View Full Version : Help my computer! Please !!!!
Here are the results from the scan, please help!
Tanya
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:43:58 PM, on 10/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\NielsenNetratings\bin\insight.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\MSN\MSNCoreFiles\msn.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8010
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;setup.msn.com;memberservices.msn.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE /s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Nielsen NetRatings.lnk = C:\Program Files\NielsenNetratings\bin\insight.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5013/mcfscan.cab
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 10248 bytes
See second thread for other file
October 23, 2007 7:37:56 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 23/10/2007
Kaspersky Anti-Virus database records: 443494
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
Scan Statistics
Total number of scanned objects 172489
Number of viruses found 6
Number of infected objects 13
Number of suspicious objects 4
Duration of the scan process 02:01:05
Infected Object Name Virus Name Last Action
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\download.exe.bac_a01268/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.bya skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\download.exe.bac_a01268/stream Infected: Trojan-Downloader.Win32.Zlob.bya skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\download.exe.bac_a01268 NSIS: infected - 2 skipped
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\download.exe.bac_a01268 CryptFF.b: infected - 2 skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{743FD6C3-6DC4-43D0-A0FE-CA7CE8978AF3}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR1E.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXAccess1.zip/imsmain.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXAccess1.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXAccess4.zip/iesmn.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXAccess4.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Tanya\Application Data\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\Tanya\Application Data\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped
C:\Documents and Settings\Tanya\Application Data\GTek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skipped
C:\Documents and Settings\Tanya\Application Data\GTek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped
C:\Documents and Settings\Tanya\Application Data\MSN6\UserData\{0392AA80-5EF1-01C5-0200-00008911B40C}\favthumb.dbx Object is locked skipped
C:\Documents and Settings\Tanya\Application Data\setup_en[1].exe Infected: not-a-virus:Downloader.Win32.WinFixer.z skipped
C:\Documents and Settings\Tanya\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Application Data\Microsoft\MSN\db30\BNT04-msn-com.sdf Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\History\History.IE5\MSHist012007102320071024\index.dat Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Temp\fdr2544.fdr Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Temp\me_6LDamOonOd07FMU Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Temp\me_cmQG9jYT5YFsgHu Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Temp\me_dagDvX3jADgw59B Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Temp\me_nL33OYhd7obuVqG Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Temp\me_XqG1TqAyhAGb3bf Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Temp\_hphtra07.log Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Temp\~DFBED2.tmp Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Temporary Internet Files\PhishingFilter\10278502-67BC-43EF-B0AA-BBF67795D5B0.dat Object is locked skipped
C:\Documents and Settings\Tanya\My Documents\My Downloads\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Tanya\My Documents\My Downloads\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Tanya\My Documents\My Downloads\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Tanya\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Tanya\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Verizon Online\SFP\vzbb.dll Infected: not-a-virus:AdWare.Win32.MegaSearch.b skipped
C:\Program Files\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.me Object is locked skipped
C:\Program Files\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.mm Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWKDLogs\BWTargetInf.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\inuse.txt Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\L0000003.FCS Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\main.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.idx Object is locked skipped
C:\Program Files\MSN\MSNCoreFiles\calendar.mar Object is locked skipped
C:\Program Files\MSN\MSNCoreFiles\mail.mar Object is locked skipped
C:\Program Files\MSN\MSNCoreFiles\market.mar Object is locked skipped
C:\Program Files\MSN\MSNCoreFiles\market32.mar Object is locked skipped
C:\Program Files\MSN\MSNCoreFiles\miadv.mar Object is locked skipped
C:\Program Files\MSN\MSNCoreFiles\mibas.mar Object is locked skipped
C:\Program Files\MSN\MSNCoreFiles\micd.mar Object is locked skipped
C:\Program Files\MSN\MSNCoreFiles\printing.mar Object is locked skipped
C:\Program Files\MSN\MSNCoreFiles\qos.mar Object is locked skipped
C:\Program Files\MSN\MSNCoreFiles\themedef.mar Object is locked skipped
C:\Program Files\MSN\MSNCoreFiles\themedef32.mar Object is locked skipped
C:\Program Files\MSN\MsnInstaller\install.mar Object is locked skipped
C:\Program Files\MSN\MsnInstaller\Resources\MSNClientBrand\en\us\vz02\9.50.433.0\brand.mar Object is locked skipped
C:\Program Files\NielsenNetratings\bin\pagecache.db Object is locked skipped
C:\Program Files\NielsenNetratings\bin\pagecache.idx Object is locked skipped
C:\Program Files\NielsenNetratings\bin\z.debug Object is locked skipped
C:\Program Files\Verizon Online\SupportCenter\log\mpbtn.log Object is locked skipped
C:\Program Files\Verizon Online\SupportCenter\SmartBridge\log\httpclient.log Object is locked skipped
C:\Program Files\Verizon Online\SupportCenter\SmartBridge\SmartBridge.log Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP619\A0056623.exe Infected: Trojan-Downloader.Win32.Zlob.dka skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP620\A0056659.exe Infected: Trojan-Downloader.Win32.Zlob.dka skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP621\A0056687.exe Infected: Trojan-Downloader.Win32.Zlob.dka skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP621\A0056704.exe Infected: Trojan-Downloader.Win32.Zlob.dka skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP671\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcafee_epeMxaNKvw6FQqe Object is locked skipped
C:\WINDOWS\Temp\mcmsc_f1s4GbcOG9Zvoqd Object is locked skipped
C:\WINDOWS\Temp\mcmsc_GbwwhhuBGwSFzWL Object is locked skipped
C:\WINDOWS\Temp\mcmsc_qX7PbnyW6I6xdvt Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
pskelley
2007-10-25, 16:50
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.
Hello Tanya, I appreciate it that you posted the correct information as the logs go but you have not told me anything about why you posted, what your problem is. Besides the fact your are running this:
C:\Program Files\NielsenNetratings\bin\insight.exe
and even though it is not "malware" I would not have it on my computer and...
see this: http://forums.spybot.info/showpost.php?p=12880&postcount=2
C:\Program Files\Java\j2re1.4.2_03\ <<< your Java program is VERY outdated and if it has not gotten you infected it is just a matter of time. I suggest you download the newest version from the link provided and then uninstall all old versions in Add Remove programs.
I see no other issues in the HJT log.
Kaspersky Online Scan:
Number of viruses found 6
Number of infected objects 13
Number of suspicious objects 4
C:\Documents and Settings\Administrator\.housecall6.6\Quarantine\ <<< delete the contents of the quarantine folder
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ <<< delete the contents of the Recovery folder
C:\Documents and Settings\Tanya\Application Data\setup_en[1].exe <<< delete that file
C:\Documents and Settings\Tanya\My Documents\My Downloads\SmitfraudFix.exe <<< delete Smitfraudfix, you should be done with it.
These are infected System Restore files, when you are sure the above junk is done, then restart your computer and do this:
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP619\A0056623.exe Infected: Trojan-Downloader.Win32.Zlob.dka skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP620\A0056659.exe Infected: Trojan-Downloader.Win32.Zlob.dka skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP621\A0056687.exe Infected: Trojan-Downloader.Win32.Zlob.dka skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP621\A0056704.exe Infected: Trojan-Downloader.Win32.Zlob.dka skipped
That will give you a clean Restore Point and a Kaspersky scan should be clean.
If you need more help or information please let me know.
Thanks
Sorry, I described my problem the other day, but did not include the logs. My computer is running very slow, I keep getting virtual memory errors and the only program I am using is Word. My computer locks up and takes forvever to load things. I called Dell and they said it sounds like a virus. The other day I lost my internet connection totally and a nice guy from Verizon helped me and said it definately sounded like a virus and helped me boot in safe mode, and when I did there was me and an administrator. He said it someone else has control of my PC. I can not make any changes, for instance when I try to change things in start up it tells me that I do not have admin right to make changes. A couple of weeks ago I think I had that virus that smithfraud fixes, I did run that and thought everything was ok, but I don't think so. The guy from Verizon told me to run virus scan, I can't remember the name it was something house call and it found many viruses. I"fixed" them and then I was able to login to the internet in regular mode. I know something is wrong, but I am not sure what. PLease help, I use the computer to do my school papers and research and all of these problems have gotten me behind.
HELP!!!!
I will update my Java tonight as soon as I get home.
Thanks
pskelley
2007-10-25, 20:43
Thanks much for the feedback, let chat a few moments. I do not want to take anything away from the value of the information the technicians you spoke to gave you. I have Verizon myself and sometimes I have connection issues I have to ask for help with. As far as Dell, seems they no longer help unless you pay for it. I am trying to say that as soon as they do not know what the problem is, they say it's a virus. It may be that you have some kind of hidden problem like a rootkit infection that the tools we are running at this point do not show. This will be something to think about, but I want you to know that while we can run additional scans to look for problems, the one you ran, Kaspersky, is one of the very best and you can see what it said:
Number of viruses found 6
Number of infected objects 13
I have found all of those and posted for you how to remove them, this is the only one active and dangerous:
C:\Documents and Settings\Tanya\Application Data\setup_en[1].exe <<< delete that file
Follow all of the instructions I posted for you carefully. I would like to see you remove that Neilson junk from your computer also.
There are many things that can cause this problem and malware is just one of them I will do my best to help you fix the problem if you follow my directions.
You sound a little unsure of yourself, so if any of my instructions are not clear, ask me to explain. Tell me if there is anyone in the house with more computer knowledge who can help us.
When you talk about error messages please type the complete message "word for word" so I can research it. Post this error message "virtual memory errors" word for word.
As soon as you see this information I will delete one of the posts you made just prior as they are duplicates. Complete the instructions I posted and then start looking at this information:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
As soon as you have completed the instructions, run a new Kaspersky scan and post the results so we can make sure it is clean.
I would also like to know how much RAM you have installed on the computer. Find out like this:
Point your mouse at MyComputer on the Desktop and right click then click on Properties. When the System Properties window opens in the lower right corner to the right of the big Dell word will be the amount of RAM installed on your computer. Post that information and close that Window.
You said this:
PLease help, I use the computer to do my school papers and research and all of these problems have gotten me behind.
I cannot guarantee fast, that is not the way to fix computer issues. If you need this computer now it would be best that you take it to a technician and they will charge plenty to fix it right away. If you do not have another computer you can borrow or use, like at school or the library, that will be a real problem.
Thanks
Your right, I know how to use Excel, Word and get on the internet. So I just delete the files? Is there a certain way I should do that? I know I am not computer savy. Also, I am a little worried that the computer might not let me. It seems that when I try to amke changes, the computer says that I do not have administrator rights to make changes. Can you confirm where I go to delete the files. I know I go to add/delete programs for programs, but where should I go of it is just a file.
Thank you for helping me!!!!! I can use my computer at work I will just have to stay later.
pskelley
2007-10-25, 22:24
Sounds like you need to get some help. I would like to say I have the time to teach you, but I just do not. I am helping around 75 members right now and my time is limited.
Take your time and read the instructions:
C:\Documents and Settings
\Administrator
\.housecall6.6
\Quarantine\ <<< delete the contents of the quarantine folder
navigate to each folder until you get that quarantine folder, then click Edit at the top and Select All then delete.
continue with the rest of the instruction.
Good luck
Ok, I was able to delete two of the files, but I cannot find these two.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ <<< delete the contents of the Recovery folder
C:\Documents and Settings\Tanya\Application Data\setup_en[1].exe <<< delete that file
I can get to all users and Tanya but then I cannot find Application Data.
Also, which version of Java should I download? The version # does not match up with the version # on the Spybot link?
I have 512MB Ram.
PLEASE HELP!!!! I REALLY APPRECIATE YOU HELPING!!!!!
I don't know what I would do without your help!!
What would cause my computer to not let me change the items that start up and tell me I need admin rights? When I start in safe mode, should there be my name and an admin?
pskelley
2007-10-26, 14:27
Since I did not set up the computer, it is hard to answer your questions. You may be signing in as a user and not as the administrator?
How long have you had this computer? If it is still in the warranty period you should ask these questions where you bought it. If it is under warranty, you are probably violating, something to consider.
Make sure all hidden files and folders are showing like this:
http://www.xtra.co.nz/help/0,,4155-1916458,00.html
same information:
Click Start > Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.
Try this: Open Spybot and then click on the white case with the red X. Delete anything in that Recovery area.
This one you must find, it is malware, it is possible the Applicate Data folder was hidden?
C:\Documents and Settings
\Tanya
\Application Data
\setup_en[1].exe <<< delete that file
JAVA: see this information at the link I provided:
Confused or having trouble downloading or installing? See the download help page.
» Supported System Configurations
JDK 6 Update 3 <<< this is the newest version, you may have difficulties, your version is very, very old, but it must be done, hackers use old Java version to infect you via exploits when you surf the web, see this:
http://www.theregister.com/2007/05/11/google_malware_map/
http://redtape.msnbc.com/2007/05/the_next_net_th.html
As soon as you have deleted the stuff you could not find, then follow these directions to clean your System Restore files:
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx
Same instructions as in the link:
Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Reboot
Turn ON System Restore,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
Now please run a new Kaspersky scan and post the results.
How long has it been since you opened the computer and used canned air to clean the dust out of the fans, etc?
How long has it been since you did maintneance like defrag and chkdsk?
When you have some time, and it may take an hour, I would like you to run a free diagnostic here:
http://www.pcpitstop.com/pcpitstop/
Tutorial: http://www.pcpitstop.com/techexpress/howto1.asp
Help with results: http://pcpitstop.invisionzone.com/index.php?showforum=6
1) You must register "free" so you can save the scan results and post them for me.
2) You must read and follow the directions carefully
3) When the test is over, there will be a link to your test results, copy and paste that link into this topic.
Thanks...Phil
Ok I will try that tonight. I have never hidden any files so I will try looking for it.MY computer is out of warranty as far as any help. Dell is not any help. If my computer breaks it is covered. They just had to switch out my fan about 4 months ago. I regularly use the air can to cleanit. I ran chk disk the other day, but notthing seem to happen?? I also did the defrag about a week ago. When I got the computer I just typed my name in every time it asked, maybe I will try to call Dell and ask about the admin thing, but I doubt they will be able to help me.
By the way what is a root kit infection??
THANK YOU FOR YOUR HELP!!!!!!!!
pskelley
2007-10-26, 14:44
Thanks for the feedback, continue with the instructions.
I do not know that you have a rootkit, we will cross that bridge when we come to it. Here is some information since you are curious.
http://www.google.com/search?hl=en&q=what+is+a+rootkit&btnG=Google+Search
Thanks...Phil:)
Here is the link to PC PIt Stop
http://www.pcpitstop.com/pcpitstop/Summary.asp?conid=18803232
The files were hidden I found them and deleted them and emptied the trash can.
I installed Java.
I deleted Neilsen Ratings.
I reset the restore points and created a new restore point.
I will put the new Kaspersky results in a new thread.
pskelley
2007-10-27, 11:54
Good morning, the PCPitstop link is not to your test results. Please click on the link first to make sure you are sending the correct one.
This IS NOT your information, it is only an example so you can see what the correct link will look like.
http://www.pcpitstop.com/pcpitstop/Summary.asp?TechExpress=QJ6AHWNZVEVSHBNV
Thanks
It says that I still have one virus??
Saturday, October 27, 2007 10:30:00 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 27/10/2007
Kaspersky Anti-Virus database records: 446914
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
Scan Statistics
Total number of scanned objects 173665
Number of viruses found 1
Number of infected objects 1
Number of suspicious objects 0
Duration of the scan process 01:46:11
Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{EDE102F1-E149-46A0-95F2-499C147ED125}.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR33.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Tanya\Application Data\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt.log Object is locked skipped
C:\Documents and Settings\Tanya\Application Data\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt_GTActions.log Object is locked skipped
C:\Documents and Settings\Tanya\Application Data\GTek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt.log Object is locked skipped
C:\Documents and Settings\Tanya\Application Data\GTek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped
C:\Documents and Settings\Tanya\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\History\History.IE5\MSHist012007102620071027\index.dat Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\History\History.IE5\MSHist012007102720071028\index.dat Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Temp\me_8Y2E5qI0DBcNZg4 Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Temp\me_9GPihYLTSFQDJeA Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Temp\me_Kq6ervSWTREpt58 Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Temp\me_rbm32L6qpeZDW76 Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Temp\me_SPFObG65B4Asahd Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Temp\_hphtra07.log Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Temp\~DF58D2.tmp Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Tanya\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Tanya\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Tanya\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Verizon Online\SFP\vzbb.dll Infected: not-a-virus:AdWare.Win32.MegaSearch.b skipped
C:\Program Files\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.me Object is locked skipped
C:\Program Files\Kodak\Kodak EasyShare software\bin\Catalog\EasyShare.mm Object is locked skipped
C:\Program Files\Verizon Online\SupportCenter\log\mpbtn.log Object is locked skipped
C:\Program Files\Verizon Online\SupportCenter\SmartBridge\log\httpclient.log Object is locked skipped
C:\Program Files\Verizon Online\SupportCenter\SmartBridge\SmartBridge.log Object is locked skipped
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{FFDE135B-DC33-4F22-9C12-90B6ED0C77C7}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\mcafee_NulrNooxMB36OFh Object is locked skipped
C:\WINDOWS\Temp\mcmsc_AvZ2Cf3YW3V08lf Object is locked skipped
C:\WINDOWS\Temp\mcmsc_hhv496CK8DDDjD6 Object is locked skipped
C:\WINDOWS\Temp\mcmsc_uB1ND09j0eoS51j Object is locked skipped
C:\WINDOWS\Temp\mcmsc_vQtI8mCQei9udJF Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
I copied what I could, I do not see aplace where I can send you a link??
THANKS!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Test Results Summary
Computer Name: USER-A444FC5B7F
Date Tested: Thu Oct 25 14:37:35 EDT 2007
This system performs extremely well on our benchmarks and appears to be among the fastest systems available! See the information below for your system details and advice on how to tweak the hardware and software for best performance.
Customized Tune-up Tips
• Unusually low video performance
• Slow Internet performance - bandwidth
• Saving Web Page Passwords with Firefox May Present a Security Risk
• Enable System Restore
This is your customized advice based on PC Pitstop's tests. Click on an item at left to find out what it means and what to do. Customized Tune-up Tips
• Unusually low video performance
• Slow Internet performance - bandwidth
• Saving Web Page Passwords with Firefox May Present a Security Risk
• Enable System Restore
Configuration Summary: Our analysis was based on the data collected from this computer. A summary of the data collected is shown below. Click on any of the subsystem names or flags in the table below to see more information, or use the test details to see all the data on one page. For a list of programs running on your computer, including spyware, see the Windows details page. The test history page has a summary of previous tests for this configuration. See how your system compares to others we've tested.
Subsystem Status Description
System Intel Core2, 1860 MHz
Memory 1024MB RAM
Disk Drives C, D
Video NVIDIA GeForce 7600 GS
Internet MSIE 6.0; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; MEGAUPLOAD 1.0; Alexa Toolbar
Windows Windows XP Pro SP2
Security
Compare
Serious
Problem Minor
Problem A Winner! • Suggestion Your Score?
Click Here
pskelley
2007-10-27, 17:00
Kaspersky Online Scanner Saturday, October 27, 2007 10:30:00 AM
C:\Program Files\Common Files\Verizon Online\SFP\vzbb.dll Infected: not-a-virus:AdWare.Win32.MegaSearch.b skipped
See this: http://www.castlecops.com/tk1923-Verizon_Broadband_Toolbar.html
Kaspersky has wrongly identified a file needed with the Verizon Toolbar as aware.
http://www.google.com/search?hl=en&q=vzbb.dll+&btnG=Google+Search
That item appears to be safe so your Kaspersky scan is clean.
PCPitStop Diagnostic report:
I need that link, please DO NOT copy the information, there is much to much information and I need to see it all. Did you register "free" as instructed? If not you might not get a link. If you can not figure out how to post that link, ask for some help from someone who can.
Thanks
Do you still think it is possible that I have a root kit infection? I still do not have rights to change my start up items, it tells me I need admin rights?
THANKS
http://www.pcpitstop.com/techexpress.asp?id=KAY0HW6LDCVS7N0V
It says that this is my link, is this i????
pskelley
2007-10-27, 20:15
I really do not think so, but we are still going to check for a rootkit infection. I am not really sure why you are having this problem. Malware may have changed some settings?
The next time you post, I want you to post the message you receive from Windows "word for word". Post also any other error messages you are receiving in the same manner.
Include with that information any other symptoms you think I should know about.
Looking at the diagnostic report: Not too bad of a report, no major issues. You should click these links and make the changes they advise to the best of your ability.
Customized Tune-up Tips
• Internet Explorer cache overflow
• Sub Optimal Internet Performance
• Adjust IE browser cache size
• Reduce System Restore space (Drive C)
Like the first on: Internet Explorer cache overflow
Systems with a cache overflow act erratically when browsing the internet. Microsoft documents several of these problems, such as 306907 and 260650, that you might not associate with a full cache.
Thoise numbers are Microsoft Knowledge Base numbers where you can read more.
My advice would be to look over all information and benefit from their advice.
Let's run a tool to look for hidden infections:
Click here to download AVG Anti Rootkit and save it to your desktop.
http://beta.grisoft.cz/beta/betarep.files/antirootkit/AVG_AntiRootkit_1.0.0.13.exe
Double-click on the AVG_AntiRootkit_1.0.0.13.exe file to run it.
Click "I Agree" to agree to the EULA.
By default it will install to "G:\Program Files\GRISOFT\AVG Anti-Rootkit Beta".
Click "Next" to begin the installation then click "Install".
It will then ask you to reboot now to finish the installation.
Click "Finish" and your computer will reboot.
After it reboots, double-click on the AVG Anti-Rootkit Beta shortcut that is now on your desktop.
Click on the "Perform in-depth search" button to begin the scan.
The scan will take a while so be patient and let it complete.
When the scan is finished, click the "Save result to file" button.
Save the scan results to your desktop then come back here to copy
and paste the results in your next reply to this thread.
Thanks
HI
Here is the error message when I tried to make changes to my startup programs
"An Access denied error was returned while attempting to change a service. You may need to log on using an Administrator account to make the specified changes."
Hi Here is the other error I get, the only application I have open is Word.
Windows Virtual Memory Minimum too Low
"Your system is low on virtual memory. Windows is increasing the size of your virtual memory paging file. During this process, memory requests for sopme applications may be denied."
pskelley
2007-10-28, 12:30
http://www.aumha.org/win5/a/xpvm.php
http://www.google.com/search?hl=en&q=Windows+Virtual+Memory+Minimum+too+Low&btnG=Google+Search
http://www.google.com/search?hl=en&q=An+Access+denied+error+was+returned+while+attempting+to+change+a+service.+You+may+need+to+log+on+using+an+Administrator+account+to+make+the+specified+changes&btnG=Search
http://www.google.com/search?hl=en&q=An+Access+denied+error+was+returned+while+attempting+to+change+a+service&btnG=Search
http://www.kellys-korner-xp.com/win_xp_passwords.htm
Please note that all I am doing is using Google and entering the exact information you provide. You can do that.
Thanks
I will read over the thinks, I was just concerned that some type of virus was causing the problem.
Thanks for your help.
Do you think everything is good now?
Tanya
pskelley
2007-10-28, 20:24
I am still waiting for the results of the AVG Anti Rootkit scan.
Thanks
Hi
THe rootscan said that no rootkits were found and did not provide any results for me to save.
THanks
Tanya
pskelley
2007-10-29, 17:06
Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml
Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.