Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Pup Prcviewer Or Virtumonde Infection


  • Please log in to reply
8 replies to this topic

#1 mewrae

mewrae

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 07 November 2007 - 04:43 PM

Earlier this year I had a Virtumonde infection. At that time I had Norton AntiVirus. I received help through a website similar to this (don't remember the name). The problem went away and all was good in the world again. A few days ago, Norton expired and I wanted to download McAfee. Upon doing this, I was told to remove Norton. I removed it and continued installation with McAfee. After I did this, my computer was VERY slow. I ran a scan and it found "PrcViewer." I clicked to remove it. After I did this, a box would pop up occasionally saying that a PUP (PrcViewer) was trying to run. I clicked remove but the box would still pop up every once in awhile. I ran a scan with McAfee and while doing this, a box repeatedly kept popping up saying that another PUP was trying to run (Generic PUP.q). I clicked remove and closed the box but it kept opening back up (about 6 times). Nonetheless, I am infected with something, just don't know what or how to get rid of it!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:38:47 PM, on 11/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {00000000-0000-0000-0000-100000000002} - http://code.jcash.biz/l/817f7ce79d5d021574...b9455edc_13.exe
O16 - DPF: {3F0EECCE-E138-11D1-8712-0060083D83F5} (LPViewer Class) - http://www.vtbrowser.com/library/ActiveX/LPControl.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://download.games.yahoo.com/games/web_...loadControl.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shock...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popc...aploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...032/mcfscan.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe

--
End of file - 6268 bytes


Thank you in advance!

Melissa

BC AdBot (Login to Remove)

 


#2 mewrae

mewrae
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 07 November 2007 - 04:49 PM

I don't know if this has anything to do with my computer problems, but when I try to open Internet Explorer, it's quite slow, especially if I have Word open.

#3 AndyManchesta

AndyManchesta

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Manchester, UK
  • Local time:09:27 AM

Posted 24 November 2007 - 04:29 AM

Hi mewrae, Welcome to the forum,

We are sorry for the delay in responding. The volunteers here are swamped and unfortunately not all logs get answered as quickly as we'd like. If you still require help please post a new HijackThis log into this topic and I'd be happy to assist.

Thanks

Andy

#4 mewrae

mewrae
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 24 November 2007 - 04:43 PM

Thanks for the response! I should add that my computer is extremely slow, which is out of the ordinary (opening Outlook Express, Internet Explorer...) Also, when a run McAfee, the only thing it finds is the PrcViewer. Here is my new log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:41:29 PM, on 11/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\Scan stuff\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {00000000-0000-0000-0000-100000000002} - http://code.jcash.biz/l/817f7ce79d5d021574...b9455edc_13.exe
O16 - DPF: {3F0EECCE-E138-11D1-8712-0060083D83F5} (LPViewer Class) - http://www.vtbrowser.com/library/ActiveX/LPControl.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - http://download.games.yahoo.com/games/web_...loadControl.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shock...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popc...aploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...032/mcfscan.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe

--
End of file - 6324 bytes

#5 AndyManchesta

AndyManchesta

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Manchester, UK
  • Local time:09:27 AM

Posted 24 November 2007 - 06:21 PM

Thanks mewrae :thumbsup:

There's still a Norton Service showing so its probably best to run their removal tool to make sure its fully removed especially with you noticing the PC going slower after you uninstalled it

Norton Removal Tool

Regarding PrcViewer, it's fine by itself but it could be a risk if it was being used by malware which is why they detect it as a potentially unwanted program (PUP), alot of the tools we use on forums use the Process.exe file from Here as it allows them to stop files if needed when the tools are running which McAfee detects as PrcViewer as well it detecting similar files by other companies so it really depends on where it was found and what was using it, the file itself is clean though and just used to start and stop other files on the PC.

Your HijackThis log looks good, just a couple of items to fix but please can you disable Spybot's TeaTimer protection first so it doesn't interfere with the fixes or the scanners we will be using by doing the following:
  • Run Spybot-S&D
  • Go to the Mode menu, and make sure "Advanced Mode" is selected
  • On the left hand side, choose Tools -> Resident
  • Uncheck "Resident TeaTimer" and OK any prompts
Please reenable TeaTimer again once your system is clean.

Run HijackThis and choose Do A System Scan then place a check next to these entries

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O16 - DPF: {00000000-0000-0000-0000-100000000002} - ht*p://code.jcash.biz/l/817f7ce79d5d0215746a27d5b9455edc_13.exe

Close all open browser and other windows except for HijackThis and press the Fix Checked button

Next please use the Internet Explorer browser (or FireFox with IETab), and do an online scan with Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.
  • Once the files are downloaded click on Next
  • Click on Scan Settings and configure as follows:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:Scan Archives
      Scan Mail Bases
  • Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
Posted Image
Posted Image
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.

Finally please visit PCPitStop
Login/Register then click Test this system, it then may prompt you to install a ActiveX control , click Install if you get the option, then click Let's Go. When the tests are complete, a results page will pop up. Click Share these results with TechExpress on the menu then copy the URL provided and post it back, It should look like this:

TechExpress link for your current results:

http://www.pcpitstop.com/techexpress.asp?i...HK0WE3HLEWRE99Q



Let us know if you have any problems

Thanks

Andy

#6 mewrae

mewrae
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 25 November 2007 - 11:26 AM

I couldn't use the Norton Removal Tool. I needed my confirmation number and I no longer have that. I emailed Norton to see if the could give me a copy of it and am still waiting to hear back from them.

Nonetheless, here is my KScan report:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, November 24, 2007 11:04:07 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 25/11/2007
Kaspersky Anti-Virus database records: 465162
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 107683
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 01:40:04

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{36DD57EC-673D-4511-8E42-C7AFC8929428}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{C9FF3710-7C14-4C93-A02D-BBB7461D3E83}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR1.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\027f11fd4be34b736d4df4c352c0fc7d_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0318d76fe2f8b420eca85216130ffe94_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\052593c39dd3626c3acea884e15117d1_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\077e5ab6df6497c2d0c997f20b852e5a_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\07b28153ff6827d4b445a73bc51496a4_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\08d3a7764018170d60c8ed1ff066db94_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0e370acac38d7d520a5a97b8d40b89dd_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\100444884faf22988114df1c87acb551_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1145dd24cbf54458b966043f2c0083e3_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\12808d035691d91f39f1c2028d422a0e_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\133b0bc04fd725c518098c97a87bc61b_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1b108724168cdcb4871cbae54d81c5dd_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\303f4a86cccfa990a6c66f649e70b565_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\330207dd07a952993e285d8ef31974c3_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\345fe6b791a8a36e4bd39fa447b84b36_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3e95ca0bcf95de4c9d32b1423a74e60a_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\403b62c5b9f7c9336ad6cad8c80f1ba5_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4198253dba195f72d7250486e55d28a5_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\44b5c4eea8c92d7c068c7c367d3e15b7_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\45048650e068f8be756049ebedb5cb88_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4cb1a299e4536cdaf5df07289a689277_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4cff6524891d2a50b5e3c33017e27eda_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4d94853a8b411c53e53537e0c4d3a271_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4f7a865370cf3c466aea8ed3975c9987_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5a6e533df76a9ea4b90cfd5604627492_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\62b8d789b7806fe7c679c51b68019969_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\67b172111b6346a0e42d392b93eca2e5_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\692a2563b62dae7d8effb17838e87868_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\69e97ec7921bd0faf5b88e086602191a_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6bbbb9613d4014aa0ba9e8c04354db27_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6f833525fc902ab531b7dbdcf0871afa_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6f96b96913753848bab9f457b9dec50d_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\747750a9c0962ddcd62d4a491d32fad9_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7fe0ab42a0a5ed3d7ed9eab4bb728710_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\81ce72568353b0467246c3a25423adea_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\837b5a190ee0064c6a7a06b30cac5520_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\852068fadc6d0ed154c89a42c6f17152_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\87a9b5e8a3315f2dbaec6d4c776a3db4_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8c9695f55d89ac7cce0af24fd55f1d40_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8d8660abd00071af5efc546be44d36c7_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\910b3fdc740ce1d91afe78c7e5b08dcc_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\92b37cbbf17887ff211c5a790448bb00_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9566cd87a4f3920ff3223a64bda710c6_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\990cc6ab54bd11239aa6e893cac99cbf_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\991de124052b8b1f69d535a4bed77015_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9b02cd10602c58a2c76f97f5f6a36274_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9bfd2ca45b9c848767682230f5eaa98b_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9cc7aca110c7a2d63f7f807490750ad5_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a1079615f528b23a7f916c2989140165_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a2d1a649294a2ae4baf12f0415538a4d_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a41feea310c8de013d97a71e2406f6fa_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a90601ea61290517470531c5568bc5c2_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a90a68ccfaf807d1b024301a93bb4e49_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\afdd63731fe194baebbbe80392d790f7_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b0ee79fe9ddf71ddcfaec7651328447c_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b6627170fdbfd15f8ec0ea6c14826dc4_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b875d5fc205821d237a3a3b0d31bdf46_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bc945ece8c4b062ea6ea71fd7d8ae963_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c0b51b87b35b39a2877696e7c46e4033_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c1d47d23c4a69c6682c3064c1fd58eb6_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c3b0834e496891869ece7132b96e0412_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c65f5b23fbed631f278613ebad653f6c_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c97ffe85bb5ab5ee5b9c27fbf492042a_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cb8944d3d95c5052eccf43f66503d3cc_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cbdcfc6f074d80e600561245eddb1cbb_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cc46f08f9d374e4355f1fb858b080e5c_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cfcfbec6680bbcec2330919c4d8db055_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d313eec54f0275e1d17443701d5a22e5_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d9db2916bd526c673705b2510a732b16_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\da14d1ff1705b2ad4e550036f5a3ed00_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dc0963b63dc7a09ca1c248855bf7e592_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dfc3faed0cbbb368c29bcc2b1ba9a6cd_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f25ab5fa6e9094bf9400d691145d5150_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f3ea64e4fa3b217a063dc8a83ccd7578_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f5a0ee339a063a1822d98155df734f14_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f8c9a106e7dd532743ed9db1ff2be073_328934f7-3cd1-4aef-b3f9-59ea85012c4d Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF4ECF.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF4EDD.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF9576.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{468F4B5D-D748-4F6B-8F5B-C0AC001B6829}\RP532\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{D9918F31-D7AC-4DD7-BA94-4D9A9FE746A0}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\TEMP\mcafee_MiByMQqeJyLeJEF Object is locked skipped
C:\WINDOWS\TEMP\mcmsc_HTZoBQxVQ5gQIgZ Object is locked skipped
C:\WINDOWS\TEMP\mcmsc_IWqnBLe8xuF18Zj Object is locked skipped
C:\WINDOWS\TEMP\mcmsc_KXHKQKxejmwrSOE Object is locked skipped
C:\WINDOWS\TEMP\mcmsc_mWIALumKluhkIYZ Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.




Here is the link for the Pitstop:

http://www.pcpitstop.com/techexpress.asp?id=D3NZSWBHFVVSNHVV

#7 AndyManchesta

AndyManchesta

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Manchester, UK
  • Local time:09:27 AM

Posted 27 November 2007 - 02:27 PM

Thanks mewrae,

Regarding the Norton removal tool, you should only need the product key if you wanted to reinstall a Norton program but the remover should run fine by itself if you just wanted to remove their programs, the PC Pitstop results do not show any Symantec/Norton entries though so the tool may not do much to help if its still running slow, it could be that McAfee is using more resources than what Norton did depending on how slow things are as the PC Pitstop results look fine and shows the system has plenty of space and RAM plus has good download speeds.

To make sure the problems are not malware related can you run the below programs and post back the logs,

Download Blacklight HERE and save it to your desktop.
Run the program, accept statement > click next then scan
When its finished scanning exit the program and post back the log if it detects hidden files, The log is called 'fsbl-<date/time>.log' which will save to the same location as the fsbl.exe file.

Download AVG Anti-Spyware
  • Load AVG and then click the Update tab at the top. Under Manual Update click Start update.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Click on the Scanner tab at the top and then click on Complete System Scan
  • AVG will list any infections found on the left, when the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG will then display "All actions have been applied" on the right.
  • Click on "Save Report", then "Save Report As". This will create a text file which you can then save to the Desktop and post back
Please post back the Blacklight log if it finds any hidden files and the AVG Antispyware log and let us know if the problems are still there

Thanks

#8 mewrae

mewrae
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 29 November 2007 - 09:07 PM

I ran the Norton Removal Tool. I must have looked at the wrong thing which needed a confirmation number.

The Blacklight and AVG both came back clean so didn't attach the logs. I got a refund from McAfee and uninstalled it from my computer and noticed a world of difference! It's back to normal! Thank you for your help!

#9 AndyManchesta

AndyManchesta

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Manchester, UK
  • Local time:09:27 AM

Posted 06 December 2007 - 09:31 AM

Thanks mewrae,

Im glad you resolved the problem and things are back to normal :thumbsup: , if you still needed an Antivirus program then you can find links to free protection programs and alot of excellent tips to help avoid infections Here

Kind Regards

Andy




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users