HJT log file for review

[nightwish]

Logfile of HijackThis v1.99.1
Scan saved at 18:49:47, on 21/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Richard\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/insta...SSWebAgent.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload-v5.streamload.com/Upload/XUpload.ocx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

[src2206]

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to Subscribe to this thread (Thread Tools) so that you are notified when you receive a reply.

Please be patient with me during this time.

[src2206]

Hello and welcome to TSF .

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

You may like to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools located near the top of this page, then click Subscribe to this Thread. Make sure it is set to Instant email Notification, then click Subscribe.

Your HJT log is apparently not showing anything related to malwares. Are you facing any kind of problem with your PC? If so, please specifically point out those problems in your next post. Still we are going to use some tools to see if anything is hiding in your system.
_________________________________________________________________

Downloads

Please download Cleanup! and install it. You will use this later. Do not install if you are using the 64 bit version of windows.

*NOTE* Cleanup deletes EVERYTHING out of temporary folders and does not make backups.

Download Ewido Anti-Malware

• Install Ewido Anti-Malware
• Double-click the icon on Desktop to launch Ewido

You will need to update Ewido to the latest definition files.

• On the top of the main screen click Shield
• Click the word active to change it to inactive
• On the top of the main screen click Update.
• Then click on Start Update. The update will start and a progress bar will show the updates being installed.

If you are having problems with the updater, you can use this link to manually update Ewido

• Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
• Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
• Under "Reports"
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"

When you have finished updating, EXIT Ewido anti-spyware. Do Not run a scan just yet, we will shortly.
_______________________________________________________________

Please disable Webroot SpySweeper, as it may hinder the removal of some entries. You can re-enable it after you're clean.
To disable Webroot SpySweeper:

• Go to the Options>Program Options
• Uncheck Load at Windows Startup
• Click Shields & uncheck all items there
• Uncheck Home page shield.

Please disable your Windows Defender Real-time Protection, as it may hinder the removal of some entries.

• Open Windows Defender.
• Click on Tools, General Settings.
• Scroll down and uncheck Turn on real-time protection (recommended).
• After you uncheck this, click on the Save button and close Windows Defender.

_________________________________________________________________

Go to My Computer >Tools >Folder Options >View tab and select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Also make sure there is no checkmark beside Hide file extensions for known file types. Click OK.
__________________________________________________________________

Fix

Reboot your system in Safe Mode (By repeatedly tapping the F8 key until the menu appears).


Cleanup!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:

Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

• Empty Recycle Bins
• Delete Cookies
• Delete Prefetch files (if present)
• Cleanup! All Users
• Click on the Temporary Files tab and uncheck the box for Scan drives for files matching if it’s checked.

Click OK
Press the CleanUp! button to start the program.

Do not logoff or reboot when prompted.

Ewido

Run Ewido with it's updated definitions:(...it's important that all windows must be closed)

• Click Scanner
• Click on the Scan tab
• Click Complete System Scan to begin scanning.
  Once the scan is complete do the following:
• If you have any infections you will prompted, then select "Apply all actions"
• Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

Restart in normal mode.

_______________________________________________


Perform an online scan with Internet Explorer with Panda ActiveScan

Click on the "Free To Use ActiveScan" located on the top right hand corner

• Click Check Now and a "pop up" window will appear.*Please ensure that your pop up blocker doesn't block it*
• Enter your e-mail address, country, and state & click Scan Now *The download of the 8 MB Panda's ActiveX control will take place *

Begin the scan by selecting My Computer

• If it finds any malware, it will offer you a report.
• Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
• Click on See report then click Save report

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan.

Please provide the following logs with your next post:

Ewido
Panda Scan
HijackThis (A fresh one)

Please let me know about your systems overall behaviour too .

[nightwish]

ok i will do that shortly im just working on something at the moment however in you report you said to de activate spysweeper this cannot be done as officaly it isnt on my pc ive talked 2 them about it and they sent a cleaner through but it wont work properly so its just like a menu on my add remove programmes now and i cant do anything about it so

[nightwish]

ran my own version of that cleaner you said so there all cleaned

new HJT log and panda active scan inculed

pc can be slow generally works ok depends on the exchange about the internet sometimes can be increably slow sometimes incredably fast

[nightwish]

bumpin this up now it needs to be sorted :D

[src2206]

No need to bump. I'm working on your case, so hold on a little longer .

[nightwish]

ah well wasnt sure what was going on :)

[src2206]

Hello nightwish.

Before we start with your PC, please take a note not to attach report files with your post (unless you are compelled to do so because of the size of the reports- which was not applicable in your case). Use "copy-paste" to post your logs/reports as you did for your HJT log.

Secondly, follow the all instructions and in the exact given order. I have asked for a Fresh HJT Log which you have not provided.

You pointed out that you have used your own tool for cleaning. Please let me know me the name of the tool.

Next, you did not properly configure you Ewido to clean the problems which it could identify. So please follow the following instructions very carefully to update and configure Ewido.

• Launch Ewido.
• On the main screen select the icon "Update" then select the "Update now" link.
• Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
• Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
• Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
• Under "Reports"
• Select "Automatically generate report after every scan"
• Un-Select "Only if threats were found"
• Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.

Quote:

Originally Posted by nightwish

you said to de activate spysweeper this cannot be done as officaly it isnt on my pc ive talked 2 them about it and they sent a cleaner through but it wont work properly so its just like a menu on my add remove programmes now and i cant do anything about it so

We can see SpySweeper currently active in your running processes:

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Please explain the exact steps you've taken to remove Webroot SpySweeper, as well as what happens when you try to uninstall it via the Add/Remove programs.

_______________________________________________________________

Downloads

Please download the ISTBar removal tool from Symantec into it's own folder. Do not run it yet.
_____________________________________________________________


Fix

Reboot your system in Safe Mode (By repeatedly tapping the F8 key until the menu appears).

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist):

ISTBar

Delete the following Folder indicated in BLUE if it still exists.

C:\Program Files\Common Files\ Totem Shared
_______________________________________________

Run the ISTBar removal Tool.
______________________________________________

Ewido

Run Ewido with it's updated definitions:(...it's important that all windows must be closed)

• Click Scanner
• Click on the Scan tab
• Click Complete System Scan to begin scanning.
  Once the scan is complete do the following:
• If you have any infections you will prompted, then select "Apply all actions"
• Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

Reboot your system in Normal Mode.
________________________________________________________________

Perform an online scan with Internet Explorer with

Kaspersky WebScanner

Next Click on Launch Kaspersky Anti-Virus Web Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

• The program will then begin downloading the latest definition files.
• Once the files have been downloaded click on NEXT
• Locate the Scan Settings button & configure to:
  • Scan using the following Anti-Virus database:
    • Extended
  • Scan Options:
    • Scan Archives
    • Scan Mail Bases
• Click OK & have it scan My Computer
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

Please provide the following logs with your next post:

Ewido
Kaspersky Scan
HijackThis (A fresh one)

Do not attach these reports as files. Use copy-paste to post the logs here.
And do not miss any of the above. Please help us to help you better.

[nightwish]

ewido was updated properly and as far as i could tell it was working fine i thought i had attached a HJT log it might not of up loaded properly i was in a rush at the time

the tool i used was called crapcleaner from http://www.download.com/CCleaner/3000-2144_4-10547048.html?tag=lst-0-1

i had some problems with my pc recently after i downloaded a trial version of spy sweeper after the trial was over i uninstalled it completly and then had to restore my pc in an attempt to get it workin when i did this the pc menus came back up with spy sweeper and having posted a thread in the forum i got a windows cleaner programme becuase it would not remove from the add remove menu reference the following screen shots






i will try the steps you have posted and repost when i can

[src2206]

Hi nightwish,
Please let me have the folowing infos;
1. Which version of Spysweeper is it?

2. Have you done the rest of the fix? Even if you have done, please follow the next set of instructions [If you have not done yet then do it before startin gthe FIX portion]:

1. Reboot in safe mode by pressing F8.

2. Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click “Kill process” for each one (If they still exist)(You must kill them one at a time).

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

3. Then follow the rest of the fix.

If you have followed my last set of instructions before this post, please reboot in safe mode. Kill the process as above, if it is there and then run ISTBar removal tool again.

[nightwish]

hey man it might be a while b4 i can post back becuase my isp is changeing it will be 10-14 days b4 i can swop so i will post back when im back online

[src2206]

Hello nightwish.
Once your ISP changeover has completed and you are back online, please be sure to post current scan results along with an update on how your system is behaving.

[nightwish]

new logs
FXIST BAR results
Symantec Adware.Istbar / Trojan.ISTsvc Removal Tool 1.1.0


C:\System Volume Information: (not scanned)
Adware.Istbar has not been found on your computer.

HJT LOG
Logfile of HijackThis v1.99.1
Scan saved at 15:17:28, on 25/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Richard\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/insta...SSWebAgent.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload-v5.streamload.com/Upload/XUpload.ocx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

EWIDO LOGS
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 14:04:40 25/09/2006

+ Scan result:



C:\Documents and Settings\Ian\Cookies\ian@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Ian\Cookies\ian@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Ian\Cookies\ian@premiumtv.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Richard\Cookies\richard@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Ian\Cookies\ian@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Richard\Cookies\richard@adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Ian\Cookies\ian@adtech[2].txt -> TrackingCookie.Adtech : No action taken.
C:\Documents and Settings\Ian\Cookies\ian@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Richard\Cookies\richard@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Ian\Cookies\ian@adviva[2].txt -> TrackingCookie.Adviva : No action taken.
C:\Documents and Settings\Ian\Cookies\ian@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Richard\Cookies\richard@atdmt[1].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Ian\Cookies\ian@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : No action taken.
C:\Documents and Settings\Ian\Cookies\ian@burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Ian\Cookies\ian@www.burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Ian\Cookies\ian@casalemedia[2].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Richard\Cookies\richard@casalemedia[1].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\Ian\Cookies\ian@com[1].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Richard\Cookies\richard@com[1].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Ian\Cookies\ian@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Richard\Cookies\richard@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Ian\Cookies\ian@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Richard\Cookies\richard@fastclick[1].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Richard\Cookies\richard@media.fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Ian\Cookies\ian@ads.gamershell[1].txt -> TrackingCookie.Gamershell : No action taken.
C:\Documents and Settings\Ian\Cookies\ian@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Richard\Cookies\richard@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Ian\Cookies\ian@ads.pointroll[1].txt -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\Richard\Cookies\richard@qksrv[1].txt -> TrackingCookie.Qksrv : No action taken.
C:\Documents and Settings\Ian\Cookies\ian@web4.realtracker[1].txt -> TrackingCookie.Realtracker : No action taken.
C:\Documents and Settings\Ian\Cookies\ian@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : No action taken.
C:\Documents and Settings\Ian\Cookies\ian@targetnet[1].txt -> TrackingCookie.Targetnet : No action taken.
C:\Documents and Settings\Ian\Cookies\ian@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\Ian\Cookies\ian@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Ian\Cookies\ian@reduxads.valuead[1].txt -> TrackingCookie.Valuead : No action taken.
C:\Documents and Settings\Ian\Cookies\ian@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Ian\Cookies\ian@c1.zedo[1].txt -> TrackingCookie.Zedo : No action taken.
C:\Documents and Settings\Ian\Cookies\ian@zedo[1].txt -> TrackingCookie.Zedo : No action taken.


::Report end

KASPERSKY log
KASPERSKY ONLINE SCANNER REPORT
Monday, September 25, 2006 3:16:26 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 25/09/2006
Kaspersky Anti-Virus database records: 226309


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\

Scan Statistics
Total number of scanned objects 46740
Number of viruses found 0
Number of infected objects 0 / 0
Number of suspicious objects 0
Duration of the scan process 01:00:02

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Avg7\Log\emc.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0042353a28e1f9fe91683222758b2127_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\083daceb4b08c06d3ba587bbe4f209de_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0909cf726db9286872f61ef272d7b2ad_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0bed454e8cc57ad727f341d2e768033e_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0eb64d1d5bdafef6578d6eb2f3157da4_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1362413ef660f285e4528ea48f46567e_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\13db223870281c7b2ad15a68b3df84ba_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1801ba738e6dd6243c75bf68e145b781_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\184601b146c6607ec500f25091dc62be_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\198594a8af6e223fefcf0b89a5af97e9_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1b80fba3b75337997c806fe2c9eb3846_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1bce7735d0439aeddf13d2cfa60062dc_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\1d0d3f3c565d068cd4014ab0fe6f1e38_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\251473ced5897e217bd2ddba8baca1ce_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\291cda35c55575056c9d76fe88787229_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2c112fd8c5e136f0399a6f507d1e1dfe_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2c32a54018a4d9ed2dce8073e959efa1_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2d4899238ef437387958a78bed82d7aa_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\32947ac0b4078873b5c2bc46fd10f42a_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\34eeab3bc16271ec1d837b2ee8ac3c53_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\36616cfcf5a4e694bc97c4d664115ed9_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\38456cf62698e4eeaa47b9b0ae4cf136_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3f795e4eb458fb5b699c49b606126016_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\42d2c4aa3a2f7a88e68154f195ab7620_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\43e8bcccc1987368e03a65ccfcd2781f_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\44eaad9c924dba49efb8c9587b8ae517_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\45f7ac7492bf4e078664c0d9d6b69014_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4621956d4b81a1df98d6e94b2a52de96_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\48024fb2dfc9be985bb54e0135b9689e_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\492d0d6533cc210589e151e909213def_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\49620153b1c0e509035ee48a8d2be882_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4b5da336abe8750a8423f4567c360a31_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4e10f1a58c1283477ca9702b39fb525a_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\4f773cf364c5ec36663389c9b55a8614_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\50e70cbe662ad130297520e9b25dfc26_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5340f3c311a9dcca67b2d66226b5e8b0_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5709a0b56271c974162c9cc27e5617b1_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5719d916c3480a781dc3811805da85be_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\58483d7ec9b2eadaff20cb733b1b4fcd_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5bd4589528aeb202e6c42d8fbe7cbcc0_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\5eae0b5dca91b62d84aede17d524e475_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6ca1b83419d44c501810fe30c96ad49c_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7ae6f408b394d56d81c3872ebb24a9ea_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7b50a8851a91ec3adc326ce21e897fa2_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7bd81f1082e42f489a82c2917022ad49_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7d334212b057c432a4829808d4898653_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7ef2a8e2d06fc395fc52547e7158072d_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\81aa6c6701d7e2e6bc5f626dfd3071ac_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\843f343bb2c35a54e06234f2faef5a98_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\85b765b5dac660f2a9057a687cf57d6a_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\89b8024d7e95a6bcfecaa44c664b23e2_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9851a43070614a61bb09b67e2a1aa1c9_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\99ebd88f104a438ffe6a6e0c33959473_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\9c78c59ae94e789bb86b9016be8d56c9_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a789820e8645bd142c8105433f9c0671_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ab6ccda616db72c7e89a8c293c30c2b0_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\abdde16bcfa9147ed23bd209a3607a69_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ac06c1891a65391a85510db255bb2739_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b09e422ece5e16c362b3c9d5783fa98b_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b4fc52e44453962e7e566564e8b9f6a4_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ba3a612cb71eda1f6344c9ff79e58177_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\bd0a4e454f40fee4f2574e223154d3e9_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c0584499c17bbdb6ed0cce5bc27f71ec_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c4cd9761653dfcb44224e73d504c759c_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c8c24f514e200508a8dda0158314d1cc_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c8e5839d3269583b55c5a7996e87f5dd_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\cab48efc224c07892c2ec143241ef441_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ccab5796608b4545a7f261dcec87b9a1_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ce8376861596f85c1afed84c925302e4_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ce9d61bd63a5de194a84179d9dd67968_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d57c79212c043f9f12fc9e7d422c031b_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\d983529e18bc71011e3f649b6a24d726_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\df7fadb3aef10dddc6d546888c13e9ac_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e253156f87027428c869b3ee3ad798f4_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\eaf81aa08d8dc0fcc081acebff115699_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f4b24ded448c86f34be7d57619a11b62_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f53da58d8dff394e28745cb56dd710a0_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f664d4d985c9a1ba4baf8af6bf34ef17_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\f741eec1b27f5fac3960698170a34b72_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fecb894659380d27d5820a03f50d100b_b3d9b872-a099-47ae-a32a-4c258e818cb6 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\WDLog-07132006-164656.log Object is locked skipped

C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Richard\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Richard\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Richard\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Richard\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Richard\Local Settings\History\History.IE5\MSHist012006092520060926\index.dat Object is locked skipped

C:\Documents and Settings\Richard\Local Settings\Temp\~DF8FBA.tmp Object is locked skipped

C:\Documents and Settings\Richard\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Richard\ntuser.dat Object is locked skipped

C:\Documents and Settings\Richard\NTUSER.DAT.LOG Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{3CAE77E3-93EF-43B7-9486-A97CCC5665D0}\RP226\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped

C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped

C:\WINDOWS\Internet Logs\RJJ-B3F27FD854C.ldb Object is locked skipped

C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\ZLT002ca.TMP Object is locked skipped

C:\WINDOWS\Temp\ZLT002d1.TMP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

hope that helps you i followed it in the right order but i didnt post them cuz they opened in that order

[src2206]

Hello nightwish .

Well done, your logs are clean!
Please follow the next steps to ensure that no traces of malwares are left back in your machine.

Using windows explorer, navgate to the following two folders coloured Dark Orange and delete everything contained within them.

C:\Documents and Settings\Ian\ Cookies
C:\Documents and Settings\Richard\ Cookies

Remember not to delete the folders and keep all your internet browsers closed.
If you can not delete the contents of the folders in normal mode, reboot in Safe mode [pressing F8 during bootup and choosing Safe Mode from the menu] and delete. After that reboot back in Normal Mode.

Reset hidden/system files and folders

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View tab.
• Deselect the Show hidden files and folders option.
• Select the Hide file extensions for known types option.
• Select the Hide protected operating system files option.
• Click Yes to confirm.
• Click OK.

System Restore

To turn off System Restore click Start > Right Click My Computer > Properties. Click the System Restore tab and Check "Turn off System Restore" or "Turn off System Restore on all drives" Click Apply. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this then Click OK.

Turn on System Restore by Clicking Start. Right-click My Computer, and then click Properties. Click the System Restore tab. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives." Click Apply, and then OK.

This will create a new Restore Point.

Updating Java and Clearing Cache

1. Go to Start > Control Panel double-click on the Java Icon (coffee cup) in the Control Panel.
2. It will say "Java Plug-in" under the icon.
3. If it is not visible, click on 'Switch to Classic View' in the left pane of the Control Panel or 'Other Control Panel Options'
4. Please find the Update button or tab in the Java Control Panel. Update your Java then reboot.
5. If you are unable to update you can manually update by going here:
   • http://www.java.com/en/download/manual.jsp
6. After the reboot, go back into the Control Panel and double-click the Java Icon.
7. Under the Advanced Tab, click <Applet> tag support and select the browser(s) you are using.
8. Under "Temporary Internet Files", click the Delete Files button.
9. There are three options in the window to clear the cache - Leave ALL 3 Checked
   • Downloaded Applets
   • Downloaded Applications
   • Other Files
10. Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
11. Click OK to leave the Java Control Panel.

MICROSOFT UPDATES

It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

SPYWARE PREVENTION SPEECH

This is a good time to set up protection against further attacks. Read TonyKlein's How Did I Get Infected In The First Place?. You need an antivirus that is continually updated, a good firewall, a spyware blocker such as Spyware Blaster, and a real time spyware program such as Spyware Guard, to prevent spyware intrusions. IE-Spyad is another excellent program that places over 4000 websites and domains in the IE Restricted list, which will help prevent attempts to infect your system. All of the above have good free versions available. However, be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

More information and downloads are available at the following links:

Spyware Blaster
Spyware Guard
IE-Spyad

Happy surfing .