Infected, will not complete bitdefender scan.

Here is our situation.
Our system has four current users, all with administrative privileges, and one former user that has been removed. Two of the users are teens and most of the hard disk usage is music, videos, pictures and remnents of old programs and uninstallable programs. The removed user used the computer heavily and recently moved into his own appt., HALLELUJAH. We all had Administrative privileges until recently. I am trying to get the computer to work for every one with me being the only Administrator but it’s been tough. Just recently Windows SP2 was downloaded and installed without my knowledge and no preparations. I recently installed and ran Windows Defender. There are programs that I have unsuccessfully tried to completely remove and are still present on the hard drive. There are also some installed program folders still in the hard drive. The HD was 89% full a couple of weeks ago. Some one suggested running CCleaner, I did and it cleaned up about 15 GB of disk space. With other removals I am now down to 50% available HD space.

The biggest problem other than getting rid of the infection is the way the OS is handling user accounts. I can get into a lot of detail if you like but basically the other users cannot access their data as non-Administrators. I changed one users name and renamed him to try and see if that would help. But Documents and Settings still list him as his old name but under that is: his new name\Documents.
C:\Documents and Settings\Old Name\New Name Documents.

Oh ya, and it goes on and on. Which brings me here. Actually this brought me here.

http://www.windowsbbs.com/showthread.php?t=61759

I updated and ran Windows Defender yesterday. It dumped a bunch of junk.
I updated and ran AdAware SE two days ago. It dumped stuff too.
I have not yet updated and ran Spybot.
I updated and ran my anti virus program, AntiVir, today and it gave some warnings, that I can post here if needed, but no detections.

I ran bitdefender today and it would not quite complete the scan, even though it said it scanned 60,170 of 60,169 files. It seemed to get hung up at the very end, on a program another user installed from a disk for a digital camera. The program was placed, as others have been directly in C:\, maybe among other places. I wrote down all the details of the scan and can report them here if need be.
bitdefender did identify 2 viruses in 3 infected files, all were deleted. I did copy and paste them to a Word document as they were reported, they follow.

C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe is infected with DeepScan:Generic.Mitglied.479260C6

C:\Program Files\QuickTime\qttask.exe is infected with DeepScan:Generic.Mitglied.479260C6

C:\WINDOWS\prelimhanse.exe is infected with Backdoor.1024.A

Because bitdefender did not complete the scan as it should, I thought it would be best to post my situation and results up to now. How would you like me to proceed from here?

Thank You and Good Luck.

 

Welcome to the forums.

Lets get some online scans and another anti-spyware scan to help remove some more stuff and give us a base point to start with.

Panda ActiveScan

• Click the [Scan your PC] button. ( You may have to disable any pop up blockers)
• Then press the green [Check Now] button.
• Enter your country and state along with a valid email address.
• Allow the ActiveX install, it may be a few minutes for all components. (For XP SP 2 watch for the yellow bar at the top of IE)
• Once installation is complete you will need to select a device to scan. Please select 'My Computer' and the scan will begin.
• Once the scan is done, click the 'See report' button, then the 'save report' button. Be sure to save the log file created in a place easy for you to find.

Kaspersky Online Scanner

Click on Kaspersky Online Scanner icon.
Accept the Kaspersky agreement and the program will load.
You will then be prompted to install an ActiveX component from Kaspersky, click Yes

The program will then begin downloading the latest definition files. This will take a good while, even with hi-speed Internet access.
Once the files have been downloaded click on Next

Now click on [Scan Settings] button.
In the scan settings make sure that the following are selected:

• Scan using the following Anti-Virus database:
• Extended (if available otherwise Standard)

• Scan Options:
  Scan Archives
  Scan Mail Bases

Click OK

Now under the Please select a target to scan:
Select My Computer

The program will begin the scanning process.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Then click on the [Save as Text] button
Save the file to your desktop.

Copy and paste that information in your next post for me to review.

**Notelease edit out any references to 'cookies', 'Recyler folder' and 'System Volume Information Folder' from all logs.


Then:
Download AVG Anti-Spyware 7.5 from HERE and save that file to your desktop.
This is a 30 day trial of the program

• Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
• Once the setup is complete you will need run ewido and update the definition files.
• On the main screen select the icon "Update" then select the "Update now" link.

• Next select the [Start Update] button, the update will start and a progress bar will show the updates being installed.
• Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
• Once in the Settings screen click on "Recommended actions" and then select "Quarantine ".
• Under "Reports "

• Select "Automatically generate report after every scan "
• Un-Select "Only if threats were found "

Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.

Reboot, into safe mode, this way:

• Turn on the computer
• Immediately begin tapping the <F8> key.
• Use the arrow keys to highlight Safe Mode and press the <Enter> key.

IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning process.

Launch ewido-anti-spyware by double-clicking the icon on your desktop.

• Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan ".
• ewido will now begin the scanning process, be patient this may take a little time.
  Once the scan is complete do the following:
• If you have any infections you will prompted, then select "Apply all actions "
• Next select the "Reports" icon at the top.
• Select the [Save report as[ button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
• Close ewido and reboot your system back into Normal Mode and post the results of the ewido report scan.(Please edit out any cookie, Recyler and System Volume Information Folder references)

Once those have all been run get HijackThis! and run it on the primary account. We will deal with the other accounts once the primary is cleaned.

Please download HijackThis! SetUp from here. Save the file to your desktop.

Double-click the HijackThis! SetUp icon to begin the installation. Follow the prompts for the default install location of:'C:\Program Files\HijackThis'. Tick the 'Create a desktop' button when the option appears. Select next, then allow HijackThis! to start.

Then press the [Scan] button. You will notice the [Scan] button will turn into a [Save Log] button. Click the [Save Log] button and notepad will open up with the contents of the scan. Right-click in the saved log, and select 'copy'. Then proceed to your original thread, unless otherwise instructed and click the '[Reply]' button and paste the saved contents to be reviewed. Do not make any modifications to the log or perform any 'fixes' until told to do so.

Post also the other logs as well, editing as requested. Expect this to take some time, especially the KAV scan, if you're that infected.

 

Panda Active Scan Error.

First off I would like to thank you for the above respone to my post and thank you ahead of time for all the time you will spend helping me.

I ran into problems right off the bat. Thought you could save me some time and point me in the right direction to fix this problem. I should let you know that I have a dial up connection. I did try to download the program twice.

I do have a dial up connection and I use People PC as a provider.

Is there a "fix" that I need to apply to IE 6? I have never modified it in any way. It's been installed for a long time.

How do I access the things I need to do to fix any problems with my INTERNET connection?

Here is the error message I received
"An error has occurred downloading Panda ActiveScan. Please repeat the process. If the error occurs again, restart your system and try again
Possible causes of this error are:

Not allowing the application's ActiveX control to be downloaded.

Problems with the Internet connection.

The error could be due to a download error or an installation error due to lack of hard disk space, privileges etc.,... "

I do have 18.5 GB free space and am logged on as "Administrator ".

 

Ahhh...yes with dial up connections this could be quite difficult, especially if your connection happens to hiccup at all.

Do you have any friends or neighbors with hi-speed access who would be kind enough to allow you to DL these apps? Once downloaded the updates may not be too difficult to install. We only need to worry about the AVG app really.

HJT should be a quick download, as it's very small.

Here are a couple of alternate, down loadable virus scanners which you can stick on a floppy and then install on your machine to save time. Just save them to either a floppy or CD.

Please download the free MWAV antivirus tool from here:
ftp://ftp.microworldsystems.com/download/tools/mwav.exe
Install it to the desktop and run it. Follow the prompts to scan your system for viruses. Then please post for me the log of infected files from the BOTTOM panel of the scan window.

Next one:
Create a folder on your desktop called Sysclean.
Go to http://www.trendmicro.com/download/dcs.asp and download sysclean package to the folder you made.
Go to http://www.trendmicro.com/download/pattern.asp and download the Official Pattern Release for windows to your desktop.
This file will be called lptXXX.zip (XXX represents the version number)
Unzip lptXXX.zip and you'll get the file lpt$vpn.XXX.
Move the lpt$vpn.XXX to that Sysclean-folder you created on your desktop.

Turn off your antivirus which is installed on your system because it can interfere with the Sysclean-scan.

Open the sysclean-folder and double click sysclean.com.
Check: Automatically clean or delete detected files.
Click scan.
When the scan is finished, open your sysclean-folder and copy and paste the contents of sysclean.log in your next reply.


Those should work for you.

 

Mwav

You are not going to be happy with me. Oh well I'll just have to take it like a man. Here's the deal. The download went great, it took a while but it did download and I installed MWAV. The first time I ran it I got scared. I choose the delete option. It was deleting files like crazy! After it ran for about 45 min. it had already deleted over 125 items. I was actually getting pretty excited about all that garbage it was throwing out. But then some of them seemed important to the system, such as a reference to my INTERNET provider, People PC. I was thinking maybe because my wife installed it from her desktop MWAV deemed it unnecessary. I ended up canceling the scan and scanned again with the scan only option checked.

I will scan it again checking the scan and delete option if thats what you intended. I guess I wasn't clear on that.
The other thing is that the log file from the completed scan is over 16,000KB. I did not think you wanted all of that posted here. The problem is that I can not "Copy" the information in the Virus Information Box. I can hi-light it but when I right click to copy the info. nothing happens.

When in scan only mode it did detect nine critical objects. Of the nine, seven were from "system volume information" and the other two were viruses. The scan did take over 90 minutes. It scanned 96,000 objects and found 215 errors.

Can we clean up some of the garbage in my HD before running anymore scans? They are taking a long time to run. I have heard some utility programs work better than XP's Add and Remove Program Some say that they will clean up a bunch of stuff that Add and Remove won't. Are there any such programs that you can recommend? Is there anything else I could to to remove clutter before scanning more?

I will wait for a response before proceeding with the Sysclean procedure. I would love to remove 215 errors if that's what I was suppose to do.

I am sorry I am such a novice. It must be frustrating for you to work with people of my knowledge level.

Thank You and Good Luck

BTW I do already have HJT installed.

 

AVG Anti-Spyware downloaded.

TeMerc

I have got AVG Anti-Spyware downloaded. I have not followed your instructions for running this program yet, or ran it in any way. I would really like to do something with MWAV. Will wait for your guidance.

Thank You and Good Luck

 

Anything found in system Volume Information folder is not a threat. that is where your system restore settings are kept. So as long as we don't use sys restore (and we won't be) you're fine.

I'm not very familiar with the Sysclean set up, check for options to see if there is a 'restore' feature, so that if you decide to allow all removals, we can restore the ones which we deem needed.

If you need, you can send me the log to my email address, I'll PM that to you right after I post this message.

I can't advise what to take off your machine via Add\Remove because, A( I don't know what it is, and B) I don't know if you need to use whatever programs are there.

We can get a list of whats there tho via HijackThis:
Start HijackThis

• 
  Open HJT, click the [None of the above, just start the program] button.
• Click on the [Config] button
• Click on the[ Misc Tools] button
• Click on the [Open Uninstall Manager] button
• Then click on the [Save list] button and specify where you would like to save this file.
• When you press [Save list] button a notepad will open with the contents of that file.
• Copy and paste the contents of that notepad back into this thread for me to view.

And don't worry about being a novice, I have no problem at all giving instructions.

 

none

I am glad that you have the patience of a saint. I do not think you need the log from MWAV. I don't see where it points out the problems. It does indicate the parameters I set up before I ran it and gives you a good idea of what we have on this thing we call a computer. If you want to see the MWAV log let me know and I will email to the address that you PM to me.

I have a pretty good handle on the programs that need to go. Most of the stuff is left over parts of programs that have been removed, ie. Sygate Firewall. There is a stubborn one that just does not want to go and there seems to be programs that are installed into multiple locations. I need to get them into one place from where everyone can use them. Sort of do some house cleaning. Please keep in mind my mission is to be the only Administrator for this system. As it is now everyone uses my desktop because they can not use all the functions form their's. I just don't ever have to deal with this mess again! Is there a good program that performs like "Add and Remove "? I would like to find something that will dig deep and come up with a complete list of everything on the machine.

You did ask me to run AVG before HJT in your first reply to me. I assume you still want me to do this. Unless you have a purpose in mind for a HJT before I run the AVG?



How about free anti virus programs, which do you think will work best for me?
AntiVir seems good but it seems there are better out there. NOD32 from what I am seeing is the best paid one but the reason I have a dial up connection is that it's tough to have ALL the luxury's in life if you know what I mean. How about Firewalls? I had Comodo before going to Windows. But things don't seem to be any better with it. I know that there are a zillion posts on the subject but you have a good idea of our situation and maybe know of one's that would work best for us.

I am working night shifts this week so you probably won't hear back form 'till tomorrow.

Thank you for staying with me on this. You've been grreat.

Good Luck.

 

PM with address sent.

If possible, just delete the other accounts after saving any data. Better to start with a clean slate than to rip out your hair.

You can then set all accounts as limited user accounts.

You can use HJT to uninstall items. Tho some programs will leave some entries scattered about the the registry. You can also use ADRMPRO2

Yes, I'd like to have that done.

Depending on how well you get to have the rest of the users trained about email habits, most free anti-virus apps will work fine. Just be sure it has an email scanner included. Most do. Dial up does decrease, but not eliminate your chances of infection, simple due to the download speed being so slow.

COMODO while a good app, perhaps a little too complex, based on my use of it, in comparison to ZoneAlarm, both free.

ZA seems to a bit more for the n00b. COMODO offers more advanced options you're not likely to use.

Not a problem.

 

Infection getting worse.

Hi TeMerc,

Things seem to be getting worse on the system. Lets seeeee where to start.

I did get a chance to look a little at the limited user accounts link you provided. It will be nice to get to the point where I can set things up the way he suggests.

I did download and ran ADRMPRO2. Perhaps I need more help with it but it did not remove or find things I want to get rid of.

Did you get the email I sent?

Have you heard of, should say what do you think of, Brute Force Uninstaller, Alcra PLUS Remover, ATF Cleaner, Active Scan? Do you think they will help us?

I did install and run AVG Anti-Spyware 7.5 but some strange things happened and have been happening since. I do believe I followed all instructions.

Here's the low down.
When I booted to safe mode I did not see my name on the log in screen. Only Administator, and my wifes name, Sue; no Tom.

When I opened the program the screen size was too small, I could not see the whole page, most but not all. I have an old 15" monitor, 600 X 800 res..

The program did run just fine, but at the end when I clicked "Reports" at the top of the page it said no report available. After checking a few things out on the program I went back and clicked "Reports" again and got the same message. I clicked "Save Report As" on the bottom and it generated a report that I did save and is pasted in this post.

After re-booting and logging onto the internet I went to my Yahoo Mail account, I had some problems sending your email and wanted to check a undeliverable messages. My Yahoo Mail opened all by itself, I did not have to log on! That worries the heck out of me. Other than that it seems whenever I start any new process, i.e. opening my internet conection, things are really slow.

Would you like a HJT scan yet? I am going to download AVG free antivirus before I go to work tonight and let it download during the night. Hopefully, I will update run that first thing in the morning. I am going to make it my primary antivirus.

Here is the AVG Spyware Report.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:41:21 PM 2/1/2007

+ Scan result:



HKLM\SOFTWARE\YourSiteBar -> Adware.ISTBar : Error during cleaning.
HKLM\SOFTWARE\YourSiteBar\Historyfiles -> Adware.ISTBar : Error during cleaning.
C:\System Volume Information\_restore{6D3B7305-3D9E-4593-B9AA-F7F4D457BBF7}\RP9\A0000239.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{6D3B7305-3D9E-4593-B9AA-F7F4D457BBF7}\RP7\A0000171.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\BTIEIN -> Adware.WebSearch : Error during cleaning.
HKLM\SOFTWARE\BTIEIN\BTIEIN -> Adware.WebSearch : Error during cleaning.
HKLM\SOFTWARE\BTIEIN\BTIEIN\taskcache -> Adware.WebSearch : Error during cleaning.
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Adware.WebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\AUI -> Adware.WebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A8FB8EB3-183B-4598-924D-86F0E5E37085} -> Adware.WhyPPC : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{A8FB8EB3-183B-4598-924D-86F0E5E37085} -> Adware.WhyPPC : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8FB8EB3-183B-4598-924D-86F0E5E37085} -> Adware.WhyPPC : Cleaned with backup (quarantined).
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A8FB8EB3-183B-4598-924D-86F0E5E37085} -> Adware.WhyPPC : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A8FB8EB3-183B-4598-924D-86F0E5E37085} -> Adware.WhyPPC : Cleaned with backup (quarantined).
C:\Documents and Settings\~Molly~.TOM-YOSR5ON4G7V\Cookies\~molly~@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\~Molly~.TOM-YOSR5ON4G7V\Cookies\~molly~@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end
SORRY I FORGOT TO EDIT OUT THE SYS. VOL. INFO.

I will check back here before going to work tonight.
Thank You and Good Luck

 

We'll need that start up list from HijackThis then.

No, when did you send it and what was the email address, send it to me via the PM from yesterday and I'll be sure to add it to my 'friends' list of my spam filter.

Yes I have heard of all of them, but in this case we don't need them. BFU is not for simple program removal in 99% of the case. ActiveScan is great, but you have to download definitions and being on dial up I did not suggest it. If you can get the defs to download, you can then go offline and the scan will be able to run. Connection to the Net is not required.

Now that is odd, does your name show up in the user accounts control panel?

I have an 18" Dell flat screen, I get the same thing, resolutions are auto defined by 'safe mode', no way around that.

Yeah we can get that, along with the uninstall list from my other post, instructions included there.

 

HJT ADD\Remove

This looks very similar to Add Remove Pro and XP's list. I have to apologize again. Add\Remove Pro did seem to get rid of the stubborn program. It must have dusted it after a re-boot.

Among the programs I do not see is a bad boy named PC Rescue. I have a short cut for it on my desk top. When I click to open it from there it attempts to open a Waypoint Conversion program that I have. I then get several errors and have to jump through hoops to back out. Digging around in Add Remove Pro I did see a chance to remove PC Rescue.exe but I choose not to, thinking it would be harder to remove the entire program. Would it be relevant for me to send you my Program Files list? How?

Yes my name is listed as an Administrator under User Accounts.

Here is the HJT Add\Remove list

Ad-Aware SE Personal
Add/Remove Pro
Adobe Flash Player 9 ActiveX
Adobe Reader 6.0
American Greetings® CreataCard® 4
Apple Software Update
ArcSoft VideoImpression 1.6
ATI Display Driver
AVG Anti-Spyware 7.5
Avira AntiVir PersonalEdition Classic
CallWave
Camera Driver
CCleaner (remove only)
Creative Removable Disk Manager
Creative System Information
Disc2Phone
Federal 2004 Ammunition
HijackThis 1.99.1
Hotfix for Windows XP (KB928388)
HP PrecisionScan LTX
HP Share-to-Web
ieSpell
iPod for Windows 2006-06-28
iTunes
J2SE Runtime Environment 5.0 Update 3
Lexmark Supplies Monitor
Lexmark Z25-Z35
LimeWire 4.12.6
Lowrance LCX-15CT Update
Lowrance LCX-15MT Update
MapCreate 6
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Data Access Components KB870669
Microsoft Office 2000 Professional
Microsoft Web Publishing Wizard 1.52
Microsoft Windows Journal Viewer
Microsoft Works 4.0
MSXML 4.0 SP2 (KB927978)
MSXML4 Parser
MyDSC2
Nero PhotoShow Express
Nero Suite
PeoplePC Online
PeoplePCeoplePal Toolbar 6.3
Photo Organizer
Presto! VideoWorks 4.5
QuickTime
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB929969)
Shockwave
Sony Ericsson PC Suite 1.20.207
Spybot - Search & Destroy 1.3
Universal Media Player
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Waypoint Conversion
WinAVIVideoConverter
Windows Defender
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2

Thanks and Good Luck.

 

HJT log

Before running this scan I cleaned up temp and temp int. folders. I rebooted, on reboot I had problems. I originally received a warning that my Windows Firewall was turned off and she locked up on me, after a wait I was able to reboot. On that reboot I got the same warning but it disappeared fairly quick. The system was VERY slow starting up.

We had a People PC tool bar with an accelerator feature. I see that is gone now. I will dig around and see if I can find and reload it.

Here is the HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 9:36:34 PM, on 02/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\CallWave\IAM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PeoplePC ScamGuard - {7E3659A6-4BC5-4d93-B3FD-8B5ACC2FEDED} - C:\Program Files\PeoplePC\Toolbar\ScamGrd.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: CallWave.lnk = C:\Program Files\CallWave\IAM.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} - https://www.peoplepc.com/ppcos/ISP60/Download/ppcwebi.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5242A5A1-EF1E-11D5-B3EE-0050DAC5EBD0} (printQuick Browser Add In (Ver4)) - http://www.pqpc.com/plugin/axversion/1410/printQuick1410.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127009900075
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127009730551
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) - http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.lowrance.com/Software/Upgrades/LCX/LCX-15MT_360/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by105fd.bay105.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:
O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

 

I see one problem right off, so lets address that.

This is one of the many SmithFraud\Zlob infections. Please follow directions for the first part of the fix.

Please download SmitfraudFix (by S!Ri). Save it to your desktop.

Double-click the Smithfraud.exe and it will install a new folder to your desktop, called SmithFraudFix. Shortly after that a dos command window will appear. Once it opens, hit any key to continue.
Select option #1 - Search by typing 1 and press "Enter "; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool "; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore you may get an alert.

No need for a new HJT log, just the results from the SmithFraud tool.

 

SmithfraudFix log.

You were right, AntiVir did give me a warning, thanks for the heads up.
Here is the log. I have to go to work now will check back first thing in the morning. Thanks Again!

SmitFraudFix v2.137

Scan done at 22:15:30.68, 02/01/2007
Run from C:\Documents and Settings\Tom.TOM-YOSR5ON4G7V\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Tom.TOM-YOSR5ON4G7V


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Tom.TOM-YOSR5ON4G7V\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\TOM~1.TOM\Desktop\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source "= "About:Home "
"SubscribedURL "= "About:Home "
"FriendlyName "= "My Current Home Page "


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"bestreak "= "{874443fe-aa33-4ebf-a6ac-73208787e62d} "



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs "=" "


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System "=" "


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

 

Second part of fix:

Seeing as you already ran the AVG scan, we'll just do the SmithFraud tool part.

Reboot, into safe mode, this way:
Turn on the computer
Immediately begin tapping the F8 key.
Use the arrow keys to highlight Safe Mode and press the Enter key.

Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ? "; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter ".

The tool may need to restart your computer to finish the cleaning process. A text file will appear on screen, with results from the cleaning process; please copy/paste the content of that report into your next reply.

Then run HJT again and post both logs.

 

More problems in Rookieville

Booted to Safe Mode (SM), as you described, as I usually do. After I choose SM from the prompt screen, a second less familiar screen opened asking me to choose the operating system to start. The only choice was Windows XP HE. I hit enter again once again no "Tom ". Choose Administrator. No SmitFraud was to be found. Rebooted in normal mode. Put the folder SmitFraud on a CD went back into SM. Went through the same procedure to get in. Put the CD in, the files opened, clicked on SmitFraudFix.Cmd. A Cmd. window opened. Access denied scrolled down the screen for a few seconds and then some other stuff to fast to read and the screen disappeared.

And if you got any extra time I've got a good one for ya about my local Ford Dealer. Its no wonder they are going broke!

Thanks and Good Luck.

 

Ran Antivirus

I just received an auto update to my anti virus program. I ran it and have a fresh report, would you like to see it here?

 

Yeah go ahead and post it.

I'm a Chevy man so any story about Ford is likely to bring a smile on my face.

 

Ran more Scans. Things are Worse Still.

I also updated and ran AdAware SE. It found 20 some objects. I could not post the report here the text was over the limit. I will see if it will fly in a second reply.

I installed and updated AVG free, here is the bad news. It found a virus host in one of my Word Documents. It could not clean it so it is Quarantined. The program is still new to me, after some digging I can not find a log file to report here. A little good news. AVG free started an auto scan this morning. It did detect the same VIRUS HOST in my Word Doc. This time it said it was able to clean it.

Things are starting to get concerning. I will PM you the Ford story if I get a chance. Can I somehow zip that MWAV file and then send it? If so you would have to tell me how to do it. O.K. here are the scan results in the order they were run

Another question I need answered. Windows automatically downloaded IE7 to my desktop. I would like to install it after I am germ free. Is there a way that I can put the program in a folder of something for a later install? The notification seems to load every time I boot up.

AVG Anti spyware 7.5 just updated. The computer is used heavy on Saturdays so I am not sure if I can run it for a while. Wish the darn things would run faster.

AntiVir


AntiVir Personal Edition Classic
Report file date: Friday, February 02, 2007 17:53

Scanning for 662599 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Tom
Computer name: TOM-YOSR5ON4G7V

Version information:
BUILD.DAT : 217 12749 Bytes 12/05/2006 17:00:00
AVSCAN.EXE : 7.0.3.5 208936 Bytes 01/17/2007 06:59:09
AVSCAN.DLL : 7.0.3.1 35880 Bytes 12/16/2006 14:45:30
LUKE.DLL : 7.0.3.2 143400 Bytes 12/16/2006 14:45:30
LUKERES.DLL : 7.0.2.0 9256 Bytes 12/16/2006 14:45:30
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 05/31/2006 17:21:48
ANTIVIR1.VDF : 6.37.0.153 3131392 Bytes 01/12/2007 23:55:23
ANTIVIR2.VDF : 6.37.0.235 374784 Bytes 01/29/2007 15:42:18
ANTIVIR3.VDF : 6.37.1.27 108544 Bytes 02/02/2007 23:48:24
AVEWIN32.DLL : 7.3.1.34 2290176 Bytes 02/01/2007 23:51:37
AVPREF.DLL : 7.0.2.0 23592 Bytes 12/16/2006 14:45:30
AVREP.DLL : 6.37.1.1 1105960 Bytes 01/30/2007 23:54:30
AVRPBASE.DLL : 7.0.0.0 2162728 Bytes 03/30/2006 15:43:31
AVPACK32.DLL : 7.2.0.5 368680 Bytes 10/27/2006 11:20:55
AVREG.DLL : 7.0.1.2 30760 Bytes 01/17/2007 06:59:09
NETNT.DLL : 6.32.0.0 6696 Bytes 09/27/2005 14:56:49
RCIMAGE.DLL : 7.0.1.3 2097192 Bytes 12/16/2006 14:45:23
RCTEXT.DLL : 7.0.12.1 77864 Bytes 12/16/2006 14:45:23

Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: C:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Expanded search settings.........: 0x00007000

Start of the scan: Friday, February 02, 2007 17:53

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Modules have been scanned
Scan process 'avcenter.exe' - '1' Modules have been scanned
Scan process 'avgnt.exe' - '1' Modules have been scanned
Scan process 'PPShared.exe' - '1' Modules have been scanned
Scan process 'BartShel.exe' - '1' Modules have been scanned
Scan process 'wuauclt.exe' - '1' Modules have been scanned
Scan process 'IAM.exe' - '1' Modules have been scanned
Scan process 'avgas.exe' - '1' Modules have been scanned
Scan process 'explorer.exe' - '1' Modules have been scanned
Scan process 'dmadmin.exe' - '1' Modules have been scanned
Scan process 'wdfmgr.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'pctspk.exe' - '1' Modules have been scanned
Scan process 'guard.exe' - '0' Modules have been scanned
Scan process 'avguard.exe' - '1' Modules have been scanned
Scan process 'sched.exe' - '1' Modules have been scanned
Scan process 'alg.exe' - '1' Modules have been scanned
Scan process 'spoolsv.exe' - '1' Modules have been scanned
Scan process 'LEXPPS.EXE' - '1' Modules have been scanned
Scan process 'LEXBCES.EXE' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'InCDsrv.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'MsMpEng.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'lsass.exe' - '1' Modules have been scanned
Scan process 'services.exe' - '1' Modules have been scanned
Scan process 'winlogon.exe' - '1' Modules have been scanned
Scan process 'csrss.exe' - '1' Modules have been scanned
Scan process 'smss.exe' - '1' Modules have been scanned
31 processes with 31 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'A:\'
[NOTE] In the drive 'A:\' no data medium is inserted!

Starting to scan the registry.
The registry was scanned ( 6 files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\aa2bd1e5b1ac006af64fc1\xpsp1hfm.exe
[WARNING] The file could not be opened!
C:\Documents and Settings\Tom.TOM-YOSR5ON4G7V\Desktop\SmitfraudFix\SmiUpdate.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '462cd1c2.qua'!
C:\Documents and Settings\~Molly~\Local Settings\Temp\closedbgout.exe
[WARNING] The file could not be opened!
C:\Documents and Settings\~Molly~\Local Settings\Temp\enableirsocketutil.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallQ828026$\wmp.dll
[WARNING] The file could not be opened!
Begin scan in 'A:\'
The path A:\ could not be found!
The device is not ready.

Begin scan in 'D:\'
The path D:\ could not be found!
The device is not ready.

Begin scan in 'E:\'
The path E:\ could not be found!
The device is not ready.



End of the scan: Friday, February 02, 2007 18:38
Used time: 44:45 min

The scan has been done completely.

9673 Scanning directories
193896 Files were scanned
1 viruses and/or unwanted programs were found
0 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
5 Files cannot be scanned
193895 Files not concerned
2411 Archives were scanned
5 Warnings
4 Notes

---------------------------------------------------