Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

NOD 32 log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

NOD 32 log

Unread postby pac73 » January 7th, 2007, 7:03 pm

Can someone have a look at my hjt log,and my nod32 log.And could you tell me why theres so many things skipped in my nod32 log,thanks paul.Logfile of HijackThis v1.99.1
Scan saved at 23:03:28, on 07/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\4979\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Generic\Seticon.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\SiteAdvisor\4979\SiteAdv.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Steve McQueen\My Documents\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.co.uk/nwshp?ie=UTF-8 ... &tab=wn&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\4979\SiteAdv.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4979\SiteAdv.dll
O4 - HKLM\..\Run: [SetIcon] "C:\Program Files\Generic\Seticon.exe"
O4 - HKLM\..\Run: [WinPatrol] "C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\4979\SiteAdv.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.co.uk
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - http://www.linkedin.com/cab/LinkedInCon ... ontrol.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1225703906
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\4979\SiteAdv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\4979\SAService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

NOD32 LOG.Scan performed at: 07/01/2007 22:17:25
Scanning Log
NOD32 version 1960 (20070106) NT
Operating memory - is OK
MBR sector of the 2. physical disk - Error reading disk sector
MBR sector of the 3. physical disk - Error reading disk sector

Date: 7.1.2007 Time: 22:19:43
Anti-Stealth technology is enabled.
Scanned disks, folders and files: A:; C:; D:; E:; F:; G:; H:; I:; J:; K:
Boot sector of disk A: - Error reading disk sector
Path A:\ is invalid.
C:\hiberfil.sys - error opening (File locked) [4]
C:\pagefile.sys - error opening (File locked) [4]
C:\Documents and Settings\NetworkService\NTUSER.DAT - error opening (File locked) [4]
C:\Documents and Settings\NetworkService\ntuser.dat.LOG - error opening (File locked) [4]
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Data\settings.dat - error opening (File locked) [4]
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening (File locked) [4]
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening (File locked) [4]
C:\Documents and Settings\Steve McQueen\ntuser.dat - error opening (File locked) [4]
C:\Documents and Settings\Steve McQueen\ntuser.dat.LOG - error opening (File locked) [4]
C:\Documents and Settings\Steve McQueen\Application Data\Mozilla\Firefox\Profiles\mo8vtpeo.pauls\parent.lock - error opening (File locked) [4]
C:\Documents and Settings\Steve McQueen\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening (File locked) [4]
C:\Documents and Settings\Steve McQueen\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening (File locked) [4]
C:\Program Files\Webroot\Spy Sweeper\Masters.base - error opening (Access denied) [4]
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak - error opening (Access denied) [4]
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const - error opening (Access denied) [4]
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst - error opening (Access denied) [4]
C:\System Volume Information\MountPointManagerRemoteDatabase - error opening (Access denied) [4]
C:\WINDOWS\$NtUninstallApplication Compatibility Update$\apphelp.sdb - error opening (Access denied) [4]
C:\WINDOWS\$NtUninstallApplication Compatibility Update$\apps.chm - error opening (Access denied) [4]
C:\WINDOWS\$NtUninstallApplication Compatibility Update$\drvmain.sdb - error opening (Access denied) [4]
C:\WINDOWS\$NtUninstallApplication Compatibility Update$\msimain.sdb - error opening (Access denied) [4]
C:\WINDOWS\$NtUninstallApplication Compatibility Update$\sysmain.sdb - error opening (Access denied) [4]
C:\WINDOWS\$NtUninstallApplication Compatibility Update$\udfs.sys - error opening (Access denied) [4]
C:\WINDOWS\$NtUninstallApplication Compatibility Update$\spuninst\spuninst.inf - error opening (Access denied) [4]
C:\WINDOWS\$NtUninstallQ307274$\spuninst\spuninst.inf - error opening (Access denied) [4]
C:\WINDOWS\$NtUninstallQ307869$\migapp.inf - error opening (Access denied) [4]
C:\WINDOWS\$NtUninstallQ307869$\spuninst\spuninst.inf - error opening (Access denied) [4]
C:\WINDOWS\$NtUninstallQ308276$\spuninst\spuninst.inf - error opening (Access denied) [4]
C:\WINDOWS\$NtUninstallQ308677$\spuninst\spuninst.inf - error opening (Access denied) [4]
C:\WINDOWS\$NtUninstallQ309376$\rdbss.sys - error opening (Access denied) [4]
C:\WINDOWS\$NtUninstallQ309376$\spuninst\spuninst.inf - error opening (Access denied) [4]
C:\WINDOWS\$NtUninstallQ309495$\spuninst\spuninst.inf - error opening (Access denied) [4]
C:\WINDOWS\$NtUninstallQ310437$\spuninst\spuninst.inf - error opening (Access denied) [4]
C:\WINDOWS\$NtUninstallQ310507$\aec.sys - error opening (Access denied) [4]
C:\WINDOWS\$NtUninstallQ310507$\splitter.sys - error opening (Access denied) [4]
C:\WINDOWS\$NtUninstallQ310507$\spuninst\spuninst.inf - error opening (Access denied) [4]
C:\WINDOWS\$NtUninstallQ311889$\spuninst\spuninst.inf - error opening (Access denied) [4]
C:\WINDOWS\$NtUninstallQ312368$\spuninst\spuninst.inf - error opening (Access denied) [4]
C:\WINDOWS\$NtUninstallQ312370$\usbhub.sys - error opening (Access denied) [4]
C:\WINDOWS\$NtUninstallQ312370$\usbport.sys - error opening (Access denied) [4]
C:\WINDOWS\$NtUninstallQ312370$\spuninst\spuninst.inf - error opening (Access denied) [4]
C:\WINDOWS\$NtUninstallQ314862$\spuninst\spuninst.inf - error opening (Access denied) [4]
C:\WINDOWS\$NtUninstallQ315000$\spuninst\spuninst.inf - error opening (Access denied) [4]
C:\WINDOWS\$NtUninstallQ318966$\spuninst\Q318966.log - error opening (Access denied) [4]
C:\WINDOWS\SoftwareDistribution\EventCache\{51B471B3-2690-4A0D-839C-10473856C8C6}.bin - error opening (File locked) [4]
C:\WINDOWS\system32\config\default - error opening (File locked) [4]
C:\WINDOWS\system32\config\default.LOG - error opening (File locked) [4]
C:\WINDOWS\system32\config\SAM - error opening (File locked) [4]
C:\WINDOWS\system32\config\SAM.LOG - error opening (File locked) [4]
C:\WINDOWS\system32\config\SECURITY - error opening (File locked) [4]
C:\WINDOWS\system32\config\SECURITY.LOG - error opening (File locked) [4]
C:\WINDOWS\system32\config\software - error opening (File locked) [4]
C:\WINDOWS\system32\config\software.LOG - error opening (File locked) [4]
C:\WINDOWS\system32\config\system - error opening (File locked) [4]
C:\WINDOWS\system32\config\system.LOG - error opening (File locked) [4]
D:\System Volume Information\MountPointManagerRemoteDatabase - error opening (Access denied) [4]
Path F:\ is invalid.
Path G:\ is invalid.
Path H:\ is invalid.
Path I:\ is invalid.
Path J:\ is invalid.
Path K:\ is invalid.
Number of scanned files: 46722
Number of threats found: 0
Time of completion: 22:34:55 Total scanning time: 912 sec (00:15:12)

Notes:
[4] File cannot be opened. It may be in use by another application or operating system.
pac73
Regular Member
 
Posts: 52
Joined: February 10th, 2006, 6:02 pm
Location: st helens,merseyside
Advertisement
Register to Remove

Unread postby Navigator » January 8th, 2007, 8:28 pm

Hello pac73...welcome to malware removal!

I do not see anything malicious in your HJT log....is your computer having any problems?

All of the Nod32 files that were 'skipped' appear to be files that were in use by the system at the time of the scan...a quick perusal of those files does not lead me to believe that any of them are likely to be malicious....we see the same kind of entries in Kaspersky logs too.

Your Java program is out of date, and you can correct that by doing the following (out of date Java programs can be a security risk for your system):

Update Java and Remove old Java Versions
  • Download the latest version of Java Runtime Environment (JRE) 6.<== scroll down the list to find THIS entry
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Remove older Java Versions:
  • Close any programs you may have running - especially your web browser.
  • Go to Start >> Control Panel double-click on Add/Remove Programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
Install latest Java Version:
  • From your desktop, double-click on jre-6-windows-i586.exe to install the newest version.


Let me know if your comptuer is having any particular problems, and then we can go from there...but I believe your HJT log to be 'clean'...
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Unread postby pac73 » January 8th, 2007, 8:51 pm

Cheers navigator.Everythings working fine,i was a bit worried when i saw all the locked and skipped files in my nod32 log.
pac73
Regular Member
 
Posts: 52
Joined: February 10th, 2006, 6:02 pm
Location: st helens,merseyside

Unread postby Navigator » January 8th, 2007, 8:59 pm

Cheers to you too....glad to be of assistance!

Good luck.... :D
User avatar
Navigator
MRU Honors Grad Emeritus
 
Posts: 1237
Joined: December 21st, 2005, 8:35 pm
Location: Missouri

Unread postby NonSuch » January 13th, 2007, 5:27 am

Glad we could be of assistance.

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27236
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 42 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware