Here are all those files. I wasn't absolutely sure which ones you wanted me to post so I attached all the files individually.
and here's the Hijack This log:
Logfile of HijackThis v1.99.1
Scan saved at 12:55:34 AM, on 9/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Hi Lou. At first we weren't sure of some entries in the Blacklight log but it would appear that you have the program PC-Magic installed so we aren't going to worry about those entries.
The logs look clean. If you're worried about these locked files and deleting them you should try using Unlocker. You can download it from here:
It may help you to get rid of those unlocked files. If not, I wouldn't worry about them since they don't seem to be causing any problems. If you decide to use Unlocker let me know how it goes, if not, well let me know then too.
Sorry about the late reply here but I've been kinda crazy lately with work. Anhow, I've tried unlocker on previous occasions, to no effect on those files. I have done some checking into some of those files though and it seems that some of them might be OS files, such as the SAM log and SAM file and a few others. I have had some limited success with using ProcessExplorer and killing the handle for whichever file and then deleting it. I was wondering if you know if it's normal not to be able to access some of the files that were locked?
Also, I have a couple "programs" I can't seem to uninstall and was wondering if you might be able to help me out with that here. Somehow, I think that they were partially uninstalled and there are remnants of them that I can't get rid of (missing uninstaller reference in the registry?). They are on my Start, Progs. menu and there is an uninstaller but it pops up and then goes nowhere. The progs are GTA and GTA Vice city if that helps.
Yes, there will be some files that are so protected by Windows that you cannot delete them. Even if they seem to delete, Windows will see that they're gone because the registry will point to a file that doesn't exist and then Windows will re-create the file. Sometimes malware works like this strangely enough. But in general the answer is yes.
For your second question:
Click Start--->Run. In the run box type appwiz.cpl. In the list tht appears look for GTA and GTA Vice City and try to uninstall them from there. If they don't appear there you might have to just go to the directories where they reside and delete the folders they're in. Once you're rid of the file/files that show them in the start menu they won't be there anymore. Let me know how this goes for you.
Comments
Here are all those files. I wasn't absolutely sure which ones you wanted me to post so I attached all the files individually.
and here's the Hijack This log:
Logfile of HijackThis v1.99.1
Scan saved at 12:55:34 AM, on 9/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\FileChecker\filechecker.exe
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Documents and Settings\Louis\Start Menu\Programs\Spyware, Tweaks & Virus Utilities\Hijack This\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cgi.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=6.1&bm=ho_home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=6.1&bm=ho_search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer Brought To You By Belle, Bear and Smeagol
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: GoToMyPC - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: FileChecker - Created by javacool. - C:\Program Files\FileChecker\filechecker.exe
O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Hope this'll do it!
Thank you!
Lou
The logs look clean. If you're worried about these locked files and deleting them you should try using Unlocker. You can download it from here:
http://ccollomb.free.fr/unlocker/
It may help you to get rid of those unlocked files. If not, I wouldn't worry about them since they don't seem to be causing any problems. If you decide to use Unlocker let me know how it goes, if not, well let me know then too.
Sorry about the late reply here but I've been kinda crazy lately with work. Anhow, I've tried unlocker on previous occasions, to no effect on those files. I have done some checking into some of those files though and it seems that some of them might be OS files, such as the SAM log and SAM file and a few others. I have had some limited success with using ProcessExplorer and killing the handle for whichever file and then deleting it. I was wondering if you know if it's normal not to be able to access some of the files that were locked?
Also, I have a couple "programs" I can't seem to uninstall and was wondering if you might be able to help me out with that here. Somehow, I think that they were partially uninstalled and there are remnants of them that I can't get rid of (missing uninstaller reference in the registry?). They are on my Start, Progs. menu and there is an uninstaller but it pops up and then goes nowhere. The progs are GTA and GTA Vice city if that helps.
And then I'll stop bugging you. :-)
Thanks
Yes, there will be some files that are so protected by Windows that you cannot delete them. Even if they seem to delete, Windows will see that they're gone because the registry will point to a file that doesn't exist and then Windows will re-create the file. Sometimes malware works like this strangely enough. But in general the answer is yes.
For your second question:
Click Start--->Run. In the run box type appwiz.cpl. In the list tht appears look for GTA and GTA Vice City and try to uninstall them from there. If they don't appear there you might have to just go to the directories where they reside and delete the folders they're in. Once you're rid of the file/files that show them in the start menu they won't be there anymore. Let me know how this goes for you.