Dl.exe Virus

  1. 11-12-2006  #1
    dynamicboy18
    dynamicboy18 is offline Newbie

    Angry Dl.exe Virus

    i let my mate use my computer wish i didnt now. at first i got this window appears called dl.exe, with a message box labelled "16 bit MS-DOS Subsystem" that says "The NTVDM CPU has encountered an illegal instruction. CS:06da IP:03d8 OP:63 3d 22 68 74 Choose "close" to terminate application." It gives me a close/ignore option. Ignore seems to do nothing, and close closes it. then i noitced that my internet connetion was playing a round but i know it was there and working fine something worng with the key ports or some sort of firewall this thing has blocking it i tried verything i could at that time till i got pissed off with the bloody thing and the nextday i had another go just 2 find out that i could not longger get on 2 windows noramaly just in safe mode i found the DL.EXE file in douc and settings and in my ad-aware folder. anyway i wasnt having much luck with it so i thought i would reformat my HD but i had over 1000 tunes and pic's so i put my HD in my mum's computer as a 2nd HD copyed my pic's and that 2 my mum's HD then i noticed that very single bit of software or programs i had in .exe format was corrpt .zip files where fine and i think cause i tried using some of the software i had on my HD its now infected my mum's computer but i've told her never 2 shut it down cause when i shut mine down when i got it that night i couldnt get back on main windows just safe mode. right so i reformated my HD put a fresh copy of windows xp home on very thing seams to work fine untill i connet 2 the internet then the computer just lags programs stop responedin i've reformated it twice and still gettin the same f***ed up s*it im at my mates house at the mo so i will hav 2 post some logs later on today if i can. i will send logs of both computer's. whats the best software for scaning ram memory and cpu cach and/or other memory and/or if there any software what i can put on a C.D 2 run outside of windows like a boot up disk what will scan very thing and i also had task manger running before everything started frezzin i saw some wired program come up with loads of number and letters with .exe on the end if i get more info about that program i will let ya know . thanks veryone for the help

  3. 12-12-2006  #2
    dynamicboy18
    dynamicboy18 is offline Newbie
    that wired file was dior4f47688296.exe and HERE'S MY LOG FOR MY COMPUTER THE ONE I PUT A FRESH COPY OF WINDOWS ON. Logfile of Logfile of HijackThis v1.99.1
    Scan saved at 00:47:06, on 12/12/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\wpabaln.exe
    C:\WINDOWS\System32\macromed\flash\GetFlash.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lookitsme.co.uk/
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SW20] C:\WINDOWS\System32\sw20.exe
    O4 - HKLM\..\Run: [SW24] C:\WINDOWS\System32\sw24.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [errorkiller] "C:\Program Files\errorkiller\errorkiller.exe" -boot
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1165773257306
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1529DA68-BAD6-41A1-82CC-E231093BD922}: NameServer = 62.24.252.135 62.24.252.134
    O23 - Service: Print Spooler Service (ioc4aeuaqiihbbo) - Unknown owner - C:\WINDOWS\System32\sklrr7y7027943.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
  4. 12-12-2006  #3
    dynamicboy18
    dynamicboy18 is offline Newbie
    also got these 2 reports from my computer.


    BitDefender Online Scanner



    Scan report generated at: Tue, Dec 12, 2006 - 0121





    Scan path: C:\;D:\;E:\;







    Statistics

    Time
    00:09:07

    Files
    52979

    Folders
    1459

    Boot Sectors
    2

    Archives
    556

    Packed Files
    4740




    Results

    Identified Viruses
    5

    Infected Files
    31

    Suspect Files
    0

    Warnings
    0

    Disinfected
    0

    Deleted Files
    31




    Engines Info

    Virus Definitions
    328488

    Engine build
    AVCORE v1.0 (build 2368) (i386) (Nov 16 2006 11:31:19)

    Scan plugins
    14

    Archive plugins
    38

    Unpack plugins
    6

    E-mail plugins
    6

    System plugins
    1




    Scan Settings

    First Action
    Disinfect

    Second Action
    Delete

    Heuristics
    Yes

    Enable Warnings
    Yes

    Scanned Extensions
    *;

    Exclude Extensions


    Scan Emails
    Yes

    Scan Archives
    Yes

    Scan Packed
    Yes

    Scan Files
    Yes

    Scan Boot
    Yes




    Scanned File
    Status

    C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0XYJ8DIF\mslpar[1].exe
    Infected with: DeepScan:Generic.Sdbot.5FEA439C

    C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0XYJ8DIF\mslpar[1].exe
    Disinfection failed

    C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0XYJ8DIF\mslpar[1].exe
    Deleted

    C:\WINDOWS\SYSTEM32\i
    Infected with: Generic.Botget.6726A0B5

    C:\WINDOWS\SYSTEM32\i
    Deleted

    C:\WINDOWS\SYSTEM32\vcmon.exe
    Infected with: Backdoor.SDBot.BH

    C:\WINDOWS\SYSTEM32\vcmon.exe
    Disinfection failed

    C:\WINDOWS\SYSTEM32\vcmon.exe
    Deleted

    C:\WINDOWS\SYSTEM32\setup_22284.exe
    Infected with: Backdoor.SDBot.BH

    C:\WINDOWS\SYSTEM32\setup_22284.exe
    Disinfection failed

    C:\WINDOWS\SYSTEM32\setup_22284.exe
    Deleted

    C:\WINDOWS\SYSTEM32\rsy32.exe
    Infected with: Trojan.Agent.ABL

    C:\WINDOWS\SYSTEM32\rsy32.exe
    Disinfection failed

    C:\WINDOWS\SYSTEM32\rsy32.exe
    Deleted

    C:\WINDOWS\SYSTEM32\Isass.exe
    Infected with: Generic.Sdbot.402EE25E

    C:\WINDOWS\SYSTEM32\Isass.exe
    Deleted

    C:\WINDOWS\SYSTEM32\mslpar.exe
    Infected with: DeepScan:Generic.Sdbot.5FEA439C

    C:\WINDOWS\SYSTEM32\mslpar.exe
    Disinfection failed

    C:\WINDOWS\SYSTEM32\mslpar.exe
    Deleted

    C:\WINDOWS\SYSTEM32\eraseme_21736.exe
    Infected with: Backdoor.SDBot.BH

    C:\WINDOWS\SYSTEM32\eraseme_21736.exe
    Disinfection failed

    C:\WINDOWS\SYSTEM32\eraseme_21736.exe
    Deleted

    C:\WINDOWS\rsy32.exe
    Infected with: Trojan.Agent.ABL

    C:\WINDOWS\rsy32.exe
    Disinfection failed

    C:\WINDOWS\rsy32.exe
    Deleted

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\5P6CBE5F\runtime[1].exe
    Infected with: Trojan.Agent.ABL

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\5P6CBE5F\runtime[1].exe
    Disinfection failed

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\5P6CBE5F\runtime[1].exe
    Deleted

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\5P6CBE5F\runtime[2].exe
    Infected with: Trojan.Agent.ABL

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\5P6CBE5F\runtime[2].exe
    Disinfection failed

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\5P6CBE5F\runtime[2].exe
    Deleted

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\5P6CBE5F\runtime[3].exe
    Infected with: Trojan.Agent.ABL

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\5P6CBE5F\runtime[3].exe
    Disinfection failed

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\5P6CBE5F\runtime[3].exe
    Deleted

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\5P6CBE5F\runtime[4].exe
    Infected with: Trojan.Agent.ABL

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\5P6CBE5F\runtime[4].exe
    Disinfection failed

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\5P6CBE5F\runtime[4].exe
    Deleted

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\5P6CBE5F\runtime[5].exe
    Infected with: Trojan.Agent.ABL

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\5P6CBE5F\runtime[5].exe
    Disinfection failed

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\5P6CBE5F\runtime[5].exe
    Deleted

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\5P6CBE5F\runtime[6].exe
    Infected with: Trojan.Agent.ABL

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\5P6CBE5F\runtime[6].exe
    Disinfection failed

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\5P6CBE5F\runtime[6].exe
    Deleted

    C:\System Volume Information\_restore{0D42A88C-7D20-42E6-8EAB-087526E462DD}\RP1\A0000048.exe
    Infected with: Trojan.Agent.ABL

    C:\System Volume Information\_restore{0D42A88C-7D20-42E6-8EAB-087526E462DD}\RP1\A0000048.exe
    Disinfection failed

    C:\System Volume Information\_restore{0D42A88C-7D20-42E6-8EAB-087526E462DD}\RP1\A0000048.exe
    Deleted

    C:\System Volume Information\_restore{0D42A88C-7D20-42E6-8EAB-087526E462DD}\RP1\A0000049.exe
    Infected with: Trojan.Agent.ABL

    C:\System Volume Information\_restore{0D42A88C-7D20-42E6-8EAB-087526E462DD}\RP1\A0000049.exe
    Disinfection failed

    C:\System Volume Information\_restore{0D42A88C-7D20-42E6-8EAB-087526E462DD}\RP1\A0000049.exe
    Deleted

    C:\System Volume Information\_restore{0D42A88C-7D20-42E6-8EAB-087526E462DD}\RP2\A0003057.exe
    Infected with: Trojan.Agent.ABL

    C:\System Volume Information\_restore{0D42A88C-7D20-42E6-8EAB-087526E462DD}\RP2\A0003057.exe
    Disinfection failed

    C:\System Volume Information\_restore{0D42A88C-7D20-42E6-8EAB-087526E462DD}\RP2\A0003057.exe
    Deleted

    C:\System Volume Information\_restore{0D42A88C-7D20-42E6-8EAB-087526E462DD}\RP2\A0003058.exe
    Infected with: Trojan.Agent.ABL

    C:\System Volume Information\_restore{0D42A88C-7D20-42E6-8EAB-087526E462DD}\RP2\A0003058.exe
    Disinfection failed

    C:\System Volume Information\_restore{0D42A88C-7D20-42E6-8EAB-087526E462DD}\RP2\A0003058.exe
    Deleted

    C:\System Volume Information\_restore{0D42A88C-7D20-42E6-8EAB-087526E462DD}\RP2\A0004057.exe
    Infected with: Trojan.Agent.ABL

    C:\System Volume Information\_restore{0D42A88C-7D20-42E6-8EAB-087526E462DD}\RP2\A0004057.exe
    Disinfection failed

    C:\System Volume Information\_restore{0D42A88C-7D20-42E6-8EAB-087526E462DD}\RP2\A0004057.exe
    Deleted

    C:\System Volume Information\_restore{0D42A88C-7D20-42E6-8EAB-087526E462DD}\RP2\A0004058.exe
    Infected with: Trojan.Agent.ABL

    C:\System Volume Information\_restore{0D42A88C-7D20-42E6-8EAB-087526E462DD}\RP2\A0004058.exe
    Disinfection failed

    C:\System Volume Information\_restore{0D42A88C-7D20-42E6-8EAB-087526E462DD}\RP2\A0004058.exe
    Deleted

    C:\System Volume Information\_restore{0D42A88C-7D20-42E6-8EAB-087526E462DD}\RP2\A0005056.exe
    Infected with: Trojan.Agent.ABL

    C:\System Volume Information\_restore{0D42A88C-7D20-42E6-8EAB-087526E462DD}\RP2\A0005056.exe
    Disinfection failed

    C:\System Volume Information\_restore{0D42A88C-7D20-42E6-8EAB-087526E462DD}\RP2\A0005056.exe
    Deleted

    C:\System Volume Information\_restore{0D42A88C-7D20-42E6-8EAB-087526E462DD}\RP2\A0005057.exe
    Infected with: Trojan.Agent.ABL

    C:\System Volume Information\_restore{0D42A88C-7D20-42E6-8EAB-087526E462DD}\RP2\A0005057.exe
    Disinfection failed

    C:\System Volume Information\_restore{0D42A88C-7D20-42E6-8EAB-087526E462DD}\RP2\A0005057.exe
    Deleted

    C:\System Volume Information\_restore{0D42A88C-7D20-42E6-8EAB-087526E462DD}\RP2\A0006056.exe
    Infected with: Trojan.Agent.ABL

    C:\System Volume Information\_restore{0D42A88C-7D20-42E6-8EAB-087526E462DD}\RP2\A0006056.exe
    Disinfection failed

    C:\System Volume Information\_restore{0D42A88C-7D20-42E6-8EAB-087526E462DD}\RP2\A0006056.exe
    Deleted

    C:\System Volume Information\_restore{0D42A88C-7D20-42E6-8EAB-087526E462DD}\RP2\A0006057.exe
    Infected with: Trojan.Agent.ABL

    C:\System Volume Information\_restore{0D42A88C-7D20-42E6-8EAB-087526E462DD}\RP2\A0006057.exe
    Disinfection failed

    C:\System Volume Information\_restore{0D42A88C-7D20-42E6-8EAB-087526E462DD}\RP2\A0006057.exe
    Deleted

    C:\System Volume Information\_restore{0D42A88C-7D20-42E6-8EAB-087526E462DD}\RP7\A0010231.exe
    Infected with: Backdoor.SDBot.BH

    C:\System Volume Information\_restore{0D42A88C-7D20-42E6-8EAB-087526E462DD}\RP7\A0010231.exe
    Disinfection failed

    C:\System Volume Information\_restore{0D42A88C-7D20-42E6-8EAB-087526E462DD}\RP7\A0010231.exe
    Deleted

    C:\System Volume Information\_restore{0D42A88C-7D20-42E6-8EAB-087526E462DD}\RP7\A0010237.exe
    Infected with: Backdoor.SDBot.BH

    C:\System Volume Information\_restore{0D42A88C-7D20-42E6-8EAB-087526E462DD}\RP7\A0010237.exe
    Disinfection failed

    C:\System Volume Information\_restore{0D42A88C-7D20-42E6-8EAB-087526E462DD}\RP7\A0010237.exe
    Deleted

    C:\System Volume Information\_restore{0D42A88C-7D20-42E6-8EAB-087526E462DD}\RP7\A0010238.exe
    Infected with: Trojan.Agent.ABL

    C:\System Volume Information\_restore{0D42A88C-7D20-42E6-8EAB-087526E462DD}\RP7\A0010238.exe
    Disinfection failed

    C:\System Volume Information\_restore{0D42A88C-7D20-42E6-8EAB-087526E462DD}\RP7\A0010238.exe
    Deleted

    C:\System Volume Information\_restore{0D42A88C-7D20-42E6-8EAB-087526E462DD}\RP7\A0010239.exe
    Infected with: Generic.Sdbot.402EE25E

    C:\System Volume Information\_restore{0D42A88C-7D20-42E6-8EAB-087526E462DD}\RP7\A0010239.exe
    Deleted

    C:\System Volume Information\_restore{0D42A88C-7D20-42E6-8EAB-087526E462DD}\RP7\A0010240.exe
    Infected with: DeepScan:Generic.Sdbot.5FEA439C

    C:\System Volume Information\_restore{0D42A88C-7D20-42E6-8EAB-087526E462DD}\RP7\A0010240.exe
    Disinfection failed

    C:\System Volume Information\_restore{0D42A88C-7D20-42E6-8EAB-087526E462DD}\RP7\A0010240.exe
    Deleted

    C:\System Volume Information\_restore{0D42A88C-7D20-42E6-8EAB-087526E462DD}\RP7\A0010241.exe
    Infected with: Trojan.Agent.ABL

    C:\System Volume Information\_restore{0D42A88C-7D20-42E6-8EAB-087526E462DD}\RP7\A0010241.exe
    Disinfection failed

    C:\System Volume Information\_restore{0D42A88C-7D20-42E6-8EAB-087526E462DD}\RP7\A0010241.exe
    Deleted

    KASPERSKY ONLINE SCANNER REPORT
    Tuesday, December 12, 2006 2:17:14 AM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
    Kaspersky Online Scanner version: 5.0.83.0
    Kaspersky Anti-Virus database last update: 12/12/2006
    Kaspersky Anti-Virus database records: 236024


    Scan Settings
    Scan using the following antivirus database standard
    Scan Archives true
    Scan Mail Bases true

    Scan Target My Computer
    C:\
    D:\
    E:\

    Scan Statistics
    Total number of scanned objects 14127
    Number of viruses found 0
    Number of infected objects 0 / 0
    Number of suspicious objects 0
    Duration of the scan process 00:05:29

    Infected Object Name Virus Name Last Action
    C:\WINDOWS\SYSTEM32\config\system.LOG Object is locked skipped

    C:\WINDOWS\SYSTEM32\config\software.LOG Object is locked skipped

    C:\WINDOWS\SYSTEM32\config\default.LOG Object is locked skipped

    C:\WINDOWS\SYSTEM32\config\SECURITY Object is locked skipped

    C:\WINDOWS\SYSTEM32\config\SAM Object is locked skipped

    C:\WINDOWS\SYSTEM32\config\SAM.LOG Object is locked skipped

    C:\WINDOWS\SYSTEM32\config\SECURITY.LOG Object is locked skipped

    C:\WINDOWS\SYSTEM32\config\AppEvent.Evt Object is locked skipped

    C:\WINDOWS\SYSTEM32\config\SecEvent.Evt Object is locked skipped

    C:\WINDOWS\SYSTEM32\config\SysEvent.Evt Object is locked skipped

    C:\WINDOWS\SYSTEM32\config\SYSTEM Object is locked skipped

    C:\WINDOWS\SYSTEM32\config\SOFTWARE Object is locked skipped

    C:\WINDOWS\SYSTEM32\config\DEFAULT Object is locked skipped

    C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped

    C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

    C:\WINDOWS\SYSTEM32\h323log.txt Object is locked skipped

    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

    C:\WINDOWS\Debug\oakley.log Object is locked skipped

    C:\WINDOWS\SchedLgU.Txt Object is locked skipped

    C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped

    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\FLUX\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\FLUX\Local Settings\History\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\FLUX\Local Settings\History\History.IE5\MSHist012006121220061 213\index.dat Object is locked skipped

    C:\Documents and Settings\FLUX\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\FLUX\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\FLUX\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\FLUX\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\FLUX\ntuser.dat.LOG Object is locked skipped

    C:\System Volume Information\_restore{0D42A88C-7D20-42E6-8EAB-087526E462DD}\RP7\change.log Object is locked skipped

    Scan process completed.
  5. 12-12-2006  #4
    Neal
    Neal is offline Dedicated Member
    Save 20% on AVG Internet Security 2012 Suite!
    Welcome,



    Download SDFix and save it to your Desktop.

    Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, a menu with options should appear;
    • Select the first option, to run Windows in Safe Mode, then press "Enter".
    • Choose your usual account.
    • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
    • Open the extracted folder and double click RunThis.bat to start the script.
    • Type Y to begin the script.
    • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • Your system will take longer that normal to restart as the fixtool will be running and removing files.
    • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
    • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log
+ Reply to Thread
« Am I safe to Online XMAS shop? See my log. | Super slow-can't find anything wrong... »