PDA

View Full Version : Microsoft.WindowsSecurityCenter_disabled and Microsoft.Windows.Security.IE



Nieuwhof
2006-12-24, 14:58
These 2 items keep coming back after Spy Bot fixed them (see log).
My computer is not starting up that good. Hangs often while booting or while starting Windows. Do these 2 items have something to do with the starting problem. How do i get rid of them for good?

Tx for your help.

Nick.

Mr_JAk3
2006-12-24, 19:29
Hi Nieuwhof and welcome to Safer Networking Forums :D:

Please post a HijackThis log to here: Click here (http://downloads.malwareremoval.com/HijackThis.exe) to download HijackThis.exe
Save HijackThis.exe to your desktop.
Create a new folder named HijackThis to your desktop. Move Hijackthis.exe into that folder.
Run HijackThis.exe
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

Nieuwhof
2006-12-27, 14:21
Hi,

As you asked the Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 12:41:23, on 26-12-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Windows Defender\MsMpEng.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
F:\WINDOWS\Explorer.EXE
F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
F:\WINDOWS\system32\LckFldService.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\ZoneLabs\vsmon.exe
F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE
F:\WINDOWS\system32\RUNDLL32.EXE
F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
F:\Program Files\Windows Defender\MSASCui.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\Program Files\MSN Messenger\MsnMsgr.Exe
F:\Program Files\Messenger\msmsgs.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\DialerDetect\dd.exe
F:\Program Files\HistoryKill\histkill.exe
F:\Program Files\Wisdom-soft ScreenHunter\ScreenHunter.exe
F:\Program Files\HistoryKill\hkPopupKiller.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Pinnacle\Studio 9\programs\studio.exe
F:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startpagina.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.nl/0SENLNL/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Browster BrwIEConnector - {908A31E8-2A6E-4736-8E8A-AAF00C4AE38F} - F:\Program Files\Browster\Browster.dll
O2 - BHO: CallingID - {9AD9826C-E2B6-4E24-A3AC-C49A505BD0EA} - F:\Program Files\CallingID\CallingID.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - F:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: De Telefoongids - {790C1F44-C559-434B-BE18-13C042555D8E} - F:\Program Files\De Telefoongids Zoekbalk\PhoneShell.dll
O3 - Toolbar: CallingID - {AC897D33-1DB7-4151-B425-2DA88D5A6BED} - F:\Program Files\CallingID\CallingID.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - F:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Browster - {2EF39867-654F-48b6-8F93-B4FC3E8C6844} - F:\Program Files\Browster\Browster.dll
O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PCLEPCI] F:\PROGRA~1\Pinnacle\PPE\PPE.EXE
O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Zone Labs Client] "F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Windows Defender] "F:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Dialer Detect.lnk = F:\Program Files\DialerDetect\dd.exe
O4 - Startup: HistoryKill 2003.lnk = F:\Program Files\HistoryKill\histkill.exe
O4 - Startup: ScreenHunter 4.0 Free.lnk = F:\Program Files\Wisdom-soft ScreenHunter\ScreenHunter.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Telefoongids - {FCA46C9D-25D2-4bbb-810A-EA8B0A1741B4} - F:\Program Files\De Telefoongids Zoekbalk\PhoneShell.dll
O9 - Extra 'Tools' menuitem: De Telefoongids - {FCA46C9D-25D2-4bbb-810A-EA8B0A1741B4} - F:\Program Files\De Telefoongids Zoekbalk\PhoneShell.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://sgserver1.schieland.nl/CitrixSessionInit/ICAWEB/en/ica32/wficat.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "F:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - F:\Program Files\ISO Recorder\ImapiHelper.exe
O23 - Service: LckFldService - Unknown owner - F:\WINDOWS\system32\LckFldService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - f:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - F:\WINDOWS\system32\ZoneLabs\vsmon.exe

Tx for helping out.

Nick.

Mr_JAk3
2006-12-27, 18:18
Hi :)

I couldn't see any visible signs of malware in HijackThis log. Those spybot findings shouldn't affect the boot but we'll get back to those later.

Please do an online scan with Kaspersky WebScanner (http://www.kaspersky.com/virusscanner)

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT

Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)

Scan Options:
Scan Archives
Scan Mail Bases

Click OK
Now under select a target to scan:Select My Computer

This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

Download F-Secure Blacklight (http://www.f-secure.com/blacklight/try_blacklight.html) and save it to your desktop.

Doubleclick blbeta.exe, accept the agreement, click Scan, then click Next

You'll see a list what have been found. A log will appear to your desktop, it is named fsbl.xxxxxxx.log (xxxxxxx will be random numbers).

DON'T choose Rename if something was found!

Post the contents of fsbl.xxxx.log to here (blacklight log from your desktop)

Nieuwhof
2006-12-28, 13:38
Hi Mr. Jak3,

As you advised i scanned my computer. Results:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, December 28, 2006 12:02:05 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 28/12/2006
Kaspersky Anti-Virus database records: 254660
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 115458
Number of viruses found: 10
Number of infected objects: 25 / 0
Number of suspicious objects: 0
Duration of the scan process: 02:08:40

Infected Object Name / Virus Name / Last Action
C:\Downloads\Niet geinstalleerd (bewaren)\Anti spam software\BSM18.zip/BSM18.exe Infected: not-a-virus:NetTool.Win32.BSM.18 skipped
C:\Downloads\Niet geinstalleerd (bewaren)\Anti spam software\BSM18.zip ZIP: infected - 1 skipped
C:\Downloads\Nog opnieuw installeren\bikinissinstaller.exe/WISE0008.BIN/WISE0018.BIN Infected: not-a-virus:AdWare.Win32.AdvancedSearchBar skipped
C:\Downloads\Nog opnieuw installeren\bikinissinstaller.exe/WISE0008.BIN/WISE0021.BIN Infected: not-a-virus:AdWare.Win32.AdvancedSearchBar skipped
C:\Downloads\Nog opnieuw installeren\bikinissinstaller.exe/WISE0008.BIN Infected: not-a-virus:AdWare.Win32.AdvancedSearchBar skipped
C:\Downloads\Nog opnieuw installeren\bikinissinstaller.exe WiseSFX: infected - 3 skipped
C:\Downloads\Nog opnieuw installeren\bikinissinstaller.exe WiseSFX Dropper: infected - 3 skipped
C:\Downloads\Nog opnieuw installeren\dvdcx20.exe/data0004/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
C:\Downloads\Nog opnieuw installeren\dvdcx20.exe/data0004/v2.0.2.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
C:\Downloads\Nog opnieuw installeren\dvdcx20.exe/data0004/v2.0.2.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped
C:\Downloads\Nog opnieuw installeren\dvdcx20.exe/data0004/v2.0.2.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel skipped
C:\Downloads\Nog opnieuw installeren\dvdcx20.exe/data0004/v2.0.2.cab Infected: not-a-virus:AdWare.Win32.NavExcel skipped
C:\Downloads\Nog opnieuw installeren\dvdcx20.exe/data0004 Infected: not-a-virus:AdWare.Win32.NavExcel skipped
C:\Downloads\Nog opnieuw installeren\dvdcx20.exe Inno: infected - 6 skipped
C:\Downloads\Nog opnieuw installeren\setupneoaudio.exe/data0002 Infected: not-a-virus:AdWare.Win32.IPInsight.a skipped
C:\Downloads\Nog opnieuw installeren\setupneoaudio.exe/data0003 Infected: not-a-virus:AdWare.Win32.IGetNet skipped
C:\Downloads\Nog opnieuw installeren\setupneoaudio.exe/data0035 Infected: not-a-virus:AdWare.Win32.SaveNow.bx skipped
C:\Downloads\Nog opnieuw installeren\setupneoaudio.exe/data0036 Infected: not-a-virus:AdWare.Win32.EZula.d skipped
C:\Downloads\Nog opnieuw installeren\setupneoaudio.exe/data0037/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.v skipped
C:\Downloads\Nog opnieuw installeren\setupneoaudio.exe/data0037/data0003 Infected: not-a-virus:AdWare.Win32.BargainBuddy.a skipped
C:\Downloads\Nog opnieuw installeren\setupneoaudio.exe/data0037 Infected: not-a-virus:AdWare.Win32.BargainBuddy.a skipped
C:\Downloads\Nog opnieuw installeren\setupneoaudio.exe NSIS: infected - 7 skipped
C:\Downloads\Nog opnieuw installeren\SetupRevelationV2.exe/WISE0012.BIN Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\Downloads\Nog opnieuw installeren\SetupRevelationV2.exe/WISE0013.BIN Infected: not-a-virus:PSWTool.Win32.SnadBoy.2011 skipped
C:\Downloads\Nog opnieuw installeren\SetupRevelationV2.exe WiseSFX: infected - 2 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\Documents and Settings\All Users\Application Data\AVG7\Log\emc.log Object is locked skipped
F:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
F:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
F:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-12082006-102116.log Object is locked skipped
F:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
F:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
F:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
F:\Documents and Settings\LocalService\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
F:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
F:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
F:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
F:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
F:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
F:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
F:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
F:\Documents and Settings\Niek\Cookies\index.dat Object is locked skipped
F:\Documents and Settings\Niek\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
F:\Documents and Settings\Niek\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
F:\Documents and Settings\Niek\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{68E79F95-A768-4943-BE56-637491448C8B} Object is locked skipped
F:\Documents and Settings\Niek\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
F:\Documents and Settings\Niek\Local Settings\Geschiedenis\History.IE5\MSHist012006122820061229\index.dat Object is locked skipped
F:\Documents and Settings\Niek\Local Settings\Temp\~DF7B69.tmp Object is locked skipped
F:\Documents and Settings\Niek\Local Settings\Temp\~DFE49B.tmp Object is locked skipped
F:\Documents and Settings\Niek\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
F:\Documents and Settings\Niek\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
F:\Documents and Settings\Niek\NTUSER.DAT Object is locked skipped
F:\Documents and Settings\Niek\NTUSER.DAT.LOG Object is locked skipped
F:\Program Files\HistoryKill\allowlog.txt Object is locked skipped
F:\Program Files\HistoryKill\blocklog.txt Object is locked skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\System Volume Information\_restore{E3A60377-B8C8-462E-B50C-97A39AD5F441}\RP663\change.log Object is locked skipped
F:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
F:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
F:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
F:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
F:\WINDOWS\Internet Logs\MEDION.ldb Object is locked skipped
F:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
F:\WINDOWS\SchedLgU.Txt Object is locked skipped
F:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
F:\WINDOWS\Sti_Trace.log Object is locked skipped
F:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
F:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
F:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
F:\WINDOWS\system32\config\default Object is locked skipped
F:\WINDOWS\system32\config\default.LOG Object is locked skipped
F:\WINDOWS\system32\config\Internet.evt Object is locked skipped
F:\WINDOWS\system32\config\SAM Object is locked skipped
F:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
F:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
F:\WINDOWS\system32\config\SECURITY Object is locked skipped
F:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
F:\WINDOWS\system32\config\software Object is locked skipped
F:\WINDOWS\system32\config\software.LOG Object is locked skipped
F:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
F:\WINDOWS\system32\config\system Object is locked skipped
F:\WINDOWS\system32\config\system.LOG Object is locked skipped
F:\WINDOWS\system32\h323log.txt Object is locked skipped
F:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
F:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
F:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
F:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
F:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
F:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
F:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
F:\WINDOWS\Temp\hsperfdata_SYSTEM\2336 Object is locked skipped
F:\WINDOWS\Temp\ZLT04beb.TMP Object is locked skipped
F:\WINDOWS\Temp\ZLT04bf5.TMP Object is locked skipped
F:\WINDOWS\wiadebug.log Object is locked skipped
F:\WINDOWS\wiaservc.log Object is locked skipped
F:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

12/28/06 12:18:24 [Info]: BlackLight Engine 1.0.47 initialized
12/28/06 12:18:24 [Info]: OS: 5.1 build 2600 (Service Pack 2)
12/28/06 12:18:24 [Note]: 7019 4
12/28/06 12:18:24 [Note]: 7005 0
12/28/06 12:18:39 [Note]: 7006 0
12/28/06 12:18:39 [Note]: 7011 1528
12/28/06 12:18:39 [Note]: 7026 0
12/28/06 12:18:39 [Note]: 7026 0
12/28/06 12:18:51 [Note]: FSRAW library version 1.7.1020
12/28/06 12:18:51 [Note]: 2000 1012
12/28/06 12:25:10 [Note]: 2000 1012
12/28/06 12:27:03 [Note]: 7007 0
-----------------------------------------
Nothing was found.

The problem could be caused by hardware problems (?). Computer is now 5 years old, harddisks are 1 (boot, master) to 3 (slave) years old.

Anyway, maybe the scan results will tell you that something is wrong (some problems in older downloaded files, not in use i think at this time).

Thanks again for your help.

Nick.

Mr_JAk3
2006-12-29, 11:16
Hi :)

Delete the infected installers:
C:\Downloads\Nog opnieuw installeren\bikinissinstaller.exe
C:\Downloads\Nog opnieuw installeren\dvdcx20.exe
C:\Downloads\Nog opnieuw installeren\setupneoaudio.exe
C:\Downloads\Nog opnieuw installeren\SetupRevelationV2.exe

Then the Spybot findings, those tell that some security settings have been changed. You may ignore those if you have made the changes on purpose. You are using Spybot 1.3 and you should update it to the latest version.

Have you disabled Windows Securty Center on purpose ?

tashi
2007-01-05, 08:47
This topic has been archived.

If you need it re-opened please send me a private message (pm) and provide a link to the thread. Applies only to the original topic starter.