Spybot runs slow and weird screen on startup

C

caveanimal

New member
Hi all for some reason spybot runs very slow. I done a virus scan using Panda and also used ad-aware. when spybot finishes it says everything is okay.

And also, When I first start up my system and the windows welcome screen comes on for a couple of seconds, another little screen pops up after the welcome screen comes on, there are some funny symbols up in the top left side of the box. If you right click on the symbols, there is a list of options, most are unicode options, what ever that is. I am going to try to attach a picture of the screen and my HJT log. This screen goes away after a couple of min. and my computer carries on booting up. I just dont know what to do . any help would be very nice and thank you in advance.

Logfile of HijackThis v1.99.1
Scan saved at 3:17:59 PM, on 10/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
C:\Program Files\Lee\Citrix\ICA Client\ssonsvr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Logitech\Video\FxSvr2.exe
C:\Program Files 2\HiJack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138726036637
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3DD3379A-FEEE-411C-B28A-69CAFDBB94CC}: NameServer = 85.255.115.60 85.255.112.136
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
 
Welcome to the forum, If you still need help and are not receiving it elsewhere, please follow these directions.

1) Thanks to LonnyRJones and any others who helped with this fix.

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

At the end of the fix, you may need to restart your computer again.

Finally, please post a fresh HijackThis log, along with the contents of the logfile C:\fixwareout\report.txt

(hold those logs until we complete the instruction)

Now lets check some settings on your system.
(2000/XP) Only
In the windows control panel. If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections. Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties. Click the Networking tab. Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically
Press OK twice to get out of the properties screen and reboot if it asks.
That option might not be avaiable on some systems
Next Go start run type cmd and hit OK
type
ipconfig /flushdns
then hit enter, type exit hit enter
(that space between g and / is needed)

2) Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.

Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O17 - HKLM\System\CCS\Services\Tcpip\..\{3DD3379A-FEEE-411C-B28A-69CAFDBB94CC}: NameServer = 85.255.115.60 85.255.112.136

Close all programs but HJT and all browser windows, then click on "Fix Checked"

Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Restart the computer and post the C:\fixwareout\report.txt, a new HJT log and let me know how the computer is running now.

Thanks

C:\Program Files\Java\jre1.5.0_06\ <<< please check your Java program for an update, this is a security issue, see this information:
http://forums.spybot.info/showpost.php?p=12880&postcount=2
 
Hi and thanks for the quick reply. I downloaded fixwareout but I am unable to run it, it comes up with an error ( unable to execte C\fixwareout\fixit.bat code 1155 shellexecute failed ) I do have the latest java installed. any ideas?
 
Try deleting all of what you downloaded and download it again. Then try again. It is important that we get that fix to run.

I would like you to post any information or error messages "exactly" as they occur, we may need to ask the creator of the fix to look at them.

Thanks
 
Hi again. I deleted the program a couple of times but it still does not work. I will show you exactly what it says ( I can't copy and paste the error box)

Setup

Unable to execute file:
C:\fixwareout\fixit.bat

ShellExecuteEx failed; code 1155
No application is associated with the specified file for this operation

OK

and also when i go to run the program from the desktop it keeps installing it over and over again.

Thanks
 
Thanks for that feedback, I am getting information from the creator of the fix. If he should he need to post to this topic, please follow his directions. It will probably be tomorrow sometime before we hear from him.

Thanks
 
Its probably just an association problem

Batch File Association Fix (Restore the default associations for BAT files)
http://www.dougknox.com/xp/file_assoc.htm
Download/save that zip, extract the file inside to your desktop
Double click on batch_file_assoc.reg and answer yes to the prompts, you should see a succeed message, did you ?

Delete fixwareout.exe, open this folder and run fixit.bat c:\fixwareout\fixit.bat

Is this sililur to what your seeing before windows starts ?
http://forums.spybot.info/showthread.php?p=44013#post44013
 
Hi . and thanks for the reply, after I downloaded that batch file fix and try to open it. windows wants to know what program created it, in order to open it. not sure what to do to open it.
 
Is this similur to what your seeing before windows starts ?
http://forums.spybot.info/showthread.php?p=44013#post44013

Copy the contents of the code box below into a new notepad document (not wordpad).
Click file> save as...> call it check.bat > file types *all files*> and save it to desktop.
Code: 
::xp only
ftype regfile=regedit.exe "%%1"
ftype batfile="%%1" %%*
ftype exefile > look.txt
ftype htafile >> look.txt
ftype cmdfile >> look.txt
ftype comfile >> look.txt
ftype batfile >> look.txt
ftype regfile >> look.txt
start notepad look.txt
Run check.bat and post back with the text that will open

Now try running fixit.bat again.
 
Hi me again :) the screen that pops up is like the one that you had me look at, except the symbols do change, and when I right click on it it has something to do with unicode.

I cut and paste the bat file in notepad and named it check.bat then selected all files and saved it to the desktop. When I double click on it nothing happens. does it matter what the encoding box selection is when it is saved?
 
Lets try this method
Open a command prompt (start run type cmd press enter) type
ftype regfile=regedit.exe "%%1"
press enter, type in
ftype batfile="%%1" %%*
press enter, type exit and press enter to exit the command prompt
 
Hi I tried to run the cmd command in the run window but it will not work. so itried the command prompt in accesories and put it in there, I typed it in different ways but it didnt work. I also tried to boot in safe mode and tried it there, after booting in safe mode with command prompt. am I doing something wrong or is it just screwed up that bad? thanks for the help also:D:
 
I really ........ hate to say this, but I still get the same error message that I had when I first installed the fixwareout program. :eek:
 
Also a kaspersky online scan
Kaspersky Lab - Free Online scan:
http://www.kaspersky.com/virusscanner
Click scan settings and place a check next to use [x]extended this database etc etc. Click ok.
Then choose: my computer: scan all your hard drives and mapped disks.
when finished click save as text and post that in your reply.
We dont need to see item's listed as "Object is locked skipped" so edit those out.
We do not need to see items reported that are in an antivirus quorantine folder.
 
Hi and thanks for the reply. here are the results of the 2 scans. If there is that many viruses why wouldn't norton or panda pick them up?

Friday, October 13, 2006 12:27:26 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 13/10/2006
Kaspersky Anti-Virus database records: 231516


Scan Settings
Scan using the following antivirus database
extended
Scan Archives
true
Scan Mail Bases
true

Scan Target
My Computer
A:\
C:\
D:\
E:\
F:\
H:\

Scan Statistics
Total number of scanned objects
38357
Number of viruses found
11
Number of infected objects
48 / 0
Number of suspicious objects
0
Duration of the scan process
00:28:41


Infected Object Name
Virus Name
Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
Object is locked
skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
Object is locked
skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat
Object is locked
skipped

C:\Documents and Settings\JW\Cookies\index.dat
Object is locked
skipped

C:\Documents and Settings\JW\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
Object is locked
skipped

C:\Documents and Settings\JW\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
Object is locked
skipped

C:\Documents and Settings\JW\Local Settings\History\History.IE5\index.dat
Object is locked
skipped

C:\Documents and Settings\JW\Local Settings\History\History.IE5\MSHist012006101320061014\index.dat
Object is locked
skipped

C:\Documents and Settings\JW\NTUSER.DAT
Object is locked
skipped

C:\Documents and Settings\JW\NTUSER.DAT.LOG
Object is locked
skipped

C:\Documents and Settings\LocalService\Cookies\index.dat
Object is locked
skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
Object is locked
skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
Object is locked
skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat
Object is locked
skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Object is locked
skipped

C:\Documents and Settings\LocalService\NTUSER.DAT
Object is locked
skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG
Object is locked
skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
Object is locked
skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
Object is locked
skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT
Object is locked
skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG
Object is locked
skipped

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll
Object is locked
skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\AVApp.log
Object is locked
skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\AVError.log
Object is locked
skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\AVVirus.log
Object is locked
skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\07C2180D.htm
Infected: Exploit.JS.CVE-2005-1790.j
skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\0B1B1818.class
Infected: Trojan-Downloader.Java.OpenConnection.aj
skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\0E2D0A65.htm
Infected: Exploit.JS.CVE-2005-1790.j
skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\123B6A14.htm
Infected: Exploit.JS.CVE-2005-1790.j
skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\153B0139.wmf
Infected: Exploit.Win32.IMG-WMF.c
skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\1556511C.zip/GetAccess.class
Infected: Trojan.Java.ClassLoader.c
skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\1556511C.zip/InsecureClassLoader.class
Infected: Exploit.Java.ByteVerify
skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\1556511C.zip/Dummy.class
Infected: Trojan.Java.ClassLoader.Dummy.a
skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\1556511C.zip/Installer.class
Infected: Trojan-Downloader.Java.OpenConnection.v
skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\1556511C.zip
ZIP: infected - 4
skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\1556511C.zip
CryptFF: infected - 4
skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\16C75BE6.htm
Infected: Exploit.JS.CVE-2005-1790.j
skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\25250377.htm
Infected: Exploit.JS.CVE-2005-1790.j
skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\2C455573.htm
Infected: Exploit.JS.CVE-2005-1790.j
skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\32A66818.class
Infected: Trojan-Downloader.Java.OpenConnection.aj
skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3A86796B.htm
Infected: Exploit.JS.CVE-2005-1790.j
skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3C251343.wmf
Infected: Trojan-Downloader.Win32.Agent.acd
skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3C251343.zip/BlackBox.class
Infected: Exploit.Java.ByteVerify
skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3C251343.zip/VerifierBug.class
Infected: Exploit.Java.ByteVerify
skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3C251343.zip/Beyond.class
Infected: Trojan-Downloader.Java.OpenConnection.aa
skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3C251343.zip
ZIP: infected - 3
skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3C251343.zip
CryptFF: infected - 3
skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\3C56090D.class
Infected: Trojan.Java.ClassLoader.h
skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\45844617.wmf
Infected: Exploit.Win32.IMG-WMF.c
skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\459E15FA.zip/GetAccess.class
Infected: Trojan.Java.ClassLoader.c
skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\459E15FA.zip/InsecureClassLoader.class
Infected: Exploit.Java.ByteVerify
skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\459E15FA.zip/Dummy.class
Infected: Trojan.Java.ClassLoader.Dummy.a
skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\459E15FA.zip/Installer.class
Infected: Trojan-Downloader.Java.OpenConnection.v
skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\459E15FA.zip
ZIP: infected - 4
skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\459E15FA.zip
CryptFF: infected - 4
skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\49E73143.htm
Infected: Exploit.JS.CVE-2005-1790.j
skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\49E73143.wmf
Infected: Trojan-Downloader.Win32.Agent.acd
skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\49EA5B3F.htm
Infected: Exploit.JS.CVE-2005-1790.j
skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\49F12F38.class
Infected: Trojan.Java.ClassLoader.h
skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\49F12F38.htm
Infected: Exploit.JS.CVE-2005-1790.j
skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\49FE572A.htm
Infected: Exploit.JS.CVE-2005-1790.j
skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\49FE572A.wmf
Infected: Trojan-Downloader.Win32.Agent.acd
skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\4A08551F.htm
Infected: Exploit.JS.CVE-2005-1790.j
skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\509807DF.htm
Infected: Exploit.JS.CVE-2005-1790.j
skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\5C8F39E5.htm
Infected: Exploit.JS.CVE-2005-1790.j
skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\5EDD75C6.htm
Infected: Exploit.JS.CVE-2005-1790.j
skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\61507434.class
Infected: Trojan-Downloader.Java.OpenConnection.aj
skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\63483A5B.htm
Infected: Exploit.JS.CVE-2005-1790.j
skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\681F75E3.class
Infected: Trojan.Java.ClassLoader.d
skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\681F75E3.htm
Infected: Exploit.JS.CVE-2005-1790.j
skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\6F086DA6.class
Infected: Trojan.Java.ClassLoader.d
skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\7C904056.class
Infected: Trojan-Downloader.Java.OpenConnection.aj
skipped

C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\7F406DE1.htm
Infected: Exploit.JS.CVE-2005-1790.j
skipped

C:\RECYCLER\NPROTECT\NPROTECT.LOG
Object is locked
skipped

C:\System Volume Information\MountPointManagerRemoteDatabase
Object is locked
skipped

C:\System Volume Information\_restore{400D178A-159C-4667-9E13-E2A5AE7F09E4}\RP9\change.log
Object is locked
skipped

C:\Temporary Internet Files\Content.IE5\index.dat
Object is locked
skipped

C:\WINDOWS\Debug\PASSWD.LOG
Object is locked
skipped

C:\WINDOWS\SchedLgU.Txt
Object is locked
skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log
Object is locked
skipped

C:\WINDOWS\Sti_Trace.log
Object is locked
skipped

C:\WINDOWS\system32\CatRoot2\edb.log
Object is locked
skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb
Object is locked
skipped

C:\WINDOWS\system32\config\AppEvent.Evt
Object is locked
skipped

C:\WINDOWS\system32\config\default
Object is locked
skipped

C:\WINDOWS\system32\config\default.LOG
Object is locked
skipped

C:\WINDOWS\system32\config\SAM
Object is locked
skipped

C:\WINDOWS\system32\config\SAM.LOG
Object is locked
skipped

C:\WINDOWS\system32\config\SecEvent.Evt
Object is locked
skipped

C:\WINDOWS\system32\config\SECURITY
Object is locked
skipped

C:\WINDOWS\system32\config\SECURITY.LOG
Object is locked
skipped

C:\WINDOWS\system32\config\software
Object is locked
skipped

C:\WINDOWS\system32\config\software.LOG
Object is locked
skipped

C:\WINDOWS\system32\config\SysEvent.Evt
Object is locked
skipped

C:\WINDOWS\system32\config\system
Object is locked
skipped

C:\WINDOWS\system32\config\system.LOG
Object is locked
skipped

C:\WINDOWS\system32\h323log.txt
Object is locked
skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR
Object is locked
skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP
Object is locked
skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER
Object is locked
skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP
Object is locked
skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP
Object is locked
skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA
Object is locked
skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP
Object is locked
skipped

C:\WINDOWS\wiadebug.log
Object is locked
skipped

C:\WINDOWS\wiaservc.log
Object is locked
skipped

C:\WINDOWS\WindowsUpdate.log
Object is locked
skipped

AVG scan

Scan process completed.

c:\WINDOWS\Prefetch\CSJCH.EXE-152DE4D1.pf Hidden file
c:\WINDOWS\Prefetch\DMYYA.EXE-06F84269.pf Hidden file
c:\WINDOWS\system32\cszcq.exe Hidden file
c:\WINDOWS\system32\dmuqk.exe Hidden file
 
Scan with that avg tool , when it is finished put a check next to those items and have it remove them, it will need to reboot the PC, let it.

after windows has loaded
Download (save) not open
REG File Association Fix (Restore default associations for REG files)
and
Batch File Association Fix (Restore the default associations for BAT files)
to your desktop
http://www.dougknox.com/xp/file_assoc.htm
extract the file's inside both , put them in c:\ for easy access
go start run type in
regedit
press enter
Important, ensure my computer is hilighted
go file import browse to xp_regfile.reg and choose open, close regedit.
once regedit is closed (IT MUST BE CLOSED)double click on batch_file_assoc.reg , you should see a sucessfull message, did you ?
open the c:\fixwareout\findt folder and double click on findt.bat, which should make a report.txt in the same folder, post that.
 
You must log in or register to reply here.
Back
Top