Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Stuck On "windows Is Starting Up" Screen--won't Finish Booting Up


  • This topic is locked This topic is locked
25 replies to this topic

#1 delinger

delinger

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 20 June 2007 - 11:55 PM

My e-machine T3065 will remain stuck on the "windows is starting up screen" for, sometimes, hours at a time. This has been going on for about 2 months now. I normally only restart when my comp locks up while playing games (mainly DirectX errors during Call of Duty 2). I have to manually shutdown using the power button because I can't get out to the desktop and ctrl/alt/delete gets no response. After being on the "windows is starting is starting up" screen for a long time, it will finally say " Logon message The system couldn't log you on. Make sure your user name and domain are correct, the type your password again. Letters in password must be typed using correct case". I can then just click "ok" and it finishes booting up and works normally. I have no other slow downs during gaming or other internet use. I don't know if this is a virus or malware problem, or if I've got my passwords and user names messed up. I unchecked many startup items in hopes of speeding things up, to no avail. I performed all the preparation steps prior to posting my HJT log. My comp is old, but I need it to limp along for a few more months while I buy parts for a new one. I would greatly appreciate any help you can provide. Thank you.

Logfile of HijackThis v1.99.1
Scan saved at 11:26:35 PM, on 6/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sstray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Kelly.OFFICE\Desktop\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {d83b71fc-86a1-440d-9372-e2d3050a599f} - (no file)
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Install.exe] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.charter.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildtangent.com/bgn/partner...stx/install.cab
O16 - DPF: {BA83FD38-CE14-4DA3-BEF5-96050D55F78A} - http://www.flipviewer.com/exe/fv373p.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://antu.popcap.com/games/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AAE55A81-E58C-4DC3-8BAD-881D5A3F664F}: NameServer = 216.104.64.5,216.104.72.5
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: gebyv - C:\WINDOWS\system32\gebyv.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ureg - Unknown owner - C:\WINDOWS\system32\ureg.exe (file missing)

BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:05 PM

Posted 27 June 2007 - 04:30 PM

Hellog delinger, and welcome,

My name is SifuMike and I will be helping you.


I see that you are running msconfig in /auto mode which means that you may have selectively removed some items in the past from the startup procedure.

This can be bad if they are malware, so we would like you to reenable those startup entries by doing the following:

Please click on start, then run, and type msconfig and then press enter. When the window opens click on the startup tab and make sure there are checkmarks in every entry. Then press ok until you are out of the program.
If it asks to reboot, do not reboot. It is not necessary to reboot to get the items to show up in HijackThis.

******************

Please perform this online scan: Kaspersky Webscan
This scan require Internet Explorer to run.
Read the Requirements and Privacy statement, then select "Accept"
A dialogue box will appearing asking "Do you want to install this software?" Name: kavwebscan_unicode.cab
Select "Install" to download the ActiveX controls that allows ActiveScan to run.
When the download is complete it will say ready, click "Next"
Select a target to scan: Click on "My Computer"
When the scan is complete choose to save the results as "Save as Text"
Post the kaspersky scan log.

******************

Download and install AVG Anti-Spyware v7.5.
  • After download, double click on the file to launch the install process.
  • Choose a language, click "OK" and then click "Next".
  • Read the "License Agreement" and click "I Agree".
  • Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".
  • After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
  • Connect to the Internet, go back to AVG Anti-Spyware, select the "Update" button and click "Start update". Wait until you see the "Update successful" message. If you are having problems with the updater, manually update with the AVG Anti-Spyware Full database installer from here.
  • Exit AVG Anti-Spyware when done - DO NOT perform a scan yet.
Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". (Note: When run in safe mode, sometimes the GUI is larger than the screen and the buttons at the bottom are partly or completely hidden, making them unaccessible for doing a scan. If this is the case, press the WINKEY + M key to "Minimize" the AVG display. Then right-click on AVG in the Task Bar and select "Maximize". If that does not help, then you may have to run your scan in normal mode and advise your helper afterwards.)

Scan with AVG Anti-Spyware as follows:
  • Click on the "Scanner" button and choose the "Settings" tab.
  • Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
  • Under "How to Scan?", "Possibly unwanted software", and What to Scan?" leave all the default settings.
  • Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".
  • Click the "Scan" tab to return to scanning options.
  • Click "Complete System Scan" to start.
  • When the scan has finished, it should automatically be set to Quarantine--if not click on Recommended Action and set it there.
  • You will also be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.
IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button.
  • Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
  • Exit AVG Anti-Spyware when done, reboot normally and submit the log report in your next response.
Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. Doing so can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.

AVG Anti-Spyware is free for 30 days and all the extensions of the full version will be activated. After the 30 day trial, active protection extensions will be deactivated and the program will turn into a feature-limited freeware version that you can can continue to use as an on-demand scanner or you may purchase a license to use the full version.

When done, submit the Kaspersky scan log, the AVG Anti-Spyware 7.5 log and a fresh Hijackthis log.

Edited by SifuMike, 27 June 2007 - 04:44 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 delinger

delinger
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 29 June 2007 - 04:17 PM

Hi SifuMike,

Thank you very much for helping me. I love Bleeping Computer, even though I currently hate my bleeping computer. I have never used the Kaspersky scan before. I finished a scan, then saved it as a txt file, but then I couldn't find it. I thought I directed it to the desktop, but I didn't see it. I thensearched for "Kaspersky" and found several entries, none of which looked like a scan log or anything. There was only one text file and it had this in it:
Soruid
BQAAACddhUamHgEAAXsCAA==
www.kaspersky.com/
1024
1131244928
30600882
2344989408
29866627
*
Sorry for my ignorance on this. I hope I dont have to do the scan again. It took over an hour. :thumbsup:

#4 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:05 PM

Posted 29 June 2007 - 04:25 PM

Hi delinger,

We will use a different virus scanner.

You will need to use Internet Explorer for this scan.

Disable your antivirus program and go here to run BitDefender Online Scan.
Click on I Agree.
Avoid clicking on other links as you don't need to try out the full install at this point, just the online scanner.

When the ActiveX Control has loaded, click on "Click here to scan".
Please be patient, as this scan may take a few hours. It all depends on the number of files on your computer.

NOTE: If you are running XP SP2, you may need to click on the Information Bar to allow the ActiveX to install and may need to repeat the BitDefender Online Scan.


When BitDefender completes the scan, select the "Detected Problems" tab.
Click on "Click here to export scan".
Save the file as an HTML to your Desktop.
Then click on the saved file and allow it to open with your browser.
Go to Edit - Select All then copy/paste that log back here.
Post the BitDefender log.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 delinger

delinger
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 29 June 2007 - 04:28 PM

Will the bit defender find the same things as the Kaspersky? Because I had 9 infected files come up on the Kas scan.

#6 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:05 PM

Posted 29 June 2007 - 04:32 PM

Probably not, as each online virus scanner looks for different viruses. Kaspersky scan will take less time then the BitDefender scan, so the choice is yours.
Kaspersky will not remove viruses (it only lists them), but BitDefender will remove them.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 delinger

delinger
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 29 June 2007 - 04:36 PM

ok. will the bitdefender be in place of the avg scan, or in addition to it? because i will do the bitdefender, then the avg, then post a new HJT log all in a row, if that will work. And you wont be bugged by me for several hours. :thumbsup:

#8 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:05 PM

Posted 29 June 2007 - 04:40 PM

Run Bitdenfder online scan and in the Safe Mode run AVG antispyware.



because i will do the bitdefender, then the avg, then post a new HJT log all in a row, if that will work.

Yes, that is correct. BitDefender may take several hours, all depends on the number of files on your computer.

Edited by SifuMike, 29 June 2007 - 04:41 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 delinger

delinger
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 29 June 2007 - 04:41 PM

ok thanks. off I go then.

#10 delinger

delinger
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 29 June 2007 - 06:18 PM

I cant find the bitdefender one either......

#11 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:05 PM

Posted 29 June 2007 - 06:20 PM

Try running Kaspersky Online scan again and be sure to follow the directions in my previous post.

Edited by SifuMike, 29 June 2007 - 06:21 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#12 delinger

delinger
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 29 June 2007 - 06:23 PM

ok. i dont understand what is happening. earlier, i even made a new folder on my desktop called "kaspersky" and directed the save to it. i will try again..

#13 delinger

delinger
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 29 June 2007 - 08:01 PM

W00t! I know what i did wrong. I will post the Kaspersky first, before I lose it or something. Thanks for your patience, SiFuMike. :thumbsup:

p.s. I like your avatar. The Pink Panther movies are some of my favorites.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, June 29, 2007 8:58:04 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 30/06/2007
Kaspersky Anti-Virus database records: 355716
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 87539
Number of viruses found: 3
Number of infected objects: 4
Number of suspicious objects: 0
Duration of the scan process: 01:06:56

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Kelly.OFFICE\Application Data\tmp5B.tmp.exe Infected: Trojan.Win32.Agent.agv skipped
C:\Documents and Settings\Kelly.OFFICE\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Kelly.OFFICE\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Kelly.OFFICE\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Kelly.OFFICE\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Kelly.OFFICE\Local Settings\History\History.IE5\MSHist012007062920070630\index.dat Object is locked skipped
C:\Documents and Settings\Kelly.OFFICE\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Kelly.OFFICE\ntuser.dat Object is locked skipped
C:\Documents and Settings\Kelly.OFFICE\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{681AD0F2-0D47-41B9-8237-A8C74BD32DF4}\RP118\A0054338.exe Object is locked skipped
C:\System Volume Information\_restore{681AD0F2-0D47-41B9-8237-A8C74BD32DF4}\RP118\A0054339.exe Object is locked skipped
C:\System Volume Information\_restore{681AD0F2-0D47-41B9-8237-A8C74BD32DF4}\RP118\A0054340.exe Object is locked skipped
C:\System Volume Information\_restore{681AD0F2-0D47-41B9-8237-A8C74BD32DF4}\RP118\A0054341.exe Object is locked skipped
C:\System Volume Information\_restore{681AD0F2-0D47-41B9-8237-A8C74BD32DF4}\RP118\A0054342.exe Object is locked skipped
C:\System Volume Information\_restore{681AD0F2-0D47-41B9-8237-A8C74BD32DF4}\RP118\A0054343.exe Object is locked skipped
C:\System Volume Information\_restore{681AD0F2-0D47-41B9-8237-A8C74BD32DF4}\RP118\A0054344.exe Object is locked skipped
C:\System Volume Information\_restore{681AD0F2-0D47-41B9-8237-A8C74BD32DF4}\RP118\A0054345.exe Object is locked skipped
C:\System Volume Information\_restore{681AD0F2-0D47-41B9-8237-A8C74BD32DF4}\RP118\A0054346.exe Object is locked skipped
C:\System Volume Information\_restore{681AD0F2-0D47-41B9-8237-A8C74BD32DF4}\RP118\A0054347.exe Object is locked skipped
C:\System Volume Information\_restore{681AD0F2-0D47-41B9-8237-A8C74BD32DF4}\RP118\A0054348.exe Object is locked skipped
C:\System Volume Information\_restore{681AD0F2-0D47-41B9-8237-A8C74BD32DF4}\RP118\A0054349.exe Object is locked skipped
C:\System Volume Information\_restore{681AD0F2-0D47-41B9-8237-A8C74BD32DF4}\RP118\A0054350.exe Object is locked skipped
C:\System Volume Information\_restore{681AD0F2-0D47-41B9-8237-A8C74BD32DF4}\RP118\A0054351.exe Object is locked skipped
C:\System Volume Information\_restore{681AD0F2-0D47-41B9-8237-A8C74BD32DF4}\RP118\A0054352.exe Object is locked skipped
C:\System Volume Information\_restore{681AD0F2-0D47-41B9-8237-A8C74BD32DF4}\RP118\A0054353.exe Object is locked skipped
C:\System Volume Information\_restore{681AD0F2-0D47-41B9-8237-A8C74BD32DF4}\RP118\A0054354.exe Object is locked skipped
C:\System Volume Information\_restore{681AD0F2-0D47-41B9-8237-A8C74BD32DF4}\RP118\A0054355.exe Object is locked skipped
C:\System Volume Information\_restore{681AD0F2-0D47-41B9-8237-A8C74BD32DF4}\RP118\A0054356.exe Object is locked skipped
C:\System Volume Information\_restore{681AD0F2-0D47-41B9-8237-A8C74BD32DF4}\RP118\A0054357.exe Object is locked skipped
C:\System Volume Information\_restore{681AD0F2-0D47-41B9-8237-A8C74BD32DF4}\RP118\A0054358.exe Object is locked skipped
C:\System Volume Information\_restore{681AD0F2-0D47-41B9-8237-A8C74BD32DF4}\RP118\A0054359.exe Object is locked skipped
C:\System Volume Information\_restore{681AD0F2-0D47-41B9-8237-A8C74BD32DF4}\RP118\A0054360.exe Object is locked skipped
C:\System Volume Information\_restore{681AD0F2-0D47-41B9-8237-A8C74BD32DF4}\RP118\A0054361.exe Object is locked skipped
C:\System Volume Information\_restore{681AD0F2-0D47-41B9-8237-A8C74BD32DF4}\RP118\A0054362.exe Object is locked skipped
C:\System Volume Information\_restore{681AD0F2-0D47-41B9-8237-A8C74BD32DF4}\RP118\A0054363.exe Object is locked skipped
C:\System Volume Information\_restore{681AD0F2-0D47-41B9-8237-A8C74BD32DF4}\RP118\A0054364.exe Object is locked skipped
C:\System Volume Information\_restore{681AD0F2-0D47-41B9-8237-A8C74BD32DF4}\RP118\A0054365.dll Object is locked skipped
C:\System Volume Information\_restore{681AD0F2-0D47-41B9-8237-A8C74BD32DF4}\RP118\A0054366.dll Object is locked skipped
C:\System Volume Information\_restore{681AD0F2-0D47-41B9-8237-A8C74BD32DF4}\RP118\A0054367.dll Object is locked skipped
C:\System Volume Information\_restore{681AD0F2-0D47-41B9-8237-A8C74BD32DF4}\RP118\A0054368.dll Object is locked skipped
C:\System Volume Information\_restore{681AD0F2-0D47-41B9-8237-A8C74BD32DF4}\RP118\A0054369.dll Object is locked skipped
C:\System Volume Information\_restore{681AD0F2-0D47-41B9-8237-A8C74BD32DF4}\RP118\A0054370.dll Object is locked skipped
C:\System Volume Information\_restore{681AD0F2-0D47-41B9-8237-A8C74BD32DF4}\RP132\change.log Object is locked skipped
C:\WINDOWS\awwuuu.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\gebcya.dll Infected: Trojan.Win32.Agent.agv skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\perfc000.dat Infected: Backdoor.Win32.Small.os skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

#14 delinger

delinger
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 29 June 2007 - 08:03 PM

proceeding with avg scan in safe mode

#15 SifuMike

SifuMike

    malware expert


  • Members
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:04:05 PM

Posted 29 June 2007 - 09:15 PM

Just found that the new AVG antispyware has changed the way to get reports.

It appears the only way to get a report is to Select Do not automatically generate reports

So Under Reports please - Select Do not automatically generate reports

then do everything else as per the instructions...
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users