Dear friends !
I am facing a very seriour problem in one of my pc. The pc is infected with viruses. When I installed McAfee Enterprise Edition Trial Version, it detected Virus-Worms and Trojans. Two of those threats are Trojans and they couldn't be deleted by the antivirus software. (Though AV informs that it has detected and deleted the Trojans but the pop-up window comes again.)
Please look at the general information about the files...
Name: hosts
In Folder: C:\WINDOWS\system32\driver
Detected As: PWS-QQRob!hosts
Detection Type: Trojan
Status : Deleted
Application infected: C :\WINDOWS\system32\svchost
Name: qvkwjh.dll C:\WINDOWS\system32
In Folder: C:\WINDOWS\system32
Detected As: Generic PWS-y
Detection Type: Trojan
Status : Deleted
Application infected: (THIS LOCATION ALWAYS VARIES, BUT IT IS ALWAYS APPLICATION ' S EXE FILE)
Now the problems are:
1. I can't run any application. When I try to run any application, the Virus Scanning Screen Pops up and shows that threats were detected and deleted.
2. I can't run ComboFix, CCleaner, SDFix, Spybot-Search & Destroy.
3. I can't remove the McAfee Antivirus because I can't reach up to Add/Remove Programs
4. I want to install Kaspersky Antivirus Software but I can't. When I try to run the executable file for this antivirus, it again gives me pop up window for virus information.
5. I can't do anything because this Virus Information Screen pops up again and again and disturbs me.
I shared the hard disk of this pc and scanned it from another pc where I have Kaspersky Antivirus Software installed and updated. But I found only one virus. (The short log for Kaspersky is here below)
AV detected the one and only virus
detected:Virus Packed.Win32.NSAnti.r
Infected object: C:\ntde1ect.com
I am sending the HijackThis log. (Previously it was my luck that I could run HijackThis tool and could get the log)
Please see the HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 10:36:40 AM, on 9/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\ctfmon
C:\Program Files\Aclient\AClient.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.e
C:\Program Files\McAfee\Common Framework\FrameworkService
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.e
C:\WINDOWS\system32\svchos
C:\Program Files\Yahoo!\Messenger\yms
C:\WINDOWS\system32\HPBPRO
C:\WINDOWS\system32\severe
C:\WINDOWS\system32\driver
C:\WINDOWS\system32\wscntf
C:\WINDOWS\system32\cmd.ex
C:\WINDOWS\system32\cmd.ex
C:\WINDOWS\system32\cmd.ex
C:\WINDOWS\system32\cmd.ex
C:\WINDOWS\system32\qvkwjh
\192.168.5.85\bd85\ReadMeF
C:\WINDOWS\system32\dwwin.
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R0 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\Wi
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\driver
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.ex
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\COMPAQ\SetRefresh\\S
O4 - HKLM\..\Run: [AClntUsr] C:\Program Files\Aclient\AClntUsr.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtr
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Tool
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Tool
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [chiCkie] C:\WINDOWS\inf\chiCkie.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dump
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtectio
O4 - HKLM\..\Run: [jwbnlb] C:\WINDOWS\system32\qvkwjh
O4 - HKLM\..\Run: [qvkwjh] C:\WINDOWS\system32\severe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon
O4 - HKCU\..\Run: [I just want to say I love Milko and I need a drink] C:\Documents and Settings\Sam\Local Settings\Application Data\svchost.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\Yah
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtectio
O4 - HKCU\..\Run: [avpa] C:\WINDOWS\system32\avpo.e
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.d
O16 - DPF: {30528230-99f7-4bb4-88d8-f
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsr
O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Program Files\Aclient\AClient.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.e
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.e
IMP: I HAVE PRINTED THE SCREEN OF THE ERROR BY PRESSING PRINT SCREN KEY OF KEYBOARD. I WANT TO SEND THIS SCREEN SO THAT YOU CAN EASILY JUDGE THE PROBLEM. HOW CAN I SEND IT. I KNOW THAT THERE IS A WAY TO SEND IT, BUT I DON'T KNOW. PLEASE SHOW ME HOW I CAN SEND IT SO THAT EXPERTS CAN GET IT.
Thanks...
Hemant
This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.
Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.
If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.
Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.
Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.
Access the answers to your technology questions today.
30-day free trial. Register in 60 seconds.
Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.
Try it out and discover for yourself.
30-day free trial. Register in 60 seconds.
Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.
Hijackthis log is heavily infected!
Tell us what happened when you tried to run SDFix or Combofix?
Did Command Prompt window flashes on then off again
OR
Was there an error that says........
"The command prompt has been disabled by your administrator."
We need to know the answer please so we'll know how to fix it.
You will find free file upload services at these sites, you can then upload there and post back the link. there's one upload site that I don't have the link of, "imageshack"
http://www.ee-stuff.com
http://storenow.net/
http://www.rapidupload.com
http://rapidshare.de
http://supashare.com
http://yourfilehost.com
http://geocities.yahoo.com
http://yousendit.com
Thanks again for your support.
I find the flash screen evertime when...
1. I try to run cmd.exe
2. I try to run regedit.exe
3. I double click on C: volume
I KNOW ABOUT THE MESSAGE "The command prompt has been disabled by your administrator.", BUT I AM NOT RECEIVING THIS MESSAGE. I RECEIVE THE Command Prompt FOR A SECOND AND IT DISAPPEARS AGAIN.
Because I can't access the registry from regedit.exe, I used third-party tool 'REGLITE'. I searched the entries
O4 - HKLM\..\Run: [jwbnlb] C:\WINDOWS\system32\qvkwjh
O4 - HKLM\..\Run: [qvkwjh] C:\WINDOWS\system32\severe
O4 - HKCU\..\Run: [I just want to say I love Milko and I need a drink] C:\Documents and Settings\Sam\Local Settings\Application Data\svchost.exe
I deleted these entries, but when I again run REGLITE, I found them again (PLEASE NOTE THAT PREVIOUSLY I WAS ABLE TO RUN AND INSTALL SOME APPLICATION, SO I INSTALLED CCleaner and Spybot - Search & Destroy. Spybot didn't give me any error.
Now, I did nothing but I can't run any of these tools : SDFix, ComboFix, CCleaner, Spybot - Search & Destroy, VundoFix. I can't run MSWord (Any application of MS-Office Suite), MS-Paint or any other application. When I try to run these applications, I notice that corresponding executable file for that application is infected with the Trojan. ( AND APPLICATION DOESN'T OPEN, A VIRUS INFORMATION SCREEN OPENS ALWAYS. IT POPS UP IN SECONDS SO I CAN'T DO ANYTHING)
NOTE: UNFORTUNATELY I MISSED THE SCREEN-SHOT FOR THAT McAfee VIRUS INFORMATION, BUT THE SAME PROBLEM IS COMING IN ANOTHER PC WHERE AVG 7.5 484 Trial Version IS INSTALLED. I AM SENDING THAT SCREEN FROM THE LINK PROVIDED ABOVE.
Kindly check it.
Thanks...
Hemant
first of all.......will you do a favour please.....can you please turn off that CAPSLOCK while typing.....it makes the text really hard to read......thanks :)
secondly....we can ONLY try to clean a machine even when its badly infected.....you have to understand one point here.....that there are some cases when the best thing is to format and clean install of the system......though its always a last resort......so don't make up your mind that everything is going to be cleaned always....i hope you are getting my point here :)
third.....you cannot run your programs in normal mode because you always get some virus warnings and stuff like that.......what happens when you boot your system under safemode and login as Administrator to run these applications.......same results there too?
>>Now, I did nothing but I can't run any of these tools : SDFix, ComboFix, CCleaner, Spybot - Search & Destroy, VundoFix. I can't run MSWord (Any application of MS-Office Suite), MS-Paint or any other application. When I try to run these applications, I notice that corresponding executable file for that application is infected with the Trojan.<<
Look very much like a file infector to me. Don't worry we'll try our best, we don't give up easily.
Download SDFix and save it to your desktop.
http://downloads.andymanch
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Then please go to Start Menu > Run > then copy and paste the following line:
%systemdrive%\SDFix\apps\F
Reboot and then run SDFix
reboot your computer in Safe Mode by doing the following :
* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Choose your usual account.
* Open the extracted folder and double click "RunThis.bat" to start the script.
* Type "Y" to begin the script.
* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* Your system will take longer that normal to restart as the fixtool will be running and removing files.
* When the desktop loads the Fixtool will complete the removal and display "Finished", then press any key to end the script and load your desktop icons.
* Finally open the SDFix folder on your desktop and copy and paste the contents of the results file "Report.txt" back
After you run SDFix and Combofix, we need you to run this tool please.
Download FindAWF.exe.
http://noahdfear.net/downl
and save it to your desktop.
Double-click on the FindAWF.exe file to run it.
It will open a command prompt and ask you to "Press any key to continue".
You will be presented with the following Menu.
1. Press 1 then Enter to scan for bak folders
2. Press 2 then Enter to restore files from bak folders
3. Press 3 then Enter to remove bak folders
4. Press 4 then Enter to reset domain zones
5. Press E then Enter to EXIT
Select 1, then press Enter
It may take a few minutes to complete so be patient.
When it is complete, it will open a text file in Notepad called AWF.txt.
Please copy and paste the contents of the AWF.txt file in your next reply.
Hello rpggamergirl and SheharyaarSaahil !
I got your comment. Lets try the best, then if it is not possible then, We will prefer for the clean installation.
You sugested that it may be a file infector and I should run SDFix, ComboFix and other FindAWF. Please look at the problem that I am not able to run SDFix, ComboFix or any application. But I will try again to run them. (It may be possible that I succeed to run them next time. Saturday and Sunday are weekends so my workplace is closed but I will definately try it on Monday.)
Pleas find the Virus Information Screen that I have uploaded on http://www.ee-stuff.com
This is the link:
http://www.ee-stuff.com/Ex
Note: You will find a jpeg file qvkwjh-error.jpg. This screen is not from the same pc which is highly infected. Unfortunately I couldn't get the screen. But this is from another pc (AVG 7.5 484 installed) which is infected (though not so much) with Trojan PSW.3X.AQ and gives the same window showing qvkwjh.dll error.
Please see the file on the above link and give your valuable comments.
Thanks again.
Hemant
Hemant,
In order for the tools that needs cmd.exe to run, like SDFix and Combofix, you need to fix the path by doing this:
Start Menu > Run > then copy and paste the following line:
%systemdrive%\SDFix\apps\F
Reboot, and then you can run SDFix, Combofix etc.......you still won't be able to run other apps like Spybot, MS Word, CCleaner because their files are being replaced by the file infector, that's why we need to run FindAWF.exe in order to put back the legit file missing(other alternative is to reinstall those programs replaced by the file infector.
Thanks...
I will run the commnad that you provided. Well...I had posted the jpeg file showing the screen that pops up again and again. Have you seen it. I have provided the link above. I am sending the link again.
Here is the link:
http://www.ee-stuff.com/Ex
Regards...
Hemant
Hi rpggamergirl and SheharyaarSaahil !
Sorry for not posting the logs for a long time. Actually I was engaged in some other work and so couldn't join the discussion. BUT...my problem is still unsolved.
You see as I told you about the Trojan Generic.PWS.y, In another PC, I found the Trojan hors PWS.Generic 3XAQ. It is giving the same problems.
1. When I start the pc, after profile loading, it shows me the errors on the screen. (I am sending one jpeg file so that you can see the errors. I request you to see this jpeg file I am going to post with my next comment.
2. I receive the following message: A single step or trace operation has just been completed (0x80000004) occured in the application at location 0x00000000. Click on Ok to terminate the Program. Click on CANCEL to debug the program.
3. I receive may Run time errors
4. qvkwjh.exe and severe.exe error
I have taken the following steps...
1. I removed the hard disk and made it slave and scanned with Updated Kaspersky 6.0 Antivirus but it didn't show me viruses.
2. I run SDFix and sending you the log file but it is almost empty.
3. Then I ran ComboFix and HijackThis and sending you the log file.
SDFix Report:
**************************
SDFix: Version 1.107
Run by Administrator on 02/10/2007 at 10:45
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
**************************
ComboFix Report
**************************
ComboFix 07-10-02.2 - Administrator 2007-10-02 11:09:37.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.
Running from: C:\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((
.
C:\Autorun.inf
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\driver
C:\WINDOWS\system32\driver
C:\WINDOWS\system32\severe
C:\WINDOWS\system32\vercls
.
((((((((((((((((((((((((( Files Created from 2007-09-02 to 2007-10-02 ))))))))))))))))))))))))))
.
2007-10-02 11:04 1,470,281 --a------ C:\ComboFix.exe
2007-10-02 11:01 <DIR> d-------- C:\VundoFix Backups
2007-10-02 10:58 98,304 ---h----- C:\WINDOWS\system32\BttnSe
2007-10-02 10:52 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-02 10:34 38,400 --------- C:\WINDOWS\system32\qvkwjh
2007-10-02 10:09 28,364 -r-hs---- C:\WINDOWS\system32\avpo0.
2007-10-02 10:06 28,364 -r-hs---- C:\WINDOWS\system32\avpo1.
2007-10-02 09:19 <DIR> d-------- C:\WINDOWS\ERUNT
2007-10-01 16:44 46,816 --a------ C:\WINDOWS\system32\pz.exe
2007-10-01 16:44 46,816 --a------ C:\WINDOWS\system32\newpz.
2007-10-01 16:26 28,364 -r-hs---- C:\WINDOWS\system32\avpo2.
2007-10-01 16:03 499,744 --ahs---- C:\WINDOWS\system32\driver
2007-10-01 16:03 1,568 --ahs---- C:\WINDOWS\system32\driver
2007-10-01 16:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-01 08:56 <DIR> d-------- C:\Backup of VRF
2007-09-27 16:40 <DIR> d--hs---- C:\Recycled
2007-09-27 10:01 87,740 -r-hs---- C:\ntde1ect.com
2007-09-27 10:00 87,740 -r-hs---- C:\WINDOWS\system32\avpo.e
2007-09-27 09:57 77 --a------ C:\WINDOWS\system32\hx1.ba
2007-09-27 09:57 69,246 ---hs---- C:\WINDOWS\system32\qvkwjh
.
((((((((((((((((((((((((((
.
2007-10-02 10:39 2468 --ahs---- C:\WINDOWS\system32\driver
2007-10-02 10:39 1196 --ahs---- C:\WINDOWS\system32\driver
2007-09-24 08:06 --------- d-------- C:\Documents and Settings\Administrator\App
2007-09-17 06:44 --------- d-------- C:\Documents and Settings\Administrator\App
2007-08-24 06:37 --------- d-------- C:\Program Files\WinUpdater
2007-08-08 08:18 --------- d-------- C:\Program Files\Kaspersky Lab
2007-04-17 08:40:16 69,246 --sh--w C:\WINDOWS\system32\qvkwjh
.
((((((((((((((((((((((((((
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWA
"SunJavaUpdateSched"="C:\P
"srmclean"="C:\Cpqs\Scom\s
"SetRefresh"="C:\Program Files\Compaq\SetRefresh\Se
"RemoteControl"="C:\Progra
"NeroFilterCheck"="C:\WIND
"DXDllRegExe"="dxdllreg.ex
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 16:28]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpm
"Yahoo Messenger"="C:\WINDOWS\sys
"jwbnlb"="C:\WINDOWS\syste
"qvkwjh"="C:\WINDOWS\syste
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2006-11-08 18:28]
"(Default)"="C:\Windows\sv
"CPQEASYBTTN"="C:\WINDOWS\
"AVG7_CC"="C:\PROGRA~1\Gri
"SDFix"="C:\SDFix\RunThis.
[HKEY_CURRENT_USER\SOFTWAR
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypa
"WinUpdater"="C:\Program Files\WinUpdater\update.ex
"ctfmon.exe"="C:\WINDOWS\s
"avpa"="C:\WINDOWS\system3
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 04:19:24]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 04:19:24]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]
[HKEY_CURRENT_USER\softwar
AutoRun\command- C:\ntde1ect.com
explore\Command- C:\ntde1ect.com
open\Command- C:\ntde1ect.com
[HKEY_CURRENT_USER\softwar
AutoRun\command- C:\WINDOWS\system32\RunDLL
[HKEY_CURRENT_USER\softwar
Auto\command- bittorrent.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL
[HKEY_CURRENT_USER\softwar
AutoRun\command- E:\ntde1ect.com
explore\Command- E:\ntde1ect.com
open\Command- E:\ntde1ect.com
[HKEY_CURRENT_USER\softwar
Auto\command- E:\boot.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL
[HKEY_CURRENT_USER\softwar
AutoRun\command- E:\ntde1ect.com
explore\Command- E:\ntde1ect.com
open\Command- E:\ntde1ect.com
[HKEY_CURRENT_USER\softwar
AutoRun\command- E:\ntde1ect.com
explore\Command- E:\ntde1ect.com
open\Command- E:\ntde1ect.com
[HKEY_CURRENT_USER\softwar
Auto\command- AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL
[HKEY_CURRENT_USER\softwar
Auto\command- E:\setup.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL
[HKEY_CURRENT_USER\softwar
AutoRun\command- "E:\COMMAND.EXE" /StartExplorer
[HKEY_CURRENT_USER\softwar
AutoRun\command- E:\ntde1ect.com
explore\Command- E:\ntde1ect.com
open\Command- E:\ntde1ect.com
[HKEY_CURRENT_USER\softwar
AutoRun\command- E:\ntde1ect.com
explore\Command- E:\ntde1ect.com
open\Command- E:\ntde1ect.com
[HKEY_CURRENT_USER\softwar
AutoRun\command- E:\ntde1ect.com
explore\Command- E:\ntde1ect.com
open\Command- E:\ntde1ect.com
[HKEY_CURRENT_USER\softwar
AutoRun\command- "E:\COMMAND.EXE" /StartExplorer
[HKEY_CURRENT_USER\softwar
Auto\command- F:\bittorrent.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL
[HKEY_CURRENT_USER\softwar
AutoRun\command- C:\WINDOWS\system32\RunDLL
[HKEY_CURRENT_USER\softwar
AutoRun\command- C:\WINDOWS\system32\RunDLL
[HKEY_CURRENT_USER\softwar
1\Command- E:\.\RECYCLER\RECYCLER\aut
2\Command- E:\.\RECYCLER\RECYCLER\aut
AutoRun\command- C:\WINDOWS\system32\RunDLL
[HKEY_CURRENT_USER\softwar
AutoRun\command- C:\WINDOWS\system32\RunDLL
[HKEY_CURRENT_USER\softwar
AutoRun\command- C:\ntde1ect.com
explore\Command- C:\ntde1ect.com
open\Command- C:\ntde1ect.com
[HKEY_CURRENT_USER\softwar
Auto\command- E:\OSO.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL
[HKEY_CURRENT_USER\softwar
Auto\command- E:\OSO.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL
[HKEY_CURRENT_USER\softwar
AutoRun\command- C:\WINDOWS\system32\RunDLL
[HKEY_CURRENT_USER\softwar
AutoRun\command- F:\ntde1ect.com
explore\Command- F:\ntde1ect.com
open\Command- F:\ntde1ect.com
[HKEY_CURRENT_USER\softwar
AutoRun\command- E:\ntde1ect.com
explore\Command- E:\ntde1ect.com
open\Command- E:\ntde1ect.com
[HKEY_CURRENT_USER\softwar
Auto\command- OSO.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL
[HKEY_CURRENT_USER\softwar
Auto\command- bittorrent.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL
[HKEY_CURRENT_USER\softwar
AutoRun\command- E:\ntde1ect.com
explore\Command- E:\ntde1ect.com
open\Command- E:\ntde1ect.com
[HKEY_CURRENT_USER\softwar
AutoRun\command- C:\WINDOWS\system32\RunDLL
[HKEY_CURRENT_USER\softwar
1\Command- E:\.\RECYCLER\RECYCLER\aut
2\Command- E:\.\RECYCLER\RECYCLER\aut
AutoRun\command- C:\WINDOWS\system32\RunDLL
[HKEY_CURRENT_USER\softwar
Auto\command- F:\bittorrent.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL
[HKEY_CURRENT_USER\softwar
AutoRun\command- E:\ntde1ect.com
explore\Command- E:\ntde1ect.com
open\Command- E:\ntde1ect.com
[HKEY_CURRENT_USER\softwar
Auto\command- E:\MicrosoftPowerPoint.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL
[HKEY_CURRENT_USER\softwar
AutoRun\command- C:\WINDOWS\system32\RunDLL
[HKEY_CURRENT_USER\softwar
AutoRun\command- C:\WINDOWS\system32\RunDLL
[HKEY_CURRENT_USER\softwar
Auto\command- E:\AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL
[HKEY_CURRENT_USER\softwar
AutoRun\command- C:\WINDOWS\system32\RunDLL
[HKEY_CURRENT_USER\softwar
Auto\command- E:\boot.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL
[HKEY_CURRENT_USER\softwar
Auto\command- G:\setup.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL
[HKEY_CURRENT_USER\softwar
AutoRun\command- C:\WINDOWS\system32\RunDLL
[HKEY_CURRENT_USER\softwar
Auto\command- boot.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL
[HKEY_CURRENT_USER\softwar
Auto\command- E:\boot.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL
[HKEY_CURRENT_USER\softwar
Auto\command- G:\boot.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL
[HKEY_CURRENT_USER\softwar
AutoRun\command- E:\ntde1ect.com
explore\Command- E:\ntde1ect.com
open\Command- E:\ntde1ect.com
[HKEY_CURRENT_USER\softwar
Auto\command- E:\OSO.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL
[HKEY_CURRENT_USER\softwar
Auto\command- F:\boot.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL
[HKEY_CURRENT_USER\softwar
AutoRun\command- C:\WINDOWS\system32\RunDLL
Open\command- Boot.exe e
[HKEY_CURRENT_USER\softwar
Auto\command- F:\bittorrent.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL
[HKEY_CURRENT_USER\softwar
1\Command- E:\.\RECYCLER\RECYCLER\aut
2\Command- E:\.\RECYCLER\RECYCLER\aut
AutoRun\command- C:\WINDOWS\system32\RunDLL
[HKEY_CURRENT_USER\softwar
Auto\command- boot.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL
[HKEY_CURRENT_USER\softwar
1\Command- E:\.\RECYCLER\RECYCLER\aut
2\Command- E:\.\RECYCLER\RECYCLER\aut
AutoRun\command- C:\WINDOWS\system32\RunDLL
[HKEY_CURRENT_USER\softwar
Auto\command- boot.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL
[HKEY_CURRENT_USER\softwar
Auto\command- boot.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL
[HKEY_CURRENT_USER\softwar
AutoRun\command- E:\ntde1ect.com
explore\Command- E:\ntde1ect.com
open\Command- E:\ntde1ect.com
[HKEY_CURRENT_USER\softwar
Auto\command- boot.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL
[HKEY_CURRENT_USER\softwar
Auto\command- E:\bittorrent.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL
[HKEY_CURRENT_USER\softwar
Auto\command- E:\OSO.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL
[HKEY_CURRENT_USER\softwar
Auto\command- E:\OSO.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL
[HKEY_CURRENT_USER\softwar
1\Command- E:\.\RECYCLER\RECYCLER\aut
2\Command- E:\.\RECYCLER\RECYCLER\aut
AutoRun\command- C:\WINDOWS\system32\RunDLL
[HKEY_CURRENT_USER\softwar
Auto\command- E:\OSO.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL
*Newly Created Service* - CATCHME
.
**************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-02 11:11:50
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
Completion time: 2007-10-02 11:12:32
C:\ComboFix-quarantined-fi
.
--- E O F ---
**************************
ComboFix Quarantined Files Report
**************************
[code]
2006-06-01 21:56 98304 --a------ C:\Qoobox\Quarantine\C\WIN
2007-04-17 10:40 69246 --a------ C:\Qoobox\Quarantine\C\WIN
2007-04-17 10:40 69246 --a------ C:\Qoobox\Quarantine\C\WIN
2007-04-17 10:40 69246 --a------ C:\Qoobox\Quarantine\C\WIN
2007-04-17 10:40 69246 --a------ C:\Qoobox\Quarantine\C\WIN
2007-10-02 11:11 260 --a------ C:\Qoobox\Quarantine\C\aut
Folder PATH listing
Volume serial number is 6A81-82FE
C:\QOOBOX\QUARANTINE
+---C
| | autorun.inf.vir
| |
| \---WINDOWS
| | svchost.exe.vir
| |
| \---system32
| | severe.exe.vir
| | verclsid.dat.vir
| |
| \---drivers
| conime.exe.vir
| jwbnlb.exe.vir
|
\---Registry_backups
[/code]
**************************
HijackThis Report
**************************
Logfile of HijackThis v1.99.1
Scan saved at 11:21:02, on 02/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.e
C:\WINDOWS\system32\winlog
C:\WINDOWS\system32\servic
C:\WINDOWS\system32\lsass.
C:\WINDOWS\system32\svchos
C:\WINDOWS\System32\svchos
C:\WINDOWS\system32\spools
C:\PROGRA~1\Grisoft\AVG7\a
C:\PROGRA~1\Grisoft\AVG7\a
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\severe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchos
C:\WINDOWS\system32\driver
C:\WINDOWS\system32\driver
C:\Program Files\Java\j2re1.4.2_01\bi
C:\WINDOWS\system32\severe
C:\WINDOWS\system32\driver
C:\Program Files\CyberLink\PowerDVD\P
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\system32\severe
C:\WINDOWS\system32\driver
C:\Program Files\HP\hpcoretech\hpcmpm
C:\WINDOWS\system32\severe
C:\WINDOWS\system32\severe
C:\WINDOWS\system32\driver
C:\PROGRA~1\Grisoft\AVG7\a
C:\WINDOWS\system32\severe
C:\WINDOWS\system32\driver
C:\WINDOWS\system32\severe
C:\WINDOWS\system32\driver
C:\Windows\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\driver
C:\WINDOWS\system32\ctfmon
C:\WINDOWS\system32\qvkwjh
C:\WINDOWS\system32\severe
C:\WINDOWS\system32\qvkwjh
C:\WINDOWS\system32\severe
C:\WINDOWS\system32\driver
C:\WINDOWS\system32\dwwin.
C:\WINDOWS\system32\severe
C:\WINDOWS\system32\dwwin.
C:\WINDOWS\system32\driver
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\severe
C:\WINDOWS\system32\driver
C:\WINDOWS\system32\driver
C:\WINDOWS\system32\severe
C:\WINDOWS\system32\driver
C:\WINDOWS\system32\wuaucl
C:\WINDOWS\system32\severe
C:\WINDOWS\system32\driver
C:\WINDOWS\system32\severe
C:\WINDOWS\system32\driver
C:\WINDOWS\system32\qvkwjh
C:\WINDOWS\system32\wscntf
C:\WINDOWS\system32\severe
C:\WINDOWS\system32\driver
C:\WINDOWS\system32\dwwin.
C:\WINDOWS\system32\severe
C:\WINDOWS\system32\driver
C:\WINDOWS\system32\severe
C:\WINDOWS\system32\driver
C:\WINDOWS\system32\severe
C:\WINDOWS\system32\driver
C:\Documents and Settings\Administrator\Des
C:\WINDOWS\system32\severe
C:\WINDOWS\system32\driver
C:\WINDOWS\system32\severe
C:\WINDOWS\system32\driver
C:\WINDOWS\system32\severe
C:\WINDOWS\system32\driver
C:\WINDOWS\system32\severe
C:\WINDOWS\system32\driver
C:\WINDOWS\system32\severe
C:\WINDOWS\system32\driver
C:\WINDOWS\system32\severe
C:\WINDOWS\system32\driver
C:\WINDOWS\system32\severe
C:\WINDOWS\system32\driver
C:\WINDOWS\system32\severe
C:\WINDOWS\system32\driver
R0 - HKCU\Software\Microsoft\In
R1 - HKLM\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\In
R1 - HKCU\Software\Microsoft\Wi
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\driver
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-7
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-1
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-9
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bi
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\Se
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\P
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCh
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpm
O4 - HKLM\..\Run: [Yahoo Messenger] C:\WINDOWS\system\svchost3
O4 - HKLM\..\Run: [jwbnlb] C:\WINDOWS\system32\qvkwjh
O4 - HKLM\..\Run: [qvkwjh] C:\WINDOWS\system32\severe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [(Default)] C:\Windows\svchost.exe
O4 - HKLM\..\Run: [CPQEASYBTTN] C:\WINDOWS\system32\BttnSe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\a
O4 - HKLM\..\Run: [SDFix] C:\SDFix\RunThis.bat /second
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypa
O4 - HKCU\..\Run: [WinUpdater] "C:\Program Files\WinUpdater\update.ex
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon
O4 - HKCU\..\Run: [avpa] C:\WINDOWS\system32\avpo.e
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-0
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-A
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-0
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-0
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1
O16 - DPF: {30528230-99f7-4bb4-88d8-f
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C
O16 - DPF: {C4847596-972C-11D0-9567-0
O20 - Winlogon Notify: igfxcui - igfxsrvc.dll (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\a
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\a
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm
**************************
Please see these report. I hope that now you will be completely aware of the problem.
Please also look at the error screens. It will clear everything. It is my request that you don't neglect the files that I am posting on www.ee-stuff.com
( I know that the last solution is formatting but if there are some chances to get ride of these problems then I think it is better to find solution rather than formatting.)
Thanks,
Hemant
Please see the links, I have post two jpeg files (named Error Screen 1.jpg and Error Screen 2.jpg) here :
The Direct Links are:
http://www.ee-stuff.com/Ex
and
http://www.ee-stuff.com/Ex
And link for all the files for this question is:
http://www.ee-stuff.com/Ex
Thanks,
Hemant
Hi
You see that I used third pc where I had Kaspersky Antivirus 6.0 and I made the defective hard disk as slave and scanned and it found some viruses and now it is OK. it detected the following files infected and I deleted them. These were the infected files (Kaspersky log)...
Kaspersky Log:
**************************
Status Object
------ ------
detected: virus Email-Worm.Win32.VB.cb File: E:\qoobox\Quarantine\C\WIN
detected: virus Packed.Win32.NSAnti.r File: E:\qoobox\Quarantine\C\WIN
detected: virus Packed.Win32.NSAnti.r File: E:\qoobox\Quarantine\C\WIN
detected: virus Packed.Win32.NSAnti.r File: E:\qoobox\Quarantine\C\WIN
detected: virus Packed.Win32.NSAnti.r File: E:\qoobox\Quarantine\C\WIN
detected: virus Worm.Win32.VB.du File: E:\Recycled\CTFMON.EXE//AS
detected: virus Worm.Win32.VB.du File: E:\Recycled\SMSS.EXE//ASPa
detected: virus Worm.Win32.VB.du File: E:\Recycled\SPOOLSV.EXE//A
detected: virus Worm.Win32.VB.du File: E:\recycled\SVCHOST.EXE//A
detected: Trojan program Trojan.Win32.Qhost.kh File: E:\SDFix\backups\HOSTS
detected: virus Email-Worm.Win32.VB.cb File: E:\WINDOWS\winst.log
detected: virus Email-Worm.Win32.VB.cb File: E:\WINDOWS\system32\BttnSe
detected: Trojan program Trojan.BAT.KillAV.ec File: E:\WINDOWS\system32\hx1.ba
detected: Trojan program Trojan-PSW.Win32.OnLineGam
detected: virus Packed.Win32.NSAnti.r File: E:\WINDOWS\system32\qvkwjh
detected: virus Packed.Win32.NSAnti.r File: E:\WINDOWS\system32\severe
detected: virus Packed.Win32.NSAnti.r File: E:\WINDOWS\system32\driver
detected: virus Packed.Win32.NSAnti.r File: E:\WINDOWS\system32\driver
detected: Trojan program Trojan.Win32.Qhost.kh File: E:\WINDOWS\system32\driver
**************************
Now when I removed the hard disk and connected it again in its original pc and try to install Kaspersky Antivirus 6.0 it is installed but when I try to go to the console from Start---.All Programs--->Kaspersky Antivirus--->Kaspersky Antivirus 6.0 then I receive the error message stating that...
C:\Program Files\Kaspersy Labs\Kaspersky Antivirus 6.0\avp.exe can not be found. Make sure that filename is correct.....
When I search for this file in the following location, I can see this file.
Can you tell me what may be the problem ?
Thanks,
Hemant
Thanks for your reply,
You see only Kaspersky is not being installed. I installed it completely and checked but it gives the same error. It is listed in the All Programs list but when I click on it, it gives me the error message dialog box stating that...
C:\Program Files\Kaspersy Labs\Kaspersky Antivirus 6.0\avp.exe can not be found. Make sure that filename is correct.....
And as I told you that when I locate this file avp.exe, then I find it there. So I am surprised why this problem is coming.
I am little bit hesistating to ask you the question as I have been discussing on this qvkwjh.exe error for a long time with you and SheharyaarSaahil. I understand that sometimes it is better to format the pc as it is also time saving. BUT...I think the formation of pc as a last resort. So I continued with this error.
I am happy that with your help, I succeeded to get ride of this qvkwjh.exe (As I told you that I removed the infected hard disk and made it slave to another pc and run with Kaspersky so Kaspersky detected them and deleted them. When I again connected the scanned hard disk to its original pc, this error was not there. Every thing was OK...except that Kaspersky is not being installed.
Bye the way, if I will not be able to install Kaspesky then I will install another Antivirus, so it isn't a big problem.
I am always thankful for your continuous support.
Regards,
Hemant
Business Accounts
Answer for Membership
by: SheharyaarSaahilPosted on 2007-09-14 at 07:16:39ID: 19891685
run your applications from safemode with Administrator account
clean the system there, and then post back a fresh hjt log from normal mode.....