anyone know what this AntiVir log means?

rise

Diamond Member
Dec 13, 2004
9,116
46
91
Creation date of the report file: Wednesday, January 19, 2005 10:48

AntiVir®/XP (2000 + NT) Personal Edition v6.29.00.03 of 13.12.2004
VDF file v6.29.0.71 (0) of 19.01.2005


.


Scanning for 95864 virus strains and unwanted programs.



Platform: Windows NT Workstation
Windows version: 5.1 Build 2600 (Service Pack 2)


Version information:
AVWIN.DLL : v6.29.00.03 561192 13.12.2004 11:46:22
AVEWIN32.DLL : v6.29.0.8 791040 19.01.2005 10:47:20
AVGNT.EXE : v6.28.00.02 127016 08.11.2004 08:12:52
AVGUARD.EXE : v6.29.00.03 241704 17.11.2004 14:44:12
GUARDMSG.DLL : v6.28.00.02 94248 28.10.2004 08:30:44
AVGCMSG.DLL : v6.28.00.02 262184 08.11.2004 08:12:54
AVGNTDD.SYS : v6.29.00.02 32560 10.12.2004 12:46:36
AVPACK32.DLL : v6, 28, 0, 4 303144 28.10.2004 10:37:46
AVGETVER.DLL : v6.22.00.00 24576 28.10.2004 08:30:40
AVWIN.DLL : v6.29.00.03 561192 13.12.2004 11:46:22
AVSHLEXT.DLL : v6.22.00.00 57344 28.10.2004 08:30:44
AVSched32.EXE : v6.29.00.00 110632 19.11.2004 12:04:20
AVSched32.DLL : v6.28.00.02 122880 28.10.2004 08:30:42
AVREG.DLL : v6.27.00.01 41000 28.10.2004 08:30:42
AVRep.DLL : v6.29.00.71 880680 19.01.2005 10:47:28
INETUPD.EXE : v6.29.00.02 262203 23.11.2004 12:51:58
INETUPD.DLL : v6.29.00.02 143431 23.11.2004 12:51:58
CTL3D32.DLL : v2.31.000 27136 04.08.2004 07:00:00
MFC42.DLL : v6.02.4131.0 1028096 04.08.2004 07:00:00
MSVCRT.DLL : v7.0.2600.2180 (xpsp_sp2_rtm.0408
MSVCRT.DLL : v7.0.2600.2180 343040 04.08.2004 07:00:00
CTL3DV2.DLL : No information

Configuration file:

Name of configuration file: E:\Program Files\AVPersonal\AVWIN.INI
Name of report file: E:\Program Files\AVPersonal\LOGFILES\AVWIN.LOG
Start path: E:\Program Files\AVPersonal
Command line:
Start mode: unknown

Mode of report file:
[ ] Do not create report
[X] Overwrite report
[ ] Append new report

Data in report file:
[X] Infected files
[ ] Infected files with paths
[ ] All scanned files
[ ] Full information

Abridge report file:
[ ] Abridge report file

Warnings in report:
[X] Access denied/file locked
[X] Wrong file size in directory
[X] Wrong creation time in directory
[ ] COM file is too large
[X] Invalid start address
[X] Invalid EXE header
[X] Possibly damaged

Summary report:
[X] Create summary report
Output file: AVWIN.ACT
Maximum number of entries: 100

Where to search:
[X] Memory
[X] Boot record of selected drives
[ ] Report unknown boot sectors
[ ] All files
[X] Program files
Extensions: .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP

Response in case of a detection:
[X] Repair with prompt
[ ] Repair without prompt
[ ] Delete with prompt
[ ] Delete without prompt
[ ] Write in report file only
[X] Acoustic alarm

Response in case of destroyed files:
[X] Delete with prompt
[ ] Delete without prompt
[ ] Ignore

Response in case of destroyed files:
[X] No change
[ ] Current system time
[ ] Correct date

Drag&drop settings:
[X] Scan subdirectories

Profile settings:
[X] Scan subdirectories

Archive options
[X] Search archive
[X] All archive types

Miscellaneous options:
Temporary path: %TEMP% -> C:\DOCUME~1\P1\LOCALS~1\Temp
[X] Overwrite infected files
[ ] Detect idle time
[X] Allow interruptions of scan
[X] Load AVWin®/NT Guard on System start

General settings:
[X] Save options on exiting AntiVir
Priority: medium

Drives:
C: Hard disk
D: Hard disk
E: Hard disk
F: CD-ROM
G: CD-ROM
H: Hard disk
I: Hard disk

Start of scan: Wednesday, January 19, 2005 10:48

Memory test OK
Master boot record of hard disk HD0 OK
Master boot record of hard disk HD1 OK
Boot record of drive C: OK
Boot record of drive D: OK
Boot record of drive E: OK
Boot record of drive H: OK
Boot record of drive I: OK


C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery
DSOExploit.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit3.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit4.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit5.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit6.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit7.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit8.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit9.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
MissingsharedDLL.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
MissingsharedDLL1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
Wrongapppath.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
Wrongapppath1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
Wrongapppath2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
Wrongapppath3.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
Wrongapppath4.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
Wrongapppath5.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
C:\Documents and Settings\\Application Data\Spybot - Search & Destroy\Recovery
DSOExploit.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit1.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit2.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit3.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
DSOExploit4.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
C:\Documents and Settings\\Local Settings\Temporary Internet Files\Content.IE5\U5AT6LAL
dc3setup_33[1].zip
ArchiveType: ZIP
NOTE! No files to extract.
C:\Documents and Settings\\Local Settings\Temporary Internet Files\Content.IE5\VGHZU31N
Bwhich%2Bdevices%2Bare%2Bspread%2Bspectrum%26hl%3Den%26lr%3D%26start%3D10%26sa%3DN&u_h=600&u_w=800&u_ah=600&u_aw=800&u_cd=32&u_tz=-300&u_his=4&u_java=true
Access denied! Error during file opening!
Error code: 0x0002
WARNING! Access error/file locked!
Error! Could not change directory: System Volume Information
C:\WINDOWS\system32\config
default
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
SAM
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
SECURITY
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
software
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
system
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!


Error! Could not change directory: System Volume Information


Error! Could not change directory: System Volume Information


H:\
pagefile.sys
Access denied! Error during file opening!
This is a Windows swap file. This file is locked by Windows.
Error code: 0x000D
WARNING! Access error/file locked!
Error! Could not change directory: System Volume Information


Error! Could not change directory: System Volume Information



End of scan: Wednesday, January 19, 2005 10:52
Time taken: 04:12 min


2122 directories were scanned
28418 files were scanned
7 warning messages were issued
0 files were deleted
0 files were repaired
0 detections



>>>whats with the warnings? are these normal? i guess the page file one and the zips from spy-bot are normal but i don't really understand the others. i've been recently having some odd behavior, such as the mouse doesn't respond properly, will move but no clicks, windows jumping from foreground to backround, computer seems to freeze but programs still run. i have to hit ctrl/alt/del and then cancel task manager to bring it back to "normal".
&l
 

redbeard1

Diamond Member
Dec 12, 2001
3,006
0
0
The results are normal. All of those locked zip files, that are in the Spybot folder, are spyware junk that has been removed. Those are the recovery backup
files. If you go into Spybot and clear your recovery files, you won't see them in the virus scan results.

I would clear your Temporary Internet Files, including the offline content. You shouldn't have scan errors in there.

The system32\config is where your registry is contained, and they come up as locked when you scan them.