Thread: Puzzling log file contents
LinkBack URL
About LinkBacks-
11-29-05 04:04 PM #1DoctorGordanBensGuest
Puzzling log file contents
My computer behaves like it has a Trojan. I scanned it with Trend Micro,
which found no viruses. However, some log entries were peculiar. I have
Windows XP on Dell Dimension 2400. I have networking disabled. I didn't
assign permissions. I'm Owner and should have access to everything. Yet, the
virus scan could not access the files below and therefore couldn't scan them.
What virus would do this? Is there any way I can make these files
accessible? If I format my disk, will this inaccessibility go away?
The affected files and the reason the scan gave for not being able to access
them are listed below.
Thank you for any information you can provide.
LOG SAID ERROR OCCURRED WHILE SCANNING FILE
C:\Documents and Settings\LocalService\NTUSER.DAT
C:\Documents and Settings\LocalService\ntuser.dat.LOG
C:\Documents and Settings\LocalService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat
C:\Documents and Settings\LocalService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG
C:\Documents and Settings\NetworkService\NTUSER.DAT
C:\Documents and Settings\NetworkService\ntuser.dat.LOG
C:\Documents and Settings\NetworkService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat
C:\Documents and Settings\NetworkService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG
C:\Documents and Settings\Owner\NTUSER.DAT
C:\Documents and Settings\Owner\ntuser.dat.LOG
C:\Documents and Settings\Owner\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat
C:\Documents and Settings\Owner\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll
LOG SAID AN ERROR WAS DETECTED
C:\System Volume Information\*.*
LOG SAID COULD NOT SET FILE FOR READING
C:\WINDOWS\Prefetch\AAWSEPERSONAL.EXE-36D1614A.pf
C:\WINDOWS\Prefetch\ACRORD32.EXE-13285B88.pf
C:\WINDOWS\Prefetch\AD-AWARE.EXE-0A62CF06.pf
C:\WINDOWS\Prefetch\ALEUPDAT.EXE-1ED60CC5.pf
C:\WINDOWS\Prefetch\AUPATCH.DAT-21251CC6.pf
C:\WINDOWS\Prefetch\AUPDATE.EXE-2253CB60.pf
C:\WINDOWS\Prefetch\AUTORUN.EXE-055703AF.pf
C:\WINDOWS\Prefetch\AUUNZIP.DAT-09B6AED1.pf
C:\WINDOWS\Prefetch\AUUPDATE.DAT-183E5F6E.pf
C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf
C:\WINDOWS\Prefetch\CONTROL.EXE-013DBFB5.pf
C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf
C:\WINDOWS\Prefetch\DEMO32.EXE-25E7AF5B.pf
C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf
C:\WINDOWS\Prefetch\DMADMIN.EXE-00BCB146.pf
C:\WINDOWS\Prefetch\DMREMOTE.EXE-2F82CB90.pf
C:\WINDOWS\Prefetch\DRVMAP.EXE-0DEA7804.pf
C:\WINDOWS\Prefetch\DUMPREP.EXE-1B46F901.pf
C:\WINDOWS\Prefetch\DWWIN.EXE-30875ADC.pf
C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf
C:\WINDOWS\Prefetch\FLOPPY.EXE-206ACEFF.pf
C:\WINDOWS\Prefetch\GSS.EXE-006E30E6.pf
C:\WINDOWS\Prefetch\HELPCTR.EXE-3862B6F5.pf
C:\WINDOWS\Prefetch\HELPHOST.EXE-247D2792.pf
C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf
C:\WINDOWS\Prefetch\IDRIVER.EXE-09BCEA7D.pf
C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf
C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf
C:\WINDOWS\Prefetch\IPCONFIG.EXE-2395F30B.pf
C:\WINDOWS\Prefetch\Layout.ini
C:\WINDOWS\Prefetch\LOGON.SCR-151EFAEA.pf
C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf
Could not set file for reading on "C:\WINDOWS\Prefetch\LUALL.EXE-30AC8E48.pf
C:\WINDOWS\Prefetch\LUCOMS~1.EXE-02DB5950.pf
C:\WINDOWS\Prefetch\MMC.EXE-2523E022.pf
C:\WINDOWS\Prefetch\MSCONFIG.EXE-35E4DAE9.pf
C:\WINDOWS\Prefetch\MSIEXEC.EXE-2F8A8CAE.pf
C:\WINDOWS\Prefetch\MSIMN.EXE-38BA891D.pf
C:\WINDOWS\Prefetch\MSMSGS.EXE-2B6052DE.pf
C:\WINDOWS\Prefetch\NAVW32.EXE-24F56911.pf
C:\WINDOWS\Prefetch\NAVW32.EXE-2F9B64D1.pf
C:\WINDOWS\Prefetch\NDETECT.EXE-16E64095.pf
C:\WINDOWS\Prefetch\NETSTAT.EXE-2B2B4428.pf
C:\WINDOWS\Prefetch\NMAIN.EXE-2BA406E0.pf
C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf
C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf
C:\WINDOWS\Prefetch\NTVDM.EXE-1A10A423.pf
C:\WINDOWS\Prefetch\PARTIN.EXE-278BE0B0.pf
C:\WINDOWS\Prefetch\PARTINNT.EXE-189E221B.pf
C:\WINDOWS\Prefetch\PATCH.EXE-1DE617D3.pf
C:\WINDOWS\Prefetch\PM8FLASH.EXE-29A2E154.pf
C:\WINDOWS\Prefetch\PQBOOT32.EXE-004782FD.pf
C:\WINDOWS\Prefetch\PQPE.EXE-156FFA02.pf
C:\WINDOWS\Prefetch\PQPENT.EXE-31E964DB.pf
C:\WINDOWS\Prefetch\REGEDIT.EXE-1B606482.pf
C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf
C:\WINDOWS\Prefetch\RSTRUI.EXE-03C49A96.pf
C:\WINDOWS\Prefetch\RUNDLL32.EXE-13E68835.pf
C:\WINDOWS\Prefetch\RUNDLL32.EXE-147710F4.pf
C:\WINDOWS\Prefetch\RUNDLL32.EXE-16B6E1C5.pf
C:\WINDOWS\Prefetch\RUNDLL32.EXE-1831A4F3.pf
C:\WINDOWS\Prefetch\RUNDLL32.EXE-1BC55A4F.pf
C:\WINDOWS\Prefetch\RUNDLL32.EXE-1BC79741.pf
C:\WINDOWS\Prefetch\RUNDLL32.EXE-268BFF96.pf
C:\WINDOWS\Prefetch\RUNDLL32.EXE-3D381A1E.pf
C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf
C:\WINDOWS\Prefetch\SETUP.EXE-1F96B645.pf
C:\WINDOWS\Prefetch\SETUP.EXE-25947D5F.pf
C:\WINDOWS\Prefetch\SPYBOTSD.EXE-1344276B.pf
C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf
C:\WINDOWS\Prefetch\SYSCLEAN.COM-03F5AA35.pf
C:\WINDOWS\Prefetch\SYSCLEAN.EXE-16B1DEFF.pf
C:\WINDOWS\Prefetch\S_T_I_N_G_E_R.EXE-20D66C56.pf
C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf
C:\WINDOWS\Prefetch\TSC.BIN-1CE4A19A.pf
C:\WINDOWS\Prefetch\TSC.EXE-2B4C0858.pf
C:\WINDOWS\Prefetch\UNINS000.EXE-260D7493.pf
C:\WINDOWS\Prefetch\UNINS000.EXE-26B508AE.pf
C:\WINDOWS\Prefetch\UPHCLEAN.EXE-1B5600D5.pf
C:\WINDOWS\Prefetch\WINHLP32.EXE-2C18E975.pf
C:\WINDOWS\Prefetch\WINWORD.EXE-29F5CB89.pf
C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf
C:\WINDOWS\Prefetch\WORDPAD.EXE-24533991.pf
C:\WINDOWS\Prefetch\WSCNTFY.EXE-1B24F5EB.pf
C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf
C:\WINDOWS\Prefetch\_IU14D2N.TMP-05E5CB2B.pf
LOG SAID ERROR OCCURRED WHILE SCANNING
C:\WINDOWS\system32\config\default
C:\WINDOWS\system32\config\default.LOG
C:\WINDOWS\system32\config\SAM
C:\WINDOWS\system32\config\SAM.LOG
C:\WINDOWS\system32\config\SECURITY
C:\WINDOWS\system32\config\SECURITY.LOG
C:\WINDOWS\system32\config\software
C:\WINDOWS\system32\config\software.LOG
C:\WINDOWS\system32\config\system
C:\WINDOWS\system32\config\system.LOG
-
11-29-05 04:04 PM #2DoctorGordanBensGuest Re: Puzzling log file contents
None of that sounds like a virus to me.
If by reformat you mean also reinstalling Windows, I suspect you may be
reformatting way too often.
"Ann" <Ann@discussions.microsoft.com> wrote in message
news
DA4352A-772C-4D99-BB11-029BF8FD2919@microsoft.com...
>
>
> I suddenly can't save files except to my removable drive. I'll be looking
> at
> a website and jump to another without even touching the mouse. I'm not
> talking about pop-up ads. I jump to other websites, sometimes in rapid
> succession. Programs (Office and Windows Accessories) freeze. The screen
> freezes. Emails don't arrive at their destination, both to me and from me.
> If
> I leave the computer on, it'll connect to the Net. (I have Automatic
> Updates
> turned off, so it's not that.) Sometimes I have to log out twice or log on
> twice, like someone is on the computer with me but not in exact synch.
> It's
> like someone is networked to my computer, but I have LAN turned off. I
> have
> RegProtect, which every time I use my computer reports that someone is
> trying
> to alter networking permissions. Etc., etc., etc. When I do reformat, they
> seem to get right back on immediately. That is, the abovementioned
> problems
> occur.
-
11-29-05 04:04 PM #3DoctorGordanBensGuest Re: Puzzling log file contents
"Ann" <Ann@discussions.microsoft.com> wrote in message
news:263DBA4E-DE69-463A-B27B-56315AE78BF2@microsoft.com...
I agree that nothing in the log file worries me.
> LOG SAID ERROR OCCURRED WHILE SCANNING FILE
>
> C:\Documents and Settings\LocalService\NTUSER.DAT
> C:\Documents and Settings\LocalService\ntuser.dat.LOG
> LOG SAID ERROR OCCURRED WHILE SCANNING
> C:\WINDOWS\system32\config\default
> C:\WINDOWS\system32\config\default.LOG
These are all normal, these special files are locked by Windows. Most of
them are Windows registry files. It is unlikely that files named .DAT and
..LOG files would have viruses in them.
> LOG SAID COULD NOT SET FILE FOR READING
> Could not set file for reading on
> "C:\WINDOWS\Prefetch\LUALL.EXE-30AC8E48.pf
LUALL.EXE-30AC8E48.pf is a file that "pre-fetches" LUALL.EXE so that
Windows XP starts up faster. Google says that LUALL.EXE may very well be
Norton Antivirus Live Update, and I tend to believe this is likely true.
This does not concern me.
> LOG SAID AN ERROR WAS DETECTED
> C:\System Volume Information\*.*
I'm thinking this is probably normal, but you'd want to ask in a group that
specifically supports your anti-virus program.
-
04-06-07 07:30 AM #4Junior Member
- Join Date
- Apr 2007
- Posts
- 2
HELLO . I NEED AUTORUN.EXE-055703AF.pf FOR MY COMPUTER . DO YOU CAN HELP ME?
-
04-06-07 07:32 AM #5Junior Member
- Join Date
- Apr 2007
- Posts
- 2
HELLO . I NEED AUTORUN.EXE-055703AF.pf FOR MY COMPUTER . DO YOU CAN HELP ME?
HELLO . I NEED AUTORUN.EXE-055703AF.pf FOR MY COMPUTER . DO YOU CAN HELP ME?
Reply With Quote
Similar Threads
-
Problems installing W2K Service Pack 4
By DoctorGordanBens in forum MakeReplies: 0Last Post: 11-17-05, 07:50 AM -
XP bug
By DoctorGordanBens in forum MakeReplies: 7Last Post: 09-20-05, 12:29 AM -
Why bother using Sysprep (or ghostwalker or anyother sid changer) if you are using a Domain?
By DoctorGordanBens in forum MakeReplies: 6Last Post: 09-14-05, 12:44 AM -
Gaobot is driving me mad
By DoctorGordanBens in forum MakeReplies: 6Last Post: 09-12-05, 04:01 PM -
Windows update for KB896358 doesnot install
By DoctorGordanBens in forum Windows Vista & XP ForumReplies: 4Last Post: 09-12-05, 09:08 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
