Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This Log - Please Check


  • This topic is locked This topic is locked
13 replies to this topic

#1 tennille578

tennille578

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 09 January 2007 - 10:31 PM

Hi...I had norton installed on my computer and my subscription ran out, I didn't have a virus protection program activated for 4 days and something happened to my computer. I have looked all over the internet to try and solve the program (and have since installed spyware dr and PC antivirus...) and something is still going on that the programs can't find.

Programs will run for about 5 minutes and then stop because of "missing files" or "not enough storage to run program" it doesn't make any sense to me! I can't do a system restore to a previous point because it says there are no previous restore points...and every time I restart my computer runs chkdsk...

Anyways I'm really confused and frustrated and I'm hoping someone can help me....Thanks in advance!!

Here's my log:
Logfile of HijackThis v1.99.1
Scan saved at 8:16:13 PM, on 1/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP2 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\PC Tools AntiVirus\PCTAV.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Shaw Internet
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://justinetennille.spaces.msn.com//Pho...ad/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1135741902109
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

BC AdBot (Login to Remove)

 


#2 DaveM59

DaveM59

    Bleepin' Grandpa


  • Members
  • 1,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:TN USA
  • Local time:04:38 PM

Posted 10 January 2007 - 07:54 PM

Hi tennille578,

Welcome to Bleeping Computer. :thumbsup:

I have examined your log. There are a few things I would fix, for example, you still have some traces of Norton in your log. That might be a small problem, if your intention was to uninstall it completely. However, none of the things I see explain your symptoms.

Programs will run for about 5 minutes and then stop because of "missing files" or "not enough storage to run program"


every time I restart my computer runs chkdsk


These statements suggest to me that your problem may not be malware. Your hard drive may be failing. I cannot be sure about this, there are other things that could be at fault, but a hard drive failure is very difficult to recover from and for that reason I think you should do two things right away:

First, back up all your data files preferably to an external hard drive or CD-R media.

Edit: check this tutorial if you don't have a backup routine that you regularly follow. You may want to use it. However the most important thing is to get the files onto another disk.

Second, run a test of your hard drive. All drive manufacturers have diagnostic programs available for download on the support section of their websites. You need to find out (if you don't know) who made your hard drive, also the model number.

To find your hard drive manufacturer and model, click Start, then right click My Computer and select Properties. Click the Hardware tab and select Device Manager. Click the "+" next to Disk Drives to show the hard drives installed. Probably there is only one. If the manufacturer's name is not given along with the model number you will have to google the model number to find it.

Then google the manufacturer and find the English language support section. Find the downloads section and look for the diagnostic tool.

Once downloaded, you will have to create a bootable floppy disk or CD. The manufacturer support pages will have instructions on how to do this, and how to run the program and interpret the results.

If you need more help with any of this post back here. If I don't know the answer to your question I will call upon some of the experts in the Hardware forum.

Please do these steps right away. If this is a hard drive problem it is only going to get worse. If on the other hand the hard drive checks out okay, we can breathe a sigh of relief and look at some other possible causes.

Good luck,

Dave

Edited by DaveM59, 10 January 2007 - 08:03 PM.


#3 tennille578

tennille578
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 11 January 2007 - 01:32 AM

Hi Dave,
Thank you soooooo much for your help! Looks like it was a hardware problem. I had some reboot cds so I did a restore off of those. Can't believe I've had them the whole time and didn't think to use them.

I had to reinstall all of my programs, first thing I did was install my spyware dr, antivirus and firewall so I should be ok... everything seems to be running smoothly (better than it was before actually..)

Sorry if I posted in the wrong thread...I had absolutely no idea what was going on.

Thanks again, I really appreciate it!!!!

#4 DaveM59

DaveM59

    Bleepin' Grandpa


  • Members
  • 1,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:TN USA
  • Local time:04:38 PM

Posted 11 January 2007 - 06:31 AM

Hi Tennile578,

Just curious -- did you run the hard drive diagnostic? From what you say it sounds like you used your computer restore disks. That will correct any and all operating system (software) problems, may correct problems with the file system, but it does not do anything about hardware. If it fixed your problem, then I was wrong about your hard drive.

In any case the important thing is that your machine is now working correctly, congratulations on that! :thumbsup:

Dave

#5 tennille578

tennille578
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 11 January 2007 - 11:57 AM

I was having serious problems in explorer, I couldn't get through the manufacturers website to the download page. I was supposed to pick from a list of products/types/models and when I tried to access the options I would get a "pop-up blocked" info bar that I couldn't work around by turning off pop-up blocker or pressing ctrl.

Explorer would freeze up if I tried to open anything in a new tab, or go to any microsoft website (my.msn or hotmail, msn.com...) or when I tried to download programs through links. The strange thing was my google toolbar worked fine, and I could search and access sites. Unfortunately I was unable to find a download from a site other than the manufacturer (that worked around the info bar pop up blocker....) I used the restore disks as they were the only option I had that would work correctly.

I am going to try to download the diagnostic tool when I get home from work today. (Now that I have explorer working properly...) because if I'm understanding correctly (and the cds only correct the software)the hardware could go again...?!

I can't say thank you enough for your time and help with this!

#6 DaveM59

DaveM59

    Bleepin' Grandpa


  • Members
  • 1,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:TN USA
  • Local time:04:38 PM

Posted 11 January 2007 - 12:39 PM

You understand correctly. The only cure for a failing hard drive is to replace it. However, it sounds like your Windows installation was badly corrupted.

By all means, go ahead and run the hard drive test when you get home. Let me know what it says.

Dave

#7 tennille578

tennille578
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 12 January 2007 - 10:41 AM

Hi Dave,
So I went back to the manufacturers site (it's an emachine T6520, don't think I mentioned that before) and they didn't have any sort of diagnostic tool on their site. I've been reading these computers aren't the greatest, my Dad picked it up for me a year ago because I needed a new computer and had no idea what to get. I have Bigfix, and from what I understand it's supposed to manage the system, but I couldn't find any sort of tool there either. At the emachines site it says I can email them for help or pay for some sort of answers software....not sure if that would be a good idea or a waste of time/money?

I ran that Belarc System Management and it said the "smart status" of the hard drive was healthy, but I'm not sure if that means anything or not.

I didn't manage to get all of my files backed up before I did the restore. Most, but not all. I did the type of recovery that saves files to c:/My backup and was having trouble accessing the files. I read on another forum that you could try to access the files from safe mode, but my computer refuses to start in safe mode -that's not a good sign, right?

Also I ran checkdisk again and it wouldn't run in windows, so I scheduled it to run at next restart. It ran for an hour!!

Other than this....safemode not working and long checkdisk, it is running fine. I got all of my windows updates and every other program is running no problem.

What do you think??

(Please let me know if I should move to the hardware forum.....)

Thanks again and happy friday!

#8 DaveM59

DaveM59

    Bleepin' Grandpa


  • Members
  • 1,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:TN USA
  • Local time:04:38 PM

Posted 12 January 2007 - 01:09 PM

Hi tennille578,

Belarc's report is encouraging but not conclusive.

You will not find the diagnostic tool on the eMachines website. eMachines support site only says "200gB" for the hard drive. They may buy them from several manufacturers.

Please follow the directions I gave in my first post to find the model number and manufacturer of your hard drive, then see if you can locate the diagnostic tool on their support site.

There will probably be two different file versions of the tool. One will be for making a floppy disk. You need the .iso image file to make a bootable CD. Your burning software should have information on how to go about doing this.

Questions:

When checkdisk ran, did it report any errors?

What happens exactly when you try to boot into safe mode? Do you get a blue screen (Stop error) message?

Would it boot into safe mode before you did the system restore?

And finally, is this PC still under warranty? This may be important if your hard drive does turn out to be faulty.

Good luck,

Dave

#9 tennille578

tennille578
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 13 January 2007 - 10:51 PM

Hi Dave,
Sorry I had a problem understanding the model number, it said WDC at the beginning and I didn't realise that was the manufacturer.

I found and downloaded the diagnostic tool, and ran the extended disk check (ran for about an hour and a half) and afterwards it said the hardware passed the test. Was it supposed to show a log or something with the results? It didn't give me one, just hard drive info (memory, serial number, etc) and a ""system passed."

To answer your other questions:

When checkdisk ran it ran before windows started, when the results showed it went by so quickly I couldn't read anything. From what I could read I didn't think it found any errors. Still it won't let me run checkdisk within windows, asks me to schedule it at restart.

When I try to boot in safe mode it goes to the black screen (I'm assuming this is dos??) with a bunch of prompts... they run down the screen line after line, stop and then nothing. *Last one says multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\system32\DRIVERS\agpCPQ.sys I have waited for a long time to see if windows would start and it wouldn't. Just freezes.

I got safemode to work before the restore, but it did freeze this way once or twice before I got it to work.

*edited...I tried to run safemode again after I posted and it worked right away...???

I have absolutely no idea if the PC is still under warranty, I got it a year ago in January...I didn't get any info with it, when my Dad dropped it off for me he only thing he gave me other than the computer were the system restore disks. There's a place on the website for the hard drive with a warranty check but the page is under maintenance. I will check back later and see if they can provide me with any info.

Thanks!!!

Edited by tennille578, 13 January 2007 - 11:12 PM.


#10 DaveM59

DaveM59

    Bleepin' Grandpa


  • Members
  • 1,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:TN USA
  • Local time:04:38 PM

Posted 14 January 2007 - 10:18 AM

Hi again,

Let's put the safe mode boot problem to the side for right now. There's a lot about it on the web, and the appropriate forum for that would be either the Windows XP forum or the Hardware forum.

Good news: if your Western Digital diagnostic program shows no problem then your hard drive is okay, you are not in danger of losing your data. These diagnostic programs don't produce a log, it's basically just a good-or-bad verdict on the screen.

Warranty is probably a year, but since your hard drive tests out okay that is no longer important. What you've got is most likely Windows/BIOS issue.

However, before turning you over to the other forums I think we should run a couple more scans just to confirm that you don't have malware.

As a preliminary, since you did a system restore, please do a Windows Update if you have not already done so. Your restore put you back to Windows as it was at the time your machine was built, and there have been a lot of security updates since then. Make sure you install all critical updates.

Also update your Java. Earlier versions have serious security vulnerabilities. Click Start, Control Panel, then double click Add/Remove Programs. When the list is populated look for any and all entries starting with J2SE or JRE with the little Java icon (a coffee cup). Remove them all, one by one. Then open your browser and go to this web page to get the latest version. Scroll dow to the middle of the page where you will find Java Runtime Environment (JRE) 6.0. Click Download which will take you to the secure download page. At the top, select the Accept License Agreement button. Then look to the first block for the J2SE downloads for the Windows Platform. You can choose either the Online or Offline installation version; unless you have several computers you need to upgrade, I suggest the Online version.

Download the file to your desktop, double click the icon to start the installation.

If you have trouble with the Online installation, you can download the big Offline file and install it with your browser closed.

Now, with your system up to date, let's run those scans.

Please download Blacklight Beta here. You can read the information on the download page for an idea of what it will do. Download it to your desktop and double click to open. Accept the agreement, then on the next screen click the Scan button. When the scan is finished, click Next. If anything was found, let Blacklight clean it. Then exit the program. You will find a log file on your desktop, named fsbl-xxxxxxxxxxxxx.log. The x's are numbers, the first four being the current year. This is a text file and can be opened with Notepad.

Next go to the Kaspersky online scanner. Accept the terms, let it install an ActiveX program (since you have XP SP2 this is blocked by default, you must allow it), then accept the terms again, let it download the files (about 8 MB total). Click Next, and select "My Computer" as the scan area. Kaspersky takes a long time but it is very thorough. When it is finished, save the report as a text file (easier to work with than an HTML file) to your desktop.

Finally, run a fresh HijackThis scan. Post the log, along with the Blacklight and Kaspersky reports, to a reply here.

Good luck,

Dave

#11 tennille578

tennille578
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 15 January 2007 - 11:45 AM

Here is my blacklight log (didn't find anything):

01/14/07 12:21:28 [Info]: BlackLight Engine 1.0.55 initialized
01/14/07 12:21:28 [Info]: OS: 5.1 build 2600 (Service Pack 2)
01/14/07 12:21:28 [Note]: 7019 4
01/14/07 12:21:28 [Note]: 7005 0
01/14/07 12:21:30 [Note]: 7006 0
01/14/07 12:21:30 [Note]: 7011 1412
01/14/07 12:21:31 [Note]: 7026 0
01/14/07 12:21:31 [Note]: 7026 0
01/14/07 12:21:35 [Note]: FSRAW library version 1.7.1021
01/14/07 12:26:48 [Note]: 7007 0



************
The Kaspersky log ended up being a really large file because of everything that was saved to c:/My Backup when I did the restore. I removed most of the lines as they were all of my music files and data from my computer before I did the restore. If you need to look through those lines I can post the entire log (will take a few replies...)

Here it is (didn't find anything either):

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, January 14, 2007 1:56:41 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 14/01/2007
Kaspersky Anti-Virus database records: 243928
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 103051
Number of viruses found: 0
Number of infected objects: 0 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:06:05

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\PC Tools\PC Tools AntiVirus\Application Logs\PCToolsAntivirus.txt Object is locked skipped
C:\Documents and Settings\Owner\Application Data\PC Tools\PC Tools AntiVirus\Report Logs\Report39096.125069444446.xml Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\justine_tennille@hotmail.com\SharingMetadata\activitylog.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\justine_tennille@hotmail.com\SharingMetadata\Logs\Dfsr.log Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\justine_tennille@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\justine_tennille@hotmail.com\SharingMetadata\Working\database_96FC_DA15_FCD9_EF8B\dfsr.db Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\justine_tennille@hotmail.com\SharingMetadata\Working\database_96FC_DA15_FCD9_EF8B\fsr.log Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\justine_tennille@hotmail.com\SharingMetadata\Working\database_96FC_DA15_FCD9_EF8B\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Messenger\justine_tennille@hotmail.com\SharingMetadata\Working\database_96FC_DA15_FCD9_EF8B\tmp.edb Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Contacts\justine_tennille@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Contacts\justine_tennille@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012007011420070115\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_b28.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF4FE6.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF4FF7.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF9285.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF933D.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DFA618.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DFA623.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\.limewire\.NetworkShare\Incomplete\LimeWireWinInstaller.exe.info Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\.limewire\.NetworkShare\Incomplete\LimeWireWinInstaller.exe.part Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\.limewire\.NetworkShare\LimeWireWin4.12.6-fixed.exe Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\.limewire\.NetworkShare\LimeWireWin4.12.6-nopack2.exe Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\.limewire\412splashfree.png Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\.limewire\createtimes.cache Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\.limewire\data.ser Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\.limewire\fileurns.bak Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\.limewire\fileurns.cache Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\.limewire\filters.props Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\.limewire\gnutella.net Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\.limewire\installation.props Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\.limewire\library.dat Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\.limewire\limewire.props Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\.limewire\pub1.key Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\.limewire\public.key Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\.limewire\questions.props Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\.limewire\responses.cache Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\.limewire\secureMessage.key Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\.limewire\simpp.xml Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\.limewire\spam.dat Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\.limewire\tables.props Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Adobe\Acrobat\7.0\AdobeCMapFnt07.lst Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Adobe\Acrobat\7.0\AdobeSysFnt07.lst Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Adobe\Acrobat\7.0\Collab\RSS Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Adobe\Acrobat\7.0\JavaScripts\glob.settings.js Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Adobe\Acrobat\7.0\JSADM.exv Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Adobe\Acrobat\7.0\Messages\ENU\read0700win_ENUadbe0700.pdf Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Adobe\Acrobat\7.0\Preferences\AutoFillDefaults.dat Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Adobe\Acrobat\7.0\Preferences\defaultHeuristics.dat Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Adobe\Acrobat\7.0\Updater\udlog.txt Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Adobe\Acrobat\7.0\Updater\udstore.js Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Adobe\Acrobat\7.0\UserCache.bin Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\AdobeUM\AcRdB7_0_8.sta Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\AdobeUM\AcRdS7_0_0.sta Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Apple Computer\iTunes\CD Info.cidb Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Apple Computer\iTunes\iPod Software Updates\iPod_14.1.3.ipsw Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Apple Computer\iTunes\iPod Software Updates\iPod_14.1.3.ipsw.signature Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Apple Computer\iTunes\iPod Software Updates\iPod_17.1.3.ipsw Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Apple Computer\iTunes\iPod Software Updates\iPod_17.1.3.ipsw.signature Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Apple Computer\iTunes\iPod Software Updates\iPod_20.1.2.1.ipsw Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Apple Computer\iTunes\iPod Software Updates\iPod_20.1.2.1.ipsw.signature Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Apple Computer\iTunes\iPod Updater Logs\iPodUpdater 1.log Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Apple Computer\iTunes\iPod Updater Logs\iPodUpdater 2.log Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Apple Computer\iTunes\iPod Updater Logs\iPodUpdater.log Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Apple Computer\iTunes\iTunes.pref Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Apple Computer\iTunes\iTunesPrefs.xml Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Apple Computer\QuickTime\QTPlayerSession.xml Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\CyberLink\PowerDVD\DVDTitles.bmk Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\desktop.ini Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Help\WinHlp32.BMK Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Lavasoft\Ad-Aware\description.ini Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2006-08-06 20-48-21.txt Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2006-08-07 03-38-00.txt Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2006-08-07 03-40-12.txt Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2006-08-07 03-51-24.txt Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2006-08-07 04-01-04.txt Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2006-08-07 11-12-08.txt Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2006-08-07 13-27-06.txt Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2006-08-07 14-48-27.txt Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2006-08-07 20-23-37.txt Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2006-12-29 15-14-17.txt Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2007-01-03 20-02-05.txt Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Lavasoft\Ad-Aware\Logs\Ad-Aware log2007-01-08 18-32-09.txt Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Lavasoft\Ad-Aware\settings.awc Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Lavasoft\Ad-Aware\stats.awd Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\Credentials\S-1-5-21-729321302-1114554843-363405801-1006\Credentials Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\Content\25B3519F5635637170C6C3D8822ADF8B Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\Content\2BBA88436E92E1ABCED8E68D74DC5B38 Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004 Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\Content\303572DF538EDD8B1D606185F1D559B8 Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\Content\3C83474D61E624A4F9844DF935AFE217 Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\Content\486CC6AFD08942336C61FCD401C4A1D1 Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\Content\561F989D166B9195191D8592AEB81CDD Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\Content\56BDEAABA957B2AEC25CCE688FEE4362 Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5 Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\Content\696F3DE637E6DE85B458996D49D759AD Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\Content\71644221AC231DBD2359C18EBB2118DC Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\Content\74BFD122C0875EC75DBE5C6DB4C59019 Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\Content\7735880A01E3F94F763761958A7A8191 Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\Content\79841F8EF00FBA86D33CC5A47696F165 Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\Content\7C8A03C4580C6B04FDF34357F3474EDC Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\Content\904590238400AD963F77FAAAADC9BAB5 Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\Content\A44F4E7CB3133FF765C39A53AD8FCFDD Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\Content\A722DD0408D31B48F1599878CA31591F Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\Content\A8FABA189DB7D25FBA7CAC806625FD30 Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\Content\B2F4B1D39F0694C6CDB433BC3CCF1418 Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\Content\B82262A5D5DA4DDACE9EDA7F787D0DEB Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\Content\C554DCF706A5AAB8B360FAD227EAB9C7 Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\Content\C571B417AAF1F617555A0486AB3F5361 Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\Content\C69FAAD80E5717FDD06CDA402566AD77 Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\Content\CFC456E7E410D69E2C6F3E2DB75C7DB3 Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735 Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\Content\F482C95F83F1B59228F1B1E720F2EDF1 Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\Content\FB788E090BC1F3AA2FBC9E8FB2859601 Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\MetaData\25B3519F5635637170C6C3D8822ADF8B Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BBA88436E92E1ABCED8E68D74DC5B38 Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004 Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\MetaData\303572DF538EDD8B1D606185F1D559B8 Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\MetaData\3C83474D61E624A4F9844DF935AFE217 Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\MetaData\486CC6AFD08942336C61FCD401C4A1D1 Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\MetaData\561F989D166B9195191D8592AEB81CDD Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\MetaData\56BDEAABA957B2AEC25CCE688FEE4362 Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5 Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\MetaData\696F3DE637E6DE85B458996D49D759AD Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\MetaData\71644221AC231DBD2359C18EBB2118DC Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\MetaData\74BFD122C0875EC75DBE5C6DB4C59019 Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\MetaData\7735880A01E3F94F763761958A7A8191 Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\MetaData\79841F8EF00FBA86D33CC5A47696F165 Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\MetaData\7C8A03C4580C6B04FDF34357F3474EDC Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\MetaData\904590238400AD963F77FAAAADC9BAB5 Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\MetaData\A44F4E7CB3133FF765C39A53AD8FCFDD Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\MetaData\A722DD0408D31B48F1599878CA31591F Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\MetaData\A8FABA189DB7D25FBA7CAC806625FD30 Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\MetaData\B2F4B1D39F0694C6CDB433BC3CCF1418 Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\MetaData\B82262A5D5DA4DDACE9EDA7F787D0DEB Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\MetaData\C554DCF706A5AAB8B360FAD227EAB9C7 Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\MetaData\C571B417AAF1F617555A0486AB3F5361 Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\MetaData\C69FAAD80E5717FDD06CDA402566AD77 Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\MetaData\CFC456E7E410D69E2C6F3E2DB75C7DB3 Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735 Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\MetaData\F482C95F83F1B59228F1B1E720F2EDF1 Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\CryptnetUrlCache\MetaData\FB788E090BC1F3AA2FBC9E8FB2859601 Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\Crypto\RSA\S-1-5-21-729321302-1114554843-363405801-1006\6b29ae44e85efac3c72ff4d1865d73f1_59f49b5e-9a3c-4c48-b8d2-f465f1bd11a7 Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\Crypto\RSA\S-1-5-21-729321302-1114554843-363405801-1006\6ccffeebf26f3b53bf560ce3ebc894a3_59f49b5e-9a3c-4c48-b8d2-f465f1bd11a7 Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\Crypto\RSA\S-1-5-21-729321302-1114554843-363405801-1006\83aa4cc77f591dfc2374580bbd95f6ba_59f49b5e-9a3c-4c48-b8d2-f465f1bd11a7 Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\Crypto\RSA\S-1-5-21-729321302-1114554843-363405801-1006\a077ead69703e3bf1fd373a3c9376faa_59f49b5e-9a3c-4c48-b8d2-f465f1bd11a7 Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\Crypto\RSA\S-1-5-21-729321302-1114554843-363405801-1006\a2f82163c2a09a397d8d30acff08ef27_59f49b5e-9a3c-4c48-b8d2-f465f1bd11a7 Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\Crypto\RSA\S-1-5-21-729321302-1114554843-363405801-1006\c179b372962aba6e9a35eae55372fa6e_59f49b5e-9a3c-4c48-b8d2-f465f1bd11a7 Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\Crypto\RSA\S-1-5-21-729321302-1114554843-363405801-1006\c9e893a9eb314b5c80188025a4d35651_59f49b5e-9a3c-4c48-b8d2-f465f1bd11a7 Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\eHome\ehshell.config Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\eHome\mcl_images\37baf479-af2f-4ac8-8416-25a4aae4da8a.png Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\eHome\mcl_images\6a42190b-f0b6-428e-9e15-ba6954536ef8-thumb.png Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\eHome\mcl_images\ehthumbs.db Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\Excel\Excel.xlb Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\Excel\Excel11.xlb Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\Excel\XLUSRGAL.XLS Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\HTML Help\hh.dat Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\ARPPRODUCTICON.exe Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut1_15377C3E9655400FB441E69F0A6BEAFE.exe Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut2_15377C3E9655400FB441E69F0A6BEAFE.EXE Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut3_15377C3E9655400FB441E69F0A6BEAFE.EXE Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\_50BD26FBC591412489A7790C7170A6F0 Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\brndlog.bak Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Desktop\Shortcuts\Driver Cleaner Pro.lnk Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Desktop\Shortcuts\HP USB Disk Storage Format Tool.lnk Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Desktop\Shortcuts\InterActual Player.lnk Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Desktop\Shortcuts\QuickTime Player.lnk Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Desktop\Shortcuts\UsrGuide.pdf Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Desktop\Shortcuts\Windows Live Messenger.lnk Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\My Documents\My Music\iTunes\iT.tmp Object is locked skipped
C:\My Backup -- 10-01-07 1839\Documents and Settings\Owner\My Documents\My Music\iTunes\iTunes Library (Damaged).itl Object is locked skipped
C:\My Backup -- 10-01-07 1839\Program Files\InstallShield Installation Information\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}\setup.ilg Object is locked skipped
C:\My Backup -- 10-01-07 1839\Program Files\InstallShield Installation Information\{BD57EA4D-026E-4F08-9B93-080E282B81FE}\Setup.ilg Object is locked skipped
C:\My Backup -- 10-01-07 1839\RECYCLER\S-1-5-21-729321302-1114554843-363405801-1006\Dc1.zip Object is locked skipped
C:\My Backup -- 10-01-07 1839\RECYCLER\S-1-5-21-729321302-1114554843-363405801-1006\Dc2.exe Object is locked skipped
C:\My Backup -- 10-01-07 1839\RECYCLER\S-1-5-21-729321302-1114554843-363405801-1006\Dc4.lnk Object is locked skipped
C:\My Backup -- 10-01-07 1839\RECYCLER\S-1-5-21-729321302-1114554843-363405801-1006\Dc5.htm Object is locked skipped
C:\My Backup -- 10-01-07 1839\RECYCLER\S-1-5-21-729321302-1114554843-363405801-1006\Dc6.exe Object is locked skipped
C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\eMachine_Specific.dat Object is locked skipped
C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\General.dat Object is locked skipped
C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\Security.dat Object is locked skipped
C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\Security_UK.dat Object is locked skipped
C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\UK_Specific.dat Object is locked skipped
C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\Urgent.dat Object is locked skipped
C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\Virus.dat Object is locked skipped
C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\Welcome.dat Object is locked skipped
C:\Program Files\PC Tools AntiVirus\PCTAVService.txt Object is locked skipped
C:\Program Files\PC Tools AntiVirus\~ulo Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP23\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\JUSTINE.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\ModemLog_SoftV92 Data Fax Modem with SmartCP.txt Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{5ECADD5C-AD6F-48DF-B362-F5C132074E33}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\ZLT035e1.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT035e5.TMP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

*************

And finally my new Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 1:59:42 PM, on 14/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\PC Tools AntiVirus\PCTAV.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\DOCUME~1\Owner\LOCALS~1\Temp\2007110205150_mcinfo.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for HijackThis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\Owner\LOCALS~1\Temp\2007110205150_mcinfo.exe /insfin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [PCTAVApp] "C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Thank you!!

#12 DaveM59

DaveM59

    Bleepin' Grandpa


  • Members
  • 1,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:TN USA
  • Local time:04:38 PM

Posted 15 January 2007 - 12:44 PM

Hi again,

Looks like you're clean. :thumbsup:

The safe boot problem would be best addressed by the experts on the Windows XP forum. Please post a new topic there.

Please give full details about what you have already done -- WD hard drive diagnostic, recent system restore from CD, full Windows update, checked for malware in the HijackThis forum. If asked give the URL of this topic. Also describe the safe boot problem in as much detail as you can, including the details you gave me about where the boot process stops. That will I'm sure be a vital piece of information.

Good luck --

Dave

#13 tennille578

tennille578
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:38 PM

Posted 15 January 2007 - 01:57 PM

Whew, good to hear.

Since I had posted this the safe boot has been working fine, if the freezing problem happens again I will definately post in the other forum for some help..

Thanks Dave for all of your help, I really really appreciate it!!

#14 DaveM59

DaveM59

    Bleepin' Grandpa


  • Members
  • 1,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:TN USA
  • Local time:04:38 PM

Posted 15 January 2007 - 08:49 PM

Okay then, hope your troubles are all behind you. :thumbsup:

Best of luck --

Dave

Since this issue appears to be resolved, this topic is closed. If you need it re-opened, PM me and include the URL in your message.

This applies to the original poster only. Everyone else please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users