Scan saved at 23:03:28, on 07/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiteAdvisor\4979\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Generic\Seticon.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\SiteAdvisor\4979\SiteAdv.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Steve McQueen\My Documents\hjt\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.co.uk/nwshp?ie=UTF-8 ... &tab=wn&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\4979\SiteAdv.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4979\SiteAdv.dll
O4 - HKLM\..\Run: [SetIcon] "C:\Program Files\Generic\Seticon.exe"
O4 - HKLM\..\Run: [WinPatrol] "C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\4979\SiteAdv.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.co.uk
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - http://www.linkedin.com/cab/LinkedInCon ... ontrol.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1225703906
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\4979\SiteAdv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\4979\SAService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
NOD32 LOG.Scan performed at: 07/01/2007 22:17:25
Scanning Log
NOD32 version 1960 (20070106) NT
Operating memory - is OK
MBR sector of the 2. physical disk - Error reading disk sector
MBR sector of the 3. physical disk - Error reading disk sector
Date: 7.1.2007 Time: 22:19:43
Anti-Stealth technology is enabled.
Scanned disks, folders and files: A:; C:; D:; E:; F:; G:; H:; I:; J:; K:
Boot sector of disk A: - Error reading disk sector
Path A:\ is invalid.
C:\hiberfil.sys - error opening (File locked) [4]
C:\pagefile.sys - error opening (File locked) [4]
C:\Documents and Settings\NetworkService\NTUSER.DAT - error opening (File locked) [4]
C:\Documents and Settings\NetworkService\ntuser.dat.LOG - error opening (File locked) [4]
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Data\settings.dat - error opening (File locked) [4]
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening (File locked) [4]
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening (File locked) [4]
C:\Documents and Settings\Steve McQueen\ntuser.dat - error opening (File locked) [4]
C:\Documents and Settings\Steve McQueen\ntuser.dat.LOG - error opening (File locked) [4]
C:\Documents and Settings\Steve McQueen\Application Data\Mozilla\Firefox\Profiles\mo8vtpeo.pauls\parent.lock - error opening (File locked) [4]
C:\Documents and Settings\Steve McQueen\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening (File locked) [4]
C:\Documents and Settings\Steve McQueen\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening (File locked) [4]
C:\Program Files\Webroot\Spy Sweeper\Masters.base - error opening (Access denied) [4]
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak - error opening (Access denied) [4]
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const - error opening (Access denied) [4]
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst - error opening (Access denied) [4]
C:\System Volume Information\MountPointManagerRemoteDatabase - error opening (Access denied) [4]
C:\WINDOWS\$NtUninstallApplication Compatibility Update$\apphelp.sdb - error opening (Access denied) [4]
C:\WINDOWS\$NtUninstallApplication Compatibility Update$\apps.chm - error opening (Access denied) [4]
C:\WINDOWS\$NtUninstallApplication Compatibility Update$\drvmain.sdb - error opening (Access denied) [4]
C:\WINDOWS\$NtUninstallApplication Compatibility Update$\msimain.sdb - error opening (Access denied) [4]
C:\WINDOWS\$NtUninstallApplication Compatibility Update$\sysmain.sdb - error opening (Access denied) [4]
C:\WINDOWS\$NtUninstallApplication Compatibility Update$\udfs.sys - error opening (Access denied) [4]
C:\WINDOWS\$NtUninstallApplication Compatibility Update$\spuninst\spuninst.inf - error opening (Access denied) [4]
C:\WINDOWS\$NtUninstallQ307274$\spuninst\spuninst.inf - error opening (Access denied) [4]
C:\WINDOWS\$NtUninstallQ307869$\migapp.inf - error opening (Access denied) [4]
C:\WINDOWS\$NtUninstallQ307869$\spuninst\spuninst.inf - error opening (Access denied) [4]
C:\WINDOWS\$NtUninstallQ308276$\spuninst\spuninst.inf - error opening (Access denied) [4]
C:\WINDOWS\$NtUninstallQ308677$\spuninst\spuninst.inf - error opening (Access denied) [4]
C:\WINDOWS\$NtUninstallQ309376$\rdbss.sys - error opening (Access denied) [4]
C:\WINDOWS\$NtUninstallQ309376$\spuninst\spuninst.inf - error opening (Access denied) [4]
C:\WINDOWS\$NtUninstallQ309495$\spuninst\spuninst.inf - error opening (Access denied) [4]
C:\WINDOWS\$NtUninstallQ310437$\spuninst\spuninst.inf - error opening (Access denied) [4]
C:\WINDOWS\$NtUninstallQ310507$\aec.sys - error opening (Access denied) [4]
C:\WINDOWS\$NtUninstallQ310507$\splitter.sys - error opening (Access denied) [4]
C:\WINDOWS\$NtUninstallQ310507$\spuninst\spuninst.inf - error opening (Access denied) [4]
C:\WINDOWS\$NtUninstallQ311889$\spuninst\spuninst.inf - error opening (Access denied) [4]
C:\WINDOWS\$NtUninstallQ312368$\spuninst\spuninst.inf - error opening (Access denied) [4]
C:\WINDOWS\$NtUninstallQ312370$\usbhub.sys - error opening (Access denied) [4]
C:\WINDOWS\$NtUninstallQ312370$\usbport.sys - error opening (Access denied) [4]
C:\WINDOWS\$NtUninstallQ312370$\spuninst\spuninst.inf - error opening (Access denied) [4]
C:\WINDOWS\$NtUninstallQ314862$\spuninst\spuninst.inf - error opening (Access denied) [4]
C:\WINDOWS\$NtUninstallQ315000$\spuninst\spuninst.inf - error opening (Access denied) [4]
C:\WINDOWS\$NtUninstallQ318966$\spuninst\Q318966.log - error opening (Access denied) [4]
C:\WINDOWS\SoftwareDistribution\EventCache\{51B471B3-2690-4A0D-839C-10473856C8C6}.bin - error opening (File locked) [4]
C:\WINDOWS\system32\config\default - error opening (File locked) [4]
C:\WINDOWS\system32\config\default.LOG - error opening (File locked) [4]
C:\WINDOWS\system32\config\SAM - error opening (File locked) [4]
C:\WINDOWS\system32\config\SAM.LOG - error opening (File locked) [4]
C:\WINDOWS\system32\config\SECURITY - error opening (File locked) [4]
C:\WINDOWS\system32\config\SECURITY.LOG - error opening (File locked) [4]
C:\WINDOWS\system32\config\software - error opening (File locked) [4]
C:\WINDOWS\system32\config\software.LOG - error opening (File locked) [4]
C:\WINDOWS\system32\config\system - error opening (File locked) [4]
C:\WINDOWS\system32\config\system.LOG - error opening (File locked) [4]
D:\System Volume Information\MountPointManagerRemoteDatabase - error opening (Access denied) [4]
Path F:\ is invalid.
Path G:\ is invalid.
Path H:\ is invalid.
Path I:\ is invalid.
Path J:\ is invalid.
Path K:\ is invalid.
Number of scanned files: 46722
Number of threats found: 0
Time of completion: 22:34:55 Total scanning time: 912 sec (00:15:12)
Notes:
[4] File cannot be opened. It may be in use by another application or operating system.