------------

[Scan path] c:\documents and settings\all users\start menu\programs\startup\desktop.ini
[Scan path] c:\documents and settings\owner\desktop\cureit(2).exe
[Scan path] c:\documents and settings\owner\local settings\temp\rarsfx5\_start.exe
[Scan path] c:\documents and settings\owner\local settings\temp\rarsfx5\cureit.exe
[Scan path] c:\documents and settings\owner\start menu\programs\startup\desktop.ini
[Scan path] c:\program files\adobe\reader 8.0\reader\reader_sl.exe
[Scan path] c:\program files\aim6\aim6.exe
[Scan path] c:\program files\canon\easy-webprint\ewpbrowseloader.dll
[Scan path] c:\program files\canon\easy-webprint\toolband.dll
[Scan path] c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
[Scan path] c:\program files\common files\adobe\acrobat\activex\pdfshell.dll
[Scan path] c:\program files\common files\ahead\lib\nerocheck.exe
[Scan path] c:\program files\common files\ahead\lib\nerodigitalext.dll
[Scan path] c:\program files\common files\ahead\lib\nmindexingservice.exe
[Scan path] c:\program files\common files\aol\acs\aolacsd.exe
[Scan path] c:\program files\common files\aol\topspeed\2.0\aoltsmon.exe
[Scan path] c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe
[Scan path] c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe
[Scan path] c:\program files\common files\microsoft shared\help\hxds.dll
[Scan path] c:\program files\common files\microsoft shared\information retrieval\msitss.dll
[Scan path] c:\program files\common files\microsoft shared\office11\msoxmlmf.dll
[Scan path] c:\program files\common files\microsoft shared\office12\msoshext.dll
[Scan path] c:\program files\common files\microsoft shared\office12\odserv.exe
[Scan path] c:\program files\common files\microsoft shared\source engine\ose.exe
[Scan path] c:\program files\common files\microsoft shared\web components\11\owc11.dll
[Scan path] c:\program files\common files\microsoft shared\web folders\msonsext.dll
[Scan path] c:\program files\common files\new boundary\prismxl\prismxl.sys
[Scan path] c:\program files\common files\real\update_ob\realsched.exe
[Scan path] c:\program files\common files\system\ole db\oledb32.dll
[Scan path] c:\program files\google\common\google updater\googleupdaterservice.exe
[Scan path] c:\program files\google\google desktop search\googledesktop.exe
[Scan path] c:\program files\google\google desktop search\googledesktopnetwork3.dll
[Scan path] c:\program files\google\googletoolbarnotifier\2.1.615.5858\swg.dll
[Scan path] c:\program files\grisoft\avg7\avgamsvr.exe
[Scan path] c:\program files\grisoft\avg7\avgemc.exe
[Scan path] c:\program files\grisoft\avg7\avgse.dll
[Scan path] c:\program files\grisoft\avg7\avgupsvc.exe
[Scan path] c:\program files\grisoft\avg7\avgw.exe
[Scan path] c:\program files\ipod\bin\ipodservice.exe
[Scan path] c:\program files\itunes\itunesminiplayer.dll
[Scan path] c:\program files\lavasoft\ad-aware 2007\aawservice.exe
[Scan path] c:\program files\messenger\msmsgs.exe
[Scan path] c:\program files\microsoft office\office11\mlshext.dll
[Scan path] c:\program files\microsoft office\office11\msohev.dll
[Scan path] c:\program files\microsoft office\office11\olkfstub.dll
[Scan path] c:\program files\msn messenger\fsshext.8.1.0178.00.dll
[Scan path] c:\program files\msn messenger\msgrapp.8.1.0178.00.dll
[Scan path] c:\program files\msn messenger\usnsvc.exe
[Scan path] c:\program files\nero\nero 7\nero backitup\nbservice.exe
[Scan path] c:\program files\nero\nero 7\nero coverdesigner\coveredextension.dll
[Scan path] c:\program files\outlook express\setup50.exe
[Scan path] c:\program files\outlook express\wabfind.dll
[Scan path] c:\program files\quicktime\qttask.exe
[Scan path] c:\program files\real\realplayer\rpshell.dll
[Scan path] c:\program files\synaptics\syntp\syntpcpl.dll
[Scan path] c:\program files\widcomm\bluetooth software\bin\btwdins.exe
[Scan path] c:\program files\widcomm\bluetooth software\btsendto_ie.htm
[Scan path] c:\program files\windows media player\wmpnetwk.exe
[Scan path] c:\windows\explorer.exe
[Scan path] c:\windows\inf\unregmp2.exe
[Scan path] c:\windows\microsoft.net\framework\v1.1.4322\aspnet_state.exe
[Scan path] c:\windows\msagent\agentpsh.dll
[Scan path] c:\windows\network diagnostic\xpnetdiag.exe
[Scan path] c:\windows\system32\advapi32.dll
[Scan path] c:\windows\system32\advpack.dll
[Scan path] c:\windows\system32\alg.exe
[Scan path] c:\windows\system32\appwiz.cpl
[Scan path] c:\windows\system32\ati2evxx.dll
[Scan path] c:\windows\system32\ati2evxx.exe
[Scan path] c:\windows\system32\audiodev.dll
[Scan path] c:\windows\system32\autochk.exe
[Scan path] c:\windows\system32\bcmwltry.exe
[Scan path] c:\windows\system32\browseui.dll
[Scan path] c:\windows\system32\bthcrp.dll
[Scan path] c:\windows\system32\btneighborhood.dll
[Scan path] c:\windows\system32\cabview.dll
[Scan path] c:\windows\system32\cisvc.exe
[Scan path] c:\windows\system32\clipsrv.exe
[Scan path] c:\windows\system32\cnbjmon.dll
[Scan path] c:\windows\system32\cnmlm61.dll
[Scan path] c:\windows\system32\cnmlm83.dll
[Scan path] c:\windows\system32\comdlg32.dll
[Scan path] c:\windows\system32\crypt32.dll
[Scan path] c:\windows\system32\cryptext.dll
[Scan path] c:\windows\system32\cryptnet.dll
[Scan path] c:\windows\system32\cscdll.dll
[Scan path] c:\windows\system32\cscui.dll
[Scan path] c:\windows\system32\csrss.exe
[Scan path] c:\windows\system32\ctfmon.exe
[Scan path] c:\windows\system32\deskadp.dll
[Scan path] c:\windows\system32\deskmon.dll
[Scan path] c:\windows\system32\deskperf.dll
[Scan path] c:\windows\system32\dfsshlex.dll
[Scan path] c:\windows\system32\diskcopy.dll
[Scan path] c:\windows\system32\dllhost.exe
[Scan path] c:\windows\system32\dmadmin.exe
[Scan path] c:\windows\system32\docprop.dll
[Scan path] c:\windows\system32\docprop2.dll
[Scan path] c:\windows\system32\drivers\abp480n5.sys
[Scan path] c:\windows\system32\drivers\acpi.sys
[Scan path] c:\windows\system32\drivers\acpiec.sys
[Scan path] c:\windows\system32\drivers\adpu160m.sys
[Scan path] c:\windows\system32\drivers\aec.sys
[Scan path] c:\windows\system32\drivers\aegisp.sys
[Scan path] c:\windows\system32\drivers\afd.sys
[Scan path] c:\windows\system32\drivers\agp440.sys
[Scan path] c:\windows\system32\drivers\agpcpq.sys
[Scan path] c:\windows\system32\drivers\aha154x.sys
[Scan path] c:\windows\system32\drivers\aic78u2.sys
[Scan path] c:\windows\system32\drivers\aic78xx.sys
[Scan path] c:\windows\system32\drivers\aliide.sys
[Scan path] c:\windows\system32\drivers\alim1541.sys
[Scan path] c:\windows\system32\drivers\amdagp.sys
[Scan path] c:\windows\system32\drivers\amsint.sys
[Scan path] c:\windows\system32\drivers\arp1394.sys
[Scan path] c:\windows\system32\drivers\asc.sys
[Scan path] c:\windows\system32\drivers\asc3350p.sys
[Scan path] c:\windows\system32\drivers\asc3550.sys
[Scan path] c:\windows\system32\drivers\asyncmac.sys
[Scan path] c:\windows\system32\drivers\atapi.sys
[Scan path] c:\windows\system32\drivers\ati2mtag.sys
[Scan path] c:\windows\system32\drivers\atmarpc.sys
[Scan path] c:\windows\system32\drivers\audstub.sys
[Scan path] c:\windows\system32\drivers\avg7core.sys
[Scan path] c:\windows\system32\drivers\avg7rsw.sys
[Scan path] c:\windows\system32\drivers\avg7rsxp.sys
[Scan path] c:\windows\system32\drivers\avgclean.sys
[Scan path] c:\windows\system32\drivers\avgtdi.sys
[Scan path] c:\windows\system32\drivers\bcmwl5.sys
[Scan path] c:\windows\system32\drivers\btaudio.sys
[Scan path] c:\windows\system32\drivers\btkrnl.sys
[Scan path] c:\windows\system32\drivers\btport.sys
[Scan path] c:\windows\system32\drivers\btserial.sys
[Scan path] c:\windows\system32\drivers\btslbcsp.sys
[Scan path] c:\windows\system32\drivers\btwdndis.sys
[Scan path] c:\windows\system32\drivers\camc6aud.sys
[Scan path] c:\windows\system32\drivers\camc6hal.sys
[Scan path] c:\windows\system32\drivers\cbidf2k.sys
[Scan path] c:\windows\system32\drivers\cd20xrnt.sys
[Scan path] c:\windows\system32\drivers\cdad10ba.sys
[Scan path] c:\windows\system32\drivers\cdrom.sys
[Scan path] c:\windows\system32\drivers\cmbatt.sys
[Scan path] c:\windows\system32\drivers\cmdide.sys
[Scan path] c:\windows\system32\drivers\compbatt.sys
[Scan path] c:\windows\system32\drivers\cpqarray.sys
[Scan path] c:\windows\system32\drivers\dac2w2k.sys
[Scan path] c:\windows\system32\drivers\dac960nt.sys
[Scan path] c:\windows\system32\drivers\disk.sys
[Scan path] c:\windows\system32\drivers\dmboot.sys
[Scan path] c:\windows\system32\drivers\dmio.sys
[Scan path] c:\windows\system32\drivers\dmload.sys
[Scan path] c:\windows\system32\drivers\dmusic.sys
[Scan path] c:\windows\system32\drivers\dpti2o.sys
[Scan path] c:\windows\system32\drivers\drmkaud.sys
[Scan path] c:\windows\system32\drivers\fdc.sys
[Scan path] c:\windows\system32\drivers\flpydisk.sys
[Scan path] c:\windows\system32\drivers\fltmgr.sys
[Scan path] c:\windows\system32\drivers\ftdisk.sys
[Scan path] c:\windows\system32\drivers\gearaspiwdm.sys
[Scan path] c:\windows\system32\drivers\hidusb.sys
[Scan path] c:\windows\system32\drivers\hpn.sys
[Scan path] c:\windows\system32\drivers\hsf_cnxt.sys
[Scan path] c:\windows\system32\drivers\hsf_dpv.sys
[Scan path] c:\windows\system32\drivers\hsfhwati.sys
[Scan path] c:\windows\system32\drivers\http.sys
[Scan path] c:\windows\system32\drivers\i2omp.sys
[Scan path] c:\windows\system32\drivers\i8042prt.sys
[Scan path] c:\windows\system32\drivers\imapi.sys
[Scan path] c:\windows\system32\drivers\ini910u.sys
[Scan path] c:\windows\system32\drivers\intelide.sys
[Scan path] c:\windows\system32\drivers\ip6fw.sys
[Scan path] c:\windows\system32\drivers\ipfltdrv.sys
[Scan path] c:\windows\system32\drivers\ipinip.sys
[Scan path] c:\windows\system32\drivers\ipnat.sys
[Scan path] c:\windows\system32\drivers\ipsec.sys
[Scan path] c:\windows\system32\drivers\irenum.sys
[Scan path] c:\windows\system32\drivers\isapnp.sys
[Scan path] c:\windows\system32\drivers\kbdclass.sys
[Scan path] c:\windows\system32\drivers\kmixer.sys
[Scan path] c:\windows\system32\drivers\lmimirr.sys
[Scan path] c:\windows\system32\drivers\lmirfsdriver.sys
[Scan path] c:\windows\system32\drivers\mdmxsdk.sys
[Scan path] c:\windows\system32\drivers\mouclass.sys
[Scan path] c:\windows\system32\drivers\mouhid.sys
[Scan path] c:\windows\system32\drivers\mraid35x.sys
[Scan path] c:\windows\system32\drivers\mrxdav.sys
[Scan path] c:\windows\system32\drivers\mrxsmb.sys
[Scan path] c:\windows\system32\drivers\msgpc.sys
[Scan path] c:\windows\system32\drivers\mskssrv.sys
[Scan path] c:\windows\system32\drivers\mspclock.sys
[Scan path] c:\windows\system32\drivers\mspqm.sys
[Scan path] c:\windows\system32\drivers\mssmbios.sys
[Scan path] c:\windows\system32\drivers\mxnic.sys
[Scan path] c:\windows\system32\drivers\ndistapi.sys
[Scan path] c:\windows\system32\drivers\ndisuio.sys
[Scan path] c:\windows\system32\drivers\ndiswan.sys
[Scan path] c:\windows\system32\drivers\netbios.sys
[Scan path] c:\windows\system32\drivers\netbt.sys
[Scan path] c:\windows\system32\drivers\nic1394.sys
[Scan path] c:\windows\system32\drivers\nv4_mini.sys
[Scan path] c:\windows\system32\drivers\nwlnkflt.sys
[Scan path] c:\windows\system32\drivers\nwlnkfwd.sys
[Scan path] c:\windows\system32\drivers\ohci1394.sys
[Scan path] c:\windows\system32\drivers\p3.sys
[Scan path] c:\windows\system32\drivers\parport.sys
[Scan path] c:\windows\system32\drivers\pci.sys
[Scan path] c:\windows\system32\drivers\pciide.sys
[Scan path] c:\windows\system32\drivers\pcmcia.sys
[Scan path] c:\windows\system32\drivers\perc2.sys
[Scan path] c:\windows\system32\drivers\perc2hib.sys
[Scan path] c:\windows\system32\drivers\processr.sys
[Scan path] c:\windows\system32\drivers\psched.sys
[Scan path] c:\windows\system32\drivers\ptilink.sys
[Scan path] c:\windows\system32\drivers\ql1080.sys
[Scan path] c:\windows\system32\drivers\ql10wnt.sys
[Scan path] c:\windows\system32\drivers\ql12160.sys
[Scan path] c:\windows\system32\drivers\ql1240.sys
[Scan path] c:\windows\system32\drivers\ql1280.sys
[Scan path] c:\windows\system32\drivers\rasacd.sys
[Scan path] c:\windows\system32\drivers\rasl2tp.sys
[Scan path] c:\windows\system32\drivers\raspppoe.sys
[Scan path] c:\windows\system32\drivers\raspptp.sys
[Scan path] c:\windows\system32\drivers\raspti.sys
[Scan path] c:\windows\system32\drivers\rdbss.sys
[Scan path] c:\windows\system32\drivers\rdpcdd.sys
[Scan path] c:\windows\system32\drivers\rdpdr.sys
[Scan path] c:\windows\system32\drivers\redbook.sys
[Scan path] c:\windows\system32\drivers\sdbus.sys
[Scan path] c:\windows\system32\drivers\secdrv.sys
[Scan path] c:\windows\system32\drivers\serenum.sys
[Scan path] c:\windows\system32\drivers\serial.sys
[Scan path] c:\windows\system32\drivers\serscan.sys
[Scan path] c:\windows\system32\drivers\sisagp.sys
[Scan path] c:\windows\system32\drivers\sparrow.sys
[Scan path] c:\windows\system32\drivers\splitter.sys
[Scan path] c:\windows\system32\drivers\sr.sys
[Scan path] c:\windows\system32\drivers\srv.sys
[Scan path] c:\windows\system32\drivers\swenum.sys
[Scan path] c:\windows\system32\drivers\swmidi.sys
[Scan path] c:\windows\system32\drivers\sym_hi.sys
[Scan path] c:\windows\system32\drivers\sym_u3.sys
[Scan path] c:\windows\system32\drivers\symc810.sys
[Scan path] c:\windows\system32\drivers\symc8xx.sys
[Scan path] c:\windows\system32\drivers\syntp.sys
[Scan path] c:\windows\system32\drivers\sysaudio.sys
[Scan path] c:\windows\system32\drivers\tcpip.sys
[Scan path] c:\windows\system32\drivers\termdd.sys
[Scan path] c:\windows\system32\drivers\tifm21.sys
[Scan path] c:\windows\system32\drivers\tmcomm.sys
[Scan path] c:\windows\system32\drivers\toside.sys
[Scan path] c:\windows\system32\drivers\ultra.sys
[Scan path] c:\windows\system32\drivers\update.sys
[Scan path] c:\windows\system32\drivers\usbccgp.sys
[Scan path] c:\windows\system32\drivers\usbehci.sys
[Scan path] c:\windows\system32\drivers\usbhub.sys
[Scan path] c:\windows\system32\drivers\usbohci.sys
[Scan path] c:\windows\system32\drivers\usbprint.sys
[Scan path] c:\windows\system32\drivers\usbscan.sys
[Scan path] c:\windows\system32\drivers\usbsermpt.sys
[Scan path] c:\windows\system32\drivers\usbstor.sys
[Scan path] c:\windows\system32\drivers\usbuhci.sys
[Scan path] c:\windows\system32\drivers\vga.sys
[Scan path] c:\windows\system32\drivers\viaagp.sys
[Scan path] c:\windows\system32\drivers\viaide.sys
[Scan path] c:\windows\system32\drivers\wanarp.sys
[Scan path] c:\windows\system32\drivers\wanatw4.sys
[Scan path] c:\windows\system32\drivers\wdmaud.sys
[Scan path] c:\windows\system32\drivers\wpdusb.sys
[Scan path] c:\windows\system32\drivers\wudfpf.sys
[Scan path] c:\windows\system32\drivers\wudfrd.sys
[Scan path] c:\windows\system32\drivers\yk51x86.sys
[Scan path] c:\windows\system32\dskquoui.dll
[Scan path] c:\windows\system32\dsquery.dll
[Scan path] c:\windows\system32\dssec.dll
[Scan path] c:\windows\system32\dsuiext.dll
[Scan path] c:\windows\system32\extmgr.dll
[Scan path] c:\windows\system32\fontext.dll
[Scan path] c:\windows\system32\gdi32.dll
[Scan path] c:\windows\system32\hptcpmon.dll
[Scan path] c:\windows\system32\hpz3l3xu.dll
[Scan path] c:\windows\system32\hpzipm12.exe
[Scan path] c:\windows\system32\hticons.dll
[Scan path] c:\windows\system32\icmui.dll
[Scan path] c:\windows\system32\ie4uinit.exe
[Scan path] c:\windows\system32\iedkcs32.dll
[Scan path] c:\windows\system32\ieframe.dll
[Scan path] c:\windows\system32\ieudinit.exe
[Scan path] c:\windows\system32\imagehlp.dll
[Scan path] c:\windows\system32\imapi.exe
[Scan path] c:\windows\system32\inetcomm.dll
[Scan path] c:\windows\system32\itss.dll
[Scan path] c:\windows\system32\kerberos.dll
[Scan path] c:\windows\system32\kernel32.dll
[Scan path] c:\windows\system32\lmiinit.dll
[Scan path] c:\windows\system32\lmiport.dll
[Scan path] c:\windows\system32\localspl.dll
[Scan path] c:\windows\system32\locator.exe
[Scan path] c:\windows\system32\logonui.exe
[Scan path] c:\windows\system32\lsass.exe
[Scan path] c:\windows\system32\lsdelete.exe
[Scan path] c:\windows\system32\lz32.dll
[Scan path] c:\windows\system32\mdimon.dll
[Scan path] c:\windows\system32\mmcshext.dll
[Scan path] c:\windows\system32\mmsys.cpl
[Scan path] c:\windows\system32\mnmsrvc.exe
[Scan path] c:\windows\system32\mscoree.dll
[Scan path] c:\windows\system32\mscories.dll
[Scan path] c:\windows\system32\msdtc.exe
[Scan path] c:\windows\system32\mshtml.dll
[Scan path] c:\windows\system32\msieftp.dll
[Scan path] c:\windows\system32\msiexec.exe
[Scan path] c:\windows\system32\mstask.dll
[Scan path] c:\windows\system32\msv1_0.dll
[Scan path] c:\windows\system32\msvidctl.dll
[Scan path] c:\windows\system32\mswsock.dll
[Scan path] c:\windows\system32\mydocs.dll
[Scan path] c:\windows\system32\netdde.exe
[Scan path] c:\windows\system32\netplwiz.dll
[Scan path] c:\windows\system32\netshell.dll
[Scan path] c:\windows\system32\ntlanui2.dll
[Scan path] c:\windows\system32\ntsd.exe
[Scan path] c:\windows\system32\ntshrui.dll
[Scan path] c:\windows\system32\occache.dll
[Scan path] c:\windows\system32\ole32.dll
[Scan path] c:\windows\system32\oleaut32.dll
[Scan path] c:\windows\system32\olecli32.dll
[Scan path] c:\windows\system32\olecnv32.dll
[Scan path] c:\windows\system32\olesvr32.dll
[Scan path] c:\windows\system32\olethk32.dll
[Scan path] c:\windows\system32\photowiz.dll
[Scan path] c:\windows\system32\pjlmon.dll
[Scan path] c:\windows\system32\printui.dll
[Scan path] c:\windows\system32\regsvr32.exe
[Scan path] c:\windows\system32\remotepg.dll
[Scan path] c:\windows\system32\rpcrt4.dll
[Scan path] c:\windows\system32\rpcss.dll
[Scan path] c:\windows\system32\rshx32.dll
[Scan path] c:\windows\system32\rsvp.exe
[Scan path] c:\windows\system32\rsvpsp.dll
[Scan path] c:\windows\system32\rundll32.exe
[Scan path] c:\windows\system32\scardsvr.exe
[Scan path] c:\windows\system32\scecli.dll
[Scan path] c:\windows\system32\schannel.dll
[Scan path] c:\windows\system32\sclgntfy.dll
[Scan path] c:\windows\system32\sendmail.dll
[Scan path] c:\windows\system32\services.exe
[Scan path] c:\windows\system32\sessmgr.exe
[Scan path] c:\windows\system32\shdocvw.dll
[Scan path] c:\windows\system32\shell32.dll
[Scan path] c:\windows\system32\shellvrtf.dll
[Scan path] c:\windows\system32\shimgvw.dll
[Scan path] c:\windows\system32\shmedia.dll
[Scan path] c:\windows\system32\shmgrate.exe
[Scan path] c:\windows\system32\shscrap.dll
[Scan path] c:\windows\system32\slayerxp.dll
[Scan path] c:\windows\system32\smlogsvc.exe
[Scan path] c:\windows\system32\smss.exe
[Scan path] c:\windows\system32\spoolsv.exe
[Scan path] c:\windows\system32\stobject.dll
[Scan path] c:\windows\system32\svchost.exe
[Scan path] c:\windows\system32\syncui.dll
[Scan path] c:\windows\system32\tcpmon.dll
[Scan path] c:\windows\system32\themeui.dll
[Scan path] c:\windows\system32\twext.dll
[Scan path] c:\windows\system32\ups.exe
[Scan path] c:\windows\system32\url.dll
[Scan path] c:\windows\system32\urlmon.dll
[Scan path] c:\windows\system32\usbmon.dll
[Scan path] c:\windows\system32\user32.dll
[Scan path] c:\windows\system32\version.dll
[Scan path] c:\windows\system32\vssvc.exe
[Scan path] c:\windows\system32\wbem\wmiapsrv.exe
[Scan path] c:\windows\system32\wdigest.dll
[Scan path] c:\windows\system32\webcheck.dll
[Scan path] c:\windows\system32\wgalogon.dll
[Scan path] c:\windows\system32\wiascr.dll
[Scan path] c:\windows\system32\wiashext.dll
[Scan path] c:\windows\system32\wininet.dll
[Scan path] c:\windows\system32\winlogon.exe
[Scan path] c:\windows\system32\wldap32.dll
[Scan path] c:\windows\system32\wlnotify.dll
[Scan path] c:\windows\system32\wltrysvc.exe
[Scan path] c:\windows\system32\wmpshell.dll
[Scan path] c:\windows\system32\wpdshext.dll
[Scan path] c:\windows\system32\wpdshserviceobj.dll
[Scan path] c:\windows\system32\wshext.dll
[Scan path] c:\windows\system32\wuaucpl.cpl
[Scan path] c:\windows\system32\zipfldr.dll
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 390
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 1267 Kb/s
Scan time: 00:01:31
-----------------------------------------------------------------------------

[Scan path] C:\
C:\Documents and Settings\NetworkService\NTUSER.DAT - read error
C:\Documents and Settings\NetworkService\NTUSER~1.LOG - read error
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
C:\Documents and Settings\Owner\NTUSER.DAT - read error
C:\Documents and Settings\Owner\NTUSER~1.LOG - read error

Invalid path to file C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\l3luel3abe@hotmail.com\SharingMetadata\nolanhester@hotmail.com\DFSR\Staging\CS{274F0357-95AD-8C2F-84E6-F296EBDFC36F}\01\17-{274F0357-95AD-8C2F-84E6-F296EBDFC36F}-v1-{8FB7D829-BF4B-426B-B136-37228687F1D2}-v17-Downloaded.frx
Invalid path to file C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\l3luel3abe@hotmail.com\SharingMetadata\nolanhester@hotmail.com\DFSR\Staging\CS{274F0357-95AD-8C2F-84E6-F296EBDFC36F}\11\12-{B4129939-D8FB-4C15-8F5B-ACF523F0D3E3}-v11-{B4129939-D8FB-4C15-8F5B-ACF523F0D3E3}-v12-Downloaded.frx
Invalid path to file C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\l3luel3abe@hotmail.com\SharingMetadata\techsupportnerd@hotmail.com\DFSR\Staging\CS{19B761B1-97B7-09DA-E6FF-BC0D5F821263}\01\10-{19B761B1-97B7-09DA-E6FF-BC0D5F821263}-v1-{8FB7D829-BF4B-426B-B136-37228687F1D2}-v10-Downloaded.frx
Invalid path to file C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\l3luel3abe@hotmail.com\SharingMetadata\techsupportnerd@hotmail.com\DFSR\Staging\CS{19B761B1-97B7-09DA-E6FF-BC0D5F821263}\11\11-{8FB7D829-BF4B-426B-B136-37228687F1D2}-v11-{8FB7D829-BF4B-426B-B136-37228687F1D2}-v11-Downloaded.frx
Invalid path to file C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\l3luel3abe@hotmail.com\SharingMetadata\techsupportnerd@hotmail.com\DFSR\Staging\CS{19B761B1-97B7-09DA-E6FF-BC0D5F821263}\12\12-{8FB7D829-BF4B-426B-B136-37228687F1D2}-v12-{8FB7D829-BF4B-426B-B136-37228687F1D2}-v12-Downloaded.frx
Invalid path to file C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\l3luel3abe@hotmail.com\SharingMetadata\techsupportnerd@hotmail.com\DFSR\Staging\CS{19B761B1-97B7-09DA-E6FF-BC0D5F821263}\13\13-{8FB7D829-BF4B-426B-B136-37228687F1D2}-v13-{8FB7D829-BF4B-426B-B136-37228687F1D2}-v13-Downloaded.frx
Invalid path to file C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\l3luel3abe@hotmail.com\SharingMetadata\techsupportnerd@hotmail.com\DFSR\Staging\CS{19B761B1-97B7-09DA-E6FF-BC0D5F821263}\14\14-{8FB7D829-BF4B-426B-B136-37228687F1D2}-v14-{8FB7D829-BF4B-426B-B136-37228687F1D2}-v14-Downloaded.frx
Invalid path to file C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\l3luel3abe@hotmail.com\SharingMetadata\techsupportnerd@hotmail.com\DFSR\Staging\CS{19B761B1-97B7-09DA-E6FF-BC0D5F821263}\15\15-{8FB7D829-BF4B-426B-B136-37228687F1D2}-v15-{8FB7D829-BF4B-426B-B136-37228687F1D2}-v15-Downloaded.frx
Invalid path to file C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\l3luel3abe@hotmail.com\SharingMetadata\techsupportnerd@hotmail.com\DFSR\Staging\CS{19B761B1-97B7-09DA-E6FF-BC0D5F821263}\16\16-{8FB7D829-BF4B-426B-B136-37228687F1D2}-v16-{8FB7D829-BF4B-426B-B136-37228687F1D2}-v16-Downloaded.frx
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
=============================================================================
Dr.Web(R) Scanner for Windows v4.33.2 (4.33.2.10067)
Copyright (c) Igor Daniloff, 1992-2006
Log generated on: 2007-08-13, 11:23:56 [Owner]
Command-line: "C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\cureit.exe" /lng /ini:cureit_XP.ini
Operating system:Windows XP Home Edition x86 (Build 2600), Service Pack 2
=============================================================================
Engine version: 4.33 (4.33.5.10110)
Engine API version: 2.01
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crwtoday.cdb - 101 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw4339a.cdb - 3494 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw433100.cdb - skipped
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43399.cdb - 2660 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43398.cdb - 1938 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43397.cdb - 3389 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43396.cdb - 4255 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43395.cdb - 1566 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43394.cdb - 3970 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43393.cdb - 2626 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43392.cdb - 1866 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43391.cdb - 4089 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43390.cdb - 2323 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43389.cdb - 1300 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43388.cdb - 2411 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43387.cdb - 1529 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43386.cdb - 1303 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43385.cdb - 1396 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43384.cdb - 2530 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43383.cdb - 3927 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43382.cdb - 1811 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43381.cdb - 1262 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43380.cdb - 906 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43379.cdb - 1485 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43378.cdb - 2545 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43377.cdb - 1030 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43376.cdb - 1390 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43375.cdb - 1633 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43374.cdb - 2090 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43373.cdb - 1252 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43372.cdb - 1289 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43371.cdb - 2370 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43370.cdb - 2022 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43369.cdb - 687 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43368.cdb - 1099 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43367.cdb - 1834 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43366.cdb - 4015 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43365.cdb - 1342 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43364.cdb - 1335 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43363.cdb - 1152 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43362.cdb - 1006 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43361.cdb - 878 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43360.cdb - 988 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43359.cdb - 1205 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43358.cdb - 1139 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43357.cdb - 1302 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43356.cdb - 1332 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43355.cdb - 2456 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43354.cdb - 1283 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43353.cdb - 795 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43352.cdb - 2016 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43351.cdb - 941 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43350.cdb - 1020 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43349.cdb - 1008 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43348.cdb - 1096 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43347.cdb - 707 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43346.cdb - 1428 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43345.cdb - 1358 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43344.cdb - 694 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43343.cdb - 1186 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43342.cdb - 744 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43341.cdb - 841 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43340.cdb - 822 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43339.cdb - 1071 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43338.cdb - 989 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43337.cdb - 855 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43336.cdb - 1297 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43335.cdb - 1195 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43334.cdb - 900 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43333.cdb - 1381 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43332.cdb - 1340 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43331.cdb - 2735 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43330.cdb - 2078 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43329.cdb - 2490 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43328.cdb - 743 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43327.cdb - 958 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43326.cdb - 793 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43325.cdb - 713 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43324.cdb - 655 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43323.cdb - 655 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43322.cdb - 778 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43321.cdb - 846 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43320.cdb - 808 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43319.cdb - 764 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43318.cdb - 838 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43317.cdb - 363 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43316.cdb - 730 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43315.cdb - 627 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43314.cdb - 824 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43313.cdb - 842 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43312.cdb - 830 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43311.cdb - 862 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43310.cdb - 853 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43309.cdb - 733 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43308.cdb - 708 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43307.cdb - 839 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43306.cdb - 930 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43305.cdb - 759 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43304.cdb - 721 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43303.cdb - 638 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43302.cdb - 806 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43301.cdb - 504 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crw43300.cdb - 24 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crwebase.cdb - 78674 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\cwrtoday.cdb - 81 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\cwr43302.cdb - 576 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\cwr43301.cdb - 697 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crwrisky.cdb - 1271 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\cwntoday.cdb - 186 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\cwn43310.cdb - 764 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\cwn43309.cdb - 774 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\cwn43308.cdb - 838 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\cwn43307.cdb - 854 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\cwn43306.cdb - 781 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\cwn43305.cdb - 752 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\cwn43304.cdb - 793 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\cwn43303.cdb - 766 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\cwn43302.cdb - 850 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\cwn43301.cdb - 772 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\crwnasty.cdb - 4867 virus records
Total virus records: 237238
Key file: C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX6\cureit.key
License key number: 0010092936
Registered to: Dr.Web CureIt Project
License key activates: 2007-02-05
License key expires: 2010-02-11

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 0
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 0 Kb/s
Scan time: 00:00:00
-----------------------------------------------------------------------------

[Scan path] c:\documents and settings\all users\start menu\programs\startup\desktop.ini
[Scan path] c:\documents and settings\owner\desktop\cureit(2).exe
[Scan path] c:\documents and settings\owner\local settings\temp\rarsfx6\_start.exe
[Scan path] c:\documents and settings\owner\local settings\temp\rarsfx6\cureit.exe
[Scan path] c:\documents and settings\owner\start menu\programs\startup\desktop.ini
[Scan path] c:\program files\adobe\reader 8.0\reader\reader_sl.exe
[Scan path] c:\program files\aim6\aim6.exe
[Scan path] c:\program files\canon\easy-webprint\ewpbrowseloader.dll
[Scan path] c:\program files\canon\easy-webprint\toolband.dll
[Scan path] c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
[Scan path] c:\program files\common files\adobe\acrobat\activex\pdfshell.dll
[Scan path] c:\program files\common files\ahead\lib\nerocheck.exe
[Scan path] c:\program files\common files\ahead\lib\nerodigitalext.dll
[Scan path] c:\program files\common files\ahead\lib\nmindexingservice.exe
[Scan path] c:\program files\common files\aol\acs\aolacsd.exe
[Scan path] c:\program files\common files\aol\topspeed\2.0\aoltsmon.exe
[Scan path] c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe
[Scan path] c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe
[Scan path] c:\program files\common files\microsoft shared\help\hxds.dll
[Scan path] c:\program files\common files\microsoft shared\information retrieval\msitss.dll
[Scan path] c:\program files\common files\microsoft shared\office11\msoxmlmf.dll
[Scan path] c:\program files\common files\microsoft shared\office12\msoshext.dll
[Scan path] c:\program files\common files\microsoft shared\office12\odserv.exe
[Scan path] c:\program files\common files\microsoft shared\source engine\ose.exe
[Scan path] c:\program files\common files\microsoft shared\web components\11\owc11.dll
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 27
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 1958 Kb/s
Scan time: 00:00:11
-----------------------------------------------------------------------------

Scanning interrupted by user! - no viruses found
[Scan path] C:\
C:\Documents and Settings\NetworkService\NTUSER.DAT - read error
C:\Documents and Settings\NetworkService\NTUSER~1.LOG - read error
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
=============================================================================
Dr.Web(R) Scanner for Windows v4.33.2 (4.33.2.10067)
Copyright (c) Igor Daniloff, 1992-2006
Log generated on: 2007-08-13, 11:44:51 [Owner]
Command-line: "C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\cureit.exe" /lng /ini:cureit_XP.ini
Operating system:Windows XP Home Edition x86 (Build 2600), Service Pack 2
=============================================================================
Engine version: 4.33 (4.33.5.10110)
Engine API version: 2.01
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crwtoday.cdb - 101 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw4339a.cdb - 3494 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw433100.cdb - skipped
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43399.cdb - 2660 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43398.cdb - 1938 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43397.cdb - 3389 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43396.cdb - 4255 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43395.cdb - 1566 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43394.cdb - 3970 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43393.cdb - 2626 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43392.cdb - 1866 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43391.cdb - 4089 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43390.cdb - 2323 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43389.cdb - 1300 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43388.cdb - 2411 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43387.cdb - 1529 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43386.cdb - 1303 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43385.cdb - 1396 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43384.cdb - 2530 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43383.cdb - 3927 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43382.cdb - 1811 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43381.cdb - 1262 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43380.cdb - 906 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43379.cdb - 1485 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43378.cdb - 2545 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43377.cdb - 1030 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43376.cdb - 1390 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43375.cdb - 1633 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43374.cdb - 2090 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43373.cdb - 1252 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43372.cdb - 1289 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43371.cdb - 2370 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43370.cdb - 2022 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43369.cdb - 687 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43368.cdb - 1099 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43367.cdb - 1834 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43366.cdb - 4015 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43365.cdb - 1342 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43364.cdb - 1335 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43363.cdb - 1152 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43362.cdb - 1006 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43361.cdb - 878 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43360.cdb - 988 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43359.cdb - 1205 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43358.cdb - 1139 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43357.cdb - 1302 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43356.cdb - 1332 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43355.cdb - 2456 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43354.cdb - 1283 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43353.cdb - 795 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43352.cdb - 2016 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43351.cdb - 941 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43350.cdb - 1020 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43349.cdb - 1008 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43348.cdb - 1096 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43347.cdb - 707 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43346.cdb - 1428 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43345.cdb - 1358 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43344.cdb - 694 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43343.cdb - 1186 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43342.cdb - 744 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43341.cdb - 841 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43340.cdb - 822 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43339.cdb - 1071 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43338.cdb - 989 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43337.cdb - 855 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43336.cdb - 1297 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43335.cdb - 1195 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43334.cdb - 900 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43333.cdb - 1381 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43332.cdb - 1340 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43331.cdb - 2735 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43330.cdb - 2078 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43329.cdb - 2490 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43328.cdb - 743 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43327.cdb - 958 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43326.cdb - 793 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43325.cdb - 713 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43324.cdb - 655 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43323.cdb - 655 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43322.cdb - 778 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43321.cdb - 846 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43320.cdb - 808 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43319.cdb - 764 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43318.cdb - 838 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43317.cdb - 363 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43316.cdb - 730 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43315.cdb - 627 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43314.cdb - 824 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43313.cdb - 842 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43312.cdb - 830 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43311.cdb - 862 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43310.cdb - 853 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43309.cdb - 733 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43308.cdb - 708 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43307.cdb - 839 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43306.cdb - 930 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43305.cdb - 759 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43304.cdb - 721 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43303.cdb - 638 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43302.cdb - 806 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43301.cdb - 504 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crw43300.cdb - 24 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crwebase.cdb - 78674 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\cwrtoday.cdb - 81 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\cwr43302.cdb - 576 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\cwr43301.cdb - 697 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crwrisky.cdb - 1271 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\cwntoday.cdb - 186 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\cwn43310.cdb - 764 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\cwn43309.cdb - 774 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\cwn43308.cdb - 838 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\cwn43307.cdb - 854 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\cwn43306.cdb - 781 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\cwn43305.cdb - 752 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\cwn43304.cdb - 793 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\cwn43303.cdb - 766 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\cwn43302.cdb - 850 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\cwn43301.cdb - 772 virus records
[Virus base] C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\crwnasty.cdb - 4867 virus records
Total virus records: 237238
Key file: C:\DOCUME~1\Owner\LOCALS~1\Temp\RarSFX7\cureit.key
License key number: 0010092936
Registered to: Dr.Web CureIt Project
License key activates: 2007-02-05
License key expires: 2010-02-11

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 0
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 0 Kb/s
Scan time: 00:00:00
-----------------------------------------------------------------------------

[Scan path] c:\documents and settings\all users\start menu\programs\startup\desktop.ini
[Scan path] c:\documents and settings\owner\desktop\cureit(2).exe
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 4
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 7038 Kb/s
Scan time: 00:00:00
-----------------------------------------------------------------------------

Scanning interrupted by user! - no viruses found
[Scan path] C:\
C:\Documents and Settings\NetworkService\NTUSER.DAT - read error
C:\Documents and Settings\NetworkService\NTUSER~1.LOG - read error
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
C:\Documents and Settings\Owner\NTUSER.DAT - read error
C:\Documents and Settings\Owner\NTUSER~1.LOG - read error

Invalid path to file C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\l3luel3abe@hotmail.com\SharingMetadata\nolanhester@hotmail.com\DFSR\Staging\CS{274F0357-95AD-8C2F-84E6-F296EBDFC36F}\01\17-{274F0357-95AD-8C2F-84E6-F296EBDFC36F}-v1-{8FB7D829-BF4B-426B-B136-37228687F1D2}-v17-Downloaded.frx
Invalid path to file C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\l3luel3abe@hotmail.com\SharingMetadata\nolanhester@hotmail.com\DFSR\Staging\CS{274F0357-95AD-8C2F-84E6-F296EBDFC36F}\11\12-{B4129939-D8FB-4C15-8F5B-ACF523F0D3E3}-v11-{B4129939-D8FB-4C15-8F5B-ACF523F0D3E3}-v12-Downloaded.frx
Invalid path to file
Perkypen
Regular Member
 
Posts: 180
Joined: February 9th, 2005, 12:07 pm
Location: Catawba, NC

Unread postby Perkypen » August 13th, 2007, 12:56 pm

Sorry, it cut the message off.
Here is the rest of it (it should overlap a little)

=======================================================
Invalid path to file C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\l3luel3abe@hotmail.com\SharingMetadata\nolanhester@hotmail.com\DFSR\Staging\CS{274F0357-95AD-8C2F-84E6-F296EBDFC36F}\01\17-{274F0357-95AD-8C2F-84E6-F296EBDFC36F}-v1-{8FB7D829-BF4B-426B-B136-37228687F1D2}-v17-Downloaded.frx
Invalid path to file C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\l3luel3abe@hotmail.com\SharingMetadata\nolanhester@hotmail.com\DFSR\Staging\CS{274F0357-95AD-8C2F-84E6-F296EBDFC36F}\11\12-{B4129939-D8FB-4C15-8F5B-ACF523F0D3E3}-v11-{B4129939-D8FB-4C15-8F5B-ACF523F0D3E3}-v12-Downloaded.frx
Invalid path to file C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\l3luel3abe@hotmail.com\SharingMetadata\techsupportnerd@hotmail.com\DFSR\Staging\CS{19B761B1-97B7-09DA-E6FF-BC0D5F821263}\01\10-{19B761B1-97B7-09DA-E6FF-BC0D5F821263}-v1-{8FB7D829-BF4B-426B-B136-37228687F1D2}-v10-Downloaded.frx
Invalid path to file C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\l3luel3abe@hotmail.com\SharingMetadata\techsupportnerd@hotmail.com\DFSR\Staging\CS{19B761B1-97B7-09DA-E6FF-BC0D5F821263}\11\11-{8FB7D829-BF4B-426B-B136-37228687F1D2}-v11-{8FB7D829-BF4B-426B-B136-37228687F1D2}-v11-Downloaded.frx
Invalid path to file C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\l3luel3abe@hotmail.com\SharingMetadata\techsupportnerd@hotmail.com\DFSR\Staging\CS{19B761B1-97B7-09DA-E6FF-BC0D5F821263}\12\12-{8FB7D829-BF4B-426B-B136-37228687F1D2}-v12-{8FB7D829-BF4B-426B-B136-37228687F1D2}-v12-Downloaded.frx
Invalid path to file C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\l3luel3abe@hotmail.com\SharingMetadata\techsupportnerd@hotmail.com\DFSR\Staging\CS{19B761B1-97B7-09DA-E6FF-BC0D5F821263}\13\13-{8FB7D829-BF4B-426B-B136-37228687F1D2}-v13-{8FB7D829-BF4B-426B-B136-37228687F1D2}-v13-Downloaded.frx
Invalid path to file C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\l3luel3abe@hotmail.com\SharingMetadata\techsupportnerd@hotmail.com\DFSR\Staging\CS{19B761B1-97B7-09DA-E6FF-BC0D5F821263}\14\14-{8FB7D829-BF4B-426B-B136-37228687F1D2}-v14-{8FB7D829-BF4B-426B-B136-37228687F1D2}-v14-Downloaded.frx
Invalid path to file C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\l3luel3abe@hotmail.com\SharingMetadata\techsupportnerd@hotmail.com\DFSR\Staging\CS{19B761B1-97B7-09DA-E6FF-BC0D5F821263}\15\15-{8FB7D829-BF4B-426B-B136-37228687F1D2}-v15-{8FB7D829-BF4B-426B-B136-37228687F1D2}-v15-Downloaded.frx
Invalid path to file C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\l3luel3abe@hotmail.com\SharingMetadata\techsupportnerd@hotmail.com\DFSR\Staging\CS{19B761B1-97B7-09DA-E6FF-BC0D5F821263}\16\16-{8FB7D829-BF4B-426B-B136-37228687F1D2}-v16-{8FB7D829-BF4B-426B-B136-37228687F1D2}-v16-Downloaded.frx
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
C:\Program Files\Common Files\AolCoach\en_en\GTDownAO_106.ocx is adware program Adware.Gdown
=======================================================



And here is the HiJackThis Log:


=======================================================
Logfile of HijackThis v1.99.1
Scan saved at 12:48:00 PM, on 8/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-U ... E_UNO1.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v45/be ... eweled.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://ez-ftz.webex.com/client/T23L/webex/ieatgpc.cab
O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - http://na.inquiero.com/inquiero/mod/set ... 118_24.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
=======================================================


Thank you so much for your help so far. I realize most problems don't take this long to clear up and I really appreciate your perseverance and determination. I hope we can get this cleared up soon. :)
Perkypen
Regular Member
 
Posts: 180
Joined: February 9th, 2005, 12:07 pm
Location: Catawba, NC

Unread postby silver » August 13th, 2007, 8:47 pm

Hi Perkypen,

You're very welcome! I'm very happy to help but when problems extend beyond malware there's a limit to what I can help with and I think this is one of those situations.

Clean up with OTMoveIt:
  • Open OTMoveIt
  • Close all programs apart from OTMoveIt as this step will require a reboot
  • On the OTMoveIt main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

Create a new, clean System Restore point which you can use in case of future system problems:
Press Start->All Programs->Accessories->System Tools->System Restore
Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close

Now remove old, infected System Restore points:
Next click Start->Run and type cleanmgr in the box and press OK
Ensure the boxes for Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
Press OK and Yes to confirm

Re-hide hidden/system files and folders:
Click Start -> My Computer
Select the Tools menu, click Folder Options and select the View tab
Under the Hidden files and folders heading SELECT Do not show hidden files and folders
CHECK the Hide extensions for known file types option
CHECK the Hide protected operating system files (recommended) option
Press OK

At this stage I think we have removed most if not all malware from your machine, but without a full scan I can't be certain. In my opinion, the power-off problem is most likely to be a hardware issue, and it could have any number of causes. I think the fastest way to resolve the remaining issues is to ask for assistance with the power-off problem from a PC troubleshooting forum like PC Pitstop. PC Pitstop specializes in handling problems like this so you are certain to get expert assistance and a speedy resolution is very likely.

Once the power-off problem has been resolved, please let me know so we can complete a scan and final check before giving the machine the 'all-clean'. I'm sorry I can't see this through to conclusion at this stage, but I really believe this is the fastest way for you to resolve the remaining issues.

Please let me know that you have read this and if you have any questions or other issues.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Unread postby Perkypen » August 15th, 2007, 5:03 pm

Silver,
Just wanted to let you know that I took the laptop in to a PC repair place. It was not charging and I did not know if it was the cord or the adapter on the laptop. Once I get it back I will send you another HJT log to look at before I set the system restore point. I will also let you know what they tell me about my laptop.

I do have good news. They did not find any virus' on it. THANK YOU.

Talk to ya soon.....

Penny
Perkypen
Regular Member
 
Posts: 180
Joined: February 9th, 2005, 12:07 pm
Location: Catawba, NC

Unread postby silver » August 15th, 2007, 9:32 pm

Hi Perkypen,

I'm glad to hear the problems are being addressed.

Please feel free to set a new System Restore point as soon as possible, it only takes a minute or so and we can set another one when we have a final look at your machine.

When you return, if you find this topic closed, don't worry, start a new topic with a new HijackThis log and let me know via PM.

I look forward to hearing from you when you get it back.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7

Unread postby Perkypen » August 23rd, 2007, 10:12 pm

Well, I finally got her back. The power/charger cord had gone bad. It was full of dust inside and that is what was causing it to overheat and turn itself off. It does not seem to be "running" all the time to keep itself cool and getting hot on the bottom.

I have set the restore point and hidden all the files as you requested.

Here is a new log as requested:

Logfile of HijackThis v1.99.1
Scan saved at 10:09:06 PM, on 8/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/def ... earch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp /HIDEBL
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-U ... E_UNO1.cab
O16 - DPF: {615F158E-D5CA-422F-A8E7-F6A5EED7063B} (Bejeweled Control) - http://www.worldwinner.com/games/v45/be ... eweled.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://ez-ftz.webex.com/client/T23L/webex/ieatgpc.cab
O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - http://na.inquiero.com/inquiero/mod/set ... 118_24.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe


Thank you for all your help!!
Perkypen
Regular Member
 
Posts: 180
Joined: February 9th, 2005, 12:07 pm
Location: Catawba, NC

Unread postby silver » August 23rd, 2007, 10:27 pm

Welcome back Perkypen :)

Great to hear those issues have been resolved.

The only thing outstanding was a full scan, so let's try it again. Please try to get Kaspersky to work, if it fails for any reason then use Dr Web, but only one of these scans is necessary. You probably remember all this but here are the instructions again:

Open Kaspersky Online Scanner in Internet Explorer

You will be prompted to install an ActiveX component from Kaspersky,
Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT and then Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
      Select My Computer
  • The program will start to scan your system.
  • Once the scan is complete, click on the Save as Text button and save the file to your desktop
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.

If for any reason you can't get Kaspersky to work, please scan with Dr Web:

Download Dr.WEB CureIt to your desktop from here:
ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe
  • Double-click cureit.exe to start the program.
  • Press Start and then OK to start the Express scan
  • The Express scan takes just a few moments to finish, if something is found, click Yes to cure it
  • Once the short scan has finished, Click Options->Change settings
  • Choose the Scan tab and remove the check mark from Heuristic analysis
  • Choose the Actions tab and next to Infected objects select Move, then press OK to close the settings box.
  • Note: These settings changes are IMPORTANT, please ensure you have made them before scanning
  • Select all hard drives to be scanned by clicking on them - choose all drives - a red dot confirms they will be scanned
  • Click the green arrow on the right to start the scan
  • Click Yes to all if it asks if you want to move a file
  • Click File-> Save report list and save the report to your desktop
  • Close Dr.Web Cureit and reboot your computer (this is important as files may be moved/deleted during reboot)


Once complete, please post the Kaspersky or Dr Web scan log and a new HijackThis. Also, let me know if you have experienced any symptoms since getting your computer back.
User avatar
silver
Regular Member
 
Posts: 9219
Joined: August 7th, 2006, 9:40 pm
Location: GMT+7
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 310 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware