Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Can anyone find a keylogger in this HijackThis log?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Can anyone find a keylogger in this HijackThis log?

Unread postby jadanner » October 1st, 2007, 12:44 am

I had an account hacked and I want to rule out the possiblity that someone keylogged my computer. No other outward sign of problems.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:15:41 PM, on 9/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Retrospect\Retrospect 7.5\retrorun.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\World of Warcraft\WoW.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

O1 - Hosts: HP56A6C2 HP00187156A6C2
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1A1DAC8C-074D-440F-8707-7009A672D7D1} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [StatusClient] "C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" /auto
O4 - HKLM\..\Run: [TomcatStartup] "C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [PlaxoUpdate] "C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe" -a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3559359093
O16 - DPF: {C2ED62BE-4FF5-4FAF-9274-3BA328DCA35C} (TimeTrackingV2.UserControl1) - https://timetracking.quickbooks.com/ocx ... kingV2.ocx
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.5\retrorun.exe
O23 - Service: Retrospect Helper - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.5\rthlpsvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe (file missing)
O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: RoxMediaDB9 - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (file missing)
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 12945 bytes
jadanner
Active Member
 
Posts: 2
Joined: October 1st, 2007, 12:41 am
Advertisement
Register to Remove

Unread postby askey127 » October 1st, 2007, 7:15 am

Hi jadanner,
-----------------------------------------------------------
YOU HAVE NO ANTI-VIRUS PROGRAM
Download just one of these free anti-virus programs, update it and run a full scan. Have it fix anything it finds.
*Grisoft AVG from here : http://free.grisoft.com/doc/1
*AntiVir Free from here : http://www.free-av.com/
*Avast Home Edition from here : http://www.avast.com/eng/down_home.html
------------------------------------------------------------
Update your Java.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components.
  • Close any programs you may have running, ESPECIALLY your web browser
  • Click Start > Control Panel > Add/Remove Programs.
  • Check any item with Java Runtime Environment, JRE, J2SE, or Java Webstart in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove all installed versions of Java.
  • Reboot your computer once all Java components are removed.
Then download the latest version of Java Runtime Environment(JRE), and install it to your computer. It is the fourth one down on the page, called Java Runtime Environment (JRE) 6 Update 2
Download it, choose save, and save it to your desktop.Then doubleclick it, and it will install the newest version of Java for you to use.
----------------------------------------------------------
Download and Install CCleaner
  • Download CCleaner from here
  • Double click on ccsetupXXX_slim.exe to start the installation of CCleaner. (XXX is the version number)
  • Click OK
  • Click Next
  • Click I agree
  • Click Next
  • Click Install
  • Once the installation has finished, click Finish
-----------------------------------------------------------
Set Options in CCleaner and run Cleaning Scan.
Open CCleaner if it's not already running.
( Do not use the Issues block to clean anything with this program. It is for experts only and it is risky).
  • Select Cleaner Settings.
    Check Internet Explorer, Windows Explorer, and System so that all items are checked. In the Advanced section, have a check only on Old PreFetch Data.
  • Click on the Options block on the left. Select Advanced.
    Uncheck Only delete files in Windows Temp folders older than 48 hours.
  • Set Cookie Retention.
    Click on the Options block on the left, then choose Cookies.
    Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane.
  • Run Cleaning Scan. Click on the Cleaner block on the left. Choose the Windows tab.
    Click the Run Cleaner button. This process could take a while. When CCleaner shows how much has been removed, cleaning is finished.
Exit CCleaner by clicking on the X button in the upper right of the CCleaner window.
-----------------------------------------------------
Using Internet Explorer, Please Do an Online Scan with Kaspersky WebScanner.
Go here to run an online scanner from Kaspersky.
  • Click on "Kaspersky Online Scanner"
  • A new smaller window will pop up. Press on "Accept". After reading the contents.
  • Now Kaspersky will update the anti-virus database. Let it run.
  • Click on "Next">"Scan Settings", and make sure the database is set to "extended". And check both the scan options. Then click OK.
  • Then click on "My Computer", and the scan will start.
  • Once finished, save the log to your Desktop as filename KAV.txt

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.

Please post the contents of KAV.txt and a fresh HiJackThis log.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

OK, two more logs...

Unread postby jadanner » October 1st, 2007, 10:55 pm

Thanks for the basics, I did everything in the list and here are the two logs. Let me know what else I should do and thanks for all of the help!

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, October 01, 2007 7:50:22 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 1/10/2007
Kaspersky Anti-Virus database records: 426084
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
Z:\

Scan Statistics:
Total number of scanned objects: 128154
Number of viruses found: 13
Number of infected objects: 84
Number of suspicious objects: 0
Duration of the scan process: 02:41:00

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_5b150187-0f05-4c72-917c-77c8e6964ac4 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\LOGS\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.44.Crwl Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.44.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010010.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010011.ci Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010011.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010011.wsb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010018.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010019.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy8.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf10.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\NtfF.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_ec8.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\InboxLOG.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\OutboxLOG.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Prism\b8de3070 Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\MSDVRMM_3101569136_597032960_9065 Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\MSDVRMM_3101569136_879820800_13324 Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBE1.tmp Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBE2.tmp Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\{5AADE7B6-5300-4BDA-9BF4-CF8AE90FC641}.TmpSBE Object is locked skipped
C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\{B8638F28-32B8-45B3-9137-D6F6842DEE40}.TmpSBE Object is locked skipped
C:\Documents and Settings\John Danner\Application Data\Mozilla\Firefox\Profiles\dif7q4xr.default\cert8.db Object is locked skipped
C:\Documents and Settings\John Danner\Application Data\Mozilla\Firefox\Profiles\dif7q4xr.default\history.dat Object is locked skipped
C:\Documents and Settings\John Danner\Application Data\Mozilla\Firefox\Profiles\dif7q4xr.default\key3.db Object is locked skipped
C:\Documents and Settings\John Danner\Application Data\Mozilla\Firefox\Profiles\dif7q4xr.default\parent.lock Object is locked skipped
C:\Documents and Settings\John Danner\Application Data\Mozilla\Firefox\Profiles\dif7q4xr.default\search.sqlite Object is locked skipped
C:\Documents and Settings\John Danner\Application Data\Mozilla\Firefox\Profiles\dif7q4xr.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\John Danner\Application Data\Webroot\Spy Sweeper\Logs\071001122201.ses Object is locked skipped
C:\Documents and Settings\John Danner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\John Danner\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse Object is locked skipped
C:\Documents and Settings\John Danner\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\John Danner\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\John Danner\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\John Danner\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\John Danner\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\John Danner\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\John Danner\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\John Danner\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\John Danner\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\John Danner\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\John Danner\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\John Danner\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\John Danner\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\John Danner\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\John Danner\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\John Danner\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\John Danner\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\John Danner\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\John Danner\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped
C:\Documents and Settings\John Danner\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped
C:\Documents and Settings\John Danner\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\John Danner\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\John Danner\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\John Danner\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\John Danner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\John Danner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\John Danner\Local Settings\Application Data\Mozilla\Firefox\Profiles\dif7q4xr.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\John Danner\Local Settings\Application Data\Mozilla\Firefox\Profiles\dif7q4xr.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\John Danner\Local Settings\Application Data\Mozilla\Firefox\Profiles\dif7q4xr.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\John Danner\Local Settings\Application Data\Mozilla\Firefox\Profiles\dif7q4xr.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\John Danner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\John Danner\Local Settings\History\History.IE5\MSHist012007100120071002\index.dat Object is locked skipped
C:\Documents and Settings\John Danner\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\John Danner\Local Settings\Temp\jar_cache21.tmp Object is locked skipped
C:\Documents and Settings\John Danner\Local Settings\Temp\~DF2427.tmp Object is locked skipped
C:\Documents and Settings\John Danner\Local Settings\Temp\~DF667C.tmp Object is locked skipped
C:\Documents and Settings\John Danner\Local Settings\Temp\~DF66A9.tmp Object is locked skipped
C:\Documents and Settings\John Danner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\John Danner\My Documents\My eBooks\oct 27 2004 -.pst/Personal Folders/Inbox/24 Jul 2005 16:06 from Paypal Security:New Security Requirements.html Infected: Trojan-Spy.HTML.Paylap.ev skipped
C:\Documents and Settings\John Danner\My Documents\My eBooks\oct 27 2004 -.pst/Personal Folders/Inbox/13 Aug 2005 09:43 from John:/Work and taxes.zip/Taxes.exe Infected: Email-Worm.Win32.Bagle.cl skipped
C:\Documents and Settings\John Danner\My Documents\My eBooks\oct 27 2004 -.pst/Personal Folders/Inbox/13 Aug 2005 09:43 from John:/Work and taxes.zip Infected: Email-Worm.Win32.Bagle.cl skipped
C:\Documents and Settings\John Danner\My Documents\My eBooks\oct 27 2004 -.pst/Personal Folders/Sent Items/21 Jun 2005 18:30 to spam@earthlink.net:FW: Warning Message: You/important-details.zip/important-details.txt .pif Infected: Net-Worm.Win32.Mytob.bi skipped
C:\Documents and Settings\John Danner\My Documents\My eBooks\oct 27 2004 -.pst/Personal Folders/Sent Items/21 Jun 2005 18:30 to spam@earthlink.net:FW: Warning Message: You/important-details.zip Infected: Net-Worm.Win32.Mytob.bi skipped
C:\Documents and Settings\John Danner\My Documents\My eBooks\oct 27 2004 -.pst/Personal Folders/Spam/07 Feb 2005 20:30 from Citizens Bank:Important Online Banking Al.html Infected: Trojan-Spy.HTML.Bankfraud.ca skipped
C:\Documents and Settings\John Danner\My Documents\My eBooks\oct 27 2004 -.pst/Personal Folders/Spam/08 Dec 2004 21:47 from Post Office/message.zip/message.htm .exe Infected: Email-Worm.Win32.Mydoom.m skipped
C:\Documents and Settings\John Danner\My Documents\My eBooks\oct 27 2004 -.pst/Personal Folders/Spam/08 Dec 2004 21:47 from Post Office/message.zip Infected: Email-Worm.Win32.Mydoom.m skipped
C:\Documents and Settings\John Danner\My Documents\My eBooks\oct 27 2004 -.pst/Personal Folders/Spam/05 Dec 2004 00:51 from SunTrust:SunTrust Bank Strongly Recommend.html Infected: Trojan-Spy.HTML.Bankfraud.u skipped
C:\Documents and Settings\John Danner\My Documents\My eBooks\oct 27 2004 -.pst/Personal Folders/Spam/02 Dec 2004 18:33 from Returned mail:Delivery reports about your/text.exe Infected: Email-Worm.Win32.Mydoom.m skipped
C:\Documents and Settings\John Danner\My Documents\My eBooks\oct 27 2004 -.pst/Personal Folders/Spam/27 Nov 2004 05:32 from admin@wamu.com:WAMU Online Banking. Accou.eml Infected: Trojan-Spy.HTML.Bankfraud.aq skipped
C:\Documents and Settings\John Danner\My Documents\My eBooks\oct 27 2004 -.pst/Personal Folders/Spam/11 Nov 2004 22:30 from Post Office:Delivery failed/readme.zip/readme.htm .scr Infected: Email-Worm.Win32.Mydoom.m skipped
C:\Documents and Settings\John Danner\My Documents\My eBooks\oct 27 2004 -.pst/Personal Folders/Spam/11 Nov 2004 22:30 from Post Office:Delivery failed/readme.zip Infected: Email-Worm.Win32.Mydoom.m skipped
C:\Documents and Settings\John Danner\My Documents\My eBooks\oct 27 2004 -.pst/Personal Folders/Spam/30 Oct 2004 18:55 from stenman@edelhard.de:John, You have new p.html Infected: Trojan-Spy.HTML.Pcard.c skipped
C:\Documents and Settings\John Danner\My Documents\My eBooks\oct 27 2004 -.pst/Personal Folders/Spam/31 May 2005 20:07 from Jvarrich/8.zip/03_05_2005.exe Infected: Email-Worm.Win32.Bagle.bo skipped
C:\Documents and Settings\John Danner\My Documents\My eBooks\oct 27 2004 -.pst/Personal Folders/Spam/31 May 2005 20:07 from Jvarrich/8.zip Infected: Email-Worm.Win32.Bagle.bo skipped
C:\Documents and Settings\John Danner\My Documents\My eBooks\oct 27 2004 -.pst/Personal Folders/Spam/09 Jun 2005 18:54 from webmaster@danners.org:*DETECTED* ONLINE U/info-text.zip/info-text.htm .pif Infected: Net-Worm.Win32.Mytob.bf skipped
C:\Documents and Settings\John Danner\My Documents\My eBooks\oct 27 2004 -.pst/Personal Folders/Spam/09 Jun 2005 18:54 from webmaster@danners.org:*DETECTED* ONLINE U/info-text.zip Infected: Net-Worm.Win32.Mytob.bf skipped
C:\Documents and Settings\John Danner\My Documents\My eBooks\oct 27 2004 -.pst/Personal Folders/Spam/21 Jun 2005 18:23 from admin@danners.org:Warning Message: Your s/important-details.zip/important-details.txt .pif Infected: Net-Worm.Win32.Mytob.bi skipped
C:\Documents and Settings\John Danner\My Documents\My eBooks\oct 27 2004 -.pst/Personal Folders/Spam/21 Jun 2005 18:23 from admin@danners.org:Warning Message: Your s/important-details.zip Infected: Net-Worm.Win32.Mytob.bi skipped
C:\Documents and Settings\John Danner\My Documents\My eBooks\oct 27 2004 -.pst/Personal Folders/Spam/22 Jun 2005 16:29 from admin@danners.org:YOUR NEW ACCOUNT PASSWO/email-password.zip/email-password.txt .scr Infected: Net-Worm.Win32.Mytob.bi skipped
C:\Documents and Settings\John Danner\My Documents\My eBooks\oct 27 2004 -.pst/Personal Folders/Spam/22 Jun 2005 16:29 from admin@danners.org:YOUR NEW ACCOUNT PASSWO/email-password.zip Infected: Net-Worm.Win32.Mytob.bi skipped
C:\Documents and Settings\John Danner\My Documents\My eBooks\oct 27 2004 -.pst/Personal Folders/Spam/22 Jun 2005 22:49 from PayPal:New Security Requirements.html Infected: Trojan-Spy.HTML.Paylap.ev skipped
C:\Documents and Settings\John Danner\My Documents\My eBooks\oct 27 2004 -.pst Mail MS Mail: infected - 23 skipped
C:\Documents and Settings\John Danner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\John Danner\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS00462889-7335-4397-A5FC-04A70BFBA1AD.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS005C42E9-45AD-4468-9B98-761E577532D9.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS04B75702-590A-434B-9EA4-E6474EF38326.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS078440C7-A593-464A-841B-B20D99472D4E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0F018E47-037D-4FCC-B45A-64E794A7CA75.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS138F2FAF-F023-4E4B-B822-36202406F50C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS13A90DED-CC2E-4535-8F7A-BA3E4D15F8BA.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1C102418-CF2E-4871-8A90-CBE432F5C8A1.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1C23A575-4C71-40AF-A67C-1897B3D55C78.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS21B41B57-1732-410D-A6BA-3BF8C954B805.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS27A4D9CF-2A39-4399-90A1-BE066C8D4B15.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS28DC58FF-30DA-46F7-8F44-32E81AE1D9A3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2CD79435-E360-4725-B398-173ACCBB9BA4.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS33F28E0C-68D5-4250-9DE5-414DC052E474.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS350775BF-6B36-400A-AEE1-B6E6787C3C25.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS35FDCB77-D7B0-4316-A291-9BD4ECA1243D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS36F4B39B-B891-4B18-9859-39DFFC5F8942.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS38B2C9EB-C571-4EAE-A497-24C512C2AF9C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3ABCD5AB-934C-4DF9-884A-90A52AAABC2A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3B3D1416-57D5-46C8-B52D-98C92CB98E67.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3E557C9B-E0CF-4D8F-9DD7-66413713441B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS406EA871-3855-4B67-95E6-7759BFA72206.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS434980B7-79BE-4F68-9360-797AA79AF5AD.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS47D24277-1200-48CA-A792-D1E5DB110D3D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4B55698C-C712-42C7-8F5E-7B11CEE7251E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4CFFA0EF-CBE5-43F9-9068-F14453AC081C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4F8CB282-6A6C-454A-BC8B-091604835151.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS591E17B4-D621-4A7E-8767-3CE780E98F6F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5A300817-A3BA-4B03-98A8-B7CBB2CD126C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS61755611-95FC-4690-A3DF-FDD263BAB1C9.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS61CE1842-F92C-4701-AF8B-8DA0427194F5.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS685AA160-36F8-42E1-89AD-881B3D59FD3E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6A6623D6-B9E5-4DEE-85E2-5FCAE3556962.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6E308824-5E8F-4F79-8E23-D67BAE0B4FA8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6ED429D9-11FC-4ED6-9138-02946C2523C9.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6F0D4E71-E472-490D-9601-73DA511D39AF.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS729B2122-6D28-4D88-ADCF-BB8525DB1C1C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS735863C0-38E8-4F90-8F76-49F2CE0CEC39.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS74689847-4018-4BDF-8C79-88934738A622.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7580EC76-834A-4CBB-8EDD-8EBE07B86C98.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7BA9D8EF-793E-4C49-83C4-1685514C305C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7D457CED-EA69-435A-BA54-35585A257206.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7F049993-313E-4D1E-8209-0D06E06B2817.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7FD382DB-05AD-4676-A5ED-B743C2F0778F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7FD88C5A-2795-480F-9799-D33E77A1DAC5.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS86F871B0-3A37-44C9-B400-590CEE0CEEB0.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8962E0A9-8762-4D45-A5B6-178EB06A0F47.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS918D17F8-370F-45B8-80D3-D720D7E9D507.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS920FA5DC-EBE2-4011-8AA2-AAA197F14E7E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS97B458FF-4B26-4EAE-9889-16E256328DB1.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9837B316-276E-4AEE-B539-C3CB71126DEF.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS99F19EAD-AE96-42F4-AE1E-27776288D0C8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9A0F58AF-3E5D-4902-AC9D-D567595E227E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9A8087D6-1631-4396-8911-B6C374D59C54.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9A8638DD-73CE-400F-8E1B-A593B8282A81.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9DFF2768-EC26-4774-AB57-A9D664910A97.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9E5F3DD8-1021-4068-A99D-DC19310AE074.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS9E6011FB-E75A-46DE-9D20-0730EA0ED317.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA279281A-6B9B-4C3A-8A89-CFC7307940BD.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA82EFF06-EED7-4F98-9E74-E8412A1C0DD6.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAC6FA008-22EF-4A1D-9C80-5E6EF26B86E3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB451A6D3-B36C-4583-81EF-88F8F0461281.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB69818FB-5AEA-4573-BA32-135A8604D9FA.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBA251ECF-1D9C-494B-A952-A6134EEE2531.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC2286397-4978-4BD2-AC6E-143D1507A0B7.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC5875278-02F8-4FAE-873B-CFC3549D94F7.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC659141D-E43A-4141-B885-98ED0E716A32.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC7C9F7E2-D77C-442A-9C2C-8D1A485CB063.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC8847DC1-1926-44B3-8385-3FBED4CB4477.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC97D7FBB-8911-45F3-B168-AA92E1B855E1.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCA0CA16F-5DA8-4D34-B07E-F4BCB9E1CB6C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCA7568A5-D697-428D-BAF1-80576BB4D07A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCEAF3F83-6114-4A80-9BEC-3E8D194B980E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCF9AF1A2-F80B-4E8F-8CAF-1E5111CF5270.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD39C5087-9546-4856-AECF-2EC960AEC9AE.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD5D1A10B-75A3-4BF0-8AF0-315ADE291A92.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD614D4CD-C169-4D9A-9573-AED77A874539.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD64ACD40-AA78-47A3-B9C6-7DC539C55C7C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD6E3B920-3283-4EEA-B3F3-15F8E891313C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD89B2062-1528-458C-811A-48B518DCF047.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD9BE041C-FAA4-4838-9D6A-B5C770F6DEFA.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDCA2BD59-7CFE-4AC9-A327-D68B68D51592.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDD503F1A-71E7-47DC-9950-1ACE46B06383.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE4DD2ACD-37AD-4AFD-903A-9D502B9A77C6.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF055F493-53CA-4A82-9BD2-1E47465709FD.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF2ADEFAB-47E6-4DCE-933D-594AEC2B8EB3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF30790B7-3247-4674-A9D9-E522C5615428.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF5E2D339-AAF4-403E-B0F9-98DFA3992F5A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF6CC7C66-D200-4C8D-93DB-28EA2DC9D8A5.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFB1B53CF-E823-41BE-BF7B-6B581EB54D29.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFB53566F-2306-4A0D-BD3F-2A75A752190F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\My Documents\Backup 8-6-7\oct 27 2004 -.pst/Personal Folders/Inbox/08 Sep 2006 08:24 to john@danners.org:RR_0919025-[YOUR DETAILS H/RR_0919025.zip/RR_0919025.exe Infected: Trojan-Downloader.Win32.Small.dsz skipped
C:\My Documents\Backup 8-6-7\oct 27 2004 -.pst/Personal Folders/Inbox/08 Sep 2006 08:24 to john@danners.org:RR_0919025-[YOUR DETAILS H/RR_0919025.zip Infected: Trojan-Downloader.Win32.Small.dsz skipped
C:\My Documents\Backup 8-6-7\oct 27 2004 -.pst Mail MS Mail: infected - 2 skipped
C:\My Documents\Dell XPS Daily Backup\oct 27 2004 -.pstold/Personal Folders/Inbox/13 Aug 2005 09:43 from John/Work and taxes.zip/Taxes.exe Infected: Email-Worm.Win32.Bagle.cl skipped
C:\My Documents\Dell XPS Daily Backup\oct 27 2004 -.pstold/Personal Folders/Inbox/13 Aug 2005 09:43 from John/Work and taxes.zip Infected: Email-Worm.Win32.Bagle.cl skipped
C:\My Documents\Dell XPS Daily Backup\oct 27 2004 -.pstold/Personal Folders/Sent Items/21 Jun 2005 18:30 to spam@earthlink.net:FW: Warning Message: You/important-details.zip/important-details.txt .pif Infected: Net-Worm.Win32.Mytob.bi skipped
C:\My Documents\Dell XPS Daily Backup\oct 27 2004 -.pstold/Personal Folders/Sent Items/21 Jun 2005 18:30 to spam@earthlink.net:FW: Warning Message: You/important-details.zip Infected: Net-Worm.Win32.Mytob.bi skipped
C:\My Documents\Dell XPS Daily Backup\oct 27 2004 -.pstold/Personal Folders/Spam/07 Feb 2005 20:30 from Citizens Bank:Important Online Banking Al.html Infected: Trojan-Spy.HTML.Bankfraud.ca skipped
C:\My Documents\Dell XPS Daily Backup\oct 27 2004 -.pstold/Personal Folders/Spam/08 Dec 2004 21:47 from Post Office/message.zip/message.htm .exe Infected: Email-Worm.Win32.Mydoom.m skipped
C:\My Documents\Dell XPS Daily Backup\oct 27 2004 -.pstold/Personal Folders/Spam/08 Dec 2004 21:47 from Post Office/message.zip Infected: Email-Worm.Win32.Mydoom.m skipped
C:\My Documents\Dell XPS Daily Backup\oct 27 2004 -.pstold/Personal Folders/Spam/05 Dec 2004 00:51 from SunTrust:SunTrust Bank Strongly Recommend.html Infected: Trojan-Spy.HTML.Bankfraud.u skipped
C:\My Documents\Dell XPS Daily Backup\oct 27 2004 -.pstold/Personal Folders/Spam/02 Dec 2004 18:33 from Returned mail:Delivery reports about your/text.exe Infected: Email-Worm.Win32.Mydoom.m skipped
C:\My Documents\Dell XPS Daily Backup\oct 27 2004 -.pstold/Personal Folders/Spam/27 Nov 2004 05:32 from admin@wamu.com:WAMU Online Banking. Accou.eml Infected: Trojan-Spy.HTML.Bankfraud.aq skipped
C:\My Documents\Dell XPS Daily Backup\oct 27 2004 -.pstold/Personal Folders/Spam/11 Nov 2004 22:30 from Post Office:Delivery failed/readme.zip/readme.htm .scr Infected: Email-Worm.Win32.Mydoom.m skipped
C:\My Documents\Dell XPS Daily Backup\oct 27 2004 -.pstold/Personal Folders/Spam/11 Nov 2004 22:30 from Post Office:Delivery failed/readme.zip Infected: Email-Worm.Win32.Mydoom.m skipped
C:\My Documents\Dell XPS Daily Backup\oct 27 2004 -.pstold/Personal Folders/Spam/30 Oct 2004 18:55 from stenman@edelhard.de:John, You have new p.html Infected: Trojan-Spy.HTML.Pcard.c skipped
C:\My Documents\Dell XPS Daily Backup\oct 27 2004 -.pstold/Personal Folders/Spam/31 May 2005 20:07 from Jvarrich/8.zip/03_05_2005.exe Infected: Email-Worm.Win32.Bagle.bo skipped
C:\My Documents\Dell XPS Daily Backup\oct 27 2004 -.pstold/Personal Folders/Spam/31 May 2005 20:07 from Jvarrich/8.zip Infected: Email-Worm.Win32.Bagle.bo skipped
C:\My Documents\Dell XPS Daily Backup\oct 27 2004 -.pstold/Personal Folders/Spam/09 Jun 2005 18:54 from webmaster@danners.org:*DETECTED* ONLINE U/info-text.zip/info-text.htm .pif Infected: Net-Worm.Win32.Mytob.bf skipped
C:\My Documents\Dell XPS Daily Backup\oct 27 2004 -.pstold/Personal Folders/Spam/09 Jun 2005 18:54 from webmaster@danners.org:*DETECTED* ONLINE U/info-text.zip Infected: Net-Worm.Win32.Mytob.bf skipped
C:\My Documents\Dell XPS Daily Backup\oct 27 2004 -.pstold/Personal Folders/Spam/21 Jun 2005 18:23 from admin@danners.org:Warning Message: Your s/important-details.zip/important-details.txt .pif Infected: Net-Worm.Win32.Mytob.bi skipped
C:\My Documents\Dell XPS Daily Backup\oct 27 2004 -.pstold/Personal Folders/Spam/21 Jun 2005 18:23 from admin@danners.org:Warning Message: Your s/important-details.zip Infected: Net-Worm.Win32.Mytob.bi skipped
C:\My Documents\Dell XPS Daily Backup\oct 27 2004 -.pstold/Personal Folders/Spam/22 Jun 2005 16:29 from admin@danners.org:YOUR NEW ACCOUNT PASSWO/email-password.zip/email-password.txt .scr Infected: Net-Worm.Win32.Mytob.bi skipped
C:\My Documents\Dell XPS Daily Backup\oct 27 2004 -.pstold/Personal Folders/Spam/22 Jun 2005 16:29 from admin@danners.org:YOUR NEW ACCOUNT PASSWO/email-password.zip Infected: Net-Worm.Win32.Mytob.bi skipped
C:\My Documents\Dell XPS Daily Backup\oct 27 2004 -.pstold/Personal Folders/Spam/22 Jun 2005 22:49 from PayPal:New Security Requirements.html Infected: Trojan-Spy.HTML.Paylap.ev skipped
C:\My Documents\Dell XPS Daily Backup\oct 27 2004 -.pstold/Personal Folders/Spam/30 Jul 2005 13:44 from Paypal Security:New Security Requirements.html Infected: Trojan-Spy.HTML.Paylap.ev skipped
C:\My Documents\Dell XPS Daily Backup\oct 27 2004 -.pstold Mail MS Mail: infected - 23 skipped
C:\My Documents\oct 27 2004 -.pst/Personal Folders/Inbox/08 Sep 2006 08:24 to john@danners.org:RR_0919025-[YOUR DETAILS H/RR_0919025.zip/RR_0919025.exe Infected: Trojan-Downloader.Win32.Small.dsz skipped
C:\My Documents\oct 27 2004 -.pst/Personal Folders/Inbox/08 Sep 2006 08:24 to john@danners.org:RR_0919025-[YOUR DETAILS H/RR_0919025.zip Infected: Trojan-Downloader.Win32.Small.dsz skipped
C:\My Documents\oct 27 2004 -.pst/Personal Folders/Sent Items/21 Jun 2005 18:30 to spam@earthlink.net:FW: Warning Message: You/important-details.zip/important-details.txt .pif Infected: Net-Worm.Win32.Mytob.bi skipped
C:\My Documents\oct 27 2004 -.pst/Personal Folders/Sent Items/21 Jun 2005 18:30 to spam@earthlink.net:FW: Warning Message: You/important-details.zip Infected: Net-Worm.Win32.Mytob.bi skipped
C:\My Documents\oct 27 2004 -.pst Mail MS Mail: infected - 4 skipped
C:\My Documents\oct 27 2004 -.pstold/Personal Folders/Inbox/13 Aug 2005 09:43 from John/Work and taxes.zip/Taxes.exe Infected: Email-Worm.Win32.Bagle.cl skipped
C:\My Documents\oct 27 2004 -.pstold/Personal Folders/Inbox/13 Aug 2005 09:43 from John/Work and taxes.zip Infected: Email-Worm.Win32.Bagle.cl skipped
C:\My Documents\oct 27 2004 -.pstold/Personal Folders/Sent Items/21 Jun 2005 18:30 to spam@earthlink.net:FW: Warning Message: You/important-details.zip/important-details.txt .pif Infected: Net-Worm.Win32.Mytob.bi skipped
C:\My Documents\oct 27 2004 -.pstold/Personal Folders/Sent Items/21 Jun 2005 18:30 to spam@earthlink.net:FW: Warning Message: You/important-details.zip Infected: Net-Worm.Win32.Mytob.bi skipped
C:\My Documents\oct 27 2004 -.pstold/Personal Folders/Spam/07 Feb 2005 20:30 from Citizens Bank:Important Online Banking Al.html Infected: Trojan-Spy.HTML.Bankfraud.ca skipped
C:\My Documents\oct 27 2004 -.pstold/Personal Folders/Spam/08 Dec 2004 21:47 from Post Office/message.zip/message.htm .exe Infected: Email-Worm.Win32.Mydoom.m skipped
C:\My Documents\oct 27 2004 -.pstold/Personal Folders/Spam/08 Dec 2004 21:47 from Post Office/message.zip Infected: Email-Worm.Win32.Mydoom.m skipped
C:\My Documents\oct 27 2004 -.pstold/Personal Folders/Spam/05 Dec 2004 00:51 from SunTrust:SunTrust Bank Strongly Recommend.html Infected: Trojan-Spy.HTML.Bankfraud.u skipped
C:\My Documents\oct 27 2004 -.pstold/Personal Folders/Spam/02 Dec 2004 18:33 from Returned mail:Delivery reports about your/text.exe Infected: Email-Worm.Win32.Mydoom.m skipped
C:\My Documents\oct 27 2004 -.pstold/Personal Folders/Spam/27 Nov 2004 05:32 from admin@wamu.com:WAMU Online Banking. Accou.eml Infected: Trojan-Spy.HTML.Bankfraud.aq skipped
C:\My Documents\oct 27 2004 -.pstold/Personal Folders/Spam/11 Nov 2004 22:30 from Post Office:Delivery failed/readme.zip/readme.htm .scr Infected: Email-Worm.Win32.Mydoom.m skipped
C:\My Documents\oct 27 2004 -.pstold/Personal Folders/Spam/11 Nov 2004 22:30 from Post Office:Delivery failed/readme.zip Infected: Email-Worm.Win32.Mydoom.m skipped
C:\My Documents\oct 27 2004 -.pstold/Personal Folders/Spam/30 Oct 2004 18:55 from stenman@edelhard.de:John, You have new p.html Infected: Trojan-Spy.HTML.Pcard.c skipped
C:\My Documents\oct 27 2004 -.pstold/Personal Folders/Spam/31 May 2005 20:07 from Jvarrich/8.zip/03_05_2005.exe Infected: Email-Worm.Win32.Bagle.bo skipped
C:\My Documents\oct 27 2004 -.pstold/Personal Folders/Spam/31 May 2005 20:07 from Jvarrich/8.zip Infected: Email-Worm.Win32.Bagle.bo skipped
C:\My Documents\oct 27 2004 -.pstold/Personal Folders/Spam/09 Jun 2005 18:54 from webmaster@danners.org:*DETECTED* ONLINE U/info-text.zip/info-text.htm .pif Infected: Net-Worm.Win32.Mytob.bf skipped
C:\My Documents\oct 27 2004 -.pstold/Personal Folders/Spam/09 Jun 2005 18:54 from webmaster@danners.org:*DETECTED* ONLINE U/info-text.zip Infected: Net-Worm.Win32.Mytob.bf skipped
C:\My Documents\oct 27 2004 -.pstold/Personal Folders/Spam/21 Jun 2005 18:23 from admin@danners.org:Warning Message: Your s/important-details.zip/important-details.txt .pif Infected: Net-Worm.Win32.Mytob.bi skipped
C:\My Documents\oct 27 2004 -.pstold/Personal Folders/Spam/21 Jun 2005 18:23 from admin@danners.org:Warning Message: Your s/important-details.zip Infected: Net-Worm.Win32.Mytob.bi skipped
C:\My Documents\oct 27 2004 -.pstold/Personal Folders/Spam/22 Jun 2005 16:29 from admin@danners.org:YOUR NEW ACCOUNT PASSWO/email-password.zip/email-password.txt .scr Infected: Net-Worm.Win32.Mytob.bi skipped
C:\My Documents\oct 27 2004 -.pstold/Personal Folders/Spam/22 Jun 2005 16:29 from admin@danners.org:YOUR NEW ACCOUNT PASSWO/email-password.zip Infected: Net-Worm.Win32.Mytob.bi skipped
C:\My Documents\oct 27 2004 -.pstold/Personal Folders/Spam/22 Jun 2005 22:49 from PayPal:New Security Requirements.html Infected: Trojan-Spy.HTML.Paylap.ev skipped
C:\My Documents\oct 27 2004 -.pstold/Personal Folders/Spam/30 Jul 2005 13:44 from Paypal Security:New Security Requirements.html Infected: Trojan-Spy.HTML.Paylap.ev skipped
C:\My Documents\oct 27 2004 -.pstold Mail MS Mail: infected - 23 skipped
C:\Program Files\SmitFraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1142\A0085343.dll Object is locked skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1142\A0085649.exe/data.rar/AutoEquip/xml.exe Infected: Trojan-PSW.Win32.OnLineGames.cms skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1142\A0085649.exe/data.rar Infected: Trojan-PSW.Win32.OnLineGames.cms skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1142\A0085649.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1144\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{755DD7E7-9E4C-4844-B217-525F68481B6D}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{66AAACB2-8107-439B-9A4C-416C6CC02548}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\ACEEvent.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Media Ce.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\{00000004-00000000-00000001-00001102-00000004-20061102}.CDF Object is locked skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\System Volume Information\_restore{3DBD88D2-9FFC-498B-A689-A4771362F918}\RP1144\change.log Object is locked skipped

Scan process completed.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:50:46 PM, on 10/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\Retrospect\Retrospect 7.5\retrorun.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\WINDOWS\system32\HPZinw12.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

O1 - Hosts: HP56A6C2 HP00187156A6C2
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1A1DAC8C-074D-440F-8707-7009A672D7D1} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [StatusClient] "C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe" /auto
O4 - HKLM\..\Run: [TomcatStartup] "C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [PlaxoUpdate] "C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe" -a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3559359093
O16 - DPF: {C2ED62BE-4FF5-4FAF-9274-3BA328DCA35C} (TimeTrackingV2.UserControl1) - https://timetracking.quickbooks.com/ocx ... kingV2.ocx
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.5\retrorun.exe
O23 - Service: Retrospect Helper - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.5\rthlpsvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe (file missing)
O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: RoxMediaDB9 - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (file missing)
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 13189 bytes
jadanner
Active Member
 
Posts: 2
Joined: October 1st, 2007, 12:41 am

Unread postby askey127 » October 2nd, 2007, 7:35 am

jadanner,
You have a large number of infected e-mail files stored on your computer.
Virtually all are a result of inadequate or no AntiVirus coverage, and many seem to be in folders with 2004-2005 date labels.
There are also infected e-mails from adminATdanners.org from what appears to be the June 2005 time frame.
If you can empty any of these folders listed below by deleting all the contents, or if you can delete any of the files shown, I would suggest you do so. Then Run CCleaner again to empty the Recycle bin. Please be very careful not to OPEN the listed files.

We will attempt to clean the rest.
-----------------------------------------------------------------------------------------------------------------------------------
Folders with infected e-mail files, and infected files:
C:\My Documents\oct 27 2004 -.pst Mail MS Mail: infected - 4 skipped
C:\My Documents\oct 27 2004 -.pstold/Personal Folders/Spam/
C:\My Documents\oct 27 2004 -.pst/Personal Folders/Sent Items/
C:\My Documents\oct 27 2004 -.pst/Personal Folders/
C:\My Documents\Dell XPS Daily Backup\oct 27 2004 -.pstold Mail MS Mail: infected - 23 skipped
C:\My Documents\Dell XPS Daily Backup\oct 27 2004 -.pstold/Personal Folders/Spam/
C:\My Documents\Dell XPS Daily Backup\oct 27 2004 -.pstold/Personal Folders/Inbox/
C:\My Documents\Dell XPS Daily Backup\oct 27 2004 -.pstold/Personal Folders/Sent Items/
C:\My Documents\Backup 8-6-7\oct 27 2004 -.pst Mail MS Mail: infected - 2 skipped
C:\My Documents\Backup 8-6-7\oct 27 2004 -.pst/Personal Folders/Inbox/
C:\Documents and Settings\John Danner\My Documents\My eBooks\oct 27 2004 -.pst Mail MS Mail: infected - 23 skipped
C:\My Documents\Backup 8-6-7\oct 27 2004 -.pst/Personal Folders/Inbox/
C:\Documents and Settings\John Danner\My Documents\My eBooks\oct 27 2004 -.pst/Personal Folders/Spam/
C:\Documents and Settings\John Danner\My Documents\My eBooks\oct 27 2004 -.pst/Personal Folders/Sent Items/
C:\Documents and Settings\John Danner\My Documents\My eBooks\oct 27 2004 -.pst/Personal Folders/Inbox/
-----------------------------------------------------------
Disable Spyware Doctor's real-time protection
Open Spyware Doctor and click on the Onguard button to the left.
Remove the check from the Activate OnGuard option in the next window to disable all protections.
-----------------------------------------------------------
Disable SpySweeper
If you have Spy Sweeper version 4:
- Open it, Click Options over on the left, then Program options
- Uncheck load at windows startup.
- Over to the left, Click shields and Uncheck all there.
- Uncheck home page shield.
- Uncheck automatically restore default without notification.
- Reboot your computer, and verify SpySweeper is disabled.

If you have SpySweeper version 5:
* Open SpySweeper, click Shield Settings on the right
(or Shields on the left, depending what screen you're on).
* Click Internet Explorer and uncheck all items.
* Click Windows System and uncheck all items.
* Click Hosts File and uncheck all items.
* Click Startup Programs and uncheck all items.
* Close SpySweeper.
Reboot your computer, and verify Spy Sweeper is disabled.
-----------------------------------------------------------
Download and Run AVG Anti-Spyware:

Download the trial version of AVG Anti-Spyware from here and install it. When the program has been installed, and you click the Finish button, AVG Anti-Spyware will open. Do not run a scan yet.

If the program does not automatically update itself during installation, or you are unsure whether it has done so, please do the following:
  • Click the Update icon at the top and under Manual Update click the Start update button.
  • The program will either update or inform you that no update was available.
  • It is essential that you get the update - keep trying until successful. (Note: If you have problems getting the update, you can download an installer for the full database from here (save it on your desktop). Once you have downloaded the installer, make sure that AVG Anti-Spyware is closed and then double-click on avgas-signatures-full-current.exe to install the database).
Please set up the program as follows:
  • Click the Shield icon at the top and under Resident shield is... click active. This should now change to inactive.
  • Click the Update icon and untick the automatic update option.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act? - make sure that Quarantine is selected.
    • Under How to scan? - All checkboxes should be ticked.
    • Under Possibly unwanted software - All checkboxes should be ticked.
    • Under Reports - Select Do not automatically generate reports. <== This is important
    • Under What to scan? - Select Scan every file.
Close all open windows.
  • Click on Scanner on the program's toolbar.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan your computer.
  • When the scan has finished, follow the instructions below:
    • Make sure that Set all elements to: shows Quarantine
    • Important: Click on the Apply all Actions button (*** This must done before saving the report ***)
    • When the program has finished, it will display the message All actions have been applied.
    • Then click the Save Scan Report button.
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Tray Icon and select Exit.
-----------------------------------------------------------
Post a New HJT Log
Reboot your computer. Start HijackThis. Click Do System Scan and Save a Log File.
When the Scan is complete, select the whole log (Ctrl-A), copy and paste the log contents in a reply.

Please post the contents of the AVG Anti-Spyware report, along with the new HiJackThis log.
Tell me how things go.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Unread postby askey127 » October 17th, 2007, 9:43 am

This topic is now closed due to inactivity. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

If it has been 10 days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, this topic will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 309 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware