HELP BACKLIGHT DETECT STRANGE HIDDEN FILE(SEVERE WINDOWS 2000 INFECTION)

From: "DEVELOPER" <deepeshdeomurari@xxxxxxxxx>
Date: 2 Feb 2007 00:17:56 -0800

Hi,
I am facing some strange problems from last few days. my computer is
fully secured with McAffee Antivirus.
Suddenly after some time,computer start throwing errors. event viewer
notices DCOM error.
The application failed to initialize properly (0xc0000142). Click on
OK to terminate the application. Event viewer shows following error
Mrxsmb:The redirector was unable to initialize security context or
query context attributes.
and
No Windows NT or Windows 2000 Domain Controller is available for
domain IND. The following error occurred:
The remote procedure call failed and did not execute.
In executing java projects I got out of memory errors(even in 50LOC)
and some times unable to create native threats
I tried all things, nothing worked except F-Secure BlackLight
Log is

02/01/07 17:10:07 [Info]: BlackLight Engine 1.0.55 initialized
02/01/07 17:10:07 [Info]: OS: 5.0 build 2195 (Service Pack 4)
02/01/07 17:10:07 [Note]: 7019 4
02/01/07 17:10:07 [Note]: 7005 0
02/01/07 17:10:11 [Note]: 7006 0
02/01/07 17:10:11 [Note]: 7011 3012
02/01/07 17:10:11 [Note]: 7026 0
02/01/07 17:10:11 [Note]: 7026 0
02/01/07 17:10:17 [Note]: FSRAW library version 1.7.1021
02/01/07 17:10:19 [Info]: Hidden file: c:\:AFP_IdIndex
02/01/07 17:10:19 [Note]: 7002 0
02/01/07 17:10:19 [Note]: 7003 1
02/01/07 17:10:45 [Note]: 2000 1006
02/01/07 17:10:45 [Note]: 2000 1006
02/01/07 17:10:45 [Note]: 2000 1006
02/01/07 17:10:45 [Note]: 2000 1006
02/01/07 17:10:46 [Note]: 2000 1006
02/01/07 17:10:46 [Note]: 2000 1006
02/01/07 17:10:46 [Note]: 2000 1006
02/01/07 17:10:46 [Note]: 2000 1006
02/01/07 17:10:46 [Note]: 2000 1006
02/01/07 17:10:46 [Note]: 2000 1006
02/01/07 17:10:46 [Note]: 2000 1006
02/01/07 17:10:47 [Note]: 2000 1006
02/01/07 17:10:47 [Note]: 2000 1006
02/01/07 17:10:47 [Note]: 2000 1006
02/01/07 17:10:47 [Note]: 2000 1006
02/01/07 17:10:47 [Note]: 2000 1006
02/01/07 17:10:47 [Note]: 2000 1006
02/01/07 17:10:47 [Note]: 2000 1006
02/01/07 17:10:47 [Note]: 2000 1006
02/01/07 17:10:48 [Note]: 2000 1006
02/01/07 17:10:48 [Note]: 2000 1006
02/01/07 17:10:48 [Note]: 2000 1006
02/01/07 17:10:48 [Note]: 2000 1006
02/01/07 17:10:48 [Note]: 2000 1006
02/01/07 17:10:48 [Note]: 2000 1006
02/01/07 17:10:48 [Note]: 2000 1006
02/01/07 17:10:49 [Note]: 2000 1006
02/01/07 17:10:49 [Note]: 2000 1006
02/01/07 17:10:49 [Note]: 2000 1006
02/01/07 17:10:49 [Note]: 2000 1006
02/01/07 17:10:49 [Note]: 2000 1006
02/01/07 17:10:49 [Note]: 2000 1006
02/01/07 17:10:49 [Note]: 2000 1006
02/01/07 17:10:50 [Note]: 2000 1006
02/01/07 17:10:50 [Note]: 2000 1006
02/01/07 17:10:50 [Note]: 2000 1006
02/01/07 17:10:51 [Note]: 2000 1006
02/01/07 17:10:51 [Note]: 2000 1006
02/01/07 17:10:51 [Note]: 2000 1006
02/01/07 17:10:51 [Note]: 2000 1006
02/01/07 17:10:51 [Note]: 2000 1006
02/01/07 17:10:51 [Note]: 2000 1006
02/01/07 17:10:52 [Note]: 2000 1006
02/01/07 17:10:52 [Note]: 2000 1006
02/01/07 17:10:52 [Note]: 2000 1006
02/01/07 17:10:52 [Note]: 2000 1006
02/01/07 17:10:52 [Note]: 2000 1006
02/01/07 17:10:52 [Note]: 2000 1006
02/01/07 17:10:52 [Note]: 2000 1006
02/01/07 17:10:53 [Note]: 2000 1006
02/01/07 17:10:53 [Note]: 2000 1006
02/01/07 17:10:53 [Note]: 2000 1006
02/01/07 17:10:53 [Note]: 2000 1006
02/01/07 17:10:53 [Note]: 2000 1006
02/01/07 17:10:53 [Note]: 2000 1006
02/01/07 17:10:53 [Note]: 2000 1006
02/01/07 17:10:54 [Note]: 2000 1006
02/01/07 17:10:54 [Note]: 2000 1006
02/01/07 17:10:54 [Note]: 2000 1006
02/01/07 17:10:54 [Note]: 2000 1006
02/01/07 17:10:54 [Note]: 2000 1006
02/01/07 17:10:54 [Note]: 2000 1006
02/01/07 17:10:54 [Note]: 2000 1006
02/01/07 17:10:55 [Note]: 2000 1006
02/01/07 17:10:55 [Note]: 2000 1006
02/01/07 17:10:55 [Note]: 2000 1006
02/01/07 17:10:55 [Note]: 2000 1006
02/01/07 17:10:55 [Note]: 2000 1006
02/01/07 17:10:55 [Note]: 2000 1006
02/01/07 17:10:55 [Note]: 2000 1006
02/01/07 17:10:56 [Note]: 2000 1006
02/01/07 17:10:56 [Note]: 2000 1006
02/01/07 17:10:57 [Note]: 2000 1006
02/01/07 17:10:57 [Note]: 2000 1006
02/01/07 17:10:57 [Note]: 2000 1006
02/01/07 17:10:57 [Note]: 2000 1006
02/01/07 17:10:57 [Note]: 2000 1006
02/01/07 17:10:57 [Note]: 2000 1006
02/01/07 17:10:58 [Note]: 2000 1006
02/01/07 17:10:58 [Note]: 2000 1006
02/01/07 17:10:58 [Note]: 2000 1006
02/01/07 17:10:58 [Note]: 2000 1006
02/01/07 17:10:58 [Note]: 2000 1006
02/01/07 17:10:58 [Note]: 2000 1006
02/01/07 17:10:58 [Note]: 2000 1006
02/01/07 17:10:59 [Note]: 2000 1006
02/01/07 17:10:59 [Note]: 2000 1006
02/01/07 17:10:59 [Note]: 2000 1006
02/01/07 17:10:59 [Note]: 2000 1006
02/01/07 17:10:59 [Note]: 2000 1006
02/01/07 17:10:59 [Note]: 2000 1006
02/01/07 17:11:00 [Note]: 2000 1006
02/01/07 17:11:00 [Note]: 2000 1006
02/01/07 17:11:00 [Note]: 2000 1006
02/01/07 17:11:00 [Note]: 2000 1006
02/01/07 17:11:00 [Note]: 2000 1006
02/01/07 17:11:00 [Note]: 2000 1006
02/01/07 17:11:01 [Note]: 2000 1006
02/01/07 17:11:01 [Note]: 2000 1006
02/01/07 17:11:02 [Note]: 2000 1006
02/01/07 17:11:05 [Note]: 2000 1006
02/01/07 17:11:06 [Note]: 2000 1006
02/01/07 17:11:06 [Note]: 2000 1006
02/01/07 17:11:06 [Note]: 2000 1006
02/01/07 17:11:06 [Note]: 2000 1006
02/01/07 17:11:06 [Note]: 2000 1006
02/01/07 17:11:06 [Note]: 2000 1006
02/01/07 17:11:06 [Note]: 2000 1006
02/01/07 17:11:07 [Note]: 2000 1006
02/01/07 17:11:07 [Note]: 2000 1006
02/01/07 17:11:07 [Note]: 2000 1006
02/01/07 17:11:07 [Note]: 2000 1006
02/01/07 17:11:07 [Note]: 2000 1006
02/01/07 17:11:08 [Note]: 2000 1006
02/01/07 17:11:08 [Note]: 2000 1006
02/01/07 17:11:08 [Note]: 2000 1006
02/01/07 17:11:08 [Note]: 2000 1006
02/01/07 17:11:09 [Note]: 2000 1006
02/01/07 17:11:09 [Note]: 2000 1006
02/01/07 17:11:09 [Note]: 2000 1006
02/01/07 17:11:09 [Note]: 2000 1006
02/01/07 17:11:09 [Note]: 2000 1006
02/01/07 17:11:09 [Note]: 2000 1006
02/01/07 17:11:09 [Note]: 2000 1006
02/01/07 17:11:09 [Note]: 2000 1006
02/01/07 17:11:10 [Note]: 2000 1006
02/01/07 17:11:10 [Note]: 2000 1006
02/01/07 17:11:10 [Note]: 2000 1006
02/01/07 17:11:10 [Note]: 2000 1006
02/01/07 17:13:01 [Note]: 7007 0
I queued it for renaming many times, but again I get similar names
and I can't see the renamed file(probably because of ":" in the
filename).
Please help me out with this

.

Prev by Date: Re: HELP sex.com default page
Next by Date: Interpretation of NOD32/RootkitRevealer Scan Results
Previous by thread: Re: HELP sex.com default page
Next by thread: Interpretation of NOD32/RootkitRevealer Scan Results
Index(es):
- Date
- Thread

Relevant Pages

Event ID 1000, logon script
... I have a NT 4.0 Domain controller and win2k clients. ... simple logon scripts to map network drives, ... domain I get a popup window that says: "Windows did not load your roaming ... the event viewer and it just gives me the same message and Event ID 1000. ...
(microsoft.public.win2000.security)
Windows xp cant logon to the w2k-based domain after installing terminla service
... I have a w2k-based domain with windows xp pro as clients. ... After installing Terminal services on domain controller, ... The event viewer ...
(microsoft.public.win2000.termserv.clients)
event id 1054
... I have several of this messages in the event viewer ... description= Windows cannot obtain the domain controller ... active directory. ...
(microsoft.public.windows.server.active_directory)
Re: BIOS - COULD THERE A PROBLEM WITH MY PCS BIOS?
... You can access Event Viewer by selecting Start, Control Panel, ... View and Manage Event Logs in Event Viewer in Windows XP ... with a Master - DMA off, Slave DMA on, Secondary IDE channel with a ... I have hibernation turned off on both drives ...
(microsoft.public.windowsxp.basics)
Re: Slow boot
... Windows looks at those after the program or module is up and running they ... have some uninstall folders in your Windows folder typically: ... Advanced and check the box before Compress contents to save Disk Space. ... Also look for Error Reports in the System log in Event Viewer. ...
(microsoft.public.windowsxp.perform_maintain)