This is my hijack log for the topic CCleaner

here
Logfile of HijackThis v1.99.1
Platform: Windows XP SP2 (WinNT 5.01.2600)


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Rollback\RollbackClnt.exe
C:\Program Files\Rollback\shdserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
D:\Meet\PROGRA~1\BITDEF~1\bdmcon.exe
D:\Meet\Program Files\Bit Defender\bdagent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Meet\Program Files\Office12\WINWORD.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
D:\Meet\Program Files\Bit Defender\vsserv.exe
C:\PROGRA~1\EVIDEN~1\ee.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Meet\LOCALS~1\Temp\Rar$EX00.750\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.nz
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.co.nz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Meet\Program Files\Flashget\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Meet\Program Files\Java\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Meet\Program Files\Flashget\getflash.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)
O4 - HKLM\..\Run: [BDMCon] D:\Meet\PROGRA~1\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "D:\Meet\Program Files\Bit Defender\bdagent.exe"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: &Download All with FlashGet - D:\Meet\Program Files\Flashget\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - D:\Meet\Program Files\Flashget\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Meet\Program Files\Java\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Meet\Program Files\Java\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Meet\PROGRA~1\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Meet\Program Files\Flashget\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Meet\Program Files\Flashget\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} - http://tdserver.bitstream.com/tdserver.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - http://cdn.scan.safety.live.com/resource/d...wlscbase969.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai.net/7/840/537/76808a0...all/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E50A569A-5193-4033-9E98-007FE78DD92B}: NameServer = 192.168.1.1
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RollbackClientService - Unknown owner - C:\Program Files\Rollback\RollbackClnt.exe
O23 - Service: SHDSERV - Horizon Datasys, Inc. - C:\Program Files\Rollback\shdserv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - D:\Meet\Program Files\Bit Defender\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Hi lucky_indian

Can you let us know if your having any problems on the PC and run an online virus scan

Run Kaspersky WebScanner

• Please go HERE and click Kaspersky Online Scanner
• Read and Accept the Agreement
• You will be promted to install an ActiveX component from Kaspersky, Click Yes.
• If you see a Windows [dialog asking if you want to install this software, click the Install button.
• The program will launch and then begin downloading the latest definition files,
• When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.
• Click on the Scan Settings button, and in the next window select the Extended database, and click Ok.
• Under "Please select a target to scan:", click My Computer to start the scan.
• When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window.

Please then post back the Kaspersky log

Cheers

Andy

Well my PC is quite slow and Page filing on C: is apparantly taking up 20GB out of 37 GB hard disk. I have another one but for some reason there is not a lot of space in C: and i have only few programs installed on it and with XP on it the max space it can take up is 8 Gb so i don't know where all the space it.
I have a rollback program instead of relying on system restore i rely on that but now i can't go back to the previous snapshots therefore can't restore my PC to previous state.
I can't use IE 7 that is i won't open any webpages so i am having to use IE 6 rite now also have Firefox which seems slow too.

That's about it and here is the log

KASPERSKY ONLINE SCANNER REPORT
Friday, July 27, 2007 7:04:46 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 27/07/2007
Kaspersky Anti-Virus database records: 368342
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects 45813
Number of viruses found 1
Number of infected objects 1 / 0
Number of suspicious objects 0
Duration of the scan process 02:15:31

Infected Object Name Virus Name Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\nc.exe Infected: not-a-virus:RemoteAdmin.Win32.NetCat skipped
C:\WINDOWS\system32\bdss.log Object is locked skipped
C:\WINDOWS\Temp\tmp000029be\tmp00000000 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{05D4D39D-DD8C-4384-88F5-BD9A57ED531B}.bin Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\Meet\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Meet\Local Settings\Temp\~DF65AC.tmp Object is locked skipped
C:\Documents and Settings\Meet\Local Settings\Temp\Perflib_Perfdata_648.dat Object is locked skipped
C:\Documents and Settings\Meet\Local Settings\Temp\~DF7BDB.tmp Object is locked skipped
C:\Documents and Settings\Meet\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Meet\Local Settings\History\History.IE5\MSHist012007072720070728\index.dat Object is locked skipped
C:\Documents and Settings\Meet\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Meet\Local Settings\Temporary Internet Files\Content.Word\~WRS{4F6DEE30-B39A-4732-B617-0AC683B7BD99}.tmp Object is locked skipped
C:\Documents and Settings\Meet\Local Settings\Temporary Internet Files\Content.Word\~WRS{2EE8F178-60EA-4322-824E-74C12E9FA3AD}.tmp Object is locked skipped
C:\Documents and Settings\Meet\Local Settings\Temporary Internet Files\Content.Word\~WRS{9E43D387-C0D7-479E-81FB-CBC395D501C4}.tmp Object is locked skipped
C:\Documents and Settings\Meet\Local Settings\Temporary Internet Files\Content.Word\~WRS{6FFAEEA3-C6BD-47F0-9C4F-F42E4F6D8F0C}.tmp Object is locked skipped
C:\Documents and Settings\Meet\Local Settings\Temporary Internet Files\Content.Word\~WRS{3CC89495-6862-4C15-AD20-8C2F3D4E0500}.tmp Object is locked skipped
C:\Documents and Settings\Meet\Local Settings\Temporary Internet Files\Content.Word\~WRS{6CD6550E-96F1-40B9-ABE0-F61BE665E0A8}.tmp Object is locked skipped
C:\Documents and Settings\Meet\Local Settings\Temporary Internet Files\Content.Word\~WRS{46342C25-CAE5-4117-B48B-76B50E92CE42}.tmp Object is locked skipped
C:\Documents and Settings\Meet\Local Settings\Temporary Internet Files\Content.Word\~WRS{6B757212-5ED7-45F9-8A6C-88E641AD0D09}.tmp Object is locked skipped
C:\Documents and Settings\Meet\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Meet\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Meet\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Documents and Settings\Meet\Local Settings\Application Data\Mozilla\Firefox\Profiles\pje4ewvp.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Meet\Local Settings\Application Data\Mozilla\Firefox\Profiles\pje4ewvp.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Meet\Local Settings\Application Data\Mozilla\Firefox\Profiles\pje4ewvp.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Meet\Local Settings\Application Data\Mozilla\Firefox\Profiles\pje4ewvp.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Meet\ntuser.dat Object is locked skipped
C:\Documents and Settings\Meet\My Documents\ccna.twd Object is locked skipped
C:\Documents and Settings\Meet\My Documents\chem 2.5.docx Object is locked skipped
C:\Documents and Settings\Meet\My Documents\Chapter Objectives.docx Object is locked skipped
C:\Documents and Settings\Meet\My Documents\Creating a Character.docx Object is locked skipped
C:\Documents and Settings\Meet\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Meet\Application Data\Microsoft\Templates\Normal.dotm Object is locked skipped
C:\Documents and Settings\Meet\Application Data\Microsoft\Word\~WRA0004.asd Object is locked skipped
C:\Documents and Settings\Meet\Application Data\Mozilla\Firefox\Profiles\pje4ewvp.default\history.dat Object is locked skipped
C:\Documents and Settings\Meet\Application Data\Mozilla\Firefox\Profiles\pje4ewvp.default\flashgot.log Object is locked skipped
C:\Documents and Settings\Meet\Application Data\Mozilla\Firefox\Profiles\pje4ewvp.default\cert8.db Object is locked skipped
C:\Documents and Settings\Meet\Application Data\Mozilla\Firefox\Profiles\pje4ewvp.default\key3.db Object is locked skipped
C:\Documents and Settings\Meet\Application Data\Mozilla\Firefox\Profiles\pje4ewvp.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Meet\Application Data\Mozilla\Firefox\Profiles\pje4ewvp.default\parent.lock Object is locked skipped
C:\Documents and Settings\Meet\Application Data\Mozilla\Firefox\Profiles\pje4ewvp.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Meet\Application Data\Mozilla\Firefox\Profiles\pje4ewvp.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Meet\Application Data\Bitdefender\Desktop\Profiles\asdict.dat Object is locked skipped
D:\Meet\Program Files\Bit Defender\aspdict.dat Object is locked skipped
D:\Meet\Reading\5(h00l W0rk\CISCO\Semester 1\Semester 1.docx Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.

Cheers for the details, Please run a full test at PC Pitstop and post back a link to the results so we can get abit more information about your system and its current settings

Visit PCPitStop
Click Test this system, it then may prompt you to install a ActiveX control , click Install if you get the option, then click Let's Go. When the tests are complete, a results page will pop up. Click Share these results with TechExpress on the menu then copy the URL provided and post it back, It should look like this:

Hi. I have a few problems with my PC first of all its slow as. 2nd i cant use IE 7 ie the pages just won't load using IE 6 rite now (works fine). Firefox works fine. Page filing takes up 20GB of space out of my 37 GB hard drive!!!. I only have a few programs installed and i have 8GB left i dunno whats the heck is wrong there. That's about it. Here is is the log

KASPERSKY ONLINE SCANNER REPORT
Friday, July 27, 2007 7:04:46 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 27/07/2007
Kaspersky Anti-Virus database records: 368342
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects 45813
Number of viruses found 1
Number of infected objects 1 / 0
Number of suspicious objects 0
Duration of the scan process 02:15:31

Infected Object Name Virus Name Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\nc.exe Infected: not-a-virus:RemoteAdmin.Win32.NetCat skipped
C:\WINDOWS\system32\bdss.log Object is locked skipped
C:\WINDOWS\Temp\tmp000029be\tmp00000000 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{05D4D39D-DD8C-4384-88F5-BD9A57ED531B}.bin Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\Meet\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Meet\Local Settings\Temp\~DF65AC.tmp Object is locked skipped
C:\Documents and Settings\Meet\Local Settings\Temp\Perflib_Perfdata_648.dat Object is locked skipped
C:\Documents and Settings\Meet\Local Settings\Temp\~DF7BDB.tmp Object is locked skipped
C:\Documents and Settings\Meet\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Meet\Local Settings\History\History.IE5\MSHist012007072720070728\index.dat Object is locked skipped
C:\Documents and Settings\Meet\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Meet\Local Settings\Temporary Internet Files\Content.Word\~WRS{4F6DEE30-B39A-4732-B617-0AC683B7BD99}.tmp Object is locked skipped
C:\Documents and Settings\Meet\Local Settings\Temporary Internet Files\Content.Word\~WRS{2EE8F178-60EA-4322-824E-74C12E9FA3AD}.tmp Object is locked skipped
C:\Documents and Settings\Meet\Local Settings\Temporary Internet Files\Content.Word\~WRS{9E43D387-C0D7-479E-81FB-CBC395D501C4}.tmp Object is locked skipped
C:\Documents and Settings\Meet\Local Settings\Temporary Internet Files\Content.Word\~WRS{6FFAEEA3-C6BD-47F0-9C4F-F42E4F6D8F0C}.tmp Object is locked skipped
C:\Documents and Settings\Meet\Local Settings\Temporary Internet Files\Content.Word\~WRS{3CC89495-6862-4C15-AD20-8C2F3D4E0500}.tmp Object is locked skipped
C:\Documents and Settings\Meet\Local Settings\Temporary Internet Files\Content.Word\~WRS{6CD6550E-96F1-40B9-ABE0-F61BE665E0A8}.tmp Object is locked skipped
C:\Documents and Settings\Meet\Local Settings\Temporary Internet Files\Content.Word\~WRS{46342C25-CAE5-4117-B48B-76B50E92CE42}.tmp Object is locked skipped
C:\Documents and Settings\Meet\Local Settings\Temporary Internet Files\Content.Word\~WRS{6B757212-5ED7-45F9-8A6C-88E641AD0D09}.tmp Object is locked skipped
C:\Documents and Settings\Meet\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Meet\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Meet\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
C:\Documents and Settings\Meet\Local Settings\Application Data\Mozilla\Firefox\Profiles\pje4ewvp.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Meet\Local Settings\Application Data\Mozilla\Firefox\Profiles\pje4ewvp.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Meet\Local Settings\Application Data\Mozilla\Firefox\Profiles\pje4ewvp.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Meet\Local Settings\Application Data\Mozilla\Firefox\Profiles\pje4ewvp.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Meet\ntuser.dat Object is locked skipped
C:\Documents and Settings\Meet\My Documents\ccna.twd Object is locked skipped
C:\Documents and Settings\Meet\My Documents\chem 2.5.docx Object is locked skipped
C:\Documents and Settings\Meet\My Documents\Chapter Objectives.docx Object is locked skipped
C:\Documents and Settings\Meet\My Documents\Creating a Character.docx Object is locked skipped
C:\Documents and Settings\Meet\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Meet\Application Data\Microsoft\Templates\Normal.dotm Object is locked skipped
C:\Documents and Settings\Meet\Application Data\Microsoft\Word\~WRA0004.asd Object is locked skipped
C:\Documents and Settings\Meet\Application Data\Mozilla\Firefox\Profiles\pje4ewvp.default\history.dat Object is locked skipped
C:\Documents and Settings\Meet\Application Data\Mozilla\Firefox\Profiles\pje4ewvp.default\flashgot.log Object is locked skipped
C:\Documents and Settings\Meet\Application Data\Mozilla\Firefox\Profiles\pje4ewvp.default\cert8.db Object is locked skipped
C:\Documents and Settings\Meet\Application Data\Mozilla\Firefox\Profiles\pje4ewvp.default\key3.db Object is locked skipped
C:\Documents and Settings\Meet\Application Data\Mozilla\Firefox\Profiles\pje4ewvp.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Meet\Application Data\Mozilla\Firefox\Profiles\pje4ewvp.default\parent.lock Object is locked skipped
C:\Documents and Settings\Meet\Application Data\Mozilla\Firefox\Profiles\pje4ewvp.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Meet\Application Data\Mozilla\Firefox\Profiles\pje4ewvp.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Meet\Application Data\Bitdefender\Desktop\Profiles\asdict.dat Object is locked skipped
D:\Meet\Program Files\Bit Defender\aspdict.dat Object is locked skipped
D:\Meet\Reading\5(h00l W0rk\CISCO\Semester 1\Semester 1.docx Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.

Cheers, I got that part,

Follow the steps in my last post , Kaspersky is flagging nc.exe but its not a threat by itself so Id like to get more information about your system before proceeding rather than continue to run scans incase the problem isnt malware related.

When you say your rollback program isnt working, do you get any specific errors when you attempt to use it ?

Thanks

So sorry didn't want to post that one again well here are the results

I dont see any reason why your pagefile would be using 20GB based on those results as there is plenty of RAM installed, can you check what size the pagefile is currently set at

You can get more information about that here if needed

RAM, Virtual Memory, Pagefile and all that stuff

How to set performance options in Windows XP

You can get to the settings by going to Start > Run then copy and paste

Control sysdm.cpl,,3

Under Performance > Click Settings > then Advanced

Under Virtual memory click Change

Its probably worth settings it as 'System Managed Size' for now then click Set and OK, then click Apply and OK to close the System Properties page and it will then prompt you to reboot, reboot and then check what size the pagefile.sys file is on C:\ by right clicking it and choosing properties

You will need to set Windows to show hidden and system files to locate it

Click Start. Goto MyComputer then C:\drive
Select the Tools menu from the top bar and click Folder Options. Select the View Tab.
Under the Hidden files and folders heading select "Show hidden files and folders".
UnCheck the "Hide protected operating system files (recommended)" option.

Click Apply then OK

Set this back once you have checked the file by opening the same page and pressing the Restore Defaults button then click Apply and OK.

You could also set Windows to clear the paging file each time the system shuts down as explained here

http://support.microsoft.com/kb/314834

Its best to make a backup first of the regkey though if you want to change it by going to start > run > then copy and pasting

regedit /e %systemdrive%\backupreg.reg "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management"

Press OK and it will then make a backup on C:\ named backupreg.reg which you can double click or right clik and choose merge to restore the current setting.

To change it to clear the pagefile at shutdown open notepad (Start Menu > Run > type notepad and press ok) then copy and paste the contents of the code box into Notepad making REGEDIT4 the top line.


Goto File on the top bar of Notepad and choose Save As, on the Save As Type area change it to all files then name it fix.reg and save it to your desktop, double click fix.reg(or right click and choose Merge) and allow it to be merged into the registry which will add the new value but it doesn't take effect until you restart the computer

If you have your Windows disk its probably also worthwhile running the system file check to make sure none of the protected Windows files are damaged or corrupt

Goto Start Menu -> Run -> type

SFC /SCANNOW

(There's a space after SFC) , Press OK and it will run the System File Checker. Follow the prompts, and insert your Windows installation CD if requested then reboot the computer after it has finished.


Regarding HijackThis, there is some fixes that can be made but you currently have HijackThis running from the temp folder so it needs moving first so that you do not lose the backups it creates when you clear temp files anytime or use CCleaner, as your also using an older version of HijackThis its easier to uninstall it then reinstall the latest version into a permanent folder

Goto the Add/Remove screen (Start > Control Panel > Add or Remove Programs) and remove HijackThis then install this version below

CLICK HERE to download the HijackThis Installer:

• Save HJTInstall.exe to your desktop.
• Double-click on HJTInstall.exe to run the program.
• By default it will install to C:\Program Files\Trend Micro\HijackThis.
• Accept the license agreement by clicking the "I Accept" button.

Once its installed run Hijack This and choose Do A System Scan then place a check next to these entries

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: (no name) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - (no file)

Close all open browser and other windows except for HijackThis and press the Fix Checked button

Optional Fixes


O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

These restrictions can be set by malware to prevent you from changing settings like your homepage. It can also be set by you to prevent malware changing your settings, or by System Administrators to prevent their users changing settings. If you or a System Administrator didn't set the restrictions then they can be fixed using HijackThis

More information about the restrictions can be found here

http://support.microsoft.com/?id=823057
http://www.pctools.com/guides/registry/detail/537/
http://www.pctools.com/guides/registry/detail/797/
http://www.pctools.com/guides/registry/detail/442/



O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

If Webroot's SpySweeper is no longer on the machine then this entry can be fixed with HijackThis


To make sure there isnt malware problems please then run a couple more scans

Download AVG Anti-Spyware

• Load AVG and then click the Update tab at the top. Under Manual Update click Start update.
• After the update finishes (the status bar at the bottom will display "Update successful")
• Click on the Scanner tab at the top and then click on Complete System Scan
• AVG will list any infections found on the left, when the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG will then display "All actions have been applied" on the right.
• Click on "Save Report", then "Save Report As". This will create a text file which you can then save to the Desktop and post back

Download this file - combofix.exe and save it to your desktop.
Double click combofix.exe & follow the prompts.
When it's finished, it will produce a log of what it found. Please post the contents of that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running as it may cause it to stall

Please then post back the AVG log, Combofix log and a new HijackThis log

Cheers

Andy

Hi. Combo.exe gives an error (can't find regedit.exe). I have the logs for AVG and Hijack still. My pc is still really slow i don't why. Well here are the logs

AVG:
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 3:46:23 PM 7/28/2007

+ Scan result:



HKLM\SOFTWARE\Classes\EMediaCodec.Chl -> Adware.Generic : Ignored.
HKLM\SOFTWARE\Classes\EMediaCodec.Chl\CLSID -> Adware.Generic : Ignored.
C:\WINDOWS\system32\nc.exe -> Not-A-Virus.RemoteAdmin.Win32.NetCat : Ignored.
:mozilla.118:C:\Documents and Settings\Meet\Application Data\Mozilla\Firefox\Profiles\pje4ewvp.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
:mozilla.158:C:\Documents and Settings\Meet\Application Data\Mozilla\Firefox\Profiles\pje4ewvp.default\cookies.txt -> TrackingCookie.2o7 : Ignored.
C:\Documents and Settings\Meet\Cookies\meet@2o7[1].txt -> TrackingCookie.2o7 : Ignored.
:mozilla.55:C:\Documents and Settings\Meet\Application Data\Mozilla\Firefox\Profiles\pje4ewvp.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.56:C:\Documents and Settings\Meet\Application Data\Mozilla\Firefox\Profiles\pje4ewvp.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.57:C:\Documents and Settings\Meet\Application Data\Mozilla\Firefox\Profiles\pje4ewvp.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.58:C:\Documents and Settings\Meet\Application Data\Mozilla\Firefox\Profiles\pje4ewvp.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.59:C:\Documents and Settings\Meet\Application Data\Mozilla\Firefox\Profiles\pje4ewvp.default\cookies.txt -> TrackingCookie.Adbrite : Ignored.
:mozilla.84:C:\Documents and Settings\Meet\Application Data\Mozilla\Firefox\Profiles\pje4ewvp.default\cookies.txt -> TrackingCookie.Atdmt : Ignored.
C:\Documents and Settings\Meet\Cookies\meet@atdmt[1].txt -> TrackingCookie.Atdmt : Ignored.
:mozilla.137:C:\Documents and Settings\Meet\Application Data\Mozilla\Firefox\Profiles\pje4ewvp.default\cookies.txt -> TrackingCookie.Bbmedia : Ignored.
:mozilla.110:C:\Documents and Settings\Meet\Application Data\Mozilla\Firefox\Profiles\pje4ewvp.default\cookies.txt -> TrackingCookie.Com : Ignored.
:mozilla.124:C:\Documents and Settings\Meet\Application Data\Mozilla\Firefox\Profiles\pje4ewvp.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.
:mozilla.125:C:\Documents and Settings\Meet\Application Data\Mozilla\Firefox\Profiles\pje4ewvp.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.
:mozilla.126:C:\Documents and Settings\Meet\Application Data\Mozilla\Firefox\Profiles\pje4ewvp.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.
:mozilla.160:C:\Documents and Settings\Meet\Application Data\Mozilla\Firefox\Profiles\pje4ewvp.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.
:mozilla.161:C:\Documents and Settings\Meet\Application Data\Mozilla\Firefox\Profiles\pje4ewvp.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.
:mozilla.163:C:\Documents and Settings\Meet\Application Data\Mozilla\Firefox\Profiles\pje4ewvp.default\cookies.txt -> TrackingCookie.Hitbox : Ignored.
C:\Documents and Settings\Meet\Cookies\meet@search.live[2].txt -> TrackingCookie.Live : Ignored.
:mozilla.43:C:\Documents and Settings\Meet\Application Data\Mozilla\Firefox\Profiles\pje4ewvp.default\cookies.txt -> TrackingCookie.Paypal : Ignored.
C:\Documents and Settings\Meet\Cookies\meet@real[2].txt -> TrackingCookie.Real : Ignored.
:mozilla.168:C:\Documents and Settings\Meet\Application Data\Mozilla\Firefox\Profiles\pje4ewvp.default\cookies.txt -> TrackingCookie.Spylog : Ignored.
C:\Documents and Settings\Meet\Cookies\meet@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Ignored.


Here is the Hijack log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:50:43 PM, on 7/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Rollback\RollbackClnt.exe
C:\Program Files\Rollback\shdserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\Explorer.EXE
D:\Meet\Program Files\Bit Defender\bdagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
D:\Meet\Program Files\Bit Defender\vsserv.exe
C:\PROGRA~1\EVIDEN~1\ee.exe
D:\Meet\Program Files\Bit Defender\bdlite.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\Meet\Program Files\Flashget\flashget.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.co.nz
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.co.nz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Meet\Program Files\Flashget\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Meet\Program Files\Java\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Meet\Program Files\Flashget\getflash.dll
O4 - HKLM\..\Run: [BDMCon] D:\Meet\PROGRA~1\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "D:\Meet\Program Files\Bit Defender\bdagent.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKUS\S-1-5-18\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User '?')
O4 - HKUS\.DEFAULT\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: &Download All with FlashGet - D:\Meet\Program Files\Flashget\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - D:\Meet\Program Files\Flashget\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Meet\Program Files\Java\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Meet\Program Files\Java\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Meet\PROGRA~1\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Meet\Program Files\Flashget\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Meet\Program Files\Flashget\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} - http://tdserver.bitstream.com/tdserver.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai.net/7/840/537/76808a0...all/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E50A569A-5193-4033-9E98-007FE78DD92B}: NameServer = 192.168.1.1
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RollbackClientService - Unknown owner - C:\Program Files\Rollback\RollbackClnt.exe
O23 - Service: SHDSERV - Horizon Datasys, Inc. - C:\Program Files\Rollback\shdserv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - D:\Meet\Program Files\Bit Defender\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 6322 bytes

I hope there is some solution to my problems

Did you try running the SFC /SCANNOW step to check system files as regedit.exe shouldnt be missing and if it is there maybe other important files missing as well,

The results in the AVG Antispyware scan shows everything was ignored so you will have to run it again but click Apply All Actions when it gets to the results page, if it shows the default action is to ignore then click Recommended Action at the bottom of the results and change it to Delete then click Apply All Actions again to remove the files.

Open Notepad (Start Menu > Run > Type notepad and press OK)

Copy and Paste the contents of the code box into Notepad



Goto File on the top bar and choose Save As, Change the Save As Type to All Files, Name it Check.bat then save it to your desktop

Double click Check.bat and it will check for some files and open the results in notepad, please post the contents of that (Result.txt) back on the forum.

Cheers

Results
01/31/2007 09:32 AM 1,595,932,672 pagefile.sys
"C:\WINDOWS\regedit.exe" 146432 08/04/2004 07:56 PM
"C:\WINDOWS\ServicePackFiles\i386\regedit.exe" 146432 08/04/2004 07:56 PM
"C:\WINDOWS\$NtServicePackUninstall$\regedit.exe" 134144 08/29/2002 12:00 PM

Well i did SFC/scannow and ofcourse it work but after that combofix.exe didn't work and i don't no whats wrong wit regedit.exe since i can open it from run with ease. PC is still slow but some gud news i can restore my system now but i still can't restore it to the time when all the problems started that is the 18th and i del all everything that was found from ewido, malware i just posted the log with those results then i deleted them. But i had a problem this morning my screen was 800X600 when i tried to put it to my normal resolution said out of range so i did the rollback program and here i am on my yesterday's snapshot and its just fine although i have lost hijackthis and ewido programs from my desktop that's about it.

So what do u think is wrong obv there is something wrong wit my C: i no the space but its is very very slow and slowing everything else down i duno wat to do.? I have another internal D: with 400Gb (100 GB is unallocated rest i am using rite now) and 1024 RAM and OK graphics card wat should i do?

Hi,

I think its unlikely you are going to find a quick fix for this problem as its not clear whats causing it at the moment, to summarize, initially it was the pagefile being 20GB but I can see in the report you posted that its now down to a more acceptable 1.5GB, then it was the rollback program wasnt working correctly but now it is and it has been used to restore the system to before you installed HijackThis or AVG which would of also reversed the changes we have made in earlier posts such as the items AVG removed and the HijackThis fixes etc.. , then the issue with IE7 not being able to get Internet access but IE6 being able to without problems, the system running constantly slow, Combofix not being able to find regedit.exe when it is in the correct location and your display not allowing you to set the resolution to the settings you normally use

These combination of problems do not make it sound like its malware related although we can run some more scans to be certain of that, it sounds more like corrupt software or hardware but to try pinpoint what it is causing problems in so many different area's is difficult, if it was my PC Id backup all the important data from the drive that contains Windows and transfer it to disk or another drive then format the system and reinstall the OS as that would likely be quicker than trying to solve so many different problems , I tend to format anyway a couple of times a year and have back ups so it doesnt take me long to get setup again but I appreciate it can be alot more of an inconvenience for other people to have to do that.

Regarding Combofix, its possible that there is a damaged path value in the registry which may result in scripts not being able to run files unless they use the full path to it so regedit.exe written by itself would fail but if the script used %systemroot%\regedit.exe it would then work, we can check for that next and repair it if it has been damaged, if you did want to continue trying to find the fault then you would also need to repeat the steps in the earlier posts to run AVG and fix whats found and also Install and run HijackThis then perform the fixes again as the rollback program should of restored everything to the way it was before we started.

To check the PATH value goto start > run > then copy and paste

%systemroot%\system32\cmd.exe /c %systemroot%\system32\reg.exe query "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment" /s>C:\Result.txt & set>>C:\Result.txt & %systemroot%\notepad.exe C:\Result.txt

Press OK then post back the contents of C:\Result.txt which will open in notepad,

If we can get Combofix running it will give us alot more information about whats starting with Windows but if the PATH value is fine then we can try a couple of different tools that will hopefully work on your system.

Cheers

Well i would love to format, ie if i could.I hate my C: now its FAT32, slow and not spaceful. So i thought i could clone everthing on my C: to the unallocated space or my D: del everything off it and just use windows XP in D: or i could install Vista if i want but i can't. I don't no how to delete everything off C: and its primary or something meaning whenever i try to install anything it goes staright to C: esp windows and i don't have the actual windows CD the company whom i got this PC from gave windows to me on 3 disc set that ie it is a recovery console on Norton Ghost not Xp itself. Well formatting for now is complex if i have to i will try.

But for now i want to continue. I ran hijack this and del all the files again haven't still don't Kaspersky online scan and i deleted the cookies manually so that should be fine. Here is the log u asked for


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment
ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe
FP_NO_HOST_CHECK REG_SZ NO
NUMBER_OF_PROCESSORS REG_SZ 1
OS REG_SZ Windows_NT
Path REG_EXPAND_SZ %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Rollback\
PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE REG_SZ x86
PROCESSOR_IDENTIFIER REG_SZ x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL REG_SZ 15
PROCESSOR_REVISION REG_SZ 0209
TEMP REG_EXPAND_SZ %SystemRoot%\TEMP
TMP REG_EXPAND_SZ %SystemRoot%\TEMP
windir REG_EXPAND_SZ %SystemRoot%
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Meet\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=OEM-VSW4ECXI8FT
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Meet
LOGONSERVER=\\OEM-VSW4ECXI8FT
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Rollback\;C:\Program Files\SSH Communications Security\SSH Secure Shell
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Meet\LOCALS~1\Temp
TMP=C:\DOCUME~1\Meet\LOCALS~1\Temp
USERDOMAIN=OEM-VSW4ECXI8FT
USERNAME=Meet
USERPROFILE=C:\Documents and Settings\Meet
windir=C:\WINDOWS

Hope this helps

Hi,

Sorry for the delay, Id overlooked the email notification that you had replied and just noticed while I was on replying to another log

If you do not have a Windows disk then formatting isnt an option, the recovery disk should give you the option though to return the machine to the state it was when you got it so backing up all your important files and software to another drive and restoring using the disk could be worth considering if you feel that there is alot of different problems now on the Windows drive

The export you posted looks fine, the PATH value is the correct data type and doesnt appear to be damaged so could you try Combofix again incase your rollback program fixed the problem. If it doesnt work then give the DSS program a run to see if that runs ok on your machine.

Download Combofix again and save it to your desktop.
Double click combofix.exe & follow the prompts.
When it's finished, it will produce a log of what it found. Please post the contents of that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running as it may cause it to stall


Download Deckard's System Scanner (DSS) to your Desktop.

**Note: You must be logged onto an account with administrator privileges.
Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt back on here. Please also attach extra.txt to your post.

To attach a file to a new post, click browse under the reply window and copy and paste this into it C:\Deckard\System Scanner\extra.txt then click Upload

Let me know if you still have problems with either of the programs

Thanks

None of the programs are working what shld i do?

Hi,

Personally I think you should save all your important data to disk or transfer it to your D:\ drive then use the recovery disks that were provided when you got the system to reset the C:\ back to the state it was when you first received the PC, this should then solve all the problems your seeing, its a shame you do not have a Windows disk as you could then set Windows up on your much larger D:\ drive which should improve the performance but I dont think that is an option if you only have a recovery disk but restoring it should still solve the problems and if you backup everything first then it shouldn't take too long to get up and running again

Im not sure what is preventing you running tools like Combofix or DSS or what could be causing problems in so many other area's such as IE6 not being able to get internet access, constant slowdowns, being unable to change the screen resolution etc.. so something does sound corrupted on your system, based on the scans we run earlier it doesnt appear to be malware related and the PC Pitstop scan didnt show any issues that would explain the amount of problems your seeing either so I think the quickest solution is to try backing up your important files and restoring the system using the disks that you got when you bought the PC.

Let me know if thats not an option and we can try some more tools

Cheers

Andy

K thanks i will do that.

Cheers Lucky_Indian

I hope it fixes all the problems your seeing but let us know if you have any remaining issues once its been restored and I'll try to help if I can

Thanks