Options
Help with freezing in xp please.
I have been asked by a friend to look at her family computer which is freezing on start up. An error message related to e Tomi pro and a registration form for Norton appear on screen then the freezing.
I started in safe mode and found that her BT broadband was not opening despite the icons being on the desktop. I found also that e Tomi pro was a rogue version of limewire and there are folders with reference to limewire on the hard drive.
I am using all her own devices, including router which I have plugged into my own phone line. Conveniently we are both BT broadband.
I have however had to plug an old keyboard and mouse in as her wireless ones are not being recognised.
After much playing about I managed to get the pc to boot with mscongig selective start-up and unchecked load system services and start up items.
Etomi pro, limewire and BT were not listed in the add/remove list in control panel.
I reinstalled e tomi pro and then uninstalled and have got rid of the error message. I registered with Norton and have got rid of that form too.
I have managed internet access thru internet explorer but not thru BT/yahoo which is the family preference.
I have ran all the progs advised by yourselves and include the logs below. As this is my third attempt at posting - everytime I managed to get the panda results on the page and tried the same with the K log the programme stopped responding and I had to start again. I will add the panda here and start a reply thread with the rest or attach the file!
Here goes!
Incident Status Location
Adware:adware/ncase Not disinfected c:\temp\salmau.dat
Potentially unwanted tool:application/funweb Not disinfected c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf
Adware:adware/gator Not disinfected c:\windows\GatorFDDLI.log
Adware:adware/wupd Not disinfected c:\program files\Media Access
Adware:adware/savenow Not disinfected c:\program files\VVSN
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Claudia\Cookies\claudia@ad.yieldmanager[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Claudia\Cookies\claudia@belnk[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Claudia\Cookies\claudia@burstnet[2].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Claudia\Cookies\claudia@ct.360i[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Claudia\Cookies\claudia@dist.belnk[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Claudia\Cookies\claudia@ehg-dig.hitbox[1].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Claudia\Cookies\claudia@fe.lea.lycos[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Claudia\Cookies\claudia@go[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Claudia\Cookies\claudia@stats1.reliablestats[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Claudia\Cookies\claudia@toplist[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Claudia\Cookies\claudia@winfixer[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Claudia\Cookies\claudia@www.burstbeacon[2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Claudia\Cookies\claudia@www.myaffiliateprogram[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Claudia\Cookies\claudia@xiti[1].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Claudia\Cookies\claudia@xmts[1].txt
Adware:Adware/Gator.Trickler Not disinfected C:\Documents and Settings\Claudia\Desktop\Midnight lake.exe
The rest to follow!
Louise
I started in safe mode and found that her BT broadband was not opening despite the icons being on the desktop. I found also that e Tomi pro was a rogue version of limewire and there are folders with reference to limewire on the hard drive.
I am using all her own devices, including router which I have plugged into my own phone line. Conveniently we are both BT broadband.
I have however had to plug an old keyboard and mouse in as her wireless ones are not being recognised.
After much playing about I managed to get the pc to boot with mscongig selective start-up and unchecked load system services and start up items.
Etomi pro, limewire and BT were not listed in the add/remove list in control panel.
I reinstalled e tomi pro and then uninstalled and have got rid of the error message. I registered with Norton and have got rid of that form too.
I have managed internet access thru internet explorer but not thru BT/yahoo which is the family preference.
I have ran all the progs advised by yourselves and include the logs below. As this is my third attempt at posting - everytime I managed to get the panda results on the page and tried the same with the K log the programme stopped responding and I had to start again. I will add the panda here and start a reply thread with the rest or attach the file!
Here goes!
Incident Status Location
Adware:adware/ncase Not disinfected c:\temp\salmau.dat
Potentially unwanted tool:application/funweb Not disinfected c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf
Adware:adware/gator Not disinfected c:\windows\GatorFDDLI.log
Adware:adware/wupd Not disinfected c:\program files\Media Access
Adware:adware/savenow Not disinfected c:\program files\VVSN
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Claudia\Cookies\claudia@ad.yieldmanager[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Claudia\Cookies\claudia@belnk[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Claudia\Cookies\claudia@burstnet[2].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Claudia\Cookies\claudia@ct.360i[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Claudia\Cookies\claudia@dist.belnk[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Claudia\Cookies\claudia@ehg-dig.hitbox[1].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Claudia\Cookies\claudia@fe.lea.lycos[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Claudia\Cookies\claudia@go[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Claudia\Cookies\claudia@stats1.reliablestats[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Claudia\Cookies\claudia@toplist[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Claudia\Cookies\claudia@winfixer[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Claudia\Cookies\claudia@www.burstbeacon[2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Claudia\Cookies\claudia@www.myaffiliateprogram[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Claudia\Cookies\claudia@xiti[1].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Claudia\Cookies\claudia@xmts[1].txt
Adware:Adware/Gator.Trickler Not disinfected C:\Documents and Settings\Claudia\Desktop\Midnight lake.exe
The rest to follow!
Louise
0
Comments
Save it to your c drive, extract it to your c drive.
Run a system scan.
If you have any of these entires, check them and click fix.
HKEY_CURRENT_USER\software\microsoft\internet explorer\menuext\limeshop preferences
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\limewire
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\9e11dbbf317d89b4f92af7d63ab22d26
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a8cebe6cec02c7d40a450c6455a6ad2e
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\c0da82cffcfbb79419d1189c955ee262
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\limeshop
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls\c:\program files\limewire\2.9.8\bet.url
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls\c:\program files\limewire\2.9.8\bonzi.url
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls\c:\program files\limewire\2.9.8\browserpage.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls\c:\program files\limewire\2.9.8\limeshop.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls\c:\program files\limewire\2.9.8\limeshop.html
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls\c:\program files\limewire\2.9.8\limeshop.url
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls\c:\program files\limewire\2.9.8\limewire.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls\c:\program files\limewire\2.9.8\limewire.jar
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls\c:\program files\limewire\2.9.8\money.url
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls\c:\program files\limewire\2.9.8\root\magnet10\options.js
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\limeshop.xml
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\limewire
Next run a system scan again and save a log file.
Post it here.
In your program files folders, if you have any of these delete them.
Program Files\Common Files\limewire
Program Files\limeshop
Program Files\limewire
No I wont - I think the file is bigger than that allowed so it will need to be in th parts!
On looking at the results I should have said some folders on the drive come up access denied when I try to pen them and the log ins for each of the family had disappeared off the desktop at boot. The pc is booting directly to the windows desktop and only shows the administrator/owner icon when booted in safe mode.
Will keep plugging away at posting this information.
Bitdefenderfound nothing and finally hijack log.
Logfile of HijackThis v1.99.1
Scan saved at 10:48:09, on 10/09/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gb10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-gb10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-gb10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-gb10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://gb10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
O4 - Startup: AutoTBar.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BT Yahoo! Help.lnk = C:\Program Files\BT Yahoo! Help\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
I did empty temp internet files but you would never know it from the mess of the Kap log. I hope allthis means something to someone. Thanks for thehijack advice - I had already done it but was still so busy uploading the kap logs.
Fingers crossed and many many thanks
Louise
I couldnt find any of the references made in the advice in the hijack log so am posting the new log.
Fingers crossed someone can identify any viruses etc
Logfile of HijackThis v1.99.1
Scan saved at 16:38:26, on 10/09/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\ps2.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\BT Yahoo! Help\bin\mpbtn.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gb10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-gb10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-gb10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-gb10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gb10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-gb10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-gb10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-gb10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://gb10.hpwis.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Startup: eTomi Pro On Startup.lnk = C:\Program Files\eTomiPro\Gui\etomipro.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BT Yahoo! Help.lnk = C:\Program Files\BT Yahoo! Help\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
The system was running avast and Norton. They seem to be incompatible. Which is recommended to keep?
I've also found a virus in C:WINDOWS\system 32\Activescan\pskavs.dll.
As it is a dll file I ned advice on what to do.
Thanks again
Louise
http://www.grisoft.cz/softw/70/filedir/inst/ewido-setup_4.0.0.172c.exe
Update it, run a complete system scan, apply all actions, save a log file, and post it here.
There is a large folder named Adam which is locked. Not by the owner so possibly a virus - one of many!!!!!!!!!!!!!!!
Am i right in thinking - way back to windows 98 days - that there was something I used to uncheck when I had a virus to prevent reinfection with every boot. Was it system restore and if so does this apply here?
I've got the bit between my teeth now - need to beat this dam pute - with your help of course!
Anyway here goes with ewido file:
C:\Documents and Settings\Eliot\Application Data\Microsoft\Internet Explorer\Quick Launch\Block Checker.lnk -> Adware.BlockChecker : Error during cleaning.
C:\Documents and Settings\Claudia\Desktop\Midnight lake.exe -> Adware.Gator : Cleaned with backup (quarantined).
C:\Documents and Settings\ADAM\Application Data\ShopperReports -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\ADAM\Application Data\ShopperReports\cs -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\ADAM\Application Data\ShopperReports\cs\Config.xml -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\ADAM\Application Data\ShopperReports\cs\db -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\ADAM\Application Data\ShopperReports\cs\db\Aliases.dbs -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\ADAM\Application Data\ShopperReports\cs\db\Sites.dbs -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\ADAM\Application Data\ShopperReports\cs\dwld -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\ADAM\Application Data\ShopperReports\cs\dwld\WhiteList.xip -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\ADAM\Application Data\ShopperReports\cs\persist.dbs -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\ADAM\Application Data\ShopperReports\cs\report -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\ADAM\Application Data\ShopperReports\cs\report\ag_ShopperReports.xml -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\ADAM\Application Data\ShopperReports\cs\report\ag_ShopperReports.xml.db -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\ADAM\Application Data\ShopperReports\cs\report\aggr_storage.xml -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\ADAM\Application Data\ShopperReports\cs\report\send_ShopperReports.xml -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\ADAM\Application Data\ShopperReports\cs\report\send_ShopperReports.xml.db -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\ADAM\Application Data\ShopperReports\cs\report\send_storage.xml -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\ADAM\Application Data\ShopperReports\cs\res1 -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\ADAM\Application Data\ShopperReports\cs\res1\WhiteList.dbs -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\ADAM\Application Data\ShopperReports\shprrprt.log -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Claudia\Application Data\ShopperReports -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Claudia\Application Data\ShopperReports\cs -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Claudia\Application Data\ShopperReports\cs\Config.xml -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Claudia\Application Data\ShopperReports\cs\db -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Claudia\Application Data\ShopperReports\cs\db\Aliases.dbs -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Claudia\Application Data\ShopperReports\cs\db\Sites.dbs -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Claudia\Application Data\ShopperReports\cs\dwld -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Claudia\Application Data\ShopperReports\cs\dwld\WhiteList.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Claudia\Application Data\ShopperReports\cs\persist.dbs -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Claudia\Application Data\ShopperReports\cs\report -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Claudia\Application Data\ShopperReports\cs\report\ag_ShopperReports.xml -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Claudia\Application Data\ShopperReports\cs\report\ag_ShopperReports.xml.db -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Claudia\Application Data\ShopperReports\cs\report\aggr_storage.xml -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Claudia\Application Data\ShopperReports\cs\report\send_ShopperReports.xml -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Claudia\Application Data\ShopperReports\cs\report\send_ShopperReports.xml.db -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Claudia\Application Data\ShopperReports\cs\report\send_storage.xml -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Claudia\Application Data\ShopperReports\cs\res1 -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Claudia\Application Data\ShopperReports\cs\res1\WhiteList.dbs -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Claudia\Application Data\ShopperReports\shprrprt.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Claudia\Application Data\ShopperReports\shprrprt_1154714668.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Claudia\Application Data\ShopperReports\shprrprt_1154715276.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Eliot\Application Data\ShopperReports -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Eliot\Application Data\ShopperReports\cs -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Eliot\Application Data\ShopperReports\cs\Config.xml -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Eliot\Application Data\ShopperReports\cs\db -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Eliot\Application Data\ShopperReports\cs\db\Aliases.dbs -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Eliot\Application Data\ShopperReports\cs\db\Sites.dbs -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Eliot\Application Data\ShopperReports\cs\dwld -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Eliot\Application Data\ShopperReports\cs\dwld\WhiteList.xip -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Eliot\Application Data\ShopperReports\cs\persist.dbs -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Eliot\Application Data\ShopperReports\cs\report -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Eliot\Application Data\ShopperReports\cs\report\ag_ShopperReports.xml -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Eliot\Application Data\ShopperReports\cs\report\ag_ShopperReports.xml.db -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Eliot\Application Data\ShopperReports\cs\report\aggr_storage.xml -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Eliot\Application Data\ShopperReports\cs\report\send_ShopperReports.xml -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Eliot\Application Data\ShopperReports\cs\report\send_ShopperReports.xml.db -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Eliot\Application Data\ShopperReports\cs\report\send_storage.xml -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Eliot\Application Data\ShopperReports\cs\res1 -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Eliot\Application Data\ShopperReports\cs\res1\WhiteList.dbs -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Eliot\Application Data\ShopperReports\shprrprt.log -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Eliot\Application Data\ShopperReports\shprrprt_1151998689.log -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kay\Application Data\ShopperReports -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kay\Application Data\ShopperReports\cs -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kay\Application Data\ShopperReports\cs\Config.xml -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kay\Application Data\ShopperReports\cs\db -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kay\Application Data\ShopperReports\cs\db\Aliases.dbs -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kay\Application Data\ShopperReports\cs\db\Sites.dbs -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kay\Application Data\ShopperReports\cs\dwld -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kay\Application Data\ShopperReports\cs\dwld\WhiteList.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kay\Application Data\ShopperReports\cs\persist.dbs -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kay\Application Data\ShopperReports\cs\report -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kay\Application Data\ShopperReports\cs\report\ag_ShopperReports.xml -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kay\Application Data\ShopperReports\cs\report\ag_ShopperReports.xml.db -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kay\Application Data\ShopperReports\cs\report\aggr_storage.xml -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kay\Application Data\ShopperReports\cs\report\send_ShopperReports.xml -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kay\Application Data\ShopperReports\cs\report\send_ShopperReports.xml.db -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kay\Application Data\ShopperReports\cs\report\send_storage.xml -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kay\Application Data\ShopperReports\cs\res1 -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kay\Application Data\ShopperReports\cs\res1\WhiteList.dbs -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kay\Application Data\ShopperReports\shprrprt.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kay\Application Data\ShopperReports\shprrprt_1155741811.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kay\Application Data\ShopperReports\shprrprt_1155741859.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kay\Application Data\ShopperReports\shprrprt_1155741907.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kay\Application Data\ShopperReports\shprrprt_1155741940.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kay\Application Data\ShopperReports\shprrprt_1155741968.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kay\Application Data\ShopperReports\shprrprt_1155742369.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kay\Application Data\ShopperReports\shprrprt_1155743062.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kay\Application Data\ShopperReports\shprrprt_1155743662.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kay\Application Data\ShopperReports\shprrprt_1155744262.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kay\Application Data\ShopperReports\shprrprt_1155744771.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kay\Application Data\ShopperReports\shprrprt_1155822183.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kay\Application Data\ShopperReports\shprrprt_1155887170.log -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\SpamBlockerUtility\Bin\4.7.1.0\SbHostIE.dll -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\SpamBlockerUtility\Bin\4.7.1.0\SbHostOL.dll -> Adware.Hotbar : Cleaned with backup (quarantined).
C:\Program Files\SpamBlockerUtility\Bin\4.7.1.0\SbOEAddOn.exe -> Adware.Hotbar : Cleaned with backup (quarantined).
C:\Program Files\SpamBlockerUtility\Bin\4.7.1.0\SbToolbar.dll -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\SpamBlockerUtility\Bin\4.8.0.0\SbGuard.exe -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\SpamBlockerUtility\Bin\4.8.0.0\SbInstIE.dll -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\SpamBlockerUtility\SBTV\SBTVHelper.dll -> Adware.Hotbar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64D353BC-F70D-499F-9163-3CEC028719CD}\RP1\A0000022.dll -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Program Files\Media Access -> Adware.MediaAccess : Cleaned with backup (quarantined).
C:\Program Files\Media Access\Info.txt -> Adware.MediaAccess : Cleaned with backup (quarantined).
C:\Documents and Settings\Eliot\Start Menu\Programs\Power Scan -> Adware.PowerScan : Cleaned with backup (quarantined).
C:\Documents and Settings\Eliot\Start Menu\Programs\Power Scan\Power Scan.lnk -> Adware.PowerScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{64D353BC-F70D-499F-9163-3CEC028719CD}\RP1\A0000023.dll -> Adware.Shopper : Cleaned with backup (quarantined).
C:\Documents and Settings\Claudia\Cookies\claudia@highbeam.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Claudia\Cookies\claudia@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Kay\Cookies\kay@metacafe.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Claudia\Cookies\claudia@stats.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Claudia\Cookies\claudia@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Claudia\Cookies\claudia@ad.adocean[2].txt -> TrackingCookie.Adocean : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Claudia\Cookies\claudia@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Kay\Cookies\kay@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Claudia\Cookies\claudia@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Claudia\Cookies\claudia@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Kay\Cookies\kay@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Claudia\Cookies\claudia@e-2dj6wjliqmdjkep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Claudia\Cookies\claudia@e-2dj6wjlyqkajalq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Claudia\Cookies\claudia@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Kay\Cookies\kay@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Claudia\Cookies\claudia@ads.gamershell[1].txt -> TrackingCookie.Gamershell : Cleaned.
C:\Documents and Settings\Claudia\Cookies\claudia@gamershell[2].txt -> TrackingCookie.Gamershell : Cleaned.
C:\Documents and Settings\Claudia\Cookies\claudia@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Kay\Cookies\kay@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Claudia\Cookies\claudia@ivwbox[2].txt -> TrackingCookie.Ivwbox : Cleaned.
C:\Documents and Settings\Kay\Cookies\kay@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned.
C:\Documents and Settings\Claudia\Cookies\claudia@server.lon.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Claudia\Cookies\claudia@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Documents and Settings\Claudia\Cookies\claudia@data4.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Kay\Cookies\kay@data4.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Claudia\Cookies\claudia@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Kay\Cookies\kay@starware[2].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Claudia\Cookies\claudia@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Kay\Cookies\kay@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Claudia\Cookies\claudia@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
::Report end
Why don't you try doing these online scans, from what you say, this might take a long time, but they can be very helpful so keep that in mind.
http://housecall65.trendmicro.com/
http://www.bitdefender.com/
http://www.pandasoftware.com/products/activescan?NRMODE=Published&NRORIGINALURL=%2factivescan%2f&NRNODEGUID=%7b3B202047-35D4-4DA2-B310-B1DBEC2971F2%7d&NRCACHEHINT=Guest
many thanks again!
I folowed all the advice from the trend scan and removed the trojans brought up and installed manually a huge list of updates from microsoft. I've found out the following from Avast:
C:\system volume information\-restore(64D353BC-F70D-49F-9163-3CEC028719CD)\RPI\A0000042.DLL infected by Win32:Adware-gen.
the same pathway with A00000045 and 46.DLL infected with same.
Also C:WINDOWS\system32\Activescan\pskavs.dll.
I know Avast shows some panda scan files as being infected in error and not sure if the latter refers to one of these - I couldnt see mention of this particular file on the avast site although many others are listed. Should |I remove panda from the system?
I am now listing another hijack log and really hoping with some help with the win32 virus if possible?
Many thanks
Louise
Logfile of HijackThis v1.99.1
Scan saved at 00:40:50, on 14/09/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\ps2.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\BT Yahoo! Help\bin\mpbtn.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gb10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-gb10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-gb10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-gb10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gb10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-gb10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-gb10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-gb10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://gb10.hpwis.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
O4 - Startup: eTomi Pro On Startup.lnk = C:\Program Files\eTomiPro\Gui\etomipro.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BT Yahoo! Help.lnk = C:\Program Files\BT Yahoo! Help\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
I am now listing the hijack log and hoping someone can spot something for me. Many thanks
Louise
Logfile of HijackThis v1.99.1
Scan saved at 18:12:02, on 19/09/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gb10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-gb10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-gb10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-gb10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://gb10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
O4 - Startup: AutoTBar.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BT Yahoo! Help.lnk = C:\Program Files\BT Yahoo! Help\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1158594668796
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
I also see my friends son has been accessing some very dodgy viewing thru his locked files and assuming a lot of the viruses, trojans etc may have aoiginated from these sites. He's gonna have one sore head after this!
Really hoping someone can make some sense of all this. Just trying to give as much info as poss.
Louise
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\ADAM\Application Data\Adobe\Acrobat\7.0\AdobeCMapFnt07.lst Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Adobe\Acrobat\7.0\AdobeSysFnt07.lst Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Adobe\Acrobat\7.0\Collab\RSS Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Adobe\Acrobat\7.0\JavaScripts\glob.settings.js Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Adobe\Acrobat\7.0\JSADM.exv Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Adobe\Acrobat\7.0\Updater\udlog.txt Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Adobe\Acrobat\7.0\Updater\udstore.js Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Adobe\Acrobat\7.0\UserCache.bin Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\AdobeUM\AcRdB7_0_7.sta Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\desktop.ini Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Macromedia\Flash Player\#SharedObjects\UTB3CUZW\localhost\core.sol Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Macromedia\Flash Player\#SharedObjects\UTB3CUZW\video.google.com\googleplayer.swf\mediaPlayerUserSettings.sol Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#local\settings.sol Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#video.google.com\settings.sol Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\Address Book\ADAM.wab Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\Address Book\ADAM.wab~ Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config.cch Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5 Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\CryptnetUrlCache\Content\7C8A03C4580C6B04FDF34357F3474EDC Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\CryptnetUrlCache\Content\A8FABA189DB7D25FBA7CAC806625FD30 Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\CryptnetUrlCache\Content\B82262A5D5DA4DDACE9EDA7F787D0DEB Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\CryptnetUrlCache\Content\F482C95F83F1B59228F1B1E720F2EDF1 Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5 Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\CryptnetUrlCache\MetaData\7C8A03C4580C6B04FDF34357F3474EDC Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\CryptnetUrlCache\MetaData\A8FABA189DB7D25FBA7CAC806625FD30 Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\CryptnetUrlCache\MetaData\B82262A5D5DA4DDACE9EDA7F787D0DEB Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\CryptnetUrlCache\MetaData\F482C95F83F1B59228F1B1E720F2EDF1 Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1548180168-2754046642-3636552482-1010\feb2b8d974e5ec6466603c5c17a80d27_231dbca0-967e-46d5-8810-027bfb747294 Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\HTML Help\hh.dat Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\Internet Explorer\brndlog.bak Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\Internet Explorer\brndlog.txt Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\Internet Explorer\Desktop.htt Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger with BT Communicator.lnk Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Yahoo!\adam.ardrey@btinternet.com\Bookmarks\personal.xml Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Yahoo!\adam.ardrey@btinternet.com\History\his12970 Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Yahoo!\adam.ardrey@btinternet.com\History\his12971 Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Yahoo!\adam.ardrey@btinternet.com\History\his12983 Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Yahoo!\adam.ardrey@btinternet.com\History\his12996 Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Yahoo!\adam.ardrey@btinternet.com\History\his13006 Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Yahoo!\adam.ardrey@btinternet.com\History\his13015 Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Yahoo!\adam.ardrey@btinternet.com\History\his13021 Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Yahoo!\adam.ardrey@btinternet.com\History\his13065 Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Yahoo!\adam.ardrey@btinternet.com\History\his13117 Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Yahoo!\adam.ardrey@btinternet.com\History\his13125 Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Yahoo!\adam.ardrey@btinternet.com\History\his13133 Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Yahoo!\adam.ardrey@btinternet.com\History\his13139 Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Yahoo!\adam.ardrey@btinternet.com\History\his13140 Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Yahoo!\adam.ardrey@btinternet.com\History\his13141 Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Yahoo!\adam.ardrey@btinternet.com\History\his13147 Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\Office\MSO2057.acl Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\Office\Recent\3½ Floppy (A).LNK Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\Office\Recent\Adjusts070601.LNK Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\Office\Recent\annual_report on www.slab.org.uk.url Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\Office\Recent\BNTF3DGW.LNK Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\Office\Recent\complaint_form.doc.url Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\Office\Recent\doc on www.scottisharts.org.uk.url Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\Office\Recent\Draftwrit080602.LNK Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\Office\Recent\form on www.financial-ombudsman.org.uk.url Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\Office\Recent\index.dat Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\Office\Recent\Iona.LNK Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\Office\Recent\Jul 11 2006 (G).LNK Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\Office\Recent\Jun 14 2006 (G).LNK Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\Office\Recent\Jun 20 2006 (G).LNK Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\Office\Recent\LW8JHPKD.LNK Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\Office\Recent\My Documents.LNK Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\Office\Recent\Normal.LNK Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\Office\Recent\Opinon070601.LNK Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\Office\Recent\P8KNTHWL.LNK Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\Office\Recent\PZ9ST3ME.LNK Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\Office\Recent\RECORD STODDART AS AMENDED ON 22.12.2005.LNK Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\Office\Recent\STOD 1.LNK Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\Office\Recent\STOD 2.LNK Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\Office\Recent\STOD3.LNK Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\Office\Recent\STOD4.LNK Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\Office\Recent\STOD5.LNK Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\Office\Recent\Templates.LNK Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\Office\Word10.pip Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\Proof\CUSTOM.DIC Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\Protect\CREDHIST Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\Protect\S-1-5-21-1548180168-2754046642-3636552482-1010\764d5054-3eec-4c8a-9e94-5ba910c8947f Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\Protect\S-1-5-21-1548180168-2754046642-3636552482-1010\Preferred Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\Templates\~$Normal.dot Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\Windows\Themes\Custom.theme Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\Windows Defender\FileTracker\{B2295598-BAF5-45D1-BBB9-6C1B048AA549} Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\Word\AutoRecovery save of Redraft060603Owen.asd Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\Word\~WRA0000.wbk Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\Microsoft\Word\~WRL0005.tmp Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\ShopperReports\cs\Config.xml Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\ShopperReports\cs\db\Aliases.dbs Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\ShopperReports\cs\db\Sites.dbs Object is locked skipped
C:\Documents and Settings\ADAM\Application Data\ShopperReports\cs\dwld\WhiteList.xip Object is locked skipped
C:\Documents and Settings\ADAM\Local Settings\Temporary Internet Files\Content.IE5\63ZVNOZZ\aboutus_on[1].gif Object is locked skipped
C:\Documents and Settings\ADAM\Local Settings\Temporary Internet Files\Content.IE5\63ZVNOZZ\abuse[1].gif Object is locked skipped
C:\Documents and Settings\ADAM\Local Settings\Temporary Internet Files\Content.IE5\63ZVNOZZ\ach6[1].jpg Object is locked skipped
C:\Documents and Settings\ADAM\Local Settings\Temporary Internet Files\Content.IE5\63ZVNOZZ\achnabrec1[1].jpg Object is locked skipped
C:\Documents and Settings\ADAM\Local Settings\Temporary Internet Files\Content.IE5\63ZVNOZZ\achnabreck1[1].jpg Object is locked skipped
C:\Documents and Settings\ADAM\Local Settings\Temporary Internet Files\Content.IE5\63ZVNOZZ\achnabreck2[1].jpg Object is locked skipped
C:\Documents and Settings\ADAM\Local Settings\Temporary Internet Files\Content.IE5\63ZVNOZZ\ACHNABRECK_CARVINGS[1].jpg Object is locked skipped
C:\Documents and Settings\ADAM\Local Settings\Temporary Internet Files\Content.IE5\63ZVNOZZ\Ad005[1].gif Object is locked skipped
C:\Documents and Settings\ADAM\Local Settings\Temporary Internet Files\Content.IE5\63ZVNOZZ\AdContent[1].htm Object is locked skipped
C:\Documents and Settings\ADAM\Local Settings\Temporary Internet Files\Content.IE5\63ZVNOZZ\admin_colon[1].gif Object is locked skipped
C:\Documents and Settings\ADAM\Local Settings\Temporary Internet Files\Content.IE5\63ZVNOZZ\ad[1].htm Object is locked skipped
C:\Documents and Settings\ADAM\Local Settings\Temporary Internet Files\Content.IE5\63ZVNOZZ\ad_weather_workrestplay[1].js Object is locked skipped
C:\Documents and Settings\ADAM\Local Settings\Temporary Internet Files\Content.IE5\63ZVNOZZ\Airlie_from_NW[1].jpg Object is locked skipped
C:\Documents and Settings\ADAM\Local Settings\Temporary Internet Files\Content.IE5\63ZVNOZZ\alexs1[1].jpg Object is locked skipped
C:\Documents and Settings\ADAM\Local Settings\Temporary Internet Files\Content.IE5\63ZVNOZZ\Altarstone_mt_St_Bernard_Abbey100[1].jpg Object is locked skipped
C:\Documents and Settings\ADAM\Local Settings\Temporary Internet Files\Content.IE5\63ZVNOZZ\alternative_medicines_w[1].gif Object is locked skipped
C:\Documents and Settings\Eliot\Local Settings\Temp\~faf3f75e3e801c576892dbec000.jpd Object is locked skipped
C:\Documents and Settings\Eliot\Local Settings\Temp\~faf3f75e3e801c576892dbec000.jpg Object is locked skipped
C:\Documents and Settings\Eliot\Local Settings\Temp\~fbc63d03a78a1c637fb4c1e2200.jpd Object is locked skipped
C:\Documents and Settings\Eliot\Local Settings\Temp\~fbc63d03a78a1c637fb4c1e2200.jpg Object is locked skipped
C:\Documents and Settings\Eliot\Local Settings\Temp\~fd20b859fd8a1c6a5be45cbef00.jpd Object is locked skipped
C:\Documents and Settings\Eliot\Local Settings\Temp\~fd20b859fd8a1c6a5be45cbef00.jpg Object is locked skipped
C:\Documents and Settings\Eliot\Local Settings\Temp\~fd5363093d7d1c637fb4c1e2200.jpd Object is locked skipped
C:\Documents and Settings\Eliot\Local Settings\Temp\~fd5363093d7d1c637fb4c1e2200.jpg Object is locked skipped
C:\Documents and Settings\Eliot\Local Settings\Temp\~fe8b9823150931c6437c93b8b800.jpd Object is locked skipped
C:\Documents and Settings\Eliot\Local Settings\Temp\~fe8b9823150931c6437c93b8b800.jpg Object is locked skipped
C:\Documents and Settings\Eliot\Local Settings\Temp\~ff5cb82763521c5ac065f628300.jpd Object is locked skipped
C:\Documents and Settings\Eliot\Local Settings\Temp\~ff5cb82763521c5ac065f628300.jpg Object is locked skipped
C:\Documents and Settings\Eliot\Local Settings\Temp\~ffb353d4cc371c57688f94b0400.jpd Object is locked skipped
C:\Documents and Settings\Eliot\Local Settings\Temp\~ffb353d4cc371c57688f94b0400.jpg Object is locked skipped
C:\Documents and Settings\Eliot\Local Settings\Temp\~ffba9051985a1c5b96519f9c00.jpd Object is locked skipped
C:\Documents and Settings\Eliot\Local Settings\Temp\~ffba9051985a1c5b96519f9c00.jpg Object is locked skipped
C:\Documents and Settings\Eliot\Local Settings\Temp\~MSFT._PI Object is locked skipped
C:\Documents and Settings\Eliot\Local Settings\Temp\~WRF0000.tmp Object is locked skipped
C:\Documents and Settings\Eliot\Local Settings\Temp\~WRF0001.tmp Object is locked skipped
C:\Documents and Settings\Eliot\My Documents\My Received Files\Forgot About Dre.mp3 Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012006091920060920\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\Owner\UserData\index.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\BT Yahoo! Help\log\mpbtn.log Object is locked skipped
C:\RECYCLER\S-1-5-21-1548180168-2754046642-3636552482-1007\Dc402\MY shoes.jpg Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{64D353BC-F70D-499F-9163-3CEC028719CD}\RP110\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{60E737AA-76B9-48ED-B730-93585267076C}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_208.dat Object is locked skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{64D353BC-F70D-499F-9163-3CEC028719CD}\RP110\change.log Object is locked skipped
Scan process completed.