Also upon restart I get these error messages:
osa.exe application error
The instruction at "0x779234da" referenced memory at "0x00000014"
the memory could not be "read"
Click OK to terminate the program.
explorer.exe has generated errors and will be closed by windows. You will need to restart the program.
An error log is being generated.
________________________________________________________
Upon shutdown I get these messages:
drwtsn32.exe - DLL initialization failed
The application failed to initialize because the window station is shutting down.
OK
End program - msoffice.exe
The program is not responding................
End Now
End program - explorer.exe
The program is not responding................
End Now
________________________________________________________________
As per your instructions I have run Adaware, cwShredder, spybot and pandaActiveScan.
Here are the things Panda found and fixed:
1st scan;
Incident Status Location
Virus:Bck/Dumador.O Disinfected Operating system
Possible Virus. No disinfected C:\WINNT\prntsvra.dll
Virus:Trj/Dumarin.D Disinfected Operating system
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\dcharles\Local Settings\Temporary Internet Files\Content.IE5\6JC39N8M\proc[1].jar[Jvb.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\dcharles\Local Settings\Temporary Internet Files\Content.IE5\6JC39N8M\proc[1].jar[MainApp.class]
Possible Virus. No disinfected C:\WINNT\prntsvra.dll
Virus:Trj/Qhost.AF Disinfected C:\WINNT\system32\drivers\etc\hosts
Virus:Trj/Downloader.BEH Disinfected C:\WINNT\system32\icasServ.exe
Virus:Bck/Dumador.O Disinfected C:\WINNT\winsms.dll
2nd scan;
Incident Status Location
Virus:Bck/Dumador.O Disinfected Operating system
Virus:Trj/Downloader.BMZ Disinfected C:\WINNT\prntsvra.dll
Virus:Bck/Dumador.O Disinfected C:\WINNT\winsms.dll
_______________________________________________________________
At this point the computer seems to be running pretty much OK. However, even after running these programs I'm still getting the above mentioned errors. Also, for some reason, I'm able to maximize browsers, applications, etc. from the ShortCut toolbar (at the bottom of my desktop) but I've lost the ability to minimize them using a "one click" from the toolbar. I have to go up to the top of page and hit the minimize in the upper right hand corner. I know it's a minor problem, but it's a hassle when you're busy.
Anyway, here's my HiJackThis log. It looks like your recommended programs have fixed a majority of the problems, but it seems like some of this scumware is either still on my system or may have damaged some components and they need to be fixed.
I just want to make sure this system has been cleaned up so I can begin to better secure it as per your instructions.
Please help
Thanks
________________________________________________________________
Logfile of HijackThis v1.99.1
Scan saved at 9:13:47 AM, on 4/1/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\WorldWide Dial Service\WWDS\InSight\ARUpld32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\WorldWide Dial Service\WWDS\InSight\ARMon32a.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\VsStat.exe
C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe
C:\WINNT\System32\RAS\update.exe
C:\WINNT\System32\lmsxxef.exe
C:\WINNT\System32\winldra.exe
C:\WINNT\System32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.EXE
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\jeem stuff\Code Downloads\geekstogo\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cenco.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yoursearch.ws/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yoursearch.ws/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WWDS] C:\WINNT\System32\RAS\update.exe
O4 - HKLM\..\Run: [XE Fax LM Status] lmsxxef.exe
O4 - HKLM\..\Run: [load32] C:\WINNT\System32\winldra.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: UltraEdit-32 Help.lnk = C:\jeem stuff\Code Downloads\Ultraedit\Ultraedit Files\uedit32.hlp
O4 - Global Startup: UltraEdit-32 Order Form.lnk = C:\jeem stuff\Code Downloads\Ultraedit\Ultraedit Files\uedit32.exe
O4 - Global Startup: UltraEdit-32 Read Me.lnk = C:\jeem stuff\Code Downloads\Ultraedit\Ultraedit Files\uedit32.exe
O4 - Global Startup: UltraEdit-32 Text Editor.lnk = C:\jeem stuff\Code Downloads\Ultraedit\Ultraedit Files\uedit32.exe
O4 - Global Startup: UltraEdit-32 Uninstall.lnk = C:\jeem stuff\Code Downloads\Ultraedit\Ultraedit Files\Uninstall.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54CFG.EXE
O4 - Global Startup: XE_fx Status Monitor.lnk = C:\Program Files\XWC_90fx\X9ENGSS.EXE
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O12 - Plugin for .m2v: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .swf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npswf32.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {BF116476-3238-4EDA-A2D7-6D6814EF0DEC} (Quicksilver Class) - http://vapwbc.ops.pl...quicksilver.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - file://D:\AUTORUN\Flash\swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{55F88A01-F7E2-426A-AA11-1AA9F942F850}: NameServer = 163.39.250.190,163.39.252.78
O21 - SSODL: iEJXDgSWty - {CC675CB3-66CD-F619-D765-70D6AFC9B12B} - C:\WINNT\System32\bjo.dll
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\avsynmgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Visual IP InSight Client (CitiGroup-WWDS) (InverseLaunchIPI_CitiGroup:WWDS) - Visual Networks - C:\Program Files\WorldWide Dial Service\WWDS\InSight\LaunchIPI.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\mcshield.exe