Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HiJack This log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

HiJack This log

Unread postby YogiBear35 » January 8th, 2007, 6:38 pm

During the last couple of weeks or so my computer has been gradually slowing down, thinking about very hard, it started, I think, around the time I installed Spy Sweeper though I'm not absolutely sure, so I don't want to blame that just yet.
Programmes ran to try to find anything nasty include AdAware; SpyBot; Windows Defender; Spy Sweeper; Sys Internals RootKit Revealer and AOL's pretty useless own spy programme.
I've carried out full virus checks with my own anti-virus programme, VI Robot, also with two of the on-line checkers, namely Trend Micro and Panda.
All have come up clean so the last step is to post a HiJack This log to see if anything has managed to get through the net. Could somebody have a look at it please?

Logfile of HijackThis v1.99.1
Scan saved at 22:04:26, on 08/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\clipsrv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ViRobotXP\vrmonsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\Program Files\ViRobotXP\Vrres.exe
C:\Program Files\ViRobotXP\vrmonnt.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\AOL\1132918867\ee\AOLSoftware.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Screensaver Control\ScreensaverControl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HDD Health\hddhealth.exe
C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
c:\program files\common files\aol\1132918867\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
c:\program files\common files\aol\1132918867\ee\aolsoftware.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Documents and Settings\Brian Lewis\My Documents\Programmes\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/breakfast
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\saIE.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: SpoofStick BHO - {CBA74CDA-DF78-4AD9-954E-3B15D0A993DE} - C:\Program Files\CoreStreet\SpoofStick\SpoofStickBHO.dll
O3 - Toolbar: SpoofStick - {4D46ED77-1429-4CF6-8F63-C84B5D710BAF} - C:\Program Files\CoreStreet\SpoofStick\SpoofStick.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\saIE.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand2524.dll
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [VrSchedule] "C:\Program Files\ViRobotXP\Vrres.exe"
O4 - HKLM\..\Run: [Vrmon] "C:\Program Files\ViRobotXP\vrmonnt.exe" Main
O4 - HKLM\..\Run: [Acronis True Image Monitor] "C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1132918867\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] "C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe" icon
O4 - HKLM\..\Run: [DSLAGENTEXE] "C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe"
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
O4 - HKLM\..\Run: [VrBootScan] "C:\Program Files\ViRobotXP\VRBScan.exe"
O4 - HKCU\..\Run: [ScreensaverControl] "C:\Program Files\Screensaver Control\ScreensaverControl.exe"
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HDDHealth] "C:\Program Files\HDD Health\hddhealth.exe" -wl
O4 - HKCU\..\Run: [Copernic Desktop Search 2] "C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {38D63471-E630-4492-A986-B8C48B79F2F8} (CVideoEgg_ActiveXCtl Object) - http://update.videoegg.com/wintel/VideoEggPublisher.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computerc ... diagcc.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2836488187
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O17 - HKLM\System\CCS\Services\Tcpip\..\{532C0B21-6CB0-424E-943F-B6E897FEDC6A}: NameServer = 205.188.146.145
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: H - Sysinternals - http://www.sysinternals.com - C:\DOCUME~1\BRIANL~1\LOCALS~1\Temp\H.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ViRobot Expert Monitoring (vrmonsvc) - HAURI - C:\Program Files\ViRobotXP\vrmonsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Any advice will be greatly appreciated. If it's all clear then I must start lookibg elsewhere for the cause.
YogiBear35
Active Member
 
Posts: 8
Joined: January 8th, 2007, 6:18 pm
Location: Scotland
Advertisement
Register to Remove

Unread postby John B. » January 9th, 2007, 3:16 pm

Hi! :hello2: and welcome to the Malware Removal forums.
My name is John Brouwer - if it helps, you can call me John for short. I'll be glad to help you with your computer problems.

HijackThis logs can take some time to research, so please be patient with me. I know that you need
your computer working as quickly as possible, and I will work hard to help see that happens.
I am currently looking over your log. As I am a trainee, everything that I post to you must be checked by an Admin or Moderator. Thus, there may be a tiny bit of a delay between posts, but it shouldn't be too long. I will post back shortly with a potential fix.

Please be patient and I'd be grateful if you would note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Greets, John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

HiJack This Log

Unread postby YogiBear35 » January 9th, 2007, 4:08 pm

Hello John, pleased to hear from you and that you will be looking into any possible problem I may have with Malware, etc.

I look forward to hearing from you again when you have completed your examination of the log.

Many thanks for your help
Brian
YogiBear35
Active Member
 
Posts: 8
Joined: January 8th, 2007, 6:18 pm
Location: Scotland

Unread postby John B. » January 11th, 2007, 10:14 am

Hi Brian,

I'm sorry it had to take so long but the teacher posted to me at an unpleasant time (late in the evening) so I'm only now able to reply to you.

We aren' surprised that your system is running so slow because the amount of security programs you're using is enormous. Security is good but too much can cause conflictions and makes your system really slow! If we take a quick look at the security programs you're using we can see this:
SpySweeper
Windows Defender
WinPatrol (Light on resources)
AOL AntiSpyware
ViRobot Antivirus
Zone Alarm (Resource hog)
SiteAdvisor

This does not include all the other stuff you're running at start up, like Acronis True Image, some sort of screensaver control and a hard disk monitor.
Please follow these steps to get your system a littlebit faster and also make an unistall log so we can recommend what you can safely remove.

Step 1: Update Java
Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java(TM) SE Runtime Environment 6.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.

Step 2: Download and Run AFT Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

Step 3: Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

Image

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.

Greets, John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Hijack this log

Unread postby YogiBear35 » January 12th, 2007, 11:23 am

Hello John

Don't worry about any delays, I'm just pleased somebody is able, and willing, to help.

I've followed your instructions as per your last message, the uninstall list is copied below:

Acronis True Image
Adobe Reader 7.0.8
Advanced Disk Cleaner 4.0
Advanced Uninstaller PRO 2006 - version 7
AI RoboForm (All Users)
AOL Broadband Assistant
AOL Coach Version 1.0(Build:20040229.1 uk)
AOL Connectivity Services
AOL Instant Messenger
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Avanquest update
BadCopy Pro
Belarc Advisor 7.2
BT Voyager 105 ADSL Modem
BT Voyager Modem AOL Test
CCleaner (remove only)
CleanUp!
Convert DOC to PDF For Word 2.00
Copernic Desktop Search 2
Diskeeper Home Edition
Driver Detective
Driver Genius Professional Edition 2006 6.1.2518
Driver Wizard by 62NDS Solutions
DVDXCopy Xpress 3.2.5
EasyCleaner
eBay Toolbar
ERUNT 1.1j
EULAlyzer v1.1
EVEREST Home Edition v1.51
FinePixViewer Ver.4.2
Flash Renamer 4.81
Free PS Convert driver
FUJIFILM USB Driver
GdiplusUpgrade
Google Toolbar for Internet Explorer
Group Shot
HDD Health v2.1 Beta
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Holding Pattern Screen Saver
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Document Viewer 5.3
HP Extended Capabilities 5.3
HP Image Zone 5.3
HP Imaging Device Functions 5.3
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
Image Transfer
ImageMixer for Sony
ImageMixer VCD2 for FinePix
InCD
Intel(R) 537 Modem
Jasc Paint Shop Pro 9
Jasc Paint Shop Pro 9 GDI+ Patch
Jasc Paint Shop Pro 9.01 - (9.0.1.1)
Jasc Paint Shop Pro 9.01 Patch
Java(TM) SE Runtime Environment 6
jv16 PowerTools 2006
Learn2 Player (Uninstall Only)
Lexmark Z600 Series
LimeWire 4.12.6
Logitech Desktop Messenger
Logitech SetPoint
Macromedia Flash Player 8
MAGIX audio cleaning lab 2004 deLuxe
MAGIX Media Manager silver
McAfee SiteAdvisor for Internet Explorer
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
MicroStaff WINASPI
Motherboard Monitor 5
Motorola Phone Tools
Mozilla Firefox (1.5.0.9)
Mrs Cash Back 1.0
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
Nero 6
Nero Digital
Nero Media Player
NeroMIX
Nokia Connectivity Adapter Cable DKU-5
Nokia Connectivity Cable Driver
Nokia E-Mail Configuration Tool 1.0
Nokia PC Suite
OpenOffice.org 2.0
PE Builder 3.1.10a
Picasa 2
PIF DESIGNER2.1
PowerQuest PartitionMagic 8.0
PropertiesPlus (Remove Only)
QuickTime
RAW FILE CONVERTER LE
RealPlayer
RIP Vinyl
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
ScanToWeb
Screensaver Control
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926247)
Security Update for Windows XP (KB926255)
Serif PhotoPlus 8.0
Serif PhotoPlus Association File Formats
Sony USB Driver
SpoofStick for Internet Explorer 1.02
Spy Sweeper
Spybot - Search & Destroy 1.4
The LangaList Complete Archives 2006.03
Trogladite Software SendTo 1.6
Tweak-XP Pro 4
UniChrome Graphics Driver and Utilities
Uninstall Startup Inspector for Windows
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
VIA Platform Device Manager
VIA Rhine-Family Fast Ethernet Adapter
VIA/S3G Display Driver
Viewpoint Media Player
ViRobot Expert Ver 4.0
WhatProcess for Windows
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Live Safety scanner
Windows Media Connect
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10
Windows Rights Management Client
Windows Rights Management Client Backwards Compatibility
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885295
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinDriversBackup
WinPatrol
ZoneAlarm

Hope you can find what is causing the trouble from this. There are a few programmes I've been intending to dump as I don't use them much, if at all, but just haven't got around to it yet. So a ggod clean up is long overdue.
Look forward to hearing from you.
YogiBear35
Active Member
 
Posts: 8
Joined: January 8th, 2007, 6:18 pm
Location: Scotland

Unread postby John B. » January 13th, 2007, 4:47 am

Hi Brian,

You've got several programs that remove temporary files, etc. Please make a decision which one you want to keep and the rest can go.
Advanced Disk Cleaner 4.0
ATF Cleaner
CCleaner (remove only)
CleanUp! Does one needs to go anyway, it can be harmfull!!!
EasyCleaner


You're also using multiple driver programs.
Driver Detective
Driver Genius Professional Edition 2006 6.1.2518
Driver Wizard by 62NDS Solutions


You're using multiple programs to check hardware information.
Belarc Advisor 7.2
EVEREST Home Edition v1.51


The following things I'm not sure of if they're paid versions or not but if they aren't I suggest they go (if you use them a lot you can decide to keep them).
Advanced Uninstaller PRO 2006 - version 7
AI RoboForm (All Users)
Firefox browser also does this (not sure about Internet Explorer) itelf.
Diskeeper Home Edition
Holding Pattern Screen Saver
The program looks fun but it's an always running process.
jv16 PowerTools 2006 If it's paid it's alright but normally it's a 30 day trial.
Learn2 Player (Uninstall Only)
Screensaver Control


Also remove the folders related to the programs you've just removed (they're normally in C:\Program Files\). You can also do a defrag afterwards because you've removed a lot and a defrag will aline everything on your hdd.

Please tell me how your computer is running now.

Greets, John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Unread postby YogiBear35 » January 14th, 2007, 6:21 am

Hello John,

Done as you said.
Programmes removed:
CCleaner
CleanUp
Easy Cleaner
Driver Wizard
Everest
Holding Pattern Screen Saver
jv16 Power Tools
Learn 2 Play

I am undecided about Driver Detective and Driver Genius, both have been kept temporarily as I can't remember which one is paid for, something to look up.

I stopped using Easy Cleaner and jv16 Power Tools (this was the paid for version) as I found both too aggresive for my liking.

I have kept:
Advanced Uninstaller (paid for version)
AI Robo Form (paid for version, though I use Firefox on occassions it is not my main browser)
Diskeeper, as it does a better job than the Windows Defrag. tool, and does it quicker.
Screensaver Control as it allows me to easily turn off the screen saver if I want to.

Looking through the list of programmes I have also removed:
Core Street's Spoof Stick
Ebay Tool Bar
EULAlzer
Flash Renamer
Jufsoft's Bad Copy
Motorala Phone Tools (I don't have a Motorola phone, my grandson put this on without my knowledge)
There was also one to do with Fuji which I have removed, this was put on by my granddaughter, again without my knowledge.
I will be laying down the law to both, no more installing programmes without asking first. I suppose the best thing I can do is to put a password on the computer to stop them using it if I'm not here instead of just trusting them not to. (I've recently been away from home for a week)

After searching through C:\Progam Files and deleting what was left there I ran Reg Cleaner and done a Defrag using Diskeeper.
The computer has speeded up a little, thank you.

Something I will do is to carefully look at the programmes that are left as I'm fairly certain there are more that I can remove as I rarely, if ever, use them.

There is one thing that is still bothering me though, I can be in the middle of typing a letter, not connected to the internet, when I get interupted. The egg timer comes on indicating that some other process has butted in and I have to wait for it to go off before I can continue. A few times I have had a look at the Task Manager to try to find out what has taken over but have been unable to find out what it is so far. I've now come across a small programme called Process Library which is supposed to identify each, and every, process. If I install it then maybe I can track down the offending process.

Very many thaks for your help, and, should you have any, look forward to receiving any more suggestions/advice.
YogiBear35
Active Member
 
Posts: 8
Joined: January 8th, 2007, 6:18 pm
Location: Scotland

Unread postby John B. » January 14th, 2007, 3:09 pm

Hi Brian,

Lets check if you're clean.

Please copy this to notepad/word, or print it, because you won't always have access to the internet!

Step 1: Download AVG Anti-Spyware
Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

Step 2: Use your program to clean temporary files

Step 3: Boot into Safe Mode
Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

Step 4: Run AVG Anti-Spyware
Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Image
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

Step 5: Reboot
Your computer will automatically switch to normal mode.

Step 6: Run Kaspersky Online Scan
Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky,
Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
      Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.

Step 7: Post logs
* AVG log
* Kaspersky log
* New HijackThis log

Greets, John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Unread postby YogiBear35 » January 14th, 2007, 3:20 pm

Hi John

Before I do this should I turn off my Anti Virus programme, PC Security Shield (VI Robot) in case they clash?

Brian
YogiBear35
Active Member
 
Posts: 8
Joined: January 8th, 2007, 6:18 pm
Location: Scotland

Unread postby John B. » January 15th, 2007, 6:20 am

Hi Brian,

Sorry for delay, unlucky timezone ;)

Hardly anything can clash with AVG AS so leave your normal AV on :)

Greets, John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Unread postby YogiBear35 » January 17th, 2007, 8:55 am

Hello John

Sorry for the delay but I've been rather busy for the last two days. Anyhow, job done now and here are the logs you asked for.
I should point out that I got a bit mixed up with AVG ended up deleting what was found instead of putting them into quarantine. I don't now where the cookies came from as I used ATF Cleaner to get rid of them all before I started, it must have missed these.



---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 22:40:29 16/01/2007

+ Scan result:



C:\Documents and Settings\Brian Lewis\My Documents\AOL Downloads\DG834G_V2-1.exe/STHIW/stInstall.exe -> Heuristic.Win32.Dialer : Cleaned.
C:\System Volume Information\_restore{E6349A96-D08B-479C-977B-84EA05E0F33C}\RP975\A0173879.exe/STHIW/stInstall.exe -> Heuristic.Win32.Dialer : Cleaned.
C:\Documents and Settings\Brian Lewis\My Documents\AOL Downloads\DG834G_V2-1.exe/modemconfig.exe -> Not-A-Virus.RemoteAdmin.Win32.NetCat : Cleaned.
C:\System Volume Information\_restore{E6349A96-D08B-479C-977B-84EA05E0F33C}\RP975\A0173879.exe/modemconfig.exe -> Not-A-Virus.RemoteAdmin.Win32.NetCat : Cleaned.
:mozilla.17:C:\Documents and Settings\Brian Lewis\Application Data\Mozilla\Firefox\Profiles\9iupd9ed.default\cookies_2006-7-14_22-32-5-796 -> TrackingCookie.Adtech : Cleaned.
:mozilla.18:C:\Documents and Settings\Brian Lewis\Application Data\Mozilla\Firefox\Profiles\9iupd9ed.default\cookies_2006-7-14_22-32-5-796 -> TrackingCookie.Adtech : Cleaned.
:mozilla.8:C:\Documents and Settings\Brian Lewis\Application Data\Mozilla\Firefox\Profiles\9iupd9ed.default\cookies_2006-7-14_22-32-5-796 -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.9:C:\Documents and Settings\Brian Lewis\Application Data\Mozilla\Firefox\Profiles\9iupd9ed.default\cookies_2006-7-14_22-32-5-796 -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.12:C:\Documents and Settings\Brian Lewis\Application Data\Mozilla\Firefox\Profiles\9iupd9ed.default\cookies_2006-7-14_22-32-5-796 -> TrackingCookie.Statcounter : Cleaned.
:mozilla.10:C:\Documents and Settings\Brian Lewis\Application Data\Mozilla\Firefox\Profiles\9iupd9ed.default\cookies_2006-7-14_22-32-5-796 -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.11:C:\Documents and Settings\Brian Lewis\Application Data\Mozilla\Firefox\Profiles\9iupd9ed.default\cookies_2006-7-14_22-32-5-796 -> TrackingCookie.Tradedoubler : Cleaned.


::Report end




KASPERSKY ONLINE SCANNER REPORT
Wednesday, January 17, 2007 12:37:04 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 17/01/2007
Kaspersky Anti-Virus database records: 259028


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\

Scan Statistics
Total number of scanned objects 84642
Number of viruses found 1
Number of infected objects 0 / 0
Number of suspicious objects 2
Duration of the scan process 01:26:50

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\APP10400.LST Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\APP10408.LST Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\APP10719.LST Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\Apps.Lst Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\main.idx Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\sap.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\spool.lst Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\STYLE.LST Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\sysnews.lst Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\idb\Toolbar.lst Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\organize\brianl535 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\organize\brianl535.abi Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\organize\brianl535.aby Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\organize\CACHE\brianl504 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\ShopAssist\DataStore\global\clientcache.adb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0\ShopAssist\DataStore\users\BRIANL535.adb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\storage\cache.db Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\storage\server.lock Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\storage\stderr.txt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\storage\stdout.txt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\02bfb1c5c76a45b799ec634f527fdb4d_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0918cbdfd718769de9e5d5c7fbeca312_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0a1d4b6cb1ccc7469ba7b6f9190a99c3_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0c48c1b00948cec7348a6b3b5b523ee4_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0d9077e30935a45af2787781d05d2460_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\152b46b9b2a29c5c2f77a78898af9223_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\19e9f09da290c382322344bed41e23b7_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1ac0628644d69569d895cf94ba13f2c3_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1faad649993ce850a17d9758db956678_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\20965cbc476e10e4f8cbdc00d6290fad_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\23af8cd7ab6354aec56db4def41810ed_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2b1b82a65a8851410d8be0d060c6fbaf_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2d5151a607ddfe9b816dbd3b62140ce3_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2dd76258d4416b45848a7548b9756c26_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2de9e687ae9bd82d2579ae0117b73ce6_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2f51ca4148cde0f5c136268b25b06464_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\31b3c9d675c59c10f21adc57c8e843fc_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3258a1fb4aa07f779b179f6e0f5727cc_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\33d2ff471b9ff5d9b5a21848294f9817_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\340408a2ebfb287b5cb27cccc3538615_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3559196c68154ca0de55cb098c12e63d_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\39650be784465dc042fdad8f93ac98cd_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\409aa7297660f01957fbe0cd1eab10bd_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\442f5f1a7b6dfad727e5b7f9f4ce8c90_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\469cba60c275c06dc011e8b4101a2e3f_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\501aa24af523d6a00133b0b135a22b1d_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\52c2c58d506ed217d3866bd13fa6d2d1_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\549c5f5af7e5b9889828901ac70ddd8f_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\577ddee631dadc19d6c042845fa9033d_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5cd2160816989af5fa60b5e794759a18_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5fd1698ea7ec0a5fe16c9a6434d346ec_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\609d195e652ad74c0f4121f4f4171b8f_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\61d50369f3a18aad66e4184d20405270_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\652d3c3a59dd5b23eb31f7a64eff7c7b_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\676dc54b92eaa48e42baff78bdda1311_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\683e456f44f7b03edf49ec08e6f4a610_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6d0451989f8326e861c7c51a849f5e3b_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\70c3da17f029a69f19ed359e876fa3f1_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\73697d51a66fbe14709aa5e85e9d0eb1_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\77222f2278dbfe4600df8abca408f712_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\774405971ee2c6dd2f63a534bcc8c6a5_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7793f8eda26fd2d50e87d792f25b5b9a_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\786305a01ab457a757b2740190a1b062_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\821292c688f8926e0124d4945c47eacf_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8365b005d4c935b24b459a406247fe9f_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\883d3cafec5c5b29d0e7c236fc66d74a_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\88d3a932f7566243bf76acf6959ff1d6_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8939dcfbca7d7baf99c6b5a6ee542a2b_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8fa81693630c6073716bc384b1b98c79_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\92ed4bb94a8a6d399e1ba2d9f7cdd94d_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\940a20abe1dd731e20bb8b808425a859_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9d5e863570dd872b937b443a1269702c_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9deb258c36729166904e7471287a2ec8_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a1b2da023f61ed6ecae5820b9674461b_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a6e0f6effb29c78392721fb7e4bc47ef_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a718a16fe75bf8eba54b329964748137_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\adf06f824b3f45dec94b8594aa20f791_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\aeabbc46a7a29c898f9b25f50c6fc947_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\af194cb3f34cd98f9e910a40108cbbbe_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b1f0f6c0e8d0875c09f0ff9c5857c29f_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b60e6c71cbadce8f2283c881f5fad403_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b62005bb22b82a9197f5c46adf7fe4a4_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\be6baa3f934398de5bdd87dfbfc11be7_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c32b0b1dd2f163dcf17f3ba8625864f8_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c5b67918712e403ee94430b16465b647_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c6e8f7c31de2c2cbc589b59c36f78269_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cad532920ae58f743e0668dffcf3076f_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cff7b53c2f0c8a3f4e667d7adb1214ff_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d0723516ea24548b64c5d9b44a629baf_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d415f5227bd44910e68742ea35d1c1b7_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d4902a73f968d40be8cf0aeea0955ab9_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d64df4e23a1b83999789582baff7cd7f_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d76847b7310e8cb4c88f937150d0759f_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e14fa968aa900c97a4884e43f16d2886_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e37f14b87514b7c2d78f1397391002da_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e4f4b6073e8855618f4a4239adf07a97_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e583550d5596fdade1066eebaa1cb92d_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e7363c631de659ca9039068e3c2ebb2d_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e94e08342ef0b25c40a39f5aa444321d_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ea64dc3a6f7e786310d4713d68e5104f_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\eb8fcb3e05c72c2bf577fcf231a01891_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f32323836845e0a3ce3db95c9c50141d_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f5e3724978de61977dbe012981c0e662_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f93eb56a42fa294c44257009628aa21d_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f9b086af3b0f8ca1e29f470a71f67a9a_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fb01440d43104c8de421df05cf6aa5c3_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fdbb712ae9e649a7fa094e2c1ccebe71_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ff3ffbfcd1c2bd9a7469ac89a5cb029b_b6b02bbf-9416-48ff-a51e-9d382b57cd00 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-11202006-091426.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite1.zip/backWeb-8876480.exe Suspicious: Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite1.zip ZIP: suspicious - 1 skipped

C:\Documents and Settings\Brian Lewis\Application Data\Webroot\Spy Sweeper\Logs\070106100016.ses Object is locked skipped

C:\Documents and Settings\Brian Lewis\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Brian Lewis\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped

C:\Documents and Settings\Brian Lewis\Local Settings\Application Data\Copernic\DesktopSearch2\Index\MainChunk\ChunkSCLF.dat Object is locked skipped

C:\Documents and Settings\Brian Lewis\Local Settings\Application Data\Copernic\DesktopSearch2\Index\MainChunk\DocumentsFD.dat Object is locked skipped

C:\Documents and Settings\Brian Lewis\Local Settings\Application Data\Copernic\DesktopSearch2\Index\MainChunk\DocumentsID.dat Object is locked skipped

C:\Documents and Settings\Brian Lewis\Local Settings\Application Data\Copernic\DesktopSearch2\Index\MainChunk\DocumentsSD.dat Object is locked skipped

C:\Documents and Settings\Brian Lewis\Local Settings\Application Data\Copernic\DesktopSearch2\Index\MainChunk\KeywordsDBT.dat Object is locked skipped

C:\Documents and Settings\Brian Lewis\Local Settings\Application Data\Copernic\DesktopSearch2\Index\MainChunk\KeywordsDL.dat Object is locked skipped

C:\Documents and Settings\Brian Lewis\Local Settings\Application Data\Copernic\DesktopSearch2\Index\MainChunk\KeywordsIBT.dat Object is locked skipped

C:\Documents and Settings\Brian Lewis\Local Settings\Application Data\Copernic\DesktopSearch2\Index\MainChunk\KeywordsP.dat Object is locked skipped

C:\Documents and Settings\Brian Lewis\Local Settings\Application Data\Copernic\DesktopSearch2\Index\MainChunk\KeywordsSBT.dat Object is locked skipped

C:\Documents and Settings\Brian Lewis\Local Settings\Application Data\Copernic\DesktopSearch2\Logs\20070117.log Object is locked skipped

C:\Documents and Settings\Brian Lewis\Local Settings\Application Data\Copernic\DesktopSearch2\Queue\MainChunk\IndexingQueueDf.dat Object is locked skipped

C:\Documents and Settings\Brian Lewis\Local Settings\Application Data\Copernic\DesktopSearch2\Queue\MainChunk\IndexingQueueTt.dat Object is locked skipped

C:\Documents and Settings\Brian Lewis\Local Settings\Application Data\Copernic\DesktopSearch2\Queue\MainChunk\IndexingQueueUt.dat Object is locked skipped

C:\Documents and Settings\Brian Lewis\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Brian Lewis\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Brian Lewis\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{A15DA9CA-2A7B-489E-9706-45CB1A5276BE} Object is locked skipped

C:\Documents and Settings\Brian Lewis\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Brian Lewis\Local Settings\Temp\2F.tmp Object is locked skipped

C:\Documents and Settings\Brian Lewis\Local Settings\Temp\Perflib_Perfdata_828.dat Object is locked skipped

C:\Documents and Settings\Brian Lewis\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Brian Lewis\ntuser.dat Object is locked skipped

C:\Documents and Settings\Brian Lewis\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS007B58F5-C66C-4E55-9518-3C3A545EF753.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS04415B67-1269-4386-AC91-010A9BB5B747.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS078F28C4-31EE-4CA3-A7B2-70522A2983D6.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS07BA7A8E-C3E4-4F7B-AE28-5EE95D857B89.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0CAD2B71-F98C-4648-85DB-3FB16600EEDC.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0CBAD361-5121-434F-AFEA-B0A5A2B3AF45.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0CEBD53E-218B-4BDF-B058-BDB81B32E445.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0DD6AB20-1AE8-4C93-8D44-BA1B61AF8F65.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS134AD26E-2F4D-4F69-8E1A-1AF4B8478A39.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS14532F89-C4BD-4668-8101-64055D652F09.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS18EC8E83-9187-4ABA-A477-F878ABB33C20.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1982E76E-8AAF-426E-9D13-B714A397BE2D.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1A052F16-422C-4003-9111-65DEF248D708.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1C32039B-A825-4D04-AFFE-6B1431C59982.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1E3A66AE-F63B-4BE1-BF7C-F95EB97F2E5B.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS26AA1D29-867C-4252-9419-AA5D2D26AB36.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS27BF856B-33D0-476E-A98E-2F99CE32A801.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2A0C7CAE-BEB5-4BAD-86DD-95EEDC47E75C.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2A60D87F-E2C6-41DA-A6AA-4741F0F415D9.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2E8435A8-BF11-4860-938C-587C4FF148A4.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS317B3759-C52F-4E42-84FD-04262433AEB8.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS33E5FDEE-61C8-4FEB-9EAA-B737226D8DD3.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3498C000-13C9-46C1-9A37-093721166142.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3614444D-3AFE-48F6-A291-4AF2385E071E.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3D4D9353-3F85-4B85-B798-CEEE2D79CB60.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3DDC7FE9-3320-43F2-833B-59CE9A458C80.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS41EA3D70-478D-4E1F-A712-E2C17521E92B.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4400DA27-8B95-417E-B500-67B79D76096A.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS535D524A-9188-451B-BFA5-05A2D2D9922B.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS56692360-0BDD-444A-928F-944540C5F4E8.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS58038F70-A285-4B6D-B39E-95B2E23C05D8.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS588A45F2-16CF-4F33-87F9-F7D9A94EDD51.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5960F332-C1E3-428E-8146-C050DE5922DB.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS59F6B64F-C8CB-4CD4-A993-B761B2B5259B.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5D543555-C275-40B9-A5C6-FE17AFE865B0.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS62793353-E310-4E41-B4DD-2F9BA338A545.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS63659E50-4C02-4407-9F84-79A216320889.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS640E4CA0-DBC5-4E17-897B-E45FAF2D9BDF.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS64138756-CA41-4B3B-BDD9-F831EF680121.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS668F0B42-4B2E-4E2E-940A-B53543BE33F8.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS684CA43A-B952-4638-A909-E25BED6F8AC5.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6DCDF2C1-451B-40F0-880E-13F3006FC8B2.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6F9BB0C9-5020-4B95-BD17-8094A0B53321.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6FF9F2A1-E73B-4ECC-A8C0-C809D562AC98.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS75191EB0-6D54-4635-BEA3-3280BDCDA134.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS75F8BF66-8F2D-4B0F-AD85-D81444C3CEAE.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS78A3215E-6A89-48F7-9140-CA111F81D11B.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8197C79C-4475-4ED7-8EB7-C9EA78134C69.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8333656C-101E-4D43-ADAB-D6617CB930D6.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8B08071D-E714-4FED-AD95-8F46469E7EE6.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8C1725AC-4055-4320-AEC4-76451BB491B9.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS90D13AC6-8DD3-44D4-9015-53E21E69DB60.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9858A7DD-06FD-43F1-9E02-0CD43F387497.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9C1CD30A-2DF4-46B1-935F-CAD9D3B1F8E0.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9C55EE27-4D6D-4967-957C-B530DD7B0CC4.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9E01F61F-5870-4329-917A-E982B81FFA52.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9F6A333F-2EB7-41D6-B41E-98B7B72F8C93.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9FB8ED35-6342-4131-8E36-C541D70DECD5.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9FD429CD-FE6E-4546-BC73-9F603B6BA569.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA36EA9D4-B8DE-4F48-B5BE-D5397E175337.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA869B49C-E561-4733-879C-E2FB13C7A611.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAA33FEA4-0A48-48D0-B51E-D12A351E3032.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAAB9F691-F311-489E-90CA-F3B732B0E6CB.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAC0FC1C5-7ADA-4F91-9BAA-6B2AA89F073F.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB4DF1D04-9545-4A88-A027-33431181132D.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBC0178D1-7DCE-44F6-8D6C-23D7BD7C2779.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBD587F6E-C379-4FA6-9A6F-2C782BC34032.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBFC8C349-029C-4FCB-8598-2A2113387596.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC624CC1B-8541-4312-8896-3FDC5A41EFD0.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC782F848-84F2-4C51-BBD8-5883B2B15F06.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC87299A0-15F9-4BD5-A901-C0C8D774773B.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD08440B1-FC67-4788-9E34-D14D5A82C2A7.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD42C20A3-90E6-4D39-AAFD-58EADFD59F8B.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD65CE53D-293C-46ED-82E9-E68E3EC0CFD3.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD7D415A0-06DC-45DC-82EB-8CB0B7FD9512.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDF60C143-1129-42A0-87CC-3E8D621569CF.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE0257288-B81E-4B27-9352-8AEEB7E6731B.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE5362E67-52AE-49D8-B39F-5C16A02A3F63.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE691CA19-20CA-47A2-897F-66C473E8804B.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE85CEFD9-31BF-4146-A29C-B31DC021A139.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEC422AE7-74A2-4BB6-AC31-D9190BDE28B8.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEE216C79-4619-4628-82BF-CE00FD6D1DB1.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF2DDF32A-3F7B-4029-A952-61B04CA4815B.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF337E188-680D-4433-B5BE-B58CA49142EB.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF545A663-383C-4633-9528-E2083E96907E.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF580A075-C736-4AF5-836B-B733ED98D58E.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF5DAC11D-60B0-46AB-9350-F1C53EF26FD8.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF84988DE-C39F-4430-A3B8-667170640A4B.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF8C09BB5-7FE0-42A2-970B-80990AD653A2.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFBC3874A-F866-4D84-876B-C3CA5319E5A1.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFECF9D48-D2F3-4168-AC42-191605256DCA.tmp Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Common Files\AOL\ACS\UK\forms.fdb Object is locked skipped

C:\Program Files\Common Files\AOL\ACS\UK\static Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{E6349A96-D08B-479C-977B-84EA05E0F33C}\RP980\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Internet Logs\BRIANS.ldb Object is locked skipped

C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped

C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped

C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped

C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped

C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{CBDA59F8-6F4C-4E50-848D-C232884DD251}.crmlog Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\MsDtc\MSDTC.LOG Object is locked skipped

C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_23c.dat Object is locked skipped

C:\WINDOWS\Temp\ZLT015ee.TMP Object is locked skipped

C:\WINDOWS\Temp\ZLT015f8.TMP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

F:\System Volume Information\_restore{E6349A96-D08B-479C-977B-84EA05E0F33C}\RP980\change.log Object is locked skipped

Scan process completed.


Logfile of HijackThis v1.99.1
Scan saved at 12:40:44, on 17/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\clipsrv.exe
C:\PROGRA~1\COSIDS\BIN\TbMux32.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\AOL\1132918867\ee\AOLSoftware.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\Program Files\VoyagerTest\fts.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Screensaver Control\ScreensaverControl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HDD Health\hddhealth.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Uniblue\ProcessLibrary\qaccess.exe
C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
c:\program files\common files\aol\1132918867\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
c:\program files\common files\aol\1132918867\ee\aolsoftware.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\WINDOWS\System32\dllhost.exe
C:\PROGRAM FILES\VIROBOTXP\VRRES.EXE
C:\PROGRAM FILES\VIROBOTXP\VRMONNT.EXE
C:\Program Files\ViRobotXP\vrmonsvc.exe
C:\Documents and Settings\Brian Lewis\My Documents\Programmes\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/breakfast
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\saIE.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\saIE.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand2526.dll
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [VrSchedule] C:\Program Files\ViRobotXP\Vrres.exe
O4 - HKLM\..\Run: [Vrmon] C:\Program Files\ViRobotXP\vrmonnt.exe Main
O4 - HKLM\..\Run: [Acronis True Image Monitor] "C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1132918867\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] "C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe" icon
O4 - HKLM\..\Run: [DSLAGENTEXE] "C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe"
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
O4 - HKLM\..\Run: [VrBootScan] "C:\Program Files\ViRobotXP\VRBScan.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ScreensaverControl] "C:\Program Files\Screensaver Control\ScreensaverControl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HDDHealth] "C:\Program Files\HDD Health\hddhealth.exe" -wl
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Uniblue Quick Access] "C:\Program Files\Uniblue\ProcessLibrary\qaccess.exe" /startup
O4 - HKCU\..\Run: [Copernic Desktop Search 2] "C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {38D63471-E630-4492-A986-B8C48B79F2F8} (CVideoEgg_ActiveXCtl Object) - http://update.videoegg.com/wintel/VideoEggPublisher.exe
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computerc ... diagcc.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2836488187
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O17 - HKLM\System\CCS\Services\Tcpip\..\{532C0B21-6CB0-424E-943F-B6E897FEDC6A}: NameServer = 205.188.146.145
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: COSIDS_TB - TransAction Software, D 81737 Munich - C:\PROGRA~1\COSIDS\BIN\TbMux32.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: H - Unknown owner - C:\DOCUME~1\BRIANL~1\LOCALS~1\Temp\H.exe (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ViRobot Expert Monitoring (vrmonsvc) - HAURI - C:\Program Files\ViRobotXP\vrmonsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe



I note that Kaspersky has found 1 virus and 2 suspicious files.

I look forward to hearing from you, and thanks agaain for your help.
Brian
YogiBear35
Active Member
 
Posts: 8
Joined: January 8th, 2007, 6:18 pm
Location: Scotland

Unread postby John B. » January 17th, 2007, 3:24 pm

Hi Brian,

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite1.zip/backWeb-8876480.exe Suspicious: Password-protected-EXE skipped

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite1.zip ZIP: suspicious - 1 skipped

They're in the Recovery folder of Spybot - Search & Destroy so that means they're inactive. In quarantaine kind of.

Keeping your computer away from a lot of useless programs is very important to keep it fast. You can also look through the programs that start when you boot and see if you can disable some. Most of the times it's a setting saying 'automatically start with Windows' and you can disable that.

As long as you're using Anti-Virus and a Firewall it's ok :)

About the egg timer. Can you tell me which program comes in being 'more important'? If you make a HijackThis log while that egg timer is running I can maybe trace which process so which program it is.
If you want me to I can keep this thread open for 10 more days before it closes.
If you think it's alright and you can do it yourself it's fine too.
The choice is yours.

You can also make a special useraccount for your grandchildren and limit the rights on it. You can do that by going to Control Panel > User Accounts and there you can make new accounts and edit them (also the rights).

Here are some tips to keep your computer clean :)
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
    You can find instructions on how to enable and re enable system restore here:
    Managing Windows Millennium System Restore
    or
    Windows XP System Restore Guide
    re-enable system restore with instructions from tutorial above.
  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialise and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some on line & their stand-alone anti virus programs:
    Computer Safety On line - Anti-Virus
    I recommend AVG Anti-Virus (Free Edition)!
  • Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.
  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For an article on Firewalls and a listing of some available ones see the link below:
    Computer Safety On line - Software Firewalls
    I recommend ZoneAlarm (Free Edition)!
  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.
    This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here:
    Instructions for - Spybot S & D and Ad-aware
  • Install Ad-Aware - Install and download Ad-Aware. You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot. A tutorial on installing & using this product can be found here:
    Instructions for - Spybot S & D and Ad-aware
  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A article on anti-malware products with links for this program and others can be found here:
    Computer Safety on line - Anti-Malware
  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

>> Here << you can see how you can help us.

May your God go with you..

John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Unread postby YogiBear35 » January 17th, 2007, 6:18 pm

Hi John

Very many thanks for all your help and advice.
One question, what has happened to the virus and the suspicious files that Kaspesky found? Have been removed? Come to think of it, that's two questions.

As you will have seen, and you remarked on it earlier though not in these words, I am a bit paranoid about security. I have AdAware; SpyBot; Spy Sweeper; Windows Defender and AOL's own versions installed. All are updated at least once a week.
The Antivirus programme I am using is PC Security Shield, otherwise known as VI Robot. It has proved to be very good so far, and it's updated daily, the first thing I do when I connect to the internet is to update it before I lok at anything else. Having done that, it quite often cuts in to whatever I am doing with other updates.
The Firewall is Zone Alarm.

I've tried to track down the process that is causing the egg timer to start but it only lasts a few seconds so, by the time I've gone into Task Manager, it has usually finished. I'll keep trying, maybe I will catch it one of these days.

Very many thanks again, if I can catch whatever is turning the egg timer on then I will let you know.

I will follow all your other suggestions, and restrict what my grandchildren can do. They don't do a great deal, only using my computer to download some music now and again as their computer is too slow. In fact it could be classed as worn out, well obsolete and not really worth the trouble to upgrade it, not when you consider the prices of new ones these days. A new one would probably work out cheaper.
YogiBear35
Active Member
 
Posts: 8
Joined: January 8th, 2007, 6:18 pm
Location: Scotland

Unread postby John B. » January 18th, 2007, 1:48 pm

Hi,

The files found by Kaspersky were all in the Recovery folders so that means they're inactive!

It's really good to be up to date with security but always make sure you're only running one AntiVirus program and one Firewall program. Running more of them can cause conflictions. It's allowed to have multiple AntiSpyware programs but it can slow down your pc. It depends on if they're always running:
- Spywareblaster, Ad-Aware, etc. are programs that you update, (scan with,) and close again so they won't slow down your pc.
- Windows Defender, Spybot - Search & Destroy's Teatimer function, etc. are always running and they could slow down your pc.

If the eggtimer is not lethal for the things you're doing at that moment I think it's not really important. Maybe you'll find out what it is some time.
If you don't have anymore questions now I will close the thread but you can always email the administrator to have it reopened for the eggtimer.

Restricting the installation of programs won't bother your grandchildren if they only download music, etc. and it's good to have some restrictions.
If the pc keeps slowing down a reformat and reinstall would be a very good choice because Windows XP itself will always slow down after some time, but I think that won't be a good choice now!

You can also visit http://www.pcpitstop.com/ and do some of the free tests there. They might reveal something running on your system you don't know about and might be able to tune up your pc a bit ;)

Please ask anymore questions you have!

Greets, John.
User avatar
John B.
MRU Master Emeritus
 
Posts: 4568
Joined: May 14th, 2006, 5:05 am
Location: The Netherlands

Unread postby YogiBear35 » January 18th, 2007, 5:51 pm

OK John. Everything seems fine now, except for the eggtimer still cutting in from time to time but, as I said, by the time I've brought up Task Manager, it's back to normal, you never know, I might strike lucky and catch whatever it is. It could well be one of the spyware programmes that you say are always active, it seems the best bet at the moment.
Very many thanks for all your help.
YogiBear35
Active Member
 
Posts: 8
Joined: January 8th, 2007, 6:18 pm
Location: Scotland
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 37 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware