Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Crashes


  • This topic is locked This topic is locked
32 replies to this topic

#1 Gil Higham

Gil Higham

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 27 May 2007 - 08:52 AM

I am going spare with my computer it is slow,crashes,Programs won't open,will noy close down properly etc,etc.I have run all the scans available, Superanti spyware,Ad Aware,S&D,Stinger,Norton,Housecall,Defender,CCCleab]ner et al.All show nothing but my computer continues to play up,I Have a DELL Dimension 2.6 Windows XP SP2.Please check my log.
Logfile of HijackThis v1.99.1
Scan saved at 14:33:08, on 27/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\SYSTEM32\Brmfrmps.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
C:\Program Files\Prevx1\PXAgent.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\MESSEN~1\Msmsgs.exe
C:\Documents and Settings\Gilbert Higham\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) -
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} -
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} -
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\SYSTEM32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 27 May 2007 - 10:49 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Gil Higham :thumbsup:

First disable Windows Defender's real-time protection,as it may interfere.
* Open Microsoft Windows Defender. Click Start>All Programs>Windows Defender.
* Click on 'Tools'>'Options'.
* Under 'Real-time protection options', unselect the 'Turn on real-time protection' check box
* Click 'Save'.

**************************

Right-click the running icon of Winpatrol [Black dog] in the system tray and choose exit.
It will automatically restart at next boot.

**************************

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) -
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -

Exit Hijackthis.

**************************

Download\install CleanUp.
Launch CleanUp,then click on 'Options'.
Now move the slider on the left up to 'Standard Cleanup!'.
Click 'Ok',now run the program by clicking on the 'Cleanup' button.
Reboot,or log off/log on when it's finished.

**************************

Please download Combofix and save to your desktop:
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.


**************************

Download AVG Anti-Rootkit and save to your desktop
1. Double click avgarkt-setup-1.1.0.42.exe to install. By default it will install to C:\Program Files\GRISOFT\AVG Anti-Rootkit.
2. Accept the license and follow the prompts to install.
3. You will be asked to reboot to finish the installation so click "Finish".
4. After rebooting, double-click the icon for AVG Anti-Rootkit on your desktop.
5. You will see a window with four buttons at the bottom.
6. Click "Search For Rootkits" and the scan will begin.
7. You will see the progress bar moving from left to right. The scan will take some so be patient and let it finish.
8. When the scan has finished, a small window will open so you can view the results.
9. Right click and select "Save Result To File".
10. By default the file will be saved with a .csv extension. (You can use notepad to open the .cvs file). Copy and paste the results in your next reply.
11. If anything was found, click "Remove selected items"
12. If nothing was found, please click the "Perform in-depth Search" saving anything found to file as before.

Restart your pc.
Post a new Hijackthis log in your next reply along with the others requested above.

Edited by RichieUK, 27 May 2007 - 10:57 AM.

Posted Image
Posted Image

#3 Gil Higham

Gil Higham
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 28 May 2007 - 07:25 AM

Hi RitchieUK,Thanks for your prompt reply,I have carried out your instructions up to Combofix but before going any farther can you enlighten me as to downloading to the desktop I am a silver surfer (80) and am not quite sure what the procedure is? also in the AVG program you advise "saving result to file",Where will it be saved?next you advise opening notepad to open the cvs file,How/ Sorry if I appear thick but I want to be sure I do the right thing without cockups.

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 28 May 2007 - 08:40 AM

I have carried out your instructions up to Combofix but before going any farther can you enlighten me as to downloading to the desktop I am a silver surfer (80) and am not quite sure what the procedure is?

Double click on the link to download Combofix,then follow my instructions to run it.

****************************

Ok,forget AVG Anti Rootkit,do the following instead:
Download 'Blacklight Beta graphical user interface version':
https://europe.f-secure.com/blacklight/try.shtml
Accept the agreement,then download the program.
Click on Blacklight Beta on your desktop,accept that agreement,then hit Scan.
You'll see a list of all items found.
Don't choose rename yet!
I want to see the log first,legit items may be present.
There will be a log on your desktop with the name 'fsbl---log'

Post the contents of that log in your next reply.
Posted Image
Posted Image

#5 Gil Higham

Gil Higham
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 28 May 2007 - 10:12 AM

Logfile of HijackThis v1.99.1
Scan saved at 15:01:21, on 28/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\SYSTEM32\Brmfrmps.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
C:\Program Files\Prevx1\PXAgent.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\PROGRA~1\MESSEN~1\Msmsgs.exe
C:\Documents and Settings\Gilbert Higham\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} -
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} -
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\SYSTEM32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

Logfile of HijackThis v1.99.1
Scan saved at 15:01:21, on 28/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\SYSTEM32\Brmfrmps.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
C:\Program Files\Prevx1\PXAgent.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\PROGRA~1\MESSEN~1\Msmsgs.exe
C:\Documents and Settings\Gilbert Higham\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} -
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} -
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\SYSTEM32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\NPROTECT.EXE
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~3\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

#6 Gil Higham

Gil Higham
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 28 May 2007 - 10:20 AM

"Gilbert Higham" - 2007-05-28 15:48:06 Service Pack 2
ComboFix 07-05.27.V - Running from: "C:\Documents and Settings\Gilbert Higham\My Documents\"


((((((((((((((((((((((((((((((( Files Created from 2007-04-28 to 2007-05-28 ))))))))))))))))))))))))))))))))))


2007-05-28 14:04 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgArCln.sys
2007-05-28 13:55 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-05-26 14:56 <DIR> d-------- C:\Program Files\Common Files\Skype
2007-05-25 15:54 83,536 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksyssec.sys
2007-05-25 15:54 59,984 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksysflt.sys
2007-05-25 15:54 52,304 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ikfilesec.sys
2007-05-25 15:54 39,248 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ikfileflt.sys
2007-05-25 15:54 26,064 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kcom.sys
2007-05-25 15:53 626,688 --a------ C:\WINDOWS\SYSTEM32\msvcr80.dll
2007-05-25 15:53 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-05-25 15:53 <DIR> d-------- C:\DOCUME~1\GILBER~1\APPLIC~1\PC Tools
2007-05-25 15:50 <DIR> d-------- C:\WINDOWS\SYSTEM32\runtime
2007-05-25 15:49 <DIR> d-------- C:\Program Files\Norton Security Scan
2007-05-25 15:46 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
2007-05-25 13:36 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-05-21 19:58 215,144 -ra------ C:\WINDOWS\patchw32.dll
2007-05-21 19:56 215,144 -ra------ C:\WINDOWS\pw32a0.dll
2007-05-18 17:18 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2007-05-16 13:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Prevx
2007-05-16 13:27 77,312 --a------ C:\WINDOWS\ua2.dll
2007-05-16 13:17 <DIR> d-------- C:\DOCUME~1\GILBER~1\APPLIC~1\SiteAdvisor
2007-05-16 13:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SiteAdvisor
2007-05-14 16:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-05-14 16:06 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-05-14 16:06 <DIR> d-------- C:\DOCUME~1\GILBER~1\APPLIC~1\SUPERAntiSpyware.com
2007-05-14 16:05 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-09 15:51 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-28 14:49:46 -------- d-----w C:\DOCUME~1\GILBER~1\APPLIC~1\Skype
2007-05-27 17:59:37 -------- d-----w C:\Program Files\Mozilla Thunderbird
2007-05-27 17:52:56 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-05-27 11:08:32 -------- d-----w C:\DOCUME~1\GILBER~1\APPLIC~1\Symantec
2007-05-25 17:41:34 -------- d-----w C:\Program Files\Google
2007-05-25 14:51:58 -------- d-----w C:\Program Files\Picasa2
2007-05-22 17:59:37 -------- d-----w C:\DOCUME~1\GILBER~1\APPLIC~1\Uniblue
2007-05-21 18:52:42 -------- d-----w C:\Program Files\SpywareBlaster
2007-05-18 18:38:10 -------- d-----w C:\Program Files\Windows Defender
2007-05-18 18:35:10 -------- d-----w C:\Program Files\SPAMfighter
2007-05-18 18:34:25 -------- d-----w C:\Program Files\Norton SystemWorks
2007-05-18 18:34:05 -------- d-----w C:\Program Files\Messenger
2007-04-19 10:17:26 -------- d-----w C:\Program Files\Intel
2007-04-19 10:16:17 67 -c--a-w C:\WINDOWS\vmreg32.dll
2007-04-19 10:13:52 -------- d-----w C:\Program Files\SymplisIT
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-10 15:28:03 -------- d-----w C:\Program Files\Symantec
2007-04-10 15:27:58 48,776 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-04-10 15:27:58 115,000 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-04-10 11:00:58 17,424 ----a-w C:\WINDOWS\system32\drivers\VProEventMonitor.sys
2007-04-10 11:00:52 56,192 ----a-w C:\WINDOWS\system32\drivers\V2iMount.sys
2007-04-09 11:05:28 -------- d-----w C:\DOCUME~1\GILBER~1\APPLIC~1\AdobeUM
2007-04-09 11:05:07 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-04-03 10:55:34 -------- d-----w C:\Program Files\Common Files\Ankiro
2007-04-03 10:55:17 -------- d-----w C:\Program Files\Common Files\Application
2007-04-03 10:55:00 -------- d-----w C:\DOCUME~1\GILBER~1\APPLIC~1\SPAMfighter
2007-04-02 10:17:56 -------- d-----w C:\Program Files\Microsoft Works
2007-03-30 18:44:48 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-03-30 18:34:28 -------- d-----w C:\Program Files\Microsoft Games
2007-03-30 11:22:45 4,212 -c-h--w C:\WINDOWS\system32\zllictbl.dat
2007-03-28 17:51:54 538,256 ----a-w C:\WINDOWS\system32\SymNeti.dll
2007-03-28 17:51:52 161,424 ----a-w C:\WINDOWS\system32\SymRedir.dll
2007-03-28 17:51:48 189,584 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
2007-03-28 17:51:42 24,208 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
2007-03-28 17:51:36 31,888 ----a-w C:\WINDOWS\system32\drivers\symids.sys
2007-03-28 17:51:32 28,304 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
2007-03-28 17:51:26 97,936 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
2007-03-28 17:51:20 12,944 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-10 19:09:21 3,999,989,760 --sha-w C:\gobackio.bin
2007-03-08 23:02:00 75,512 -c--a-w C:\WINDOWS\zllsputility.exe
2007-03-08 23:01:42 1,087,216 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 -c--a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{5CA3D70E-1895-11CF-8E15-001234567890}=C:\WINDOWS\system32\dla\tfswshx.dll [2004-03-15 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll [2006-11-09 16:21]
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}=C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll [2007-04-02 19:19]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar5.dll [2007-01-20 00:55]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}=C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll [2007-05-25 15:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 20:12]
"Run StartupMonitor"="StartupMonitor.exe" []
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"WinPatrol"="C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe" [2005-08-31 16:41]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-22 23:19]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-03-24 22:50]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"Norton Ghost 10.0"="C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe" [2007-04-10 12:01]
"RegistryMechanic"="" []
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-05-25 16:02]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-05-18 13:19]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"=0 (0x0)
"SynchronousUserGroupPolicy"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"nousernameinstartmenu"=0 (0x0)
"nosimplestartmenu"=0 (0x0)
"nostartmenumfuprogramslist"=0 (0x0)
"nostartmenumoreprograms"=0 (0x0)
"nochangestartmenu"=0 (0x0)
"norecentdochistory"=0 (0x0)
"maxrecentdocs"=0 (0x0)
"NoViewOnDrive"=0 (0x0)
"ClearRecentDocsOnExit"=01000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^broadband medic.lnk]
backup=C:\WINDOWS\pss\broadband medic.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CleanSweep Smart Sweep-Internet Sweep.lnk]
backup=C:\WINDOWS\pss\CleanSweep Smart Sweep-Internet Sweep.LNKCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=C:\Program Files\Nikon\PictureProject\NkbMonitor.exe.lnk
backup=C:\Program Files\Nikon\PictureProject\NkbMonitor.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Norton System Doctor.LNK]
backup=C:\WINDOWS\pss\Norton System Doctor.LNKCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Status Monitor.lnk]
backup=C:\WINDOWS\pss\Status Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ulead Photo Express Calendar Checker For My Custom Edition.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Gilbert Higham^Start Menu^Programs^Startup^Norton Disk Doctor.lnk]
backup=C:\WINDOWS\pss\Norton Disk Doctor.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
C:\Program Files\BroadJump\Client Foundation\CFD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CameraFixer]
C:\WINDOWS\CameraFixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\System32\CTFMON.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\PROGRA~1\MESSEN~1\Msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]
"C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 9.0]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run StartupMonitor]
StartupMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std]
C:\WINDOWS\vsnp2std.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2std]
C:\WINDOWS\tsnp2std.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]


Contents of the 'Scheduled Tasks' folder
2007-05-28 13:21:27 C:\WINDOWS\tasks\MP Scheduled Scan.job
2007-05-25 19:29:34 C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Gilbert Higham.job
2007-05-25 14:49:44 C:\WINDOWS\tasks\Norton Security Scan.job
2007-05-28 11:05:08 C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
2007-03-10 19:10:24 C:\WINDOWS\tasks\Symantec Drmc.job

********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-28 15:58:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-05-28 16:03:44
C:\ComboFix-quarantined-files.txt ... 2007-05-28 16:03
C:\ComboFix2.txt ... 2007-05-28 13:58

--- E O F ---
Did'nt know how to put on one file.The AVG Rootkit was CLEAR.Hope I have done this OK.I had a job to do it but that is how you learn is'nt it.Look forward with interest to your findings.Thanks again

#7 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 28 May 2007 - 10:52 AM

Go here:http://virusscan.jotti.org/
Using the 'Browse' button,browse to:
C:\WINDOWS\pw32a0.dll
Then press the 'Submit' button.
Wait while the file is scanned.
Post the results into your next reply please.

If Jotti's too busy,try here:
Go here:http://www.virustotal.com/en/virustotalf.html
Using the 'Browse' button,browse to:
C:\WINDOWS\pw32a0.dll
Then click on 'Send'.
Post the results into your next reply please.
Posted Image
Posted Image

#8 Gil Higham

Gil Higham
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 28 May 2007 - 01:23 PM

Hi,Done the scan,result herewith:
Jotti's malware scan 2.99-TRANSITION_TO_3.00-R1

File to upload & scan:
Service
Service load: 0% 100%

File: pw32a0.dll
Status: OK
MD5 41ec2f399c8f8ec7502d063b4a0f6555
Packers detected: -

Scanner results
Scan taken on 28 May 2007 18:14:12 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
Is it looking good!!!!

#9 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 28 May 2007 - 02:06 PM

Download 'e Scan MWAV' from here to your desktop:
http://www.mwti.net/download/tools/mwav.exe
Disconnect from the internet,close any open programs.
Double click on the mwav icon on your desktop.
The program will start,the Licence Agreement will pop up.
Select 'I accept the agreement',then press Ok.
The program will open,leave all the settings as they are.
Now press the 'Scan & Clean' button.
The program will now start scanning your pc.
Once the scan has finished,post the results from the lower window 'Virus Log Information'.

Let me know how the pc is running now.
Posted Image
Posted Image

#10 Gil Higham

Gil Higham
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 29 May 2007 - 06:53 AM

Ran the program think this is the resulting log,it was the "view log" box that I copied,was this correct???
The computer is running OK but IE takes forever to load as does booting up,so much so that my granddaughter commented on it.Tue May 29 12:21:38 2007 => **********************************************************
Tue May 29 12:21:38 2007 => MicroWorld Anti Virus & Spyware Toolkit Utility.
Tue May 29 12:21:38 2007 => Copyright © 2003-2006, MicroWorld Technologies Inc.
Tue May 29 12:21:38 2007 => **********************************************************
Tue May 29 12:21:38 2007 => Source: C:\DOCUME~1\GILBER~1\MYDOCU~1\mwav.exe
Tue May 29 12:21:38 2007 => Version 9.2.6 (C:\DOCUME~1\GILBER~1\LOCALS~1\Temp\mexe.com)
Tue May 29 12:21:38 2007 => Log File: C:\DOCUME~1\GILBER~1\LOCALS~1\Temp\MWAV.LOG
Tue May 29 12:21:38 2007 => MWAV in SPECIAL PROMOTION MODE.
Tue May 29 12:21:38 2007 => MWAV Registered: TRUE.
Tue May 29 12:21:38 2007 => User Account: Gilbert Higham
Tue May 29 12:21:38 2007 => OS Type: Windows Workstation
Tue May 29 12:21:38 2007 => OS: Windows XP
Tue May 29 12:21:38 2007 => Ver: Service Pack 2 (Build 2600)
Tue May 29 12:21:38 2007 => Windows Root Folder: C:\WINDOWS
Tue May 29 12:21:39 2007 => Windows Sys32 Folder: C:\WINDOWS\system32
Tue May 29 12:21:39 2007 => Local Fixed Drives: c:\
Tue May 29 12:21:39 2007 => MWAV Mode: Scan and Clean files (for viruses, adware and spyware).

Tue May 29 12:21:39 2007 => ********** Files created/modified in last fortnight in Windows Folder **********
Tue May 29 12:21:40 2007 => C:\WINDOWS\catchme.exe (87040), 22-May-2007
Tue May 29 12:21:40 2007 => C:\WINDOWS\nircmd.exe (49152), 28-May-2007, NirSoft, NirCmd
Tue May 29 12:21:40 2007 => C:\WINDOWS\patchw32.dll (215144), 21-May-2007
Tue May 29 12:21:40 2007 => C:\WINDOWS\pw32a0.dll (215144), 21-May-2007
Tue May 29 12:21:40 2007 => C:\WINDOWS\ua2.dll (77312), 16-May-2007
Tue May 29 12:21:40 2007 => C:\WINDOWS\wininit.ini (3702), 16-May-2007
Tue May 29 12:21:41 2007 => C:\WINDOWS\system32\moveex.exe (38400), 28-May-2007
Tue May 29 12:21:41 2007 => C:\WINDOWS\system32\MSCOMCTL.OCX (1081616), 22-May-2007, Microsoft Corporation, MSCOMCTL
Tue May 29 12:21:41 2007 => C:\WINDOWS\system32\msvcr80.dll (626688), 25-May-2007, Microsoft Corporation, Microsoft® Visual Studio® 2005
Tue May 29 12:21:41 2007 => C:\WINDOWS\system32\swreg.exe (428032), 28-May-2007, SteelWerX, SteelWerX Registry Editor
Tue May 29 12:21:42 2007 => C:\WINDOWS\system32\swsc.exe (370688), 28-May-2007, SteelWerX, SteelWerX Service Controller
Tue May 29 12:21:42 2007 => C:\WINDOWS\system32\swxcacls.exe (212480), 28-May-2007, SteelWerX, SteelWerX Extended Configurator ACLists
Tue May 29 12:21:42 2007 => C:\WINDOWS\system32\vfind.exe (49152), 28-May-2007
Tue May 29 12:21:42 2007 => C:\WINDOWS\system32\ZPORT4AS.dll (11776), 18-May-2007
Tue May 29 12:21:42 2007 => ********************************************************************************

Tue May 29 12:21:48 2007 => Latest Date of files inside MWAV: 28 May 2007 11:51:0.
Tue May 29 12:22:22 2007 => AV Library Loaded...
Tue May 29 12:22:22 2007 => MWAV doing self scanning...
Tue May 29 12:22:22 2007 => Scanning File C:\DOCUME~1\GILBER~1\LOCALS~1\Temp\getvlist.exe
Tue May 29 12:22:22 2007 => Scanning File C:\DOCUME~1\GILBER~1\LOCALS~1\Temp\main.avi
Tue May 29 12:22:22 2007 => Scanning File C:\DOCUME~1\GILBER~1\LOCALS~1\Temp\virus.avi
Tue May 29 12:22:23 2007 => Scanning File C:\DOCUME~1\GILBER~1\LOCALS~1\Temp\ScanningProcess.exe
Tue May 29 12:22:23 2007 => Scanning File C:\DOCUME~1\GILBER~1\LOCALS~1\Temp\kave.dll
Tue May 29 12:22:23 2007 => Scanning File C:\DOCUME~1\GILBER~1\LOCALS~1\Temp\prloader.dll
Tue May 29 12:22:23 2007 => MWAV files are clean.
Tue May 29 12:23:21 2007 => Virus Database Date: 5/28/2007
Tue May 29 12:23:21 2007 => Virus Database Count: 332426
Tue May 29 12:24:19 2007 => Uninitializing Scanner (3)...
Tue May 29 12:24:23 2007 => Freeing Libraries (3)...
Tue May 29 12:24:23 2007 => AV Library Unloaded (3)...
Tue May 29 12:43:35 2007 => **********************************************************
Tue May 29 12:43:36 2007 => MicroWorld Anti Virus & Spyware Toolkit Utility.
Tue May 29 12:43:36 2007 => Copyright © 2003-2006, MicroWorld Technologies Inc.
Tue May 29 12:43:36 2007 => **********************************************************
Tue May 29 12:43:36 2007 => Source: C:\DOCUME~1\GILBER~1\MYDOCU~1\mwav.exe
Tue May 29 12:43:36 2007 => Version 9.2.6 (C:\DOCUME~1\GILBER~1\LOCALS~1\Temp\mexe.com)
Tue May 29 12:43:36 2007 => Log File: C:\DOCUME~1\GILBER~1\LOCALS~1\Temp\MWAV.LOG
Tue May 29 12:43:36 2007 => MWAV in SPECIAL PROMOTION MODE.
Tue May 29 12:43:36 2007 => MWAV Registered: TRUE.
Tue May 29 12:43:36 2007 => User Account: Gilbert Higham
Tue May 29 12:43:36 2007 => OS Type: Windows Workstation
Tue May 29 12:43:36 2007 => OS: Windows XP
Tue May 29 12:43:36 2007 => Ver: Service Pack 2 (Build 2600)
Tue May 29 12:43:36 2007 => Windows Root Folder: C:\WINDOWS
Tue May 29 12:43:36 2007 => Windows Sys32 Folder: C:\WINDOWS\system32
Tue May 29 12:43:36 2007 => Local Fixed Drives: c:\
Tue May 29 12:43:36 2007 => MWAV Mode: Scan and Clean files (for viruses, adware and spyware).

Tue May 29 12:43:36 2007 => ********** Files created/modified in last fortnight in Windows Folder **********
Tue May 29 12:43:36 2007 => C:\WINDOWS\catchme.exe (87040), 22-May-2007
Tue May 29 12:43:36 2007 => C:\WINDOWS\nircmd.exe (49152), 28-May-2007, NirSoft, NirCmd
Tue May 29 12:43:37 2007 => C:\WINDOWS\patchw32.dll (215144), 21-May-2007
Tue May 29 12:43:37 2007 => C:\WINDOWS\pw32a0.dll (215144), 21-May-2007
Tue May 29 12:43:37 2007 => C:\WINDOWS\R.COM (146432), 29-May-2007, Microsoft Corporation, Microsoft® Windows® Operating System
Tue May 29 12:43:37 2007 => C:\WINDOWS\REGEDIT.COM (146432), 29-May-2007, Microsoft Corporation, Microsoft® Windows® Operating System
Tue May 29 12:43:37 2007 => C:\WINDOWS\ua2.dll (77312), 16-May-2007
Tue May 29 12:43:37 2007 => C:\WINDOWS\wininit.ini (3702), 16-May-2007
Tue May 29 12:43:37 2007 => C:\WINDOWS\system32\moveex.exe (38400), 28-May-2007
Tue May 29 12:43:37 2007 => C:\WINDOWS\system32\MSCOMCTL.OCX (1081616), 22-May-2007, Microsoft Corporation, MSCOMCTL
Tue May 29 12:43:37 2007 => C:\WINDOWS\system32\msvcr80.dll (626688), 25-May-2007, Microsoft Corporation, Microsoft® Visual Studio® 2005
Tue May 29 12:43:37 2007 => C:\WINDOWS\system32\swreg.exe (428032), 28-May-2007, SteelWerX, SteelWerX Registry Editor
Tue May 29 12:43:37 2007 => C:\WINDOWS\system32\swsc.exe (370688), 28-May-2007, SteelWerX, SteelWerX Service Controller
Tue May 29 12:43:37 2007 => C:\WINDOWS\system32\swxcacls.exe (212480), 28-May-2007, SteelWerX, SteelWerX Extended Configurator ACLists
Tue May 29 12:43:38 2007 => C:\WINDOWS\system32\T.COM (135680), 29-May-2007, Microsoft Corporation, Microsoft® Windows® Operating System
Tue May 29 12:43:38 2007 => C:\WINDOWS\system32\TASKMGR.COM (135680), 29-May-2007, Microsoft Corporation, Microsoft® Windows® Operating System
Tue May 29 12:43:38 2007 => C:\WINDOWS\system32\vfind.exe (49152), 28-May-2007
Tue May 29 12:43:38 2007 => C:\WINDOWS\system32\ZPORT4AS.dll (11776), 18-May-2007
Tue May 29 12:43:38 2007 => ********************************************************************************

Tue May 29 12:43:44 2007 => Latest Date of files inside MWAV: 28 May 2007 11:51:0.
Tue May 29 12:44:06 2007 => AV Library Loaded...
Tue May 29 12:44:06 2007 => MWAV doing self scanning...
Tue May 29 12:44:06 2007 => Scanning File C:\DOCUME~1\GILBER~1\LOCALS~1\Temp\getvlist.exe
Tue May 29 12:44:06 2007 => Scanning File C:\DOCUME~1\GILBER~1\LOCALS~1\Temp\main.avi
Tue May 29 12:44:06 2007 => Scanning File C:\DOCUME~1\GILBER~1\LOCALS~1\Temp\virus.avi
Tue May 29 12:44:06 2007 => Scanning File C:\DOCUME~1\GILBER~1\LOCALS~1\Temp\ScanningProcess.exe
Tue May 29 12:44:06 2007 => Scanning File C:\DOCUME~1\GILBER~1\LOCALS~1\Temp\kave.dll
Tue May 29 12:44:06 2007 => Scanning File C:\DOCUME~1\GILBER~1\LOCALS~1\Temp\prloader.dll
Tue May 29 12:44:07 2007 => MWAV files are clean.
Tue May 29 12:44:11 2007 => Virus Database Date: 5/28/2007
Tue May 29 12:44:11 2007 => Virus Database Count: 332426

#11 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 29 May 2007 - 07:05 AM

Run this online virus/spyware scan using Internet Explorer:
Kaspersky WebScanner
Next click Kaspersky Online Scanner
You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
• Now click on Scan Settings
• In the scan settings make that the following are selected:
• Scan using the following Anti-Virus database:
• Standard
• Scan Options:
• Scan Archives
• Scan Mail Bases
• Click OK
• Now under select a target to scan:
• Select My Computer
• This will start the program and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
• Now click on the Save as Text button:
• Save the file to your desktop.
Copy and paste the contents of that file into your next reply.
Posted Image
Posted Image

#12 Gil Higham

Gil Higham
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 29 May 2007 - 12:42 PM

Hi Ritchie,Done the Kaspercy,does'nt look right to me?I did it three times with the same result.All files scanned CLEAN no infections.
<html>
<head>
<title>KASPERSKY ONLINE SCANNER REPORT</title>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8'>
</head>

<style>
.pagetitle { font-size:20px; color:#FFFFFF; font-family: Arial, Geneva, sans-serif; }
.text { font-size:11px; font-family: Arial, Geneva, sans-serif; }
TD { font-size:11px; font-family: Arial, Geneva, sans-serif; }
</style>

<body>
<table width='100%' height='110' border='0'>
<tr height='30' align='center' bgcolor='#005447'>
<td colspan='2' height='30' class='pagetitle'>
<b>KASPERSKY ONLINE SCANNER REPORT</b>
</td>
</tr>
<tr height='70'>
<td colspan='2' height='70'>
Tuesday, May 29, 2007 6:29:15 PM<br>
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)<br>
Kaspersky Online Scanner version: 5.0.93.0<br>
Kaspersky Anti-Virus database last update: 29/05/2007<br>
Kaspersky Anti-Virus database records: 313144<br>
</td>
</tr>
<tr height='10'>
<td colspan='2' height='10'>
</td>
</tr>
</table>
<table width='100%' height='145' border='0'>
<tr height='20' bgcolor='#EFEBDE'>
<td colspan='2' height='20'><b>Scan Settings</b></td>
</tr>
<tr height='15'>
<td height='15' width='250'>Scan using the following antivirus database</td>
<td>standard</td>
</tr>
<tr height='15'>
<td height='15'>Scan Archives</td>
<td>true</td>
</tr>
<tr height='15'>
<td height='15'>Scan Mail Bases</td>
<td>true</td>
</tr>
<tr height='10'>
<td colspan='2' height='10'>
</td>
</tr>
<tr height='20' bgcolor='#EFEBDE'>
<td height='20'><b>Scan Target</b></td>
<td>My Computer</td>
</tr>
<tr height='20'>
<td colspan='2' height='20'>
A:\<br>
C:\<br>
E:\
</td>
</tr>
<tr height='10'>
<td colspan='2' height='10'>
</td>
</tr>
<tr height='20' bgcolor='#EFEBDE'>
<td colspan='2' height='20'><b>Scan Statistics</b></td>
</tr>
<tr height='15'>
<td height='15'>Total number of scanned objects</td>
<td>47212</td>
</tr>
<tr height='15'>
<td height='15'>Number of viruses found</td>
<td>0</td>
</tr>
<tr height='15'>
<td height='15'>Number of infected objects</td>
<td>0</td>
</tr>
<tr height='15'>
<td height='15'>Number of suspicious objects</td>
<td>0</td>
</tr>
<tr height='15'>
<td height='15'>Duration of the scan process</td>
<td>01:26:57</td>
</tr>
</table>
<br>
<table width='100%' border='0'>
<tr height='20' bgcolor='#EFEBDE'>
<td height='20'><b>Infected Object Name</b></td>
<td width='200'><b>Virus Name</b></td>
<td width='100'><b>Last Action</b></td>
</tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-11162006-114032.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\All Users\Application Data\Prevx\Local.dat </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\All Users\Application Data\Symantec\HPPAppActivity.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\All Users\Application Data\Symantec\HPPHomePageActivity.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-05-29_Log.ALUSchedulerSvc.LiveUpdate </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Gilbert Higham\Application Data\SPAMfighter\Logs\Agent.log.txt </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Gilbert Higham\Application Data\SPAMfighter\Logs\Core.log.txt </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Gilbert Higham\Application Data\Symantec\PendingAlertsQueue.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Gilbert Higham\Cookies\index.dat </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Gilbert Higham\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\Deleted Items.dbx </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Gilbert Higham\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\Folders.dbx </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Gilbert Higham\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\Inbox.dbx </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Gilbert Higham\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\Offline.dbx </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Gilbert Higham\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\Pop3uidl.dbx </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Gilbert Higham\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Gilbert Higham\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Gilbert Higham\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Gilbert Higham\Local Settings\History\History.IE5\index.dat </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Gilbert Higham\Local Settings\History\History.IE5\MSHist012007052920070530\index.dat </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Gilbert Higham\Local Settings\Temp\Perflib_Perfdata_65c.dat </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Gilbert Higham\Local Settings\Temp\Perflib_Perfdata_904.dat </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Gilbert Higham\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Gilbert Higham\Local Settings\Temporary Internet Files\Content.IE5\index.dat </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Gilbert Higham\ntuser.dat </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\Gilbert Higham\ntuser.dat.LOG </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\LocalService\Cookies\index.dat </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\LocalService\NTUSER.DAT </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\LocalService\ntuser.dat.LOG </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\NetworkService\Cookies\index.dat </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\NetworkService\NTUSER.DAT </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Documents and Settings\NetworkService\ntuser.dat.LOG </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\gobackio.bin </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Program Files\Common Files\Symantec Shared\SNDALRT.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Program Files\Common Files\Symantec Shared\SNDCON.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Program Files\Common Files\Symantec Shared\SNDDBG.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Program Files\Common Files\Symantec Shared\SNDFW.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Program Files\Common Files\Symantec Shared\SNDIDS.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Program Files\Common Files\Symantec Shared\SNDSYS.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Program Files\Norton SystemWorks\Norton AntiVirus\AVApp.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Program Files\Norton SystemWorks\Norton AntiVirus\AVError.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Program Files\Norton SystemWorks\Norton AntiVirus\AVVirus.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Program Files\Norton SystemWorks\Norton AntiVirus\Savrt\0397NAV~.TMP </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Program Files\Norton SystemWorks\Norton AntiVirus\Savrt\0973NAV~.TMP </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Program Files\Prevx1\lclbrk.cache </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Program Files\Prevx1\log\px-log.txt </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Program Files\Prevx1\paws.cache </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\Program Files\Prevx1\prevx.cache </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\RECYCLER\NPROTECT\NPROTECT.LOG </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\Debug\PASSWD.LOG </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\Internet Logs\fwdbglog.txt </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\Internet Logs\fwpktlog.txt </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\Internet Logs\GIL.ldb </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\Internet Logs\IAMDB.RDB </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\Internet Logs\tvDebug.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\SchedLgU.Txt </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\SoftwareDistribution\EventCache\{AEB5B4B8-FC24-4F67-982E-D6EDB2F6B2CB}.bin </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\SoftwareDistribution\ReportingEvents.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\Sti_Trace.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\SYSTEM32\CatRoot2\edb.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\SYSTEM32\CONFIG\SAM </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\SYSTEM32\CONFIG\SECURITY </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\SYSTEM32\H323LOG.TXT </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\Temp\Perflib_Perfdata_2d8.dat </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\Temp\ZLT01bce.TMP </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\Temp\ZLT01bee.TMP </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\wiadebug.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\wiaservc.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td height='20'>C:\WINDOWS\WindowsUpdate.log </td>
<td>Object is locked </td>
<td>skipped </td>
</tr>
<tr><td colspan='3' height='1' bgcolor='#EFEBDE'></td></tr>
<tr height='20'>
<td colspan='3' height='20'><b>Scan process completed.</b></td>
</tr>
</table>
</body>
</html>
Just one other matter,when we started this operation,I'm sure I had A,C,D and E drives now I only have A,C and E.I cannot use my DVD/CDRW drive????

#13 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 29 May 2007 - 05:19 PM

If your dvd/cd drive is missing from 'My Computer',try this:

Click on Start>Run and type regedit then press Enter, then navigate to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\
{4D36E965-E325-11CE-BFC1-08002BE10318}
Highlight the above key by left clicking on it once.
In the right hand side window delete the values 'Upperfilters' and 'Lowerfilters' if either or both are present.
Restart your pc.

*Important*
If you're not sure what you're doing,backup the registry first by doing the following.
Click on Start>Run,type regedit then press Enter.
Click on 'File' at the top,then 'Export'.
In the opening 'Export Registry File' box,place a check in 'ALL' at the bottom left.
In the 'File name:' space,type back.reg
Make sure 'Desktop' is selected in the left hand column.
Then press 'Save'.

************************************

If startup is still slow,go through the following in the link below.
Help! My computer is slow!
http://users.telenet.be/bluepatchy/miekiem...owcomputer.html

Edited by RichieUK, 29 May 2007 - 05:24 PM.

Posted Image
Posted Image

#14 Gil Higham

Gil Higham
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:52 PM

Posted 30 May 2007 - 07:09 AM

WHAT CAN I SAY........Wonderful,got my CDplayer back.Will try the site you mentioned for speeding up.Do I take it that my machine is virus free?? and I can use it with impuinity.Thanks again for your support and concise instructions,a first for me editing the Registry.

#15 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 30 May 2007 - 07:23 AM

Restart your pc Gil,then rescan with Hijackthis and post a new log please.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users