Antivirus broken, HJT logfile

[EDB]

I'm not able to scan/update with ewido or use online scanners like trendmicro, bitdefender, panda, etc...
Anyone else having this problem?

I'm working on a friends XP PRO computer in my home, and am unable to get many of my anti-virus programs to work well. I've been having a lot of trouble updating AVG, but it worked this morning in normal mode and detected and supposedly deleted a "dropper.agent.ag" trojan on the computer. Norton 2005 popped up a box during this scan saying it detected something called 407856bf.exe which appeared to be already in norton's path. (Couldn't see full length of name path.)

I turned off system restore (had to adjust group policy settings to allow myself to do this) then rebooted into safe mode with networking. Got stuck booting at MUP.sys so rebooted again into safemode with networking.

Then I ran a quick HJT scan that looked clean, ran CWShredder, that came up clean, then tried ewido. When ewido didn't load (no window, but button on taskbar), I uninstalled it and reinstalled. Reboot to safe mode with networking.

Attempts to dl the update def file failed. Attempted dls from ewido.net would almost work, but I'd get an "unpack z_data_error." I dled manual update, but still couldn't get it to recognize. the installer was marked as corrupted or incomplete.

Attempts to dl new ewido were not successful.

I ran CrapCleaner a couple of times, and cleaned what it found.
Housecall trendmicro was attempted but couldn't get to option of what disks to scan, so I know it's not gonna work. In addition, a security warning popped up.

Ewidos online scan found 49 spyware cookies.

Not sure what I need to do here. I want to run some other scanners to see what happens. I guess I'll go back to norton... bitdefender and panda didn't work for me either...

Sounds like a browser hijack, right? Well I'm gonna try some more research on dropper.agent.AG and run my Norton again, and see what's what. But I'll be listening for your input!


BTW- Yesterday (still with system restore active) I ran programs like nail.exe, AVERT, F-Bot, Sysclean with varying levels of success. Some programs were able to run, others were stopped.


Attached is a HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 2:06:49 PM, on 9/9/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\HIjackThis\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/?.intl=us
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [RemoteCenter] "C:\Program Files\Creative\SBAudigy4\Entertainment Center\RcMan.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: THDetect.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

[EDB]

Hmm, no helpful suggestions yet...

I was able to run AVG overnight, no viruses apparently. I was able to run Ewido as well, and found 4 infections, of which 2 were dropper.agent.zerolin...
They were located in his E: Drive, under mozilla/thunderbird mail settings. Does this mean they are in his mailbox?

I can't ping a name in normal mode, nor get online. This is despite ipconfig tools, and winsockxpfix. In safe mode, internet is working, yet I still cannot go to trendmicro and run housecall online. I can (and am) dl the latest definitions for sysclean.

Help needed:
Why can't I resolve DNS names while pinging?
Why won't these things just go away?
Why can't I use online scanners?

[glc]

Uninstall Norton if you are using AVG - and I'd also uninstall AVG until you get this fully cleaned up with other tools. Try running Sysclean in safe mode.

[EDB]

Quote:

Originally Posted by glc Uninstall Norton if you are using AVG - and I'd also uninstall AVG until you get this fully cleaned up with other tools. Try running Sysclean in safe mode.

Hey glc, thanks for the reply, and congratulations on your new position.

I wanted to uninstall his norton, but as a lot of his stuff is in disorder, I don't want to make him lose his paid-for antivir solution.

I've tried running sysclean in safe mode. The trouble I'm having is dling and unpacking new defs/files. Everything seems corrupted and won't allow me to install. I'll try again. I don't understand why this is. **Edit** Was able to dl and unpack on another computer, so I'll transfer it via usbkey.

As of last night, it seemed clean, and was able to surf the www in normal mode, with a decent speed. I think however that the viruses and trojans are still there.

And, while I have your attention: is there anyway I can get chkdsk to stop running automatically? It keeps noticing the same error, and restarting itself. Maybe the better question is what can I do about the disk that still has problems? is a new HD in order?

I want to do more checks, but Housecall and other online scanners are not working.Why can't I get those to work on the comp?

[EDB]

I've just finished running Trendmicro's SysClean in Safe Mode with networking with the latest definitions.

I am confused by the results: 0 files were found to be infected, but a large number of them were listed in the log as access being denied. I don't understand why admin priveleges weren't sufficient to handle this need? In a moment, I'll post the results of the scan here for your perusal.

****


/--------------------------------------------------------------\
| Trend Micro Sysclean Package |
| Copyright 2002, Trend Micro, Inc. |
| http://www.trendmicro.com |
\--------------------------------------------------------------/


2005-09-11, 14:20:21, Auto-clean mode specified.
2005-09-11, 14:20:21, Running scanner "C:\MALWARE\lpt829\TSC.BIN"...
2005-09-11, 14:24:49, Scanner "C:\MALWARE\lpt829\TSC.BIN" has finished running.
2005-09-11, 14:24:49, TSC Log:

Damage Cleanup Engine (DCE) 3.9(Build 1020)
Windows XP(Build 2600: Service Pack 1)

Start time : Sun Sep 11 2005 14:20:21

Load Damage Cleanup Template (DCT) "C:\MALWARE\lpt829\tsc.ptn" (version 646) [success]

Complete time : Sun Sep 11 2005 14:24:49
Execute pattern count(4312), Virus found count(0), Virus clean count(0), Clean failed count(0)

2005-09-11, 14:25:27, An error occurred while scanning file "C:\Documents and Settings\Administrator.SHAE-887TX9LP06\NTUSER.DAT": Access is denied.
2005-09-11, 14:25:27, An error occurred while scanning file "C:\Documents and Settings\Administrator.SHAE-887TX9LP06\ntuser.dat.LOG": Access is denied.
2005-09-11, 14:33:19, An error occurred while scanning file "C:\Documents and Settings\Administrator.SHAE-887TX9LP06\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2005-09-11, 14:33:19, An error occurred while scanning file "C:\Documents and Settings\Administrator.SHAE-887TX9LP06\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2005-09-11, 14:40:51, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp": Access is denied.
2005-09-11, 14:41:16, An error occurred while scanning file "C:\Documents and Settings\LocalService.NT AUTHORITY.000\NTUSER.DAT": Access is denied.
2005-09-11, 14:41:16, An error occurred while scanning file "C:\Documents and Settings\LocalService.NT AUTHORITY.000\ntuser.dat.LOG": Access is denied.
2005-09-11, 14:41:16, An error occurred while scanning file "C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2005-09-11, 14:41:16, An error occurred while scanning file "C:\Documents and Settings\LocalService.NT AUTHORITY.000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2005-09-11, 14:41:17, An error occurred while scanning file "C:\Documents and Settings\NetworkService.NT AUTHORITY.000\NTUSER.DAT": Access is denied.
2005-09-11, 14:41:17, An error occurred while scanning file "C:\Documents and Settings\NetworkService.NT AUTHORITY.000\ntuser.dat.LOG": Access is denied.
2005-09-11, 14:41:17, An error occurred while scanning file "C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2005-09-11, 14:41:17, An error occurred while scanning file "C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2005-09-11, 14:58:26, An error was detected on "C:\System Volume Information\*.*": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\AD-AWARE.EXE-2ED3360E.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\ADOBE GAMMA LOADER.EXE-1DBD7BA3.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\AGENTSVR.EXE-002E45AB.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGCC.EXE-12C08071.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGCC.EXE-36A38F59.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGEMC.EXE-361B4758.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGINET.EXE-3038B75E.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGINET.EXE-3B0744C3.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGW.EXE-00A2F684.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGW.EXE-011FD837.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGWB.DAT-01D5CE53.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\A~NSISU_.EXE-08825319.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\BF2.EXE-17DB561F.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\CCAPP.EXE-1207B2A5.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\CENTER.EXE-013D3A4D.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\CTCMS.EXE-3897A504.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\CTDETECT.EXE-3A528B09.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\CTDVDDET.EXE-0BE1A1E5.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\CTHELPER.EXE-11B416D5.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\CTREGRUN.EXE-19DE33B1.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\CTSYSVOL.EXE-2D68221A.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\DLLML.EXE-02376BC8.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\DWWIN.EXE-30875ADC.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\EWIDOGUARD.EXE-0ECCFB7B.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\FIREFOX.EXE-09ED6DBB.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\FIREFOX.EXE-28641590.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-20FAFAE3.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\IPCONFIG.EXE-2395F30B.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\JUSCHED.EXE-03DB2BA9.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\KEM.EXE-1FD25820.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\KHALMNPR.EXE-098E13FC.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\KHALMNPR.EXE-2AB22EA9.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\Layout.ini": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\LSPFIX.EXE-050759B1.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\LSPFIX.EXE-13AA2504.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\LUCOMS~1.EXE-02DB5950.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\MEDIAPLAYERMGR.EXE-2C1AC140.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\MMC.EXE-02BEDC35.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\MSCONFIG.EXE-35E4DAE9.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\MSIMN.EXE-38BA891D.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\MSNAPPAU.EXE-2EC0E12D.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\MSNMSGR.EXE-366A1A81.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\NAVW32.EXE-32139521.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\NAVW32.EXE-32391D9E.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\NDETECT.EXE-16E64095.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\NEROCHECK.EXE-092C6DFA.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\NET.EXE-01A53C2F.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\NET1.EXE-029B9DB4.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\NETSH.EXE-085CFFDE.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\NMAIN.EXE-2BA406E0.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\NOST_LM.EXE-26D1DFF1.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\NOTEPAD.EXE-189578DA.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\NTUNE.EXE-0DD4AC5E.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\NTVDM.EXE-1A10A423.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\NWIZ.EXE-2D0F9FBC.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\OPSCAN.EXE-2A6114FC.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\OSA.EXE-2CD63980.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\PING.EXE-31216D26.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\RCMAN.EXE-322E2BA9.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\REGEDIT.EXE-1B606482.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-15E942E0.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-268BFF96.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-35BB92D4.pf": Access is denied.
2005-09-11, 15:12:12, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-42C4EDF2.pf": Access is denied.
2005-09-11, 15:12:13, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf": Access is denied.
2005-09-11, 15:12:13, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-490DE23F.pf": Access is denied.
2005-09-11, 15:12:13, Could not set file for reading on "C:\WINDOWS\Prefetch\SAVSCAN.EXE-051DA123.pf": Access is denied.
2005-09-11, 15:12:13, Could not set file for reading on "C:\WINDOWS\Prefetch\SECURITYSUITE.EXE-2F8634CB.pf": Access is denied.
2005-09-11, 15:12:13, Could not set file for reading on "C:\WINDOWS\Prefetch\SETUP.EXE-0C948F57.pf": Access is denied.
2005-09-11, 15:12:13, Could not set file for reading on "C:\WINDOWS\Prefetch\SETUP.EXE-2743FBEB.pf": Access is denied.
2005-09-11, 15:12:13, Could not set file for reading on "C:\WINDOWS\Prefetch\SMAIL.EXE-05219512.pf": Access is denied.
2005-09-11, 15:12:13, Could not set file for reading on "C:\WINDOWS\Prefetch\SNDMON.EXE-0A6C21A2.pf": Access is denied.
2005-09-11, 15:12:13, Could not set file for reading on "C:\WINDOWS\Prefetch\SNDVOL32.EXE-383480B7.pf": Access is denied.
2005-09-11, 15:12:13, Could not set file for reading on "C:\WINDOWS\Prefetch\STEAM.EXE-0099A331.pf": Access is denied.
2005-09-11, 15:12:13, Could not set file for reading on "C:\WINDOWS\Prefetch\SURMIXER.EXE-337F038F.pf": Access is denied.
2005-09-11, 15:12:13, Could not set file for reading on "C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf": Access is denied.
2005-09-11, 15:12:13, Could not set file for reading on "C:\WINDOWS\Prefetch\THDETECT.EXE-03E458ED.pf": Access is denied.
2005-09-11, 15:12:13, Could not set file for reading on "C:\WINDOWS\Prefetch\THMAIL.EXE-0478DDA5.pf": Access is denied.
2005-09-11, 15:12:13, Could not set file for reading on "C:\WINDOWS\Prefetch\THUNDERBIRD.EXE-38CA75D9.pf": Access is denied.
2005-09-11, 15:12:13, Could not set file for reading on "C:\WINDOWS\Prefetch\UNINSTALL.EXE-292F1F5E.pf": Access is denied.
2005-09-11, 15:12:13, Could not set file for reading on "C:\WINDOWS\Prefetch\UPDREG.EXE-084B6B55.pf": Access is denied.
2005-09-11, 15:12:13, Could not set file for reading on "C:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf": Access is denied.
2005-09-11, 15:12:13, Could not set file for reading on "C:\WINDOWS\Prefetch\USRPRMPT.EXE-2F2D32EA.pf": Access is denied.
2005-09-11, 15:12:13, Could not set file for reading on "C:\WINDOWS\Prefetch\WINSOCKXPFIX.EXE-22831751.pf": Access is denied.
2005-09-11, 15:12:13, Could not set file for reading on "C:\WINDOWS\Prefetch\WINWORD.EXE-29F5CB89.pf": Access is denied.
2005-09-11, 15:12:13, Could not set file for reading on "C:\WINDOWS\Prefetch\WINZIP32.EXE-335422C1.pf": Access is denied.
2005-09-11, 15:12:13, Could not set file for reading on "C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf": Access is denied.
2005-09-11, 15:12:13, Could not set file for reading on "C:\WINDOWS\Prefetch\WMPLAYER.EXE-18DDEF9C.pf": Access is denied.
2005-09-11, 15:12:13, Could not set file for reading on "C:\WINDOWS\Prefetch\YMSGR_TRAY.EXE-256366BA.pf": Access is denied.
2005-09-11, 15:12:13, Could not set file for reading on "C:\WINDOWS\Prefetch\YPAGER.EXE-31587640.pf": Access is denied.
2005-09-11, 15:12:13, Could not set file for reading on "C:\WINDOWS\Prefetch\~E5.0001-0DE40D41.pf": Access is denied.
2005-09-11, 15:13:39, An error occurred while scanning file "C:\WINDOWS\system32\config\default": Access is denied.
2005-09-11, 15:13:39, An error occurred while scanning file "C:\WINDOWS\system32\config\default.LOG": Access is denied.
2005-09-11, 15:13:39, An error occurred while scanning file "C:\WINDOWS\system32\config\SAM": Access is denied.
2005-09-11, 15:13:39, An error occurred while scanning file "C:\WINDOWS\system32\config\SAM.LOG": Access is denied.
2005-09-11, 15:13:39, An error occurred while scanning file "C:\WINDOWS\system32\config\SECURITY": Access is denied.
2005-09-11, 15:13:39, An error occurred while scanning file "C:\WINDOWS\system32\config\SECURITY.LOG": Access is denied.
2005-09-11, 15:13:39, An error occurred while scanning file "C:\WINDOWS\system32\config\software": Access is denied.
2005-09-11, 15:13:39, An error occurred while scanning file "C:\WINDOWS\system32\config\software.LOG": Access is denied.
2005-09-11, 15:13:41, An error occurred while scanning file "C:\WINDOWS\system32\config\system": Access is denied.
2005-09-11, 15:13:41, An error occurred while scanning file "C:\WINDOWS\system32\config\system.LOG": Access is denied.
2005-09-11, 15:14:10, An error was detected on "C:\WINDOWS\system32\oobe\setup\*.*": The file or directory is corrupted and unreadable.
2005-09-11, 15:15:07, Running scanner "C:\MALWARE\lpt829\VSCANTM.BIN"...
2005-09-11, 15:36:30, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 9/11/2005 15:15:07
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 829 (107719 Patterns) (2005/09/09) (282900)
Command Line: C:\MALWARE\lpt829\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\MALWARE\lpt829

51522 files have been read.
51522 files have been checked.
39010 files have been scanned.
99240 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/11/2005 15:36:29
---------*---------*---------*---------*---------*---------*---------*---------*
2005-09-11, 15:36:30, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 9/11/2005 15:15:07
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 829 (107719 Patterns) (2005/09/09) (282900)
Command Line: C:\MALWARE\lpt829\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\MALWARE\lpt829

51522 files have been read.
51522 files have been checked.
39010 files have been scanned.
99240 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/11/2005 15:36:29 21 minutes 21 seconds (1281.11 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-09-11, 15:36:30, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 9/11/2005 15:15:07
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 829 (107719 Patterns) (2005/09/09) (282900)
Command Line: C:\MALWARE\lpt829\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\MALWARE\lpt829

51522 files have been read.
51522 files have been checked.
39010 files have been scanned.
99240 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/11/2005 15:36:29 21 minutes 21 seconds (1281.11 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-09-11, 15:36:30, Scanner "C:\MALWARE\lpt829\VSCANTM.BIN" has finished running.
2005-09-11, 15:44:54, An error was detected while searching for files: Data error (cyclic redundancy check).
2005-09-11, 15:50:36, An error was detected on "D:\System Volume Information\*.*": Access is denied.
2005-09-11, 15:50:45, Running scanner "C:\MALWARE\lpt829\VSCANTM.BIN"...
2005-09-11, 16:04:04, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 9/11/2005 15:50:46
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 829 (107719 Patterns) (2005/09/09) (282900)
Command Line: C:\MALWARE\lpt829\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\MALWARE\lpt829

39206 files have been read.
39206 files have been checked.
28794 files have been scanned.
133440 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/11/2005 16:04:04
---------*---------*---------*---------*---------*---------*---------*---------*
2005-09-11, 16:04:04, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 9/11/2005 15:50:46
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 829 (107719 Patterns) (2005/09/09) (282900)
Command Line: C:\MALWARE\lpt829\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\MALWARE\lpt829

39206 files have been read.
39206 files have been checked.
28794 files have been scanned.
133440 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/11/2005 16:04:04 13 minutes 18 seconds (797.56 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-09-11, 16:04:04, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 9/11/2005 15:50:46
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 829 (107719 Patterns) (2005/09/09) (282900)
Command Line: C:\MALWARE\lpt829\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\MALWARE\lpt829

39206 files have been read.
39206 files have been checked.
28794 files have been scanned.
133440 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/11/2005 16:04:04 13 minutes 18 seconds (797.56 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-09-11, 16:04:04, Scanner "C:\MALWARE\lpt829\VSCANTM.BIN" has finished running.
2005-09-11, 16:12:50, Could not set file for reading on "E:\RECYCLER\NPROTECT\NPROTECT.LOG": Access is denied.
2005-09-11, 16:12:50, An error was detected on "E:\System Volume Information\*.*": Access is denied.
2005-09-11, 16:16:32, Running scanner "C:\MALWARE\lpt829\VSCANTM.BIN"...
2005-09-11, 16:20:09, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 9/11/2005 16:16:32
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 829 (107719 Patterns) (2005/09/09) (282900)
Command Line: C:\MALWARE\lpt829\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=C:\MALWARE\lpt829

5273 files have been read.
5273 files have been checked.
4289 files have been scanned.
7122 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/11/2005 16:20:09
---------*---------*---------*---------*---------*---------*---------*---------*
2005-09-11, 16:20:09, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 9/11/2005 16:16:32
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 829 (107719 Patterns) (2005/09/09) (282900)
Command Line: C:\MALWARE\lpt829\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=C:\MALWARE\lpt829

5273 files have been read.
5273 files have been checked.
4289 files have been scanned.
7122 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/11/2005 16:20:09 3 minutes 36 seconds (216.05 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-09-11, 16:20:09, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 9/11/2005 16:16:32
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 829 (107719 Patterns) (2005/09/09) (282900)
Command Line: C:\MALWARE\lpt829\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=C:\MALWARE\lpt829

5273 files have been read.
5273 files have been checked.
4289 files have been scanned.
7122 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/11/2005 16:20:09 3 minutes 36 seconds (216.05 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-09-11, 16:20:09, Scanner "C:\MALWARE\lpt829\VSCANTM.BIN" has finished running.

[Lobos]

Hello EDB

then you should uninstall AVG or turn off the active scanning for AVG. If you dont want to touch his paid subscripton to norton. I personally would go with avg or avg pro over norton.

Norton doesnt play nice with other av's. It can cause lots of problems. just as the pnes your experiencing . im not saying thats what it is but it maybe a factor.

Lobos

[EDB]

Hi Lobos,
Yeah, I'll see if he has his disc handy to reinstall NAV so I can remove it worry free. It sounds like the problem is NAV not letting me do things.

Can anyone tell me what might cause these access denied errors in the sysclean log above? How can I change that? (Is that a norton problem as well?)