I probably have oascentral.walmartwom.com

Unknown · April 2008

Hello,

When I go to the website Walmart.com, I see thta the oascentral.walmart.com page is one of the url's I see in the activity line below on my browser, and I am wondering if I have a virus. I use Windows 2000 Professional, Mozilla browser.

I installed Iolo antivirus, and performed a system virus scan, but that did not find any viruses, but I do see the "oascentral.walmartwom.com" in the activity line.

Can someone give me a direction on verifying that I have a virus, and if so, on how to remove it?

Folks, I ran Hijackthis and below's the log.

********************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:59:13 PM, on 4/10/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\WINNT\System32\nvsvc32.exe
C:\oracle\product\10.2.0\db_2\bin\nmesrvc.exe
C:\oracle\product\10.2.0\db_2\bin\isqlplussvc.exe
C:\oracle\product\10.2.0\db_2\BIN\TNSLSNR.exe
C:\oracle\product\10.2.0\db_2\jdk\bin\java.exe
c:\oracle\product\10.2.0\db_2\bin\ORACLE.EXE
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINNT\system32\vmnat.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\WINNT\system32\cmd.exe
C:\oracle\product\10.2.0\db_2\perl\5.8.3\bin\MSWin32-x86-multi-thread\perl.exe
C:\oracle\product\10.2.0\db_2\jdk\bin\java.exe
C:\oracle\product\10.2.0\db_2\bin\emagent.exe
C:\WINNT\Explorer.EXE
C:\WINNT\RTHDCPL.EXE
C:\Program Files\VMware\VMware Player\hqtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe
C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe
C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Power DVD Player\PowerDVDPlayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\iAVEmailScanner.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files\VMware\VMware Player\hqtray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [iolo AntiVirus] "C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe"
O4 - HKLM\..\Run: [iolo Personal Firewall] "C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Power DVD Player] "C:\Program Files\Power DVD Player\PowerDVDPlayer.exe" hmw
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O10 - Unknown file in Winsock LSP: c:\winnt\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\iavlsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: OracleDBConsoleorcl - Oracle Corporation - C:\oracle\product\10.2.0\db_2\bin\nmesrvc.exe
O23 - Service: OracleOraDb10g_home1iSQL*Plus - Oracle - C:\oracle\product\10.2.0\db_2\bin\isqlplussvc.exe
O23 - Service: OracleOraDb10g_home1TNSListener - Unknown owner - C:\oracle\product\10.2.0\db_2\BIN\TNSLSNR.exe
O23 - Service: OracleServiceORCL - Oracle Corporation - c:\oracle\product\10.2.0\db_2\bin\ORACLE.EXE
O23 - Service: Informatica Repository Server (PmRepServer) - Unknown owner - C:\Program Files\Informatica PowerCenter 7.1.1\RepositoryServer\bin\pmrepserver.exe
O23 - Service: Informatica (Powermart) - Unknown owner - C:\Program Files\Informatica PowerCenter 7.1.1\Server\bin\pmserver.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINNT\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINNT\system32\vmnat.exe

--
End of file - 6612 bytes

Thank you
Shiva

Veka · April 2008

Hi shivap and welcome to Icrontic. I don't see anything bad.

(1)

Please download Deckard's System Scanner (DSS)

Attention: You must be logged onto an account with administrator privileges.

Close all open applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open:
- main.txt (this will be maximized)
- extra.txt (this will be minimized)
Copy and paste the contents of main.txt and the extra.txt to your post in your reply.

(2)

Using Internet Explorer Go to http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html and click the Accept button at the end of the page.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Read the Requirements and limitations before you click Accept.
Allow the ActiveX download if necessary.
Once the database has downloaded, click Next.
Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
Click on "My Computer" and then put the kettle on!
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

Copy and paste the report into your next reply.

(3)

In your next reply please post:

Contents of the main & extra logs
The Kaspersky Online Scan report

shivap · April 2008

***Begin main.txt***

Deckard's System Scanner v20071014.68
Run by Administrator on 2008-04-13 15:54:52
Computer is in Normal Mode.

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Administrator.exe)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:55:02 PM, on 4/13/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\WINNT\System32\nvsvc32.exe
C:\oracle\product\10.2.0\db_2\bin\nmesrvc.exe
C:\oracle\product\10.2.0\db_2\bin\isqlplussvc.exe
C:\oracle\product\10.2.0\db_2\BIN\TNSLSNR.exe
C:\oracle\product\10.2.0\db_2\jdk\bin\java.exe
c:\oracle\product\10.2.0\db_2\bin\ORACLE.EXE
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\cmd.exe
C:\oracle\product\10.2.0\db_2\perl\5.8.3\bin\MSWin32-x86-multi-thread\perl.exe
C:\oracle\product\10.2.0\db_2\bin\emagent.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINNT\Explorer.EXE
C:\WINNT\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe
C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe
C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Power DVD Player\PowerDVDPlayer.exe
C:\oracle\product\10.2.0\db_2\jdk\bin\java.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\iAVEmailScanner.exe
E:\Downloads\dss(2).exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [iolo AntiVirus] "C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe"
O4 - HKLM\..\Run: [iolo Personal Firewall] "C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Power DVD Player] "C:\Program Files\Power DVD Player\PowerDVDPlayer.exe" hmw
O4 - HKUS\S-1-5-21-1220945662-1177238915-839522115-1003\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" (User 'Internet')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O10 - Unknown file in Winsock LSP: c:\winnt\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\program files\iolo\common\firewall\ifw_xfilter.dll
O10 - Unknown file in Winsock LSP: c:\winnt\system32\iavlsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: OracleDBConsoleorcl - Oracle Corporation - C:\oracle\product\10.2.0\db_2\bin\nmesrvc.exe
O23 - Service: OracleOraDb10g_home1iSQL*Plus - Oracle - C:\oracle\product\10.2.0\db_2\bin\isqlplussvc.exe
O23 - Service: OracleOraDb10g_home1TNSListener - Unknown owner - C:\oracle\product\10.2.0\db_2\BIN\TNSLSNR.exe
O23 - Service: OracleServiceORCL - Oracle Corporation - c:\oracle\product\10.2.0\db_2\bin\ORACLE.EXE
O23 - Service: Informatica Repository Server (PmRepServer) - Unknown owner - C:\Program Files\Informatica PowerCenter 7.1.1\RepositoryServer\bin\pmrepserver.exe
O23 - Service: Informatica (Powermart) - Unknown owner - C:\Program Files\Informatica PowerCenter 7.1.1\Server\bin\pmserver.exe

--
End of file - 6019 bytes

-- File Associations

.js - JSFile - shell\open\command - NOTEPAD.EXE %1
.reg - regfile - shell\open\command - NOTEPAD.EXE %1
.scr - scrfile - shell\open\command - NOTEPAD.EXE %1
.vbs - VBSFile - shell\open\command - NOTEPAD.EXE %1

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

R0 XPacket (iolo Personal Firewall Driver) - c:\winnt\system32\xpacket.sys <Not Verified; iolo technologies, LLC; iolo Firewall>
R1 FileDisk - c:\winnt\system32\drivers\filedisk.sys <Not Verified; iolo technologies, LLC (based on original work by Bo Brantén); filedisk (based on original work by Bo Brantén)>

S1 InCDPass - c:\winnt\system32\drivers\incdpass.sys (file missing)
S1 InCDRm (InCD Reader) - c:\winnt\system32\drivers\incdrm.sys (file missing)
S3 VMnetAdapter (VMware Virtual Ethernet Adapter Driver) - c:\winnt\system32\drivers\vmnetadapter.sys (file missing)
S4 InCDFs (InCD File System) - c:\winnt\system32\drivers\incdfs.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

R2 OracleDBConsoleorcl - c:\oracle\product\10.2.0\db_2\bin\nmesrvc.exe <Not Verified; Oracle Corporation; >
R2 OracleOraDb10g_home1iSQL*Plus - c:\oracle\product\10.2.0\db_2\bin\isqlplussvc.exe <Not Verified; Oracle; IPlusSvce>
R2 OracleOraDb10g_home1TNSListener - c:\oracle\product\10.2.0\db_2\bin\tnslsnr (file missing)
R2 OracleServiceORCL - c:\oracle\product\10.2.0\db_2\bin\oracle.exe orcl <Not Verified; Oracle Corporation; >

S3 PmRepServer (Informatica Repository Server) - "c:\program files\informatica powercenter 7.1.1\repositoryserver\bin\pmrepserver.exe"
S3 Powermart (Informatica) - "c:\program files\informatica powercenter 7.1.1\server\bin\pmserver.exe"
S4 OracleJobSchedulerORCL - c:\oracle\product\10.2.0\db_2\bin\extjob.exe orcl

-- Device Manager: Disabled

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\PNP0103\4&1B51AC4B&0
Manufacturer:
Name:
PNP Device ID: ACPI\PNP0103\4&1B51AC4B&0
Service:

-- Files created between 2008-03-13 and 2008-04-13

2008-04-13 09:03:48 16384 --a

t C:\WINNT\system32\Perflib_Perfdata_158.dat
2008-04-12 18:06:47 0 d

C:\Program Files\brighter child
2008-04-11 19:11:44 16384 --a

t C:\WINNT\system32\Perflib_Perfdata_600.dat
2008-04-10 19:11:41 0 d-a

C:\WINNT\system32\appmgmt
2008-04-10 18:59:23 0 d

C:\Logfiles
2008-04-10 18:35:34 16384 --a

t C:\WINNT\system32\Perflib_Perfdata_610.dat
2008-04-10 18:07:45 0 d

C:\Program Files\Trend Micro
2008-04-10 18:02:08 0 d

C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-04-10 18:02:03 0 d

C:\Documents and Settings\All Users.WINNT\Application Data\Malwarebytes
2008-04-10 17:19:31 0 d

C:\Documents and Settings\Internet\Application Data\Macromedia
2008-04-10 17:19:31 0 d

C:\Documents and Settings\Internet\Application Data\Adobe
2008-04-10 17:18:55 0 d

C:\Documents and Settings\Internet\Application Data\Mozilla
2008-04-10 17:18:35 0 d

C:\Documents and Settings\Internet\Application Data\Real
2008-04-10 17:18:33 0 d

C:\Documents and Settings\Internet\Application Data\Identities
2008-04-10 17:18:32 0 d--h

C:\Documents and Settings\Internet\Templates
2008-04-10 17:18:32 0 d

C:\Documents and Settings\Internet\Start Menu
2008-04-10 17:18:32 0 d--h

C:\Documents and Settings\Internet\SendTo
2008-04-10 17:18:32 0 dr-h

C:\Documents and Settings\Internet\Recent
2008-04-10 17:18:32 0 d--h

C:\Documents and Settings\Internet\PrintHood
2008-04-10 17:18:32 0 d--h

C:\Documents and Settings\Internet\NetHood
2008-04-10 17:18:32 0 d

C:\Documents and Settings\Internet\My Documents
2008-04-10 17:18:32 0 d--h

C:\Documents and Settings\Internet\Local Settings
2008-04-10 17:18:32 0 dr

C:\Documents and Settings\Internet\Favorites
2008-04-10 17:18:32 0 d

C:\Documents and Settings\Internet\Desktop
2008-04-10 17:18:32 0 d---s---- C:\Documents and Settings\Internet\Cookies
2008-04-10 17:18:32 0 d--h

C:\Documents and Settings\Internet\Application Data
2008-04-10 17:18:32 0 d

C:\Documents and Settings\Internet\Application Data\VMware
2008-04-10 17:18:32 0 d---s---- C:\Documents and Settings\Internet\Application Data\Microsoft
2008-04-10 17:18:32 0 d

C:\Documents and Settings\Internet\Application Data\iolo
2008-04-10 17:18:31 266240 --ah

C:\Documents and Settings\Internet\NTUSER.DAT
2008-04-10 17:10:48 39424 --a

C:\WINNT\system32\xpacket.sys <Not Verified; iolo technologies, LLC; iolo Firewall>
2008-04-10 16:45:03 16384 --a

t C:\WINNT\system32\Perflib_Perfdata_688.dat
2008-04-09 22:12:58 16384 --a

t C:\WINNT\system32\Perflib_Perfdata_420.dat
2008-04-09 21:36:55 16384 --a

t C:\WINNT\system32\Perflib_Perfdata_154.dat
2008-04-09 21:35:13 16384 --a

t C:\WINNT\system32\Perflib_Perfdata_424.dat
2008-04-09 21:28:11 16384 --a

t C:\WINNT\system32\Perflib_Perfdata_624.dat
2008-04-09 19:25:26 16384 --a

t C:\WINNT\system32\Perflib_Perfdata_42c.dat
2008-04-09 17:19:40 0 d

C:\Documents and Settings\Default User.WINNT\Application Data\iolo
2008-04-09 17:19:39 126976 --a

C:\WINNT\system32\iavlsp.dll
2008-04-09 17:19:35 0 d

C:\Program Files\Common Files\Authentium
2008-04-09 17:19:19 9341 --a

C:\WINNT\system32\drivers\filedisk.sys <Not Verified; iolo technologies, LLC (based on original work by Bo Brantén); filedisk (based on original work by Bo Brantén)>
2008-04-09 17:19:18 38912 --a

C:\WINNT\system32\smrgdf.exe
2008-04-09 17:19:18 32768 --a

C:\WINNT\system32\iolobtdfg.exe
2008-04-09 17:19:17 0 d

C:\Program Files\iolo
2008-04-09 17:17:29 16384 --a

t C:\WINNT\system32\Perflib_Perfdata_6d8.dat
2008-04-09 17:15:45 16384 --a

t C:\WINNT\system32\Perflib_Perfdata_294.dat
2008-04-09 17:09:48 0 d-a

C:\Documents and Settings\All Users.WINNT\Application Data\Avg7
2008-04-09 17:08:27 74703 --a

C:\WINNT\system32\mfc45.dll
2008-04-09 17:07:36 0 d-a

C:\Documents and Settings\All Users.WINNT\Application Data\iolo
2008-04-09 17:07:36 0 d

C:\Documents and Settings\Administrator\Application Data\iolo
2008-04-09 16:48:36 16384 --a

t C:\WINNT\system32\Perflib_Perfdata_6c8.dat
2008-04-08 21:29:07 16384 --a

t C:\WINNT\system32\Perflib_Perfdata_434.dat
2008-04-06 11:38:23 0 d

C:\sqldeveloper-1.2.1.3213
2008-04-06 11:17:32 0 d

C:\Documents and Settings\Administrator\.sqldeveloper
2008-04-04 11:45:10 0 d

C:\Program Files\Informatica PowerCenter 7.1.1
2008-04-04 06:21:24 0 d

C:\Program Files\Quest Software
2008-04-04 06:15:48 16384 --a

t C:\WINNT\system32\Perflib_Perfdata_69c.dat
2008-04-04 06:09:48 0 d

C:\Program Files\Microsoft Visual Studio .NET
2008-04-04 06:06:36 0 d

C:\oracle
2008-04-04 03:20:35 16384 --a

t C:\WINNT\system32\Perflib_Perfdata_378.dat
2008-04-04 02:52:58 0 d

C:\Program Files\Oracle
2008-04-03 11:17:04 0 d

C:\TEMP
2008-04-03 08:26:38 0 d

C:\Documents and Settings\All Users.WINNT\Application Data\Microsoft Help
2008-03-31 06:13:02 1013314 ---h

C:\WINNT\ShellIconCache
2008-03-31 06:07:35 16384 --a

t C:\WINNT\system32\Perflib_Perfdata_37c.dat
2008-03-30 08:03:14 0 d

C:\Program Files\Common Files\xing shared
2008-03-29 05:49:26 0 d

C:\Documents and Settings\Administrator\Application Data\VMware
2008-03-29 04:16:01 0 d

C:\Documents and Settings\Default User.WINNT\Application Data\VMware
2008-03-29 04:15:23 0 d

C:\Documents and Settings\All Users.WINNT\Application Data\VMware
2008-03-29 04:00:05 0 d--h

C:\WINNT\msdownld.tmp
2008-03-29 03:58:54 0 d

C:\WINNT\Windows Update Setup Files

-- Find3M Report

2008-04-10 19:11:40 0 d-a

C:\Program Files\Common Files
2008-04-10 18:33:08 0 d

C:\Program Files\Foxit
2008-04-04 11:46:49 0 d--h

C:\Program Files\InstallShield Installation Information
2008-03-30 08:03:13 0 d

C:\Program Files\Common Files\Real
2008-01-28 01:25:58 0 --a

C:\WINNT\nsreg.dat
2008-01-26 23:17:38 73216 --a

C:\WINNT\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-01-26 03:48:35 16384 --a

t C:\WINNT\system32\Perflib_Perfdata_2e4.dat
2008-01-25 08:04:02 315392 --a

C:\WINNT\HideWin.exe <Not Verified; Realtek Semiconductor Corp.; HD Audio Hide windows program>
2008-01-25 07:59:03 0 ---h

C:\CONFIG.SYS
2008-01-25 07:59:03 0 ---h

C:\AUTOEXEC.BAT
2008-01-25 07:58:10 15012 --a

C:\WINNT\system32\emptyregdb.dat
2008-01-25 05:28:26 0 -rahs---- C:\MSDOS.SYS
2008-01-25 05:28:26 0 -rahs---- C:\IO.SYS

-- Registry Dump

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [06/19/03 03:05p C:\WINNT\system32\mobsync.exe]
"NvCplDaemon"="C:\WINNT\System32\NvCpl.dll" [05/11/07 09:03a]
"nwiz"="nwiz.exe" [05/11/07 09:03a C:\WINNT\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [01/30/07 09:54p C:\WINNT\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [05/16/06 09:04p C:\WINNT\SkyTel.exe]
"Alcmtr"="ALCMTR.EXE" [05/03/05 09:43p C:\WINNT\Alcmtr.exe]
"NeroFilterCheck"="C:\WINNT\system32\NeroCheck.exe" [07/09/01 11:50a]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [03/30/08 08:03a]
"SMSystemAnalyzer"="C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe" [03/31/08 04:11p]
"iolo AntiVirus"="C:\Program Files\iolo\System Mechanic Professional 7\AntiVirus\ioloAV.exe" [03/05/08 11:48a]
"iolo Personal Firewall"="C:\Program Files\iolo\System Mechanic Professional 7\Personal Firewall\ioloFW.exe" [03/05/08 12:06p]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [12/16/05 01:57p]
"Power DVD Player"="C:\Program Files\Power DVD Player\PowerDVDPlayer.exe" [09/06/07 02:28a]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

-- End of Deckard's System Scanner: finished at 2008-04-13 15:55:20

***End main.txt ***

***Begin extra.txt***

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.

-- System Information

Microsoft Windows 2000 Professional (build 2195) SP 4.0
Architecture: X86; Language: English

CPU 0: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz
CPU 1: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz
Percentage of Memory in Use: 35%
Physical Memory (total/avail): 2046.46 MiB / 1323.45 MiB
Pagefile Memory (total/avail): 5026.6 MiB / 3960.18 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1942.45 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 127.99 GiB total, 115.99 GiB free.
D: is CDROM (CDFS)
E: is Fixed (NTFS) - 170.1 GiB total, 123.08 GiB free.

\\.\PHYSICALDRIVE0 - ST3320620AS - 298.09 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 127.99 GiB - C:
\PARTITION1 - Installable File System - 170.1 GiB - E:

-- Security Center

AUOptions is set to notify before install.

-- Environment Variables

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINNT
APPDATA=C:\Documents and Settings\Administrator\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=HOME
ComSpec=C:\WINNT\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\
LOGONSERVER=\\HOME
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Os2LibPath=C:\WINNT\system32\os2\dll;
Path=C:\Program Files\Mozilla Firefox;C:\oracle\product\10.2.0\db_2\bin;C:\Program Files\Informatica PowerCenter 7.1.1\RepositoryServer\bin;C:\WINNT\system32;C:\WINNT;C:\WINNT\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PERL5LIB=C:\oracle\product\10.2.0\db_2\perl\5.8.3\lib\MSWin32-x86;C:\oracle\product\10.2.0\db_2\perl\5.8.3\lib;C:\oracle\product\10.2.0\db_2\perl\5.8.3\lib\MSWin32-x86;C:\oracle\product\10.2.0\db_2\perl\site\5.8.3;C:\oracle\product\10.2.0\db_2\perl\site\5.8.3\lib;C:\oracle\product\10.2.0\db_2\sysman\admin\scripts;
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramFiles=C:\Program Files
PROMPT=$P$G
SystemDrive=C:
SystemRoot=C:\WINNT
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=HOME
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINNT

-- User Profiles

Internet
Administrator (admin)

-- Add/Remove Programs

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINNT\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINNT\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINNT\UNNeroShowTime.exe /UNINSTALL
--> C:\WINNT\UNNeroVision.exe /UNINSTALL
--> C:\WINNT\UNRecode.exe /UNINSTALL
7-Zip 4.57 --> "C:\Program Files\7-Zip\Uninstall.exe"
Adobe Flash Player ActiveX --> C:\WINNT\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINNT\system32\Macromed\Flash\uninstall_plugin.exe
Authentium AntiVirus SDK - 2 --> MsiExec.exe /I{C67DF120-4DD3-11D4-A3CA-005004AD2A5B}
Caillou's Kindergarten --> C:\Program Files\brighter child\Caillou's Kindergarten\uninstall\uninstall.exe
Caillou's Preschool --> C:\Program Files\brighter child\Caillou's Preschool\uninstall\uninstall.exe
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EVGA Display Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}\Setup.exe" -l0x9 -removeonly
Foxit Reader --> C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
FreeDVD Codec Installer Version 1.0 --> C:\WINNT\st6unst.exe -n "C:\Program Files\CodecInstaller\ST6UNST.LOG"
High Definition Audio Driver Package - KB888111 --> "C:\WINNT\$NtUninstallKB888111W2k$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Informatica PowerCenter 7.1.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B2799A56-3816-11D7-88A2-005004B0D711}\setup.exe" -l0x9
iolo technologies' System Mechanic Professional 7 --> "C:\Program Files\iolo\System Mechanic Professional 7\unins000.exe"
Microsoft .NET Framework 2.0 --> C:\WINNT\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Internet Explorer 6 SP1 --> rundll32 C:\WINNT\system32\setupwbv.dll,IE6Maintenance C:\Program Files\Internet Explorer\IE Uninstall\W2KEXCP.EXE /u
Mozilla Firefox (2.0.0.13) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 7 Demo --> MsiExec.exe /I{C93369CB-B4E9-E095-9289-E6B5AE941033}
NVIDIA Drivers --> C:\WINNT\system32\nvunrm.exe UninstallGUI
Oracle Data Provider for .NET Help --> MsiExec.exe /I{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}
PDFCreator --> C:\Program Files\PDFCreator\unins000.exe
Power DVD Player --> C:\Program Files\Power DVD Player\uninst.exe
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
Windows Installer 3.0 (KB884016) --> C:\WINNT\$MSI30UninstallMSI30-KB884016$\spuninst\spuninst.exe

-- Application Event Log

Event Record #/Type1886 / Warning
Event Submitted/Written: 04/13/2008 03:52:03 PM
Event ID/Source: 4098 / EventSystem
Event Description:
The COM+ Event System failed to fire the Logon method on subscription {C69C8F03-B25C-45D1-96FA-6DFB1F292B26}. The subscriber returned HRESULT 8007047F.

Event Record #/Type1885 / Warning
Event Submitted/Written: 04/13/2008 10:02:51 AM
Event ID/Source: 4098 / EventSystem
Event Description:
The COM+ Event System failed to fire the Logon method on subscription {C69C8F03-B25C-45D1-96FA-6DFB1F292B26}. The subscriber returned HRESULT 8007047F.

Event Record #/Type1880 / Warning
Event Submitted/Written: 04/13/2008 09:04:26 AM
Event ID/Source: 4098 / EventSystem
Event Description:
The COM+ Event System failed to fire the Logon method on subscription {C69C8F03-B25C-45D1-96FA-6DFB1F292B26}. The subscriber returned HRESULT 8007047F.

Event Record #/Type1879 / Warning
Event Submitted/Written: 04/13/2008 09:04:01 AM
Event ID/Source: 4100 / EventSystem
Event Description:
The COM+ Event System failed to create an instance of the subscriber {6295DF2D-35EE-11D1-8707-00C04FD93327}. CoCreateInstanceEx returned HRESULT 8000401A.

Event Record #/Type1868 / Error
Event Submitted/Written: 04/13/2008 09:02:21 AM
Event ID/Source: 2002 / PerfNet
Event Description:
Unable to open the Redirector service. Redirector performance data
will not be returned. Error code returned is in data DWORD 0.

-- Security Event Log

No Errors/Warnings found.

-- System Event Log

Event Record #/Type814 / Error
Event Submitted/Written: 04/10/2008 05:12:41 PM
Event ID/Source: 12291 / SAM
Event Description:
SAM failed to start the TCP/IP or SPX/IPX listening thread

Event Record #/Type805 / Error
Event Submitted/Written: 04/10/2008 04:42:29 PM
Event ID/Source: 12291 / SAM
Event Description:
SAM failed to start the TCP/IP or SPX/IPX listening thread

Event Record #/Type801 / Warning
Event Submitted/Written: 04/09/2008 11:09:30 PM / 04/09/2008 11:09:48 PM
Event ID/Source: 18 / i8042prt
Event Description:
The device sent an incorrect response(s) following a mouse reset.

Event Record #/Type795 / Error
Event Submitted/Written: 04/09/2008 11:09:34 PM
Event ID/Source: 12291 / SAM
Event Description:
SAM failed to start the TCP/IP or SPX/IPX listening thread

Event Record #/Type791 / Warning
Event Submitted/Written: 04/09/2008 10:14:56 PM / 04/09/2008 10:15:14 PM
Event ID/Source: 18 / i8042prt
Event Description:
The device sent an incorrect response(s) following a mouse reset.

-- End of Deckard's System Scanner: finished at 2008-04-13 15:55:20

***End extra.txt***

shivap · April 2008

vekarppe, I appreciate your efforts in helping me resolve the issue.

****Kaspersky's scan report****

KASPERSKY ONLINE SCANNER REPORT
Sunday, April 13, 2008 5:41:06 PM
Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 13/04/2008
Kaspersky Anti-Virus database records: 702181

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 62872
Number of viruses found: 1
Number of infected objects: 3
Number of suspicious objects: 0
Duration of the scan process: 01:06:44

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Application Data\iolo\SystemAnalyzer.log Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tux5jnqc.default\cert8.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tux5jnqc.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tux5jnqc.default\history.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tux5jnqc.default\key3.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tux5jnqc.default\parent.lock Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tux5jnqc.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tux5jnqc.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\tux5jnqc.default\Cache\4C1DF8A7d01 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\tux5jnqc.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\tux5jnqc.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\tux5jnqc.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\tux5jnqc.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\fb_1128.lck Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFC059.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users.WINNT\Application Data\iolo\FileInfoList\IOLOFIL.FDB Object is locked skipped
C:\Documents and Settings\All Users.WINNT\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users.WINNT\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Internet\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Internet\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Internet\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Internet\NtUser.dat.LOG Object is locked skipped
C:\oracle\product\10.2.0\db_2\database\hc_orcl.dat Object is locked skipped
C:\oracle\product\10.2.0\db_2\home_orcl\emctl.pid Object is locked skipped
C:\oracle\product\10.2.0\db_2\home_orcl\emctl.pid_agent Object is locked skipped
C:\oracle\product\10.2.0\db_2\home_orcl\sysman\log\emagent.log Object is locked skipped
C:\oracle\product\10.2.0\db_2\home_orcl\sysman\log\emagent.trc Object is locked skipped
C:\oracle\product\10.2.0\db_2\home_orcl\sysman\log\emdb.nohup Object is locked skipped
C:\oracle\product\10.2.0\db_2\home_orcl\sysman\log\emoms.log Object is locked skipped
C:\oracle\product\10.2.0\db_2\home_orcl\sysman\log\emoms.trc Object is locked skipped
C:\oracle\product\10.2.0\db_2\home_orcl\sysman\log\OracleDBConsoleorclsrvc.log Object is locked skipped
C:\oracle\product\10.2.0\db_2\NETWORK\log\listener.log Object is locked skipped
C:\oracle\product\10.2.0\db_2\oc4j\j2ee\isqlplus\application-deployments\isqlplus\application.log Object is locked skipped
C:\oracle\product\10.2.0\db_2\oc4j\j2ee\isqlplus\application-deployments\isqlplushelp\application.log Object is locked skipped
C:\oracle\product\10.2.0\db_2\oc4j\j2ee\isqlplus\log\global-application.log Object is locked skipped
C:\oracle\product\10.2.0\db_2\oc4j\j2ee\isqlplus\log\http-web-access.log Object is locked skipped
C:\oracle\product\10.2.0\db_2\oc4j\j2ee\isqlplus\log\rmi.log Object is locked skipped
C:\oracle\product\10.2.0\db_2\oc4j\j2ee\isqlplus\log\server.log Object is locked skipped
C:\oracle\product\10.2.0\db_2\oc4j\j2ee\OC4J_DBConsole_home_orcl\log\em-application.log Object is locked skipped
C:\oracle\product\10.2.0\db_2\oc4j\j2ee\OC4J_DBConsole_home_orcl\log\global-application.log Object is locked skipped
C:\oracle\product\10.2.0\db_2\oc4j\j2ee\OC4J_DBConsole_home_orcl\log\http-web-access.log Object is locked skipped
C:\oracle\product\10.2.0\db_2\oc4j\j2ee\OC4J_DBConsole_home_orcl\log\rmi.log Object is locked skipped
C:\oracle\product\10.2.0\db_2\oc4j\j2ee\OC4J_DBConsole_home_orcl\log\server.log Object is locked skipped
C:\oracle\product\10.2.0\oradata\orcl\CONTROL01.CTL Object is locked skipped
C:\oracle\product\10.2.0\oradata\orcl\CONTROL02.CTL Object is locked skipped
C:\oracle\product\10.2.0\oradata\orcl\CONTROL03.CTL Object is locked skipped
C:\oracle\product\10.2.0\oradata\orcl\EXAMPLE01.DBF Object is locked skipped
C:\oracle\product\10.2.0\oradata\orcl\REDO01.LOG Object is locked skipped
C:\oracle\product\10.2.0\oradata\orcl\REDO02.LOG Object is locked skipped
C:\oracle\product\10.2.0\oradata\orcl\REDO03.LOG Object is locked skipped
C:\oracle\product\10.2.0\oradata\orcl\SYSAUX01.DBF Object is locked skipped
C:\oracle\product\10.2.0\oradata\orcl\SYSTEM01.DBF Object is locked skipped
C:\oracle\product\10.2.0\oradata\orcl\TEMP01.DBF Object is locked skipped
C:\oracle\product\10.2.0\oradata\orcl\UNDOTBS01.DBF Object is locked skipped
C:\oracle\product\10.2.0\oradata\orcl\USERS01.DBF Object is locked skipped
C:\WINNT\Debug\PASSWD.LOG Object is locked skipped
C:\WINNT\SchedLgU.Txt Object is locked skipped
C:\WINNT\security\logs\scepol.log Object is locked skipped
C:\WINNT\SoftwareDistribution\EventCache\{96C55088-369E-4EB1-9CE6-8B1C7134076E}.bin Object is locked skipped
C:\WINNT\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINNT\system32\config\AppEvent.Evt Object is locked skipped
C:\WINNT\system32\config\default Object is locked skipped
C:\WINNT\system32\config\default.LOG Object is locked skipped
C:\WINNT\system32\config\SAM Object is locked skipped
C:\WINNT\system32\config\SAM.LOG Object is locked skipped
C:\WINNT\system32\config\SecEvent.Evt Object is locked skipped
C:\WINNT\system32\config\SECURITY Object is locked skipped
C:\WINNT\system32\config\SECURITY.LOG Object is locked skipped
C:\WINNT\system32\config\software Object is locked skipped
C:\WINNT\system32\config\software.LOG Object is locked skipped
C:\WINNT\system32\config\SysEvent.Evt Object is locked skipped
C:\WINNT\system32\config\system Object is locked skipped
C:\WINNT\system32\config\SYSTEM.ALT Object is locked skipped
C:\WINNT\system32\Perflib_Perfdata_158.dat Object is locked skipped
C:\WINNT\system32\Perflib_Perfdata_3bc.dat Object is locked skipped
C:\WINNT\Temp\HOME.lck Object is locked skipped
C:\WINNT\Temp\hsperfdata_SYSTEM\2192 Object is locked skipped
C:\WINNT\Temp\hsperfdata_SYSTEM\780 Object is locked skipped
C:\WINNT\WindowsUpdate.log Object is locked skipped
E:\RECYCLER\S-1-5-21-1220945662-1177238915-839522115-1003\De6\HFTOOLS\cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
E:\RECYCLER\S-1-5-21-1220945662-1177238915-839522115-1003\De6\HFTOOLS\cmdow.zip/cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
E:\RECYCLER\S-1-5-21-1220945662-1177238915-839522115-1003\De6\HFTOOLS\cmdow.zip ZIP: infected - 1 skipped

Scan process completed.

***Kaspersky's scan end***

Veka · April 2008

i shivap, your logs are clean.

Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

How is your computer working?

==========================================================

Make sure that dss.exe is located on your desktop.

Click the Windows Start button > Select Run - then copy/paste this into the run box & click OK (be sure you don't miss that first " mark when you copy)

"%userprofile%\desktop\dss.exe" /daft

* Read the disclaimer and click okay.
* Click on the Scan button.
* Place a checkmark next to the following entries:

.js
.reg
.scr
.vbs

* Click the Fix button.
* Re-scan and save a logfile. By default, it will save as daft.txt.

Post the contents of that file with your next post.

shivap · April 2008

Result of scan from dss.exe

DAFT Log saved on 2008-04-14 18:00:17

All associations okay!

Thanks
shivap

Veka · April 2008

How is your computer doing?

shivap · April 2008

Performance is good overall.

Thank you for your assistance vekarppe.

Veka · April 2008

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Clean up System Restore

You can find instructions on how to disable and enable System Restore from these guides:

Disable And Enable System Restore
Windows XP System Restore Guide

Make Your Internet Explorer More Secure

This can be done by following these simple instructions:

From within Internet Explorer click on the tools menu and then click on Options
Click once on the "Security" tab
Click once on the "Internet" icon so it becomes highlighted
Click once on the Custom Level button.
- Change the "Download signed ActiveX" controls to Prompt
- Change the "Download unsigned ActiveX" controls to Disable
- Change the "Initialize and script ActiveX controls" not marked as safe to Disable
- Change the "Launching programs and files in an IFRAME" to Prompt
- Change the "Navigate sub-frames across different domains" to Prompt
- When all these settings have been made, click on the OK button.
- If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

Note that Internet Explorer is not the most secure browser. There are safer (and better) alternatives available like Opera and Firefox.

Keep Your System Up to date

It is imperative that you keep your Windows, Antivirus, and other softwares up to date. Otherwise you are not protected against new threats and your system is vulnerable and unsafe. Update your Antivirus software at least once a week, and visit Microsoft Windows Update site regularly.

Install SpywareBlaster

SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware

Additional Utilities and Tips to Enhance Your Safety

MVPS Hosts file --- The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Comodo BOCLEAN --- Stop identity thieves from getting personal information. Instantly detects well over 1,000,000 unique, variant and repack malware in total. And it's free.
Winpatrol --- Download and install the free version of Winpatrol. A tutorial for this product is located here: Using Winpatrol to protect your computer from malicious software

Get more knowledge about how to protecet your computer and prevent malware issues by reading these short articles:

How to prevent Malware by miekiemoes
So How Did I Get Infected In First Place by Tony Klein
Ten Commandments for Your Computer Sanity by BitDefender

Happy surfing and stay clean!

shivap · April 2008

Thank you vekarppe for your time.

Veka · April 2008

Glad we could be of assistance! The help you received here was free.

This topic is now closed. If you wish it reopened, please send a Private Message to Trogan with a link to your thread.

If you are not the user who started this thread, you must start your own Thread instead

_______________________________

Have we helped you with any issues you have had with your PCs or other items? If so, you can now help us by Joining Team 93 and fold for a cure.

I probably have oascentral.walmartwom.com

Comments