Tech Support Forum banner
Status
Not open for further replies.

freeze; slow; corrupted files; Doubleclick; high CPU

2K views 19 replies 2 participants last post by  Ried 
#1 ·
I am using a Toshiba Satellite M55-S325 laptop, with and Intel Pentium Processor740 (1.73 Ghtz), 512 MB DDR SDRAM, 100GB (5400 RPM) HDD, DVD SuperMulti Layer drive, 802.11b/g wireless, ilink 1394. I have 73GB free on the hard drive. Task Manager shows 75 processes running. (!)

My CPU spikes and stays at 100%, Word and InterVideo WIN DVD freeze, Firefox and IE fail to load Google, time out, display page not found, and sometimes just vanish. All was fine until mid-June of this year. Also, starting then, the keyboard space bar did not work unless firmly pushed in only one spot, now it is the letter b key. Just so you know.

Fix-It utilities found these entries a few weeks ago, and could not fix.
TROJ_LOWZONE.GEN as a zip\web.exe file
JAVA_BYTEVER.K counter class -- 2 0f them
JAVA_BYTEVER.A-1 gummy class -- 2 of them
JAVA_BYTEVER.K verifer Bug -- 2 of them
JAVA_BYTEVER.A worker class -- 2 0r them
JAVA_BYTEVER.K Xeyond class -- 2 of them

Went to v-com Trend website, and followed directions regarding what to download. Their on-line sweep said I was clean. After that, Fix-it says that it cannot update virus protection because it cannot find the directory

I run Adaware SE 1.6, SpyBot with Teatimer, and SpySweeper daily. SpyBot found, and said it fixed the following: (However, every time I run spybot it finds and says it fixes these)

Windows Security Center Firewall Disable Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityCenter\FirewallDisableNotify!=dword:0

Windows Security Center AntiVirus Disable Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityCenter\AntiVirusDisableNotify!=dword:0

I deleted the Java cache, and re-installed latest version.

I have run cw sweeper, ccleaner, MS Malicious Software Removal Tool, Windows Defender, ShowNew, GetRunKey and Bitdefender in safe mode, with all file extensions shown, and hidden files shown.

Also, in normal boot mode, I ran Ewido, and Norton on-line virus check. Norton and Defender say I have no anti-virus software. I ran Panda in normal boot mode. It found one spyware entry, Doubleclick, but did not remove it.

Corrupted files include SpyBot uninstall, Fix-it anti-virus, and a dozen Word docs.

I intend to install Norton Internet Security (already purchased and rebated – did not know about free stuff) but await your instructions. Have followed all Microbelle instructions

Below is the HJT log. Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 2:36:37 AM, on 8/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\RAMASST.exe
C:\PROGRA~1\METAMA~1\METAMA~1\METAMA~1.EXE
C:\PROGRA~1\METAMA~1\METAMA~1\METAMA~2.EXE
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\analyse.exe\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Metamail IEPlugin - {C09C9904-FD44-11D6-A711-00105AC8F168} - C:\PROGRA~1\METAMA~1\METAMA~1\IEPlugIn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SmoothView] "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe"
O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
O4 - HKLM\..\Run: [Tvs] "C:\Program Files\Toshiba\Tvs\TvsTray.exe"
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPNF] "C:\Program Files\TOSHIBA\TouchPad\TPTray.exe"
O4 - HKLM\..\Run: [TOSHIBA Accessibility] "C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe"
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [SVPWUTIL] "C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" SVPwUTIL
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [RCScheduleCheck] "C:\Program Files\VCOM\Recovery Commander\RCSCHED.EXE" -CHECK
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pinger] "c:\toshiba\ivp\ism\pinger.exe" /run
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe"
O4 - HKLM\..\Run: [Notebook Maximizer] "C:\Program Files\Notebook Maximizer\maximizer_startup.exe"
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" hwSetUP
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\Fix-It\MemCheck.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [CeEKEY] "C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe"
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] "C:\Program Files\ltmoh\Ltmoh.exe"
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\Owner\LOCALS~1\Temp\20051221174657_mcinfo.exe /insfin
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Documents and Settings\Owner\Application Data\Intuit\Quicken\Config\bagent.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Fix-It Task Manager - Avanquest Publishing USA, Inc. - C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
 
See less See more
#2 ·
Hello tkjdnow and welcome,

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out these instructions.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

***************************************************

Please disable the following program(s) as they may interfere with the fixes below. You may re-enable them when we are through:

Windows Defender:
  • Open Windows Defender.
  • Click on Tools, Options.
  • Scroll down and uncheck Turn on real-time protection (recommended).
  • After you uncheck this, click on the Save button and close Windows Defender.

SpySweeper:
  • Open Spysweeper and click on Options > Program Options and uncheck "load at windows startup".
To disable SpySweeper Shields
  • Click Shields on the left.
  • Click Internet Explorer and uncheck all items.
  • Click Windows System and uncheck all items.
  • Click Startup Programs and uncheck all items.
  • Click Browser Add-Ons and uncheck all items.
  • Exit Spysweeper.

***************************************************

Download ResetTeaTimer.bat.

Double click ResetTeaTimer.bat to remove all entries set by TeaTimer.

-----------------------------

Right click on this link DelO15Domains.inf and choose Save As. Save it to your desktop. Right click on that file and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards. NOTE: This script will delete any sites you may have added to the Trusted Sites. So if you want them back, you have to add them back to the Trusted Sites again.

-----------------------------------

You mentioned you ran Ewido, but I do not see it installed on your system.

Download ewido anti-spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  1. Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  2. Once the setup is complete you will need run ewido and update the definition files.
  3. On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  4. Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  6. Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.

-----------------------------------

Please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login on your usual account. Make sure to close any open browsers.

-----------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Check the following entry:

O4 - HKLM\..\Run: [msci] C:\DOCUME~1\Owner\LOCALS~1\Temp\20051221174657_mci nfo.exe /insfin

Click 'Fix Checked' and close HijackThis.

-----------------------------------

As you already have Ccleaner installed:

Run Ccleaner and ensure the following are 'checked':
  • *Temporary Internet Files
    [*]*Empty Recycle Bin
    [*]*Temporary Files
    [*]*Old Prefetch Data
Click 'Analyze'
Click 'Run cleaner'

(Do not reboot yet.)

-----------------------------------

IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
  • Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions" **Please ensure it is set to Quarantine
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close ewido and reboot your system back into Normal Mode and post the results of the ewido report scan.
**Ewido is compatible with most AV and anti-spyware products, and the free version will continue to be useful as a second anti-malware scanner.

-----------------------------------

Reboot into Normal Mode.

-----------------------------------

Perform an online scan using Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner
  1. Click Check Now & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
  2. Enter your e-mail address, country, and state & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting My Computer
  • If it finds any malware, it will offer you a report.
    [*] Please ignore any entry it finds and wants you to buy the program for removal as we will address this later.
  • Click on see report. Then click Save report

Please include the following in your next reply:

Ewido results
Panda results
New HijackThis log
 
#3 · (Edited)
I performed the first two actions, regarding Windows Defender and Spy Sweeper. Spy Sweeper seemed disturbed that I would disable the shields, especially the Startup Programs file. There was no Browser add-on tab or option, so I could not uncheck that.

When I click the link to TeaTimer.bat, this immediately appears on thescreen, and there is nowhere for me to doule click.

@echo off

VER|find "Windows 2000">NUL
IF NOT ERRORLEVEL 1 GOTO NT

VER|find "Windows XP">NUL
IF NOT ERRORLEVEL 1 GOTO NT

VER|find "Windows 95">NUL
IF NOT ERRORLEVEL 1 GOTO win

VER|find "Windows 98">NUL
IF NOT ERRORLEVEL 1 GOTO win

VER|find "Windows Millennium">NUL
IF NOT ERRORLEVEL 1 GOTO winme

VER|find "Windows 2003">NUL
IF NOT ERRORLEVEL 1 GOTO NT

echo Unsupported Version
goto last

:NT
del /q %SYSTEMDRIVE%\docume~1\alluse~1\applic~1\spybot~1\Snapshots\*.*
del /q %SYSTEMDRIVE%\docume~1\alluse~1\applic~1\spybot~1\excludes\RegKeyWhite.sbe
del /q %SYSTEMDRIVE%\docume~1\alluse~1\applic~1\spybot~1\excludes\RegKeyblack.sbe
del /q %SYSTEMDRIVE%\docume~1\alluse~1\applic~1\spybot~1\excludes\ProcWhite.sbe
del /q %SYSTEMDRIVE%\docume~1\alluse~1\applic~1\spybot~1\excludes\ProcBlack.sbe
del /q %SYSTEMDRIVE%\docume~1\alluse~1\applic~1\spybot~1\logs\resident.log
del /q %SYSTEMDRIVE%\docume~1\alluse~1\applic~1\spybot~1\excludes\UpdateDL.sbe

exit
:win

deltree /y %WINDIR%\applic~1\spybot~1\snapshots\*.*
del %WINDIR%\applic~1\spybot~1\logs\resident.log
del %WINDIR%\applic~1\spybot~1\excludes\ProcBlack.sbe
del %WINDIR%\applic~1\spybot~1\excludes\ProcWhite.sbe
del %WINDIR%\applic~1\spybot~1\excludes\RegKeyWhite.sbe
del %WINDIR%\applic~1\spybot~1\excludes\RegKeyBlack.sbe
del %WINDIR%\applic~1\spybot~1\excludes\UpdateDL.sbe
exit

:winme
del /y %WINDIR%\alluse~1\applic~1\spybot~1\snapshots\*.*
del %WINDIR%\alluse~1\applic~1\spybot~1\excludes\UpdateDL.sbe
del %WINDIR%\alluse~1\applic~1\spybot~1\excludes\RegKeyWhite.sbe
del %WINDIR%\alluse~1\applic~1\spybot~1\excludes\RegKeyblack.sbe
del %WINDIR%\alluse~1\applic~1\spybot~1\excludes\ProcWhite.sbe
del %WINDIR%\alluse~1\applic~1\spybot~1\excludes\ProcBlack.sbe
del %WINDIR%\alluse~1\applic~1\spybot~1\logs\resident.log
exit

:last
echo Press any key to terminate,..
pause
exit



You did not see ewido in the HJT log because I downloaded the 30 day trial AFTER I ran the log when I had not heard from anybody. Sorry. I did the update and made those changes.


HOWEVER....When I attempt to boot in safe mode, the first two screens are fine. I get the option to open in safe mode, safe mode with networking, etc. The second screen asks if I want to use Windows XP, I hit enter, and the screen with a bunch lines comes up and freezes. No keyboard or mouse click will change the screen. After 15 minutes or so, I pushed the off button, turned it on again, ane it told me that Windows was not shutdown normally, did I want to start in...I chose safe mode and the same process occurred. Turned off manually angain and this time I chose last working configuration, opened browser and here I am.


Did NOT remove the 04 entry in HJT because I could not open in safe mode.

Awaiting reply, thanks.
 
#4 ·
Hi,

Apparently you used Firefox. In Firefox, right click the link and choose 'Save link As' and download it to your desktop.

Now double click the ResetTeaTimer.bat. A black box will open and close very quickly--this is normal.

As you are having difficulty entering Safe Mode, perform the entire fix from Normal Mode.
 
#5 ·
Ok After leaving computer off for several hours, I redid the whole process and altered Defender and SpySweeper, double clicked TeaTimer, ran DIO.., WAS ale to enter safe mode, Did Hijack This, ran Ccleaner, Ewido, rebooted, and went to Panda Active Scan in IExplorer.

The scan ran for 22 hours and I finally gave up. Re started computer, redid all of the above and went back to Panda. It scans about 35 thousand files a minute til it gets to Webroot, at about 170000 files scanned, then it hangs and scans 12 files per minute.

I had run it last week and the same thing happened, but it did make it through the scan in 4 hours or so. (Did not time the file scanning last week. It went fast, hung at Webroot, then went fast again.) I AM POSTING THE REPORT FROM THAT SCAN, SINCE I STOPPED BOTH OF THE RECENT SCANS.

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:47:55 AM 8/26/2006

+ Scan result:



Nothing found.


::Report end

Logfile of HijackThis v1.99.1
Scan saved at 6:53:32 AM, on 8/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\analyse.exe\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Metamail IEPlugin - {C09C9904-FD44-11D6-A711-00105AC8F168} - C:\PROGRA~1\METAMA~1\METAMA~1\IEPlugIn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SmoothView] "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe"
O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
O4 - HKLM\..\Run: [Tvs] "C:\Program Files\Toshiba\Tvs\TvsTray.exe"
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPNF] "C:\Program Files\TOSHIBA\TouchPad\TPTray.exe"
O4 - HKLM\..\Run: [TOSHIBA Accessibility] "C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe"
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [SVPWUTIL] "C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" SVPwUTIL
O4 - HKLM\..\Run: [RCScheduleCheck] "C:\Program Files\VCOM\Recovery Commander\RCSCHED.EXE" -CHECK
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pinger] "c:\toshiba\ivp\ism\pinger.exe" /run
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe"
O4 - HKLM\..\Run: [Notebook Maximizer] "C:\Program Files\Notebook Maximizer\maximizer_startup.exe"
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" hwSetUP
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\Fix-It\MemCheck.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [CeEKEY] "C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe"
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] "C:\Program Files\ltmoh\Ltmoh.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Documents and Settings\Owner\Application Data\Intuit\Quicken\Config\bagent.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Fix-It Task Manager - Avanquest Publishing USA, Inc. - C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

This is Panda from Aug 22

Incident Status Location

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt



Thanks.
 
#6 ·
Hi tkjdnow,

That was an outrageous amount of time for a Panda scan. :sayno:

I realize online scans can be inconvenient and time consuming, but I'd like to use another online scanner and see if it reveals anything further:

Perform an online scan using Internet Explorer with Kaspersky WebScanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
*Once the files have been downloaded click on NEXT
Now click on Scan Settings
*In the scan settings make that the following are selected:
*Scan using the following Anti-Virus database:
*Extended
*Scan Options:
*Scan Archives
*Scan Mail Bases
*Click OK
Now under select a target to scan:
*Select My Computer
This will program will start and scan your system.
*The scan will take a while so be patient and let it run.
*Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button:
*Save the file to your desktop.
Copy and paste that information in your next post along with a new HijackThis log.

How is your system behaving now?
 
#7 · (Edited)
Kaspersky and new HJT logs below.

I have not really used my computer since we started corresponding. I don't want to spend too much time on line with all the shields down and apparently vcom anti virus corrupted, so I just check for a reply from you and the shut down.

I did burn a 40 minute dvd of my video files with inter video win DVD, and that worked ok.

The keyboard space bar stopped working at all in my previous post, but now it is back, and the key is in and out. I will takt it to BestBuy (no other Toshiba repair place available) when you give me the OK.

Wierdly, I now have 76.8 gig free on the C drive, up fro 72 when I started.


I would like to get rid of as much of the new stuff as I can, and omit the unecessary running processes.
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, August 27, 2006 8:02:46 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 27/08/2006
Kaspersky Anti-Virus database records: 218676
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 121710
Number of viruses found: 0
Number of infected objects: 0 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:37:27

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\WDLog-08212006-173042.log Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS034E2A33-8A7C-4BE5-9CAF-D35AC69FD67E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0809162E-67F0-4F66-AFFE-4E97AFABC1DD.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0E889CC9-E8C3-4886-B93E-E9C22BBBF357.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS114417D9-07D4-4280-B8E5-D591AC42A941.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS17DA307D-293F-4EDA-B414-1FBEFE3C3CC5.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS18B534DC-CB96-4F58-997C-2197BF3C9CB0.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1CC3FD5C-1AD4-49CE-8264-E9D56BC2CB97.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1CD38C18-B510-4609-9022-D2B91711D82D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1F83C234-CE0E-4142-9B5D-C11880322887.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1FFA63FF-1C9E-490C-A60E-0A4F843971B0.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS203FFC02-6FE1-4874-A417-ED19F68A80A0.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS241EE410-B0E7-45C9-BEBF-F970E2374C25.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS248D7195-4B7F-4FB6-A140-35705DE2B360.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS25266743-7404-4D24-B2FD-58BAE57111B1.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS296B664D-BB51-4616-9441-2B27420EC94E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2A04AC91-89A7-4EC6-8793-6D884C662C55.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2D269E00-F234-4DAD-BAAF-2766B9D1045A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3020246A-ACC0-441D-94D9-247178458E68.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS312B4C87-CFEB-481B-BFE5-291CD27783FA.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS31546875-710C-40C1-ACDF-F836CC2571C2.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS346B6024-F5BB-4DA1-AC05-DD4C28808BA2.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS368112FE-7E78-4776-B2C8-6C93C5834E04.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3BD634A4-9FA2-4EA0-A5ED-265B2DBD368A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS41F6F74D-CA1C-4B91-9E97-04F1BCB9E4A9.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS42D6F278-BA9C-45A1-B0D4-B793014A77A2.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS433D0F0F-B126-4A52-B812-B608AEDD683A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS437BCB61-6A00-4342-AF93-E8FA931F3C9F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4471D7B3-EAFD-4C8D-A28D-044BEEE5562B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS44CBB3A9-6E38-4418-830B-02FFCB6D15F5.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4D87C792-7215-48CE-8681-A0F99AEC8CE4.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4F15F511-5978-4EE3-946C-45729484E34E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS505ABA5E-B712-4002-A690-132F17632D4C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS516B1DC1-D547-4F69-9E14-BD59010925C9.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS54685429-AFDB-4B43-8856-2CCDF75A2D22.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5481EFAA-B688-4E39-8371-26E4834DAAEA.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS57A02B6A-DBCF-43B5-8E17-E2D24E9C7B21.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5CF64DAE-A552-4751-8550-00A7A79969B2.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS5EDCF272-1CD1-4772-B024-CAFFA7609446.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS632C7C76-6B96-43F5-8B25-A4E954CBAAC6.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS64EC1180-A982-4C08-AB8D-AEB4523DE771.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6546CBEB-45B9-4ED9-BE71-FC9B28D755E6.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS66700D3E-EF19-48C6-B0E6-E91BF905D08E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6D754032-B9AD-441D-BCED-0BFEE38E0F7A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS72D7852C-E0ED-455D-B188-E81CA9957B91.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS73740E3B-FBA9-4AAB-89A1-067D0752A56E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7389953A-4905-45BA-9F5F-4B1D16287FB9.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS73CF2543-ABB5-4969-8E56-2AFB2B667240.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS754AEB01-E58A-498D-89A6-DE33248DED16.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7575188A-B987-475E-A594-4369D8FE3849.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS778524E9-197E-4726-8A06-4BF66145DC22.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7ADB9ACA-DF2F-4507-9E80-58D974C759AF.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7B9DA21B-7CDB-42BD-A3C1-4F75D5538149.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7DC06009-8567-4D79-A7A4-5A98FF79A474.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7EC0725E-BC5A-4292-B64C-6D2C97891D85.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7F78F3C9-BE0B-4363-9442-05CA76315593.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS857AD69A-DC97-4793-A678-ECF010446A6C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS868C4A30-CECC-4697-B0C5-722AF739DF76.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS86B1365E-41F9-4A96-A317-0326FAB8B6F6.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8AA1367F-E64D-48EF-8A3F-124F14796A47.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8AB8A6E4-857D-4D1C-B914-79C5B90C3AC5.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS8B2D3996-4CF7-43EC-B181-9AF532EB90FE.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS903117AB-150B-42A4-8375-B64BEA608FBE.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS92C8CD3E-0837-44CB-BC47-71EFC82CBDA7.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS94D7A2B2-8787-4405-B0F6-7D65728C13B4.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS94FC2F92-BC97-4FF5-853D-7DD817EDFD04.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS95F75CFF-919C-47A3-8E84-AC94B088F13B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS977D41CD-D400-47D1-A102-F3D326917EEE.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA44C24AF-DEE7-4CED-AC6E-215574ABEE2A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA9D3AA46-EC4C-4178-B863-7F89BF16D025.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA9F09A5E-2FBD-4C59-B406-97C49418F13E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAA3A93F1-B307-4085-9A7A-82C95B44CAFB.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAA55FAE5-ECC2-4EE7-8F4E-0DC65396FE94.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSAC995E8C-D618-44EF-977B-7B5974024C53.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB0D398C4-98DF-4C14-80BA-291136C8F736.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB47EEE63-71C7-4634-AC37-4154E6E423D2.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB485130E-0704-4AA0-A4E9-D78F93B5F542.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB841DAD7-07FA-4FBA-8FC5-DC583B7003B2.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBA1B6B6B-63D7-43E9-9C0E-3313B14A1C99.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBABD63CF-5923-4BA8-91CD-C4E631F592B7.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBB8CFC1A-A6AB-4819-A37C-4D86CB375A9F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBC9D5AE6-A6CE-43E2-A1B3-5B2CFBDE43B5.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBCD4D08A-86FA-4A20-AEB4-1AD668C73BFF.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBCD7E6AA-ADA8-4A0E-BD69-05EAA938275A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBF4242F4-73C8-4EB8-9258-8CCBC2A60AC2.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC105465E-92F2-42CB-AD1B-C8D1518E35BE.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC34B74A6-9F2F-4600-B04F-A7EFB37D59DE.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCDD442DA-DDA8-4D0F-928F-960AEEE4B8A9.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD0C44875-2806-463A-8C4D-E8E3F14F37E2.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD38B949A-B0CE-460D-9CE4-AFA1B9237A1F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD6FF7FAB-AA5C-4486-A971-BDEFF1A74CF3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDACCF5BA-91F1-4000-A9B4-B6AA8B312330.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDC66075D-91D8-4B42-BB47-44B48B39658F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDDAB1C4B-0705-41BF-8D61-25F1C6BA673A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDF380037-61C5-439C-B783-329280C2288F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE010E381-3B2E-408B-8B44-9B0ECDB114D4.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE27101F2-1F69-40EA-B602-2A5FD03CA47A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE4235CB5-8253-48F8-BBFB-206DD4F5284C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE8043D7A-FE5C-476C-BC76-4047E849A7EB.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEDA524D8-5355-4176-B25E-ADF6FE3741AF.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEF0817BB-EF0C-4E1B-AAEC-CE72B295584C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF019A7CA-2BED-4A57-AC16-DE6A7D38C2E1.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF10D7749-4C53-42A2-B6F1-BFCF14A4C507.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF180EAE5-F62A-4894-8DDD-05938E3DB19C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF2F29484-322E-4A3A-929D-36D0238BFB5F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF53E3F7E-4D71-4550-9F3C-A52FFFB828A0.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF9D96543-9FA0-4407-B3A1-2B891A884429.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFA5527B8-DC27-426E-B56E-9BCCD3746740.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFE03F559-E636-4D6D-A430-8B9801B39CD8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFF292D78-6795-4539-937A-AA8D1C52AAD3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Webroot\Spy Sweeper\Logs\060826010015.ses Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\me_gLslrYYExr Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\me_KVmpN5PrSBCcIkb Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\me_LloBhxjYnzMNKZx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\me_Pelu8goJLigWYri Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\Program Files\Kodak\Kodak EasyShare software\Catalog\EasyShare.me Object is locked skipped
C:\Program Files\Kodak\Kodak EasyShare software\Catalog\EasyShare.mm Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWKDLogs\BWTargetInf.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\cache.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\inuse.txt Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\L0000011.FCS Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\main.log Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.dat Object is locked skipped
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.idx Object is locked skipped
C:\Program Files\Metamail Inc\Metamail.txt Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{1D1D6F93-1B0C-4060-8D79-09274A81BD2A}\RP28\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


Logfile of HijackThis v1.99.1
Scan saved at 8:09:24 AM, on 8/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\analyse.exe\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Metamail IEPlugin - {C09C9904-FD44-11D6-A711-00105AC8F168} - C:\PROGRA~1\METAMA~1\METAMA~1\IEPlugIn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SmoothView] "C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe"
O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
O4 - HKLM\..\Run: [Tvs] "C:\Program Files\Toshiba\Tvs\TvsTray.exe"
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPNF] "C:\Program Files\TOSHIBA\TouchPad\TPTray.exe"
O4 - HKLM\..\Run: [TOSHIBA Accessibility] "C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe"
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [SVPWUTIL] "C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" SVPwUTIL
O4 - HKLM\..\Run: [RCScheduleCheck] "C:\Program Files\VCOM\Recovery Commander\RCSCHED.EXE" -CHECK
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pinger] "c:\toshiba\ivp\ism\pinger.exe" /run
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe"
O4 - HKLM\..\Run: [Notebook Maximizer] "C:\Program Files\Notebook Maximizer\maximizer_startup.exe"
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HWSetup] "C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" hwSetUP
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\Fix-It\MemCheck.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [CeEKEY] "C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe"
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] "C:\Program Files\ltmoh\Ltmoh.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Documents and Settings\Owner\Application Data\Intuit\Quicken\Config\bagent.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Fix-It Task Manager - Avanquest Publishing USA, Inc. - C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Thanks.
 
#8 ·
#9 ·
Owner - 06-08-27 13:03:54.48
ComboFix 06.08.26BT - Running from: C:\Program Files\Mozilla Firefox

((((((((((((((((((((((((((((((( Files Created from 2006-07-27 to 2006-08-27 ))))))))))))))))))))))))))))))))))


2006-08-21 22:37 11,254 --a------ C:\WINDOWS\system32\locate.com


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-27 13:02 -------- d-------- C:\Program Files\Mozilla Firefox
2006-08-27 08:08 -------- d-------- C:\Program Files\analyse.exe
2006-08-26 08:09 -------- d-------- C:\Program Files\QuickTime
2006-08-26 08:07 -------- d-------- C:\Program Files\ltmoh
2006-08-26 08:06 -------- d-------- C:\Program Files\iTunes
2006-08-26 08:05 -------- d-------- C:\Program Files\Internet Explorer
2006-08-26 08:04 -------- d-------- C:\Program Files\Google
2006-08-26 08:04 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-08-26 08:02 -------- d-------- C:\Program Files\Apoint2K
2006-08-26 07:58 -------- d-------- C:\Program Files\Windows Defender
2006-08-22 02:27 -------- d-------- C:\Program Files\Security Downloads
2006-08-21 18:10 -------- d-------- C:\Program Files\Java
2006-08-21 13:04 -------- d-------- C:\Program Files\Security DShowNew
2006-08-20 07:48 -------- d-------- C:\Program Files\New Folder
2006-08-08 10:11 35904 --a------ C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2006-08-07 17:15 -------- d--h----- C:\Program Files\Zero G Registry
2006-08-07 17:15 -------- d-------- C:\Program Files\Britannica Profiles
2006-08-03 19:33 15360 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2006-08-03 19:33 14848 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2006-08-03 19:33 13824 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2006-08-03 19:33 117248 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2006-07-31 18:57 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-07-31 18:53 -------- d-------- C:\Program Files\iPod
2006-07-29 23:13 -------- d-------- C:\Documents and Settings\Owner\Application Data\toshiba
2006-07-27 08:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-25 17:21 -------- d-------- C:\Program Files\K-Lite Codec Pack
2006-07-21 03:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-16 14:00 -------- d-------- C:\Program Files\Lavasoft
2006-07-16 14:00 -------- d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft
2006-07-16 11:55 28672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2006-07-16 11:55 -------- d-------- C:\Documents and Settings\Owner\Application Data\WholeSecurity


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmoothView"="\"C:\\Program Files\\TOSHIBA\\TOSHIBA Zooming Utility\\SmoothView.exe\""
"ZoomingHook"="ZoomingHook.exe"
"Tvs"="\"C:\\Program Files\\Toshiba\\Tvs\\TvsTray.exe\""
"TPSMain"="TPSMain.exe"
"TPNF"="\"C:\\Program Files\\TOSHIBA\\TouchPad\\TPTray.exe\""
"TOSHIBA Accessibility"="\"C:\\Program Files\\TOSHIBA\\Accessibility\\FnKeyHook.exe\""
"TFncKy"="TFncKy.exe"
"TCtryIOHook"="TCtrlIOHook.exe"
"SVPWUTIL"="\"C:\\Program Files\\Toshiba\\Windows Utilities\\SVPWUTIL.exe\" SVPwUTIL"
"RCScheduleCheck"="\"C:\\Program Files\\VCOM\\Recovery Commander\\RCSCHED.EXE\" -CHECK"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Pinger"="\"c:\\toshiba\\ivp\\ism\\pinger.exe\" /run"
"PadTouch"="\"C:\\Program Files\\TOSHIBA\\Touch and Launch\\PadExe.exe\""
"Notebook Maximizer"="\"C:\\Program Files\\Notebook Maximizer\\maximizer_startup.exe\""
"NDSTray.exe"="NDSTray.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"IntelWireless"="\"C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe\" /tf Intel PROSet/Wireless"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HWSetup"="\"C:\\Program Files\\TOSHIBA\\TOSHIBA Applet\\HWSetup.exe\" hwSetUP"
"HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe\""
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"Fix-It AV"="C:\\PROGRA~1\\VCOM\\Fix-It\\MemCheck.exe"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"CFSServ.exe"="CFSServ.exe -NoClient"
"CeEKEY"="\"C:\\Program Files\\TOSHIBA\\E-KEY\\CeEKey.exe\""
"Apoint"="\"C:\\Program Files\\Apoint2K\\Apoint.exe\""
"AGRSMMSG"="AGRSMMSG.exe"
"LtMoh"="\"C:\\Program Files\\ltmoh\\Ltmoh.exe\""
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="\"C:\\Program Files\\TOSHIBA\\TOSCDSPD\\toscdspd.exe\""
"SpybotSD TeaTimer"="\"C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,23,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{B9E618A2-A4FE-11D4-83C2-005004636C96}"="OE Shell Hook"
"{a5780613-492e-4a2a-a7fd-549610edf6cc}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Registration reminder 1.job
C:\WINDOWS\tasks\Registration reminder 2.job
C:\WINDOWS\tasks\Registration reminder 3.job
C:\WINDOWS\tasks\Scheduled Checkpoint.job
C:\WINDOWS\tasks\wrSpySweeper20060621121434.job

Completion time: Sun 08/27/2006 13:04:24.50
ComboFix.txt


I hope you realize how terrifying all this is. Thanks.
 
#10 ·
Yes, I actually do realize that. This entire process can leave one feeling quite vulnerable as well as exposed.

combofix removed an entry--do you notice any improvement since then?

Have you tried uninstalling your AV via the Add/Remove panel--then re-installing it? Bear in mind that any time changes are made to the registry, you will have to allow those changes in TeaTimer, Windows Defender and Webroot SpySweeper.
 
#11 ·
Do not know it IE runs any faster, as I said, i am trying to stay off line except for this thread since I have no anti-virus after the Fix-it files got corrupted.

I did remove Fix-it using add-remove, cannot re-install since the disc is missing. Is there somewhere else I should look for the files I want to get rid of? Search for vcom or something?

If you see nothing bad in the logs, should I go on and install Norton Internet security? Should I do something with the system restore?

And can I remove some of the things I downloaded: Ccleaner, cwshredder, combofix, the zip files for HJT, GetRun, ShowNew, lpt657.zip, TMADCE.ptn?

The above are on my desktop. I have 70 running processes.

Thank you for all of your help, you have been very patient.
 
#12 ·
Hi tkjdnow,

As long as you've had no other file corruptions since the initial ones you reported, then go ahead and install Norton. But before you do, I'd like you to do 2 things first:

1. Navigate to and delete this folder:
C:\Program Files\VCom

2. Flush your previous restore points and create a new one:
*Click Start >> Run - type SYSDM.CPL & press Enter
* Select the System Restore Tab
* Tick on the checkbox - "Turn off System Restore on all drives"
Click Apply
* Then untick the same checkbox & click OK
This will prevent any reinfection from previous restore points.

**Note** If you had any difficulties creating a new Restore Point--do not continue with the install of Norton. Please inform me of the problem first.

---------------------------------------

If all has gone well, install Norton, then continue with these instructions:

You may delete combofix and lpt657.zip.

-----------------

I would suggest keeping HJT as it is small and not in your running processes. Also, should you suspect any malware presence on your system in the future, the tool is there for you to scan with, and post your log here for review.

I would also suggest keeping CleanUp as it does a better job of clearing out the 'chaff' on your system compared to the Windows Disc Cleanup Utility--again, it is not a running process until you use it.

-----------------

If you look at the HJT log's running processes, you can see your list of running processes. You'll find information here explaining what these processes are and whether or not they need to be running at start up, or continuously running in background for proper operation of Windows.

We can disable the following items from startup which will reduce your number of running processes a bit. You will still be able to access these programs via Start>All Programs, or a desktop icon.

-----------------

Close any open browsers and run a scan with HijackThis. 'Check' the following entries:

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe


Click 'Fix checked' and close HijackThis.

-----------------------------

Should you decide you prefer any of those programs to be available to you at will, they can easily be set to run at Startup again by doing the following:

Click Start>Run and type in msconfig. Click on the Startup Tab and look for the entry in the list. Place a 'check' next to it, click Apply, Ok and reboot.

Please let me know how the system is behaving once you've installed Norton.
 
#13 ·
Tried to delete vcom from program files and got this message:

Cannot delete PDShExt.dll: Access denied. Make sure that the disc is not full or write protected and that the file is not currently in use.

I checked the task manager, and it did not show as a process or application.

Went to safe mode, and the same message resulted. The Defender and Spy Sweeper shields are still down. Went to the Power Desk folder in the VCom program files and tried to delete just that file, same message. I lost my nerve and did not try to see if I could delete any other vcom files; thought I might do something stupid. The vcom folder has a subfolder for FixIt, for Recovery Commander, and for Power Desk. Rememer taht I could not repair the vcom folder either, nor update its antivirus--windows could not find the file.

Did not attempt to flush the restore point, since step one did not work.

???
 
#14 ·
Create an Uninstall List:
Open HijackThis
*Click on the "Configure" button on the bottom right
*Click on the tab "Misc Tools"
*Click on the Box that says "Open Uninstall Manager"
*Click on the button "Save list"
The list will automatically be saved in your HijackThis folder.

Please copy and paste the uninstall_list.txt here.
 
#15 ·
Ad-Aware SE Personal
Adobe Acrobat 5.0
ALPS Touch Pad Driver
ArcSoft Software Suite
aspi
CCHelp
CCleaner (remove only)
CCScore
CD/DVD Drive Acoustic Silencer
Cypress USB Mass Storage Driver Installation
DVD-RAM Driver
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSCT
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSTUTOR
ESSvpaht
ESSvpot
ewido anti-spyware 4.0
GdiplusUpgrade
Google Toolbar for Internet Explorer
HijackThis 1.99.1
HLPCCTR
HLPIndex
HLPPDOCK
HP Image Zone 3.5
HP PSC & OfficeJet 3.5
HP Software Update
Intel(R) Graphics Media Accelerator Driver for Mobile
Intel(R) PROSet/Wireless Software
InterVideo WinDVD Creator 2
InterVideo WinDVD for TOSHIBA
iTunes
iTunes
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 8
Kaspersky Online Scanner
K-Lite Codec Pack 2.27 Full
Kodak EasyShare software
KSU
Learn2 Player (Uninstall Only)
mCore
mDrWiFi
Memories Disc Creator 2.0
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Office OneNote 2003
Microsoft Office Standard Edition 2003
Microsoft Office XP Professional
Microsoft Works
mIWA
mIWCA
mLogView
mMHouse
Mozilla Firefox (1.5.0.6)
mPfMgr
mPfWiz
mProSafe
MSN
mWlsSafe
mXML
mZConfig
Napster
Notebook Maximizer
Notifier
OTtBP
overland
Panda ActiveScan
PCDLNCH
Picasa 2
PowerDesk 5.0
Quicken 2004
Quicken 2005
QuickTime
QuickTime
RealPlayer Basic
Realtek AC'97 Audio
Recovery Commander
Roxio Burn Engine
sat_screensaver_30mb
SD Secure Module
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
SFR
SFR2
Sonic DLA
Sonic RecordNow!
Spy Sweeper
Texas Instruments PCIxx21/x515 drivers.
TOSHIBA Accessibility
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Fn-esse
TOSHIBA Hardware Setup
TOSHIBA Hotkey Utility
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
Toshiba Registration and Metamail Trust Architecture
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
Toshiba Tbiosdrv Driver
TOSHIBA Virtual Sound
TOSHIBA Zooming Utility
Touch and Launch
TouchPad On/Off Utility
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
USB Storage Adapter FX (SM1)
VCAMCEN
VPRINTOL
Windows Defender
Windows Defender Signatures
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884018
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086

vcom is not there. What is K-Lite Codec Pack 2.27 Full ?
 
#16 ·
Went to the Power Desk folder in the VCom program files and tried to delete just that file, same message.
The PDShExt.dll is part of Power Tools 5.0 which is you have installed on your system.

Which sub-folder of VCom contains the Anti Virus?

Information about K-Lite Codec Pack 2.27 Full
 
#17 ·
I have no clue where the AV is, or was.

There are three sub-folders in the VCOM folder in Program files

1. Recovery Commander
2. Power Desk
3. Fix-It

In Fix-It There are the following kinds of icons , with the stuff listed when you explore the icon:

a. Little window with blue stripe on top

TSCOOKIE
TASKHELP
rename.exe
Zip2.exe
Bspatch.exe

b. Paper with turned down corner with green and a gold gear

APResource


c. Notebook with gear

Fix-It..ini

d. Notebook

BSDlicense.txt

e. Folders

Debug --- one notebook log inside, no data

f. Images

rcboot.exe
rcimage.iso
VCOM Rescue Disk.iso

g. RegClean

BOE17E.rge
RGU file
41 KB Windows could not open

h. Reports

There are 7 reports. Aug 16, 2005, Sept 30, 2005, Jan 22, 2006, June 6, 2006, July 16, 2006, Aug 1, 2006, and Aug 14, 2006 .
Two mention viruses, the others are short, and report nothing. Those with the virus mention are below.

What is extremely bizarre is that I did not own the computer on Aug 16, 2005. I bought it new on Sept 21. from BesBtuy.

Damage Cleanup Engine (DCE) 3.9(Build 1020)
Windows XP(Build 2600: Service Pack 2)

Start time : Tue Aug 16 2005 11:32:20

Load Damage Cleanup Template (DCT) "C:\Program Files\VCOM\Fix-It\tmadce.ptn" (version 189) [success]
SPYW_NETZANY.100[virus found]

Complete time : Tue Aug 16 2005 11:32:24
Execute pattern count(35994), Virus found count(1), Virus clean count(0), Clean failed count(0)

Damage Cleanup Engine (DCE) 3.9(Build 1020)
Windows XP(Build 2600: Service Pack 2)

Start time : Tue Aug 16 2005 11:32:47

Load Damage Cleanup Template (DCT) "C:\Program Files\VCOM\Fix-It\tmadce.ptn" (version 189) [success]
SPYW_NETZANY.100[virus found]
-->delete registry key("HKEY_LOCAL_MACHINE","software\classes\clsid\{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}","") success
-->delete registry value("n/a","Software\Microsoft\Internet Explorer\Main","Search Bar") success
-->delete registry value("n/a","Software\Microsoft\Internet Explorer\Main","Start Page") success
-->delete registry value("n/a","Software\Microsoft\Internet Explorer\Main","Search Page") success
-->delete registry value("HKEY_LOCAL_MACHINE","Software\Microsoft\Internet Explorer\Main","Default_Page_URL") success
-->delete registry value("HKEY_LOCAL_MACHINE","Software\Microsoft\Internet Explorer\Main","Default_Search_URL") success
-->delete registry value("HKEY_LOCAL_MACHINE","Software\Microsoft\Internet Explorer\Main","Search Page") success
-->delete registry value("HKEY_LOCAL_MACHINE","Software\Microsoft\Internet Explorer\Main","Start Page") success

Complete time : Tue Aug 16 2005 11:32:47
Execute pattern count(1), Virus found count(1), Virus clean count(1), Clean failed count(0)

Damage Cleanup Engine (DCE) 3.9(Build 1020)
Windows XP(Build 2600: Service Pack 2)

Start time : Tue Aug 16 2005 11:33:03

Load Damage Cleanup Template (DCT) "C:\Program Files\VCOM\Fix-It\tmadce.ptn" (version 189) [success]
COOKIE_153[virus found]
COOKIE_222[virus found]
COOKIE_281[virus found]
COOKIE_650[virus found]
COOKIE_878[virus found]
COOKIE_1020[virus found]
COOKIE_1802[virus found]
COOKIE_2136[virus found]
COOKIE_3014[virus found]
COOKIE_6853[virus found]

Complete time : Tue Aug 16 2005 11:33:08
Execute pattern count(35994), Virus found count(10), Virus clean count(0), Clean failed count(0)

Damage Cleanup Engine (DCE) 3.9(Build 1020)
Windows XP(Build 2600: Service Pack 2)

Start time : Tue Aug 16 2005 11:33:38

Load Damage Cleanup Template (DCT) "C:\Program Files\VCOM\Fix-It\tmadce.ptn" (version 189) [success]
COOKIE_153[virus found]
COOKIE_222[virus found]
COOKIE_281[virus found]
COOKIE_650[virus found]
COOKIE_878[virus found]
COOKIE_1020[virus found]
COOKIE_1802[virus found]
COOKIE_2136[virus found]
COOKIE_3014[virus found]

Complete time : Tue Aug 16 2005 11:33:39
Execute pattern count(10), Virus found count(9), Virus clean count(9), Clean failed count(0)




Damage Cleanup Engine (DCE) 3.98(Build 1012)
Windows XP(Build 2600: Service Pack 2)

Start time : Thu Jul 13 2006 10:49:25

Load Damage Cleanup Template (DCT) "C:\Program Files\VCOM\Fix-It\tmadce.ptn" (version 236) [success]
COOKIE_225[virus found]

Complete time : Thu Jul 13 2006 10:49:33
Execute pattern count(35598), Virus found count(1), Virus clean count(0), Clean failed count(0)

Damage Cleanup Engine (DCE) 3.98(Build 1012)
Windows XP(Build 2600: Service Pack 2)

Start time : Thu Jul 13 2006 10:55:54

Load Damage Cleanup Template (DCT) "C:\Program Files\VCOM\Fix-It\tmadce.ptn" (version 236) [success]
COOKIE_225[virus found]
-->delete cookie("C:\Documents and Settings\Owner\Cookies\owner@adsfac[2].txt","Cookie:eek:wner@adsfac.net/","") success

Complete time : Thu Jul 13 2006 10:55:54
Execute pattern count(1), Virus found count(1), Virus clean count(1), Clean failed count(0)



I’m sorry to give you so much information, but I don’t know what is useful or what is not.
 
#18 · (Edited)
You did fine. All this information is good--better to give more, than not enough. :sayyes:

It appears that FixIt and it's components came pre-installed on your system--the dates reflect when the software was loaded up. Did you get a set of discs when you purchased this laptop? See if they provided you with some sort of Software Recovery disc, or the actual Ontrack FixIt disc. Let me know what discs you did find that came with your purchase--if any.
 
#19 ·
Sorry it took so long to respond. I needed to confirm the fact that fit-it was not pre-installed. The recovery discs that came with the system do not have any vcom products, and I am sure that a friend installed fix-it a month after purchase, after the trial McAfee ran out. So far the program files aove are still installed.

I went ahead and downloaded AVG and will test out the computer on line etc.

Should I flush the restore points as per your Aug 29 post? I can also go back to before I uninstalled fix it if that is needed.
 
#20 ·
If you restore to prior to the uninstall, will that also place the infections back on your system? It actually may prove helpful as your issues with Fix It AV happened just after you followed Trend Micro's instructions.
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top