black screen

[MaxPayne]

Its really very annoying i do not know what happened and why it has gone bad.

my teacher gave me an assignment to crack Windowx XP admistrator password i made some searches at the net but did not find the perfect answer , i found something about Microsoft Recovery Console.

further more searches gave me another program called (pwbump2) but by mistaken i downloaded (pwbump) and when i played this application it gave me a Black window for a second and disappear. it tried 6 or 7 times but same happening then i hibernate my computer and when today i opened it, now if click to realone (it also show black screen for a second and disappears)
my download accelator and many of my programs are gone made..

any help would be greatly appriated

Logfile of HijackThis v1.97.3
Scan saved at 3:24:30 AM, on 4/9/2003
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Opera75\opera.exe
C:\Program Files\DAP\DAP.exe
F:\Programs Backups\Useful Softwares\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hrvg.tk
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = SERVER:8080
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Maxpayne\Application Data\Mozilla\Profiles\default\487agfmf.slt\prefs.js)
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Run WinHTTrack (HKLM)
O9 - Extra 'Tools' menuitem: Launch WinHTTrack (HKLM)
O9 - Extra button: Run DAP (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Mu...ridge-c528.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab

[Pancake]

I dont see anything here.If your teacher is knowledgable enough to crack a password,then maybe he can help.

[jgvernonco]

Hi, Guy.

Listen, there is really no good reason to work with this log, as it is very outdated and won't show much of the malware of today.

Please follow the instructions below and post a new log.

Thanks!


Please download HijackThis http://www.greyknight17.com/spy/HijackThis.exe - this program will help us determine if there are any spyware/malware on your computer. Create a folder at C:\HJT and move HijackThis.exe there. Double click on the program to run it.

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Get HijackThis Analyzer http://www.greyknight17.com/spy/KRC%...20Analyzer.zip and save it to the same folder as the hijackthis.log file. Run HijackThis Analyzer and type in 'y' if you agree. The 'result.txt' file will open up in Notepad. Copy the whole result.txt log and post it in the forum. You don't need to post the original hijackthis.log (unless we ask for it). Do not fix anything in HijackThis since they may be harmless.

[MaxPayne]

Hi guys,
Thanks for your respones.
i have followed your instructions .
and this is the result.txt

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 4/1/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 1:38:51 PM, on 4/9/2003
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\svchost.exe
C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
C:\WINDOWS\System32\dmadmin.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hrvg.tk
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = SERVER:8080
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Maxpayne\Application Data\Mozilla\Profiles\default\487agfmf.slt\prefs.js)
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/Mu...ridge-c528.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O23 - Service: pcANYWHERE Host Service (awhost32) - Symantec Corporation - C:\PROGRA~1\PCANYW~1\awhost32.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


End of KRC HijackThis Analyzer Log.
====================================================================

[MaxPayne]

Hi,
See this kind of screen i always got.
i can not install anything from the backups .

please help me

[greyknight17]

Download StartDreck http://www.greyknight17.com/spy/StartDreck.zip

Unzip to its own folder and start the program:
Press 'Config'
Press 'mark all'

Uncheck the following boxes only:
System/Running Process -> List Modules
System/Drivers -> NT Services
System/Drivers -> NT Kernel- and FS-drivers
Press 'OK'

Press 'Save' and select the location to save the log file (default is the same folder as the application)

Post the log in this thread.

Let's use a program to scan for any trojans that may exist. Download TDS-3. Learn how to use it here. Make sure to update it after you installed it. You can get the manual updates here. When you launch the program, it will scan your memory for running processes. This will take less than 30 seconds. Next go to System Testing on the menu and choose Full System Scan. After that's finished, post the log file by selecting everything on the top pane (select from bottom to top). If any alarms are found, it will be listed in the bottom window. Please copy and paste that here also if it applies.

[MaxPayne]

StartDreck (build 2.1.7 public stable) - 2003-04-10 @ 22:17:26 (GMT -07:00)
Platform: Windows XP (Win NT 5.1.2600 Service Pack 2)
Internet Explorer: 6.0.2900.2180
Logged in as Maxpayne at 369-55050312A95

»Registry
»Run Keys
»Current User
»Run
*msnmsgr="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
»RunOnce
»Default User
»Run
»RunOnce
»Local Machine
»Run
*TkBellExe=C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
»RunOnce
»RunServices
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»File Associations (CR)
+.bat
*batfile="%1" %*
+.com
*comfile="%1" %*
+.exe
*exefile="%1" %*
+.hta
*htafile=C:\WINDOWS\system32\mshta.exe "%1" %*
+.htm
*FirefoxHTML=C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1"
+.html
*FirefoxHTML=C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1"
+.js
*JSFile="C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1"
+.jse
*JSEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.pif
*piffile="%1" %*
+.reg
*regfile=regedit.exe "%1"
+.scr
*scrfile="%1" /S
+.txt
*txtfile=%SystemRoot%\system32\NOTEPAD.EXE %1
+.vbs
*XingMpeg=C:\Program Files\xmplayer\xmplayer.exe %1
+.vbe
*VBEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsh
*WSHFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsf
*WSFFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.lnk
`lnkfile= [key or value does not exist]
»Active Setup (LM)
+Internet Explorer/>{26923b43-4d38-484f-9b9e-de460746276c}
*StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
+Browser Customizations/>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
*StubPath=RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
+Outlook Express/>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
*StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
+Themes Setup/{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
*StubPath=%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
+Microsoft Outlook Express 6/{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
*StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
+NetMeeting 3.01/{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
+Internet Explorer/{4b218e3e-bc98-4770-93d3-2731b9329278}
*StubPath=%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
+Windows Messenger 4.7/{5945c046-1e7d-11d1-bc44-00c04fd912be}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
+Microsoft Windows Media Player/{6BF52A52-394A-11d3-B153-00C04F79FAA6}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub
+Address Book 6/{7790769C-0471-11d2-AF11-00C04FA35D02}
*StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
+Windows Desktop Update/{89820200-ECBD-11cf-8B85-00AA005B4340}
*StubPath=regsvr32.exe /s /n /i:U shell32.dll
+Internet Explorer 6/{89820200-ECBD-11cf-8B85-00AA005B4383}
*StubPath=%SystemRoot%\system32\ie4uinit.exe
»Browser Helper Objects (LM)
*DAPBHO.DAPHelper.1/{0000CC75-ACF3-4cac-A0A9-DD3868E06852}
`InprocServer32=C:\Program Files\DAP\DAPBHO.dll
*AcroIEHelper.AcroIEHlprObj.1/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
`InprocServer32=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
»Internet Explorer
»Current User
*Local Page=C:\WINDOWS\system32\blank.htm
*Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Start Page=about:blank
+SearchUrl
*provider=
»Default User
»Local Machine
*Default_Page_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
*Default_Search_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Local Page=%SystemRoot%\system32\blank.htm
*Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Start Page=http://www.hrvg.tk
*CustomizeSearch=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
*SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
»ShellServiceObjectDelayLoad (LM)
*PostBootReminder={7849596a-48ea-486e-8937-a2a3009f31a9}
`InprocServer32=%SystemRoot%\system32\SHELL32.dll
*CDBurn={fbeb8a05-beee-4442-804e-409d6c4515e9}
`InprocServer32=%SystemRoot%\system32\SHELL32.dll
*WebCheck={E6FB5E20-DE35-11CF-9C87-00AA005127ED}
`InprocServer32=%SystemRoot%\system32\webcheck.dll
*SysTray={35CEC8A3-2BE6-11D2-8773-92E220524153}
`InprocServer32=C:\WINDOWS\system32\stobject.dll
»Special NT Values
»Current User
*Load=
*Run=
*Programs=com exe bat pif cmd
*SHELL=
»Default User
*Load=
*Run=
*Programs=com exe bat pif cmd
*SHELL=
»Local Machine
*AppInit_DLLs=
*SHELL=Explorer.exe
*Userinit=C:\WINDOWS\system32\userinit.exe,
»Files
»Autostart Folders
»Current User
*C:\Documents and Settings\Maxpayne\Start Menu\Programs\Startup\desktop.ini
»Default User
*C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini
»Local Machine
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Firewall Client Connectivity Monitor.LNK
»INI-Files
»WIN.INI\[windows]
*LOAD=
*RUN=
»SYSTEM.INI\[boot]
*SHELL=Explorer.exe
»Text Files
*C:\boot.ini
`[boot loader]
`timeout=30
`default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
`[operating systems]
`multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /maxmem=1023
*C:\msdos.sys
*C:\config.sys
*C:\WINDOWS\system32\config.nt
`dos=high, umb
`device=%SystemRoot%\system32\himem.sys
`files=40
*C:\autoexec.bat
*C:\WINDOWS\system32\autoexec.nt
`@echo off
`lh %SystemRoot%\system32\mscdexnt.exe
`lh %SystemRoot%\system32\redir
`lh %SystemRoot%\system32\dosx
`SET BLASTER=A220 I5 D1 P330 T3
*C:\WINDOWS\system32\drivers\etc\hosts
`127.0.0.1 localhost
»Program Files
*C:\ntldr
*C:\ntdetect.com
*C:\io.sys
*C:\WINDOWS\system32\win.com
*C:\WINDOWS\explorer.exe
»%PATH% Companion Files
+C:\WINDOWS\system32\notepad.exe
*C:\WINDOWS\NOTEPAD.EXE
+C:\WINDOWS\system32\svchost.exe
*C:\WINDOWS\svchost.exe
+C:\WINDOWS\system32\taskman.exe
*C:\WINDOWS\TASKMAN.EXE
+C:\WINDOWS\system32\winhlp32.exe
*C:\WINDOWS\winhlp32.exe
»System/Drivers
»VMM32Files (LM)
»%System%\VMM32
»%System%\IOSUBSYS
»Application specific
»MS Office 97/8.0 STARTUP-PATH
»Current User
»Default User
»Local Machine
»ICQ NetDetect
»Current User
»Default User

[MaxPayne]

i am going to post TDS log in a short time thanks

[MaxPayne]

it took 3 hours to scan but during the scan my computer was restarted then again i ran TDS and i took 3 hours once again and also found some alarams but how can i remove them.

here is the upper pane of log.
Is it right?

02:38:13 [Init] Trojan Defence Suite v3.2.0 (UNLICENSED)
02:38:13 [Init] Started 11-04-03 02:38:13 Pacific Standard Time (UTC: 8), Internet Time @443.21
02:38:13 [Init] Loading TDS-3 Systems ...
02:38:13 [Init] Token successfully adjusted.
02:38:13 [Init] • TDS Privileges : OK. Adjusted TDS-3 token privileges to maximum
02:38:13 [Init] • Plugins : OK. Loaded 13
02:38:13 [Init] • Exec Protection : Not Installed
02:38:13 [Init] WARNING: Your Radius.TD3 database needs to be updated!
02:38:13 [Init] Please download the latest from http://tds.diamondcs.com.au/radius.td3
02:38:13 [Init] Licensed users can use the Update facility from the TDS menu
02:38:13 [Init] Loading Radius Advanced Scanning Systems ... <R3 Engine, DCS Labs>
02:38:23 [Init] • Radius Advanced Specialist Extensions on standby for 13 trojan families
02:38:23 [Init] • Systems Initialised [51728 references - 26260 primaries/13254 traces/12214 variants/other]
02:38:23 [Init] Radius Systems loaded. <Databases updated 11-04-2003>
02:38:23 [Init] TDS-3 Ready. <Maxpayne@10.0.0.28, 127.0.0.1 - United States>
02:38:23 [Tip Of The Day] Update weekly or even daily for maximum protection against new-release trojans and worms. It's as easy as clicking TDS-3 | Update TDS Databases Now!
02:38:23 [TDS] Good morning Maxpayne. Don't stay up all night!
02:38:27 [Mutex Memory Scan] Started...
02:38:29 [Mutex Memory Scan] Finished (no trojan mutexes found).
02:38:29 [TDS-3] This is an EVALUATION demo of TDS-3. Please see the help file for help on registering.
02:38:50 [CRC32] Started - verifying 29 files ...
02:38:56 [CRC32] Test finished.
02:39:52 [Memory Scan] Memory scan started, please wait a moment ...
02:39:54 [Memory Scan] Memory scan complete.
02:39:54 [Mutex Memory Scan] Started...
02:39:56 [Mutex Memory Scan] Finished (no trojan mutexes found).
02:39:56 [Trace Scan] Started...
02:40:04 [Trace Scan] Finished.
02:40:04 [ServiceScan] Scanning for services and drivers ...
02:40:08 [ServiceScan] Scanned 299 services and drivers.
02:40:08 [File Scan] Scanning in A:\ ...
02:40:15 [File Scan] Scanned 0 files: 0 alarms in 6.641602 seconds (Avg 1. files/sec)
02:40:15 [File Scan] Scanning in C:\ ...
03:09:54 [File Scan] Scanned 69570 files: 3 alarms in 1778.515 seconds (Avg 40.12 files/sec)
03:09:54 [File Scan] Scanning in D:\ ...
03:21:11 [File Scan] Scanned 44293 files: 3 alarms in 676.5 seconds (Avg 66.47 files/sec)
03:21:11 [File Scan] Scanning in E:\ ...
03:24:55 [File Scan] Scanned 1813 files: 3 alarms in 224.9365 seconds (Avg 9.06 files/sec)
03:24:56 [File Scan] Scanning in F:\ ...
03:47:57 [File Scan] Scanned 24852 files: 17 alarms in 1381.781 seconds (Avg 18.99 files/sec)
03:47:57 [File Scan] Scanning in G:\ ...
03:53:51 [File Scan] Scanned 2685 files: 17 alarms in 354 seconds (Avg 8.58 files/sec)
03:53:51 [File Scan] Scanning in H:\ ...
03:55:22 [File Scan] Scanned 1491 files: 17 alarms in 90.21875 seconds (Avg 17.53 files/sec)
03:55:22 [File Scan] Scanning in I:\ ...
04:01:31 [Screen Text] Saved to C:\Program Files\TDS3\scr0.txt
04:03:04 [TDS] Good morning Maxpayne, all systems are ready.
04:12:16 [TDS] Good morning Maxpayne, all systems are ready.
04:19:30 [TDS] Good morning Maxpayne, all systems are ready.
04:29:37 [File Scan] Scanned 86113 files: 17 alarms in 2055.312 seconds (Avg 42.9 files/sec)
04:29:38 [File Scan] Scanning in J:\ ...
04:31:44 [File Scan] Scanned 2412 files: 17 alarms in 126.7188 seconds (Avg 20.03 files/sec)
04:31:44 [File Scan] Scanning in K:\ ...
04:35:11 [File Scan] Scanned 3041 files: 17 alarms in 206.5938 seconds (Avg 15.72 files/sec)
04:35:11 [File Scan] Scanning in L:\ ...
04:56:49 [File Scan] Scanned 36330 files: 18 alarms in 1297.766 seconds (Avg 28.99 files/sec)
04:56:49 [File Scan] Scanning in M:\ ...
05:00:27 [File Scan] Scanned 2152 files: 18 alarms in 217.875 seconds (Avg 10.88 files/sec)
05:00:27 [File Scan] Scanning in N:\ ...
05:17:50 [File Scan] Scanned 42818 files: 19 alarms in 1043.547 seconds (Avg 42.03 files/sec)
05:17:50 [File Scan] Scanning in O:\ ...
05:17:50 [File Scan] Scanned 0 files: 19 alarms in 0 seconds (Avg -1.#IND files/sec)
05:17:50 [File Scan] Scanning in P:\ ...
05:17:50 [File Scan] Scanned 0 files: 19 alarms in 0 seconds (Avg -1.#IND files/sec)
05:17:50 [Scan] Finished.

please help me

[kworley517]

Hey MaxPayne,

We definitely need to see the LOG that was generated by the TDS-3 scanner and located in the lower pane (window) of the scanner during the scan. It should list all of the (19) alarms that it found. We need this listing to kill the trojans that are running on your system. Please provide this log accordingly.

It should be located in C:\Program Files\TDS3\scr0.txt or someplace similar.

[MaxPayne]

Sorry i TDS has also gone , It is also showing me a black screen and disappears. i don't know what going on with my windows?

i try to download TDS once again

[MaxPayne]

Hi ,
I check everywhere to find C:\Program Files\TDS3\scr0.txt

i found scro.txt, scr1.txt and scr2.txt but they all contain the same informations that i posted earlier but they don't contain alarm name and their locations.

whenever i download It says "The program memory is too big"

[greyknight17]

How about searching for a file called scandump.txt?