Dev Shed Forums
> System Administration
> Antivirus Protection
Help needed: cannot access drives, task manager and run command disabled !!
Discuss Help needed: cannot access drives, task manager and run command disabled !! in the Antivirus Protection forum on Dev Shed. Help needed: cannot access drives, task manager and run command disabled !! Antivirus Protection forum discussing issues relating to antivirus programs, spyware, hijack protection, and personal firewalls for all operating systems. Keep your systems protected from hackers and other hazards.
Receive the tools necessary to be the rock star of your field. Our 12-month program teaches you the evolving world of multi-channel marketing as well as the complex issues and opportunities found in the industry.
ASP Free and Iron Speed Designer are giving away $5,500+ in FREE licenses . Iron Speed's RAD CASE toolset can save up to 80% of your coding time. One free license per week, one perpetual license per month!Download and Activate to enter!
Web development can be a daunting task, even for specialists. There is a lot of information to absorb and a lot of technologies to learn in order to manage a superior website. When trying to learn the ropes, developers need a reliable source to introduce new ideas that can be easily implemented. When working on large projects, even web veterans may run into a technology or an aspect of a technology that they are unfamiliar with.
Learn More!
Contest Rules
Tutorials | Forums
Dev Shed Forums Sponsor:
April 12th, 2008, 12:47 PM
Contributing User
Join Date: Apr 2008
Posts: 49
Time spent in forums: 2 h 45 m 6 sec
Reputation Power: 5
Help needed: cannot access drives, task manager and run command disabled !!
Dear Friends,
recently i was hit by trojan/viruses/malware and I tried to clean my system with AVG anti-spyware. After cleaning my system, I still have problems accessing my hard-drive ( msg: cannot find copy.exe etc), my task manager option is disabled, Run command is inaccesible from start menu etc etc. Though I am able to access drives by explore option but same fails when i try to access it through My computer. Also after cleaning, Twice I have got windows message that my system is low on virtual memory and its size is being adjusted.
I read your rules for posting queries but i could not complete step 1 and step 4 i.e cleanup software is getting downloaded in faulty state and online cleaning status is not visible when i hit 'clean now' button....
I will appreciate if you can help me come out of this situation. Thanx
April 12th, 2008, 12:50 PM
Contributing User
Join Date: Apr 2008
Posts: 49
Time spent in forums: 2 h 45 m 6 sec
Reputation Power: 5
---------------------------------------------------------
April 12th, 2008, 12:51 PM
Contributing User
Join Date: Apr 2008
Posts: 49
Time spent in forums: 2 h 45 m 6 sec
Reputation Power: 5
continued--log report AVG anti spyware
April 12th, 2008, 12:52 PM
Contributing User
Join Date: Apr 2008
Posts: 49
Time spent in forums: 2 h 45 m 6 sec
Reputation Power: 5
step-2 - MALWARE BYTES log report ( note- all problems were fixed)
April 12th, 2008, 12:53 PM
Contributing User
Join Date: Apr 2008
Posts: 49
Time spent in forums: 2 h 45 m 6 sec
Reputation Power: 5
log report- super antispyware
April 12th, 2008, 12:55 PM
Contributing User
Join Date: Apr 2008
Posts: 49
Time spent in forums: 2 h 45 m 6 sec
Reputation Power: 5
step 4- online scanning was not responsive so here is HIJACK THIS log report
April 12th, 2008, 12:56 PM
Contributing User
Join Date: Apr 2008
Posts: 49
Time spent in forums: 2 h 45 m 6 sec
Reputation Power: 5
uninstall list- Hijack this
April 12th, 2008, 02:43 PM
Malware Warrior /AV forum Mod
Join Date: Nov 2006
Location: San Antonio Tx
Welcome, Thanks for working the steps in the Sticky.
Lets move on to the more advanced tools.
Download Combofix from the link below. You must rename it before saving it. Save it to your desktop. I suggest that you rename it to Combo-Fix.exe. The tool will suggest that name as default any way.
>> Download
ComboFix <<
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
* Remember to re enable the protection again afterwards.
2. Double click on Combo-Fix.exe & follow the prompts.
* When finished, it will produce a report for you. Please post the C:\ComboFix.txt so we can continue cleaning the system.
Notes:
* Do not mouseclick combofix's window while it's running. That may cause it to stall
* CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Please stay by the machine as it runs, and if any errors occur please try and see what they are so we can pinpoint the problem.
__________________
Neera: The wraith will not allow us to escape.
Sheppard: Yeah, well I try not to let them tell me what I can and can't do.
Neera: You do not fear them?
Sheppard: The wraith, nah.
Now clowns that's another story . They scare the crap out of me.
April 13th, 2008, 01:40 AM
Contributing User
Join Date: Apr 2008
Posts: 49
Time spent in forums: 2 h 45 m 6 sec
Reputation Power: 5
hi porthos..thanx for your speedy response
.....I disabled running anti-virus and anti-spywares softwares before running it but could not kill the process using task manager as this feature is blocked by malware...here is the test log..
ComboFix 08-04-12.5 - Administrator 2008-04-13 11:54:02.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.277 [GMT 5.5:30]
Running from: C:\Documents and Settings\Administrator\Desktop\Combo-Fix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\Documents and Settings\Administrator\ravmonlog
C:\WINDOWS\autorun.inf
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\wpcap.dll
D:\Autorun.inf
E:\Autorun.inf
F:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\NPF
((((((((((((((((((((((((( Files Created from 2008-03-13 to 2008-04-13 )))))))))))))))))))))))))))))))
.
2008-04-12 22:09 . 2008-04-12 22:09 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-12 21:09 . 2008-04-12 21:09 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-04-12 20:18 . 2008-04-12 21:02 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-12 20:18 . 2008-04-12 20:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-12 20:18 . 2008-04-12 20:18 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-04-12 20:17 . 2008-04-12 20:17 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-12 19:17 . 2008-04-12 19:17 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-12 19:17 . 2008-04-12 19:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-12 19:17 . 2008-04-12 19:17 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-04-12 04:10 . 2008-04-12 04:10 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7
2008-04-12 03:52 . 2008-04-12 03:52 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-12 03:52 . 2008-04-13 11:48 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-04-12 03:51 . 2008-04-12 04:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-04-12 03:33 . 2008-04-12 03:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-12 02:33 . 2008-04-12 02:33 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-04-12 02:33 . 2007-05-30 17:40 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-08 20:51 . 2008-04-08 20:51 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Image Zone Express
2008-03-31 18:08 . 2008-03-31 18:08 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Nokia Multimedia Player
2008-03-31 17:42 . 2008-03-31 17:42 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2008-03-31 17:41 . 2008-03-31 17:41 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-03-31 17:41 . 2008-03-31 17:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-29 11:59 . 2008-03-29 15:19 <DIR> d-------- C:\Documents and Settings\Administrator\dwhelper
2008-03-19 18:10 . 2008-03-19 18:10 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\GlarySoft
2008-03-19 18:09 . 2008-03-19 18:09 <DIR> d-------- C:\Program Files\Registry Repair
2008-03-17 17:41 . 2008-03-17 17:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-03-17 17:41 . 2008-03-17 17:41 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\iolo
2008-03-17 17:41 . 2008-03-17 17:41 74,703 --a------ C:\WINDOWS\system32\mfc45.dll
2008-03-17 17:12 . 2008-03-17 17:12 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2008-03-17 17:12 . 2008-03-17 17:12 <DIR> d-------- C:\Program Files\Zone Labs
2008-03-17 17:12 . 2008-03-17 17:13 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-03-17 17:11 . 2008-04-13 11:58 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-03-17 17:11 . 2008-04-12 23:09 526 --ah----- C:\WINDOWS\system32\vsconfig.xml
2008-03-17 17:02 . 2008-03-17 17:02 <DIR> d--hs---- C:\INCINERATE
2008-03-17 16:59 . 2008-04-06 17:44 512 --a------ C:\WINDOWS\randseed.rnd
2008-03-17 16:58 . 2008-03-17 16:58 <DIR> d-------- C:\Program Files\Common Files\Cisco Systems
2008-03-17 15:16 . 2008-03-17 15:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-03-17 15:13 . 2008-03-17 15:13 <DIR> d-------- C:\Program Files\DIFX
2008-03-17 15:12 . 2008-03-17 15:12 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-03-17 15:12 . 2008-03-17 15:12 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-03-17 15:11 . 2008-03-17 15:13 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-03-17 15:11 . 2008-03-17 15:11 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-03-17 15:11 . 2008-03-17 15:12 <DIR> d-------- C:\Program Files\Nokia
2008-03-17 15:11 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-03-17 15:10 . 2008-03-17 15:10 19 --a------ C:\WINDOWS\SoundConverter.INI
2008-03-17 15:05 . 2008-03-17 15:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-03-13 14:58 . 2008-03-13 15:08 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\HP
2008-03-13 14:57 . 2008-03-13 14:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-03-13 14:53 . 2008-03-13 14:53 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
2008-03-13 14:53 . 2008-03-13 14:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2008-03-13 14:51 . 2008-03-13 14:53 <DIR> d-------- C:\Program Files\Common Files\HP
2008-03-13 14:49 . 2008-03-13 14:49 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-03-13 14:48 . 2008-03-13 14:48 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-03-13 14:48 . 2006-04-13 05:34 49,664 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-03-13 14:48 . 2006-04-13 05:34 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-03-13 14:47 . 2006-01-04 14:42 77,824 -ra------ C:\WINDOWS\system32\HPZIDS01.dll
2008-03-13 14:47 . 2006-04-10 14:03 48,128 --a------ C:\WINDOWS\system32\hpzll054.dll
2008-03-13 14:47 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-03-13 14:47 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-03-13 14:46 . 2006-03-03 21:03 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-03-13 14:46 . 2006-03-03 21:02 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-03-13 14:46 . 2006-03-03 21:02 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-03-13 14:46 . 2006-03-03 21:03 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-03-13 14:46 . 2006-03-03 21:03 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-03-13 14:46 . 2006-03-03 21:02 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-03-13 14:45 . 2008-03-13 14:56 <DIR> d-------- C:\Program Files\HP
2008-03-13 14:43 . 2008-03-13 15:05 117,421 --a------ C:\WINDOWS\hpoins11.dat
2008-03-13 14:43 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-03-13 14:43 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
April 13th, 2008, 01:41 AM
Contributing User
Join Date: Apr 2008
Posts: 49
Time spent in forums: 2 h 45 m 6 sec
Reputation Power: 5
continued...
April 13th, 2008, 01:42 AM
Contributing User
Join Date: Apr 2008
Posts: 49
Time spent in forums: 2 h 45 m 6 sec
Reputation Power: 5
continued..
April 13th, 2008, 01:56 AM
Contributing User
Join Date: Apr 2008
Posts: 49
Time spent in forums: 2 h 45 m 6 sec
Reputation Power: 5
well my system is behaving fine now...i can access my drives, task manager option is enabled and run command is showing up in start menu...do u think we need to continue hunting for viruses etc [
]
April 13th, 2008, 02:07 AM
Malware Warrior /AV forum Mod
Join Date: Nov 2006
Location: San Antonio Tx
There is more
Download SDfix from
HERE and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :
· Restart your computer
· After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
· Instead of Windows loading as normal, the Advanced Options Menu should appear;
· Select the first option, to run Windows in Safe Mode, then press Enter.
· Choose your usual account.
· Open the extracted SDFix folder and double click RunThis.bat to start the script.
· Type Y to begin the cleanup process.
· It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
· Press any Key and it will restart the PC.
· When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
· Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
April 13th, 2008, 06:08 AM
Contributing User
Join Date: Apr 2008
Posts: 49
Time spent in forums: 2 h 45 m 6 sec
Reputation Power: 5
Quote:
Originally Posted by Porthos
There is more
Wel..here is the report of SDfix..
SDFix: Version 1.170
Run by Administrator on Sun 04/13/2008 at 02:41 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1351.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-13 14:49:12
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0011b107a365]
"001b33c96a76"=hex:33,8b,eb,c1,66,56,e1,a9,07,0b,d6,1f,7d,bb,74,12
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011b107a365]
"001b33c96a76"=hex:33,8b,eb,c1,66,56,e1,a9,07,0b,d6,1f,7d,bb,74,12
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0011b107a365]
"001b33c96a76"=hex:33,8b,eb,c1,66,56,e1,a9,07,0b,d6,1f,7d,bb,74,12
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000000
"TracesSuccessful"=dword:00000000
"LastTraceFailure"=dword:00000000
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:ęTorrent"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Wed 20 Feb 2008 6,219,320 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Sun 3 Feb 2008 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 3 Feb 2008 4,348 ...H. --- "C:\Documents and Settings\Administrator\My Documents\My Music\License Backup\drmv1key.bak"
Sun 3 Feb 2008 20 A..H. --- "C:\Documents and Settings\Administrator\My Documents\My Music\License Backup\drmv1lic.bak"
Sun 3 Feb 2008 400 A.SH. --- "C:\Documents and Settings\Administrator\My Documents\My Music\License Backup\drmv2key.bak"
Finished!
April 13th, 2008, 06:11 AM
Contributing User
Join Date: Apr 2008
Posts: 49
Time spent in forums: 2 h 45 m 6 sec
Reputation Power: 5
after running SDfix...my i ran my AVG anti-virus test on my system...this is the report...seems like infection keeps on coming up
..though iem not facing the problems i was facing before..but still these malicious programs gives me goose bumps
report:
Scan "Scan whole computer" was finished.
Infections found:;"2"
Infected objects removed or healed;"2"
Not removed or healed.;"0"
Spyware found:;"2"
Spyware removed:;"2"
Not removed:;"0"
Warnings count:;"2"
Information count:;"0"
Scan started:;"Sunday, April 13, 2008, 3:06:15 PM"
Total object scanned:;"714594"
Time needed:;"1 hour(s) 26 minute(s) 28 second(s) "
Errors encountered:;"0"
Infections
File;"Infection";"Result"
E:\RECYCLER\S-1-5-21-1229272821-1979792683-1417001333-1003\Dg1\ruby184-19.exe:\$JN\lib\ruby\1.8\i386-mswin32\digest.so;"Trojan horse Generic10.JXS";"Deleted"
E:\RECYCLER\S-1-5-21-1229272821-1979792683-1417001333-1003\Dg1\ruby184-19.exe;"Trojan horse Generic10.JXS";"Deleted"
Spyware
File;"Infection";"Result"
E:\RECYCLER\S-1-5-21-1708537768-1123561945-842925246-500\De2.rar:\keygen.exe;"Potentially harmful program Crack.D";"Deleted"
E:\RECYCLER\S-1-5-21-1708537768-1123561945-842925246-500\De2.rar;"Potentially harmful program Crack.D";"Deleted"
Warnings
File;"Infection";"Result"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0EDC6C20-A31C-11DB-8AB9-0800200C9A66};"Found Adware.RogueSuspect";"Potentially dangerous object"
HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3AAC4C68-AFC8-11DB-80EF-8AF955D89593};"Found Adware.RogueSuspect";"Potentially dangerous object"
Thread Tools
Search this Thread
Display Modes
Rate This Thread
Linear Mode
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
..though iem not facing the problems i was facing before..but still these malicious programs gives me goose bumps 
Linear Mode
