WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93085 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

[Resolved] I'm new and please help

Started by gangstu , Apr 07 2008 12:44 AM

This topic is locked

9 replies to this topic

#1 gangstu

New Member

New Member
5 posts

Posted 07 April 2008 - 12:44 AM

For the last couple of day's I've had random sounds play through the speakers. Majority of the sounds have been a tiger growl or something like that, and the other ones were explosions. Any help would be great.
Here is my log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:38:46 AM, on 4/7/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\NETGEAR\WNDA3100\wnda3100.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\AIM6\aim6.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/home.php?
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...h...TP&M=FX7024
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...h...TP&M=FX7024
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...h...TP&M=FX7024
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - MRI_DISABLED - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-584053641-3088307684-1831299302-1000\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\Sidebar.exe" /detectMem (User 'IUSR_NMPR')
O4 - Global Startup: NETGEAR WNDA3100 Smart Wizard.lnk = C:\Program Files\NETGEAR\WNDA3100\wnda3100.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O13 - Gopher Prefix:
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® DHTrace Controller (DHTRACE) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Intel® NMSCore (NMSCore) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel® Quality Manager (QualityManager) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8105 bytes

Thank you very much...

Advertisements

Register to Remove

#2 gringo_pr

Silver Member

Visiting Fellow
423 posts

Posted 11 April 2008 - 06:29 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

Please do not run any other tool untill instructed to do so!
Please reply to this thread, do not start another!
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.

Sorry about the delay in responding

The forums have been very busy

If you still need help, Scan again with HijackThis, and copy/paste" a new log file into this thread.

Also please make an uninstall list and post that as well

Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in your next reply.

Gringo

#3 gangstu

New Member

New Member
5 posts

Posted 14 April 2008 - 10:22 PM

Thank you very much for your assistance.
By the way, it hadn't happened for a while until just a few hours ago.
I also noticed it only seems to happen while watching something in VLC media player, don't know if it is just a coincidence though.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:18:44 AM, on 4/15/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\NETGEAR\WNDA3100\wnda3100.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/home.php?
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...h...TP&M=FX7024
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...h...TP&M=FX7024
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...h...TP&M=FX7024
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - MRI_DISABLED - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-584053641-3088307684-1831299302-1000\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\Sidebar.exe" /detectMem (User 'IUSR_NMPR')
O4 - Global Startup: NETGEAR WNDA3100 Smart Wizard.lnk = C:\Program Files\NETGEAR\WNDA3100\wnda3100.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O13 - Gopher Prefix:
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® DHTrace Controller (DHTRACE) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Intel® NMSCore (NMSCore) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel® Quality Manager (QualityManager) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8152 bytes

And the Uninstall List:

Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.2
AIM 6
Any Video Converter 2.5.3
Apple Mobile Device Support
Apple Software Update
Bonjour
Browser Address Error Redirector
Compatibility Pack for the 2007 Office system
Crysis®
Digital Media Reader
FreeUndelete
Gateway Connect
Gateway Recovery Center Installer
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Intel® Management Engine Interface
Intel® Matrix Storage Manager
Intel® PRO Network Connections Drivers
Intel® Viiv™ Software
iTunes
Java™ SE Runtime Environment 6 Update 1
LabelPrint
LiveUpdate (Symantec Corporation)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft Money Essentials
Microsoft Money Shared Libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft WSE 2.0 SP3 Runtime
MSXML 4.0 SP2 (KB941833)
Nero 8 Trial
neroxml
NETGEAR RangeMax Duo Wireless-N USB Adapter WNDA3100
NVIDIA Drivers
Opera 9.27
Power2Go 5.0
PunkBuster Services
QuickTime
SigmaTel Audio
Soft Data Fax Modem with SmartCP
Spy Sweeper
Trend Micro AntiVirus
Trend Micro AntiVirus
Undelete Plus 2.94
VCRedistSetup
VideoLAN VLC media player 0.8.6d
Viewpoint Media Player
WinRAR archiver

Once again, thank you very much for your assistance.

#4 gringo_pr

Silver Member

Visiting Fellow
423 posts

Posted 14 April 2008 - 11:44 PM

Hello gangstu

:Spysweeper:

Please disable SpySweeper as it may interfere with the fix.
Open SpySweeper
Click Options
Click program options
Uncheck load at windows startup
On the left click shields and uncheck all there
Uncheck home page shield
Uncheck automaticly restore default without notifiction
Close SpySweeper

Don't forget to re-enable it, when your computer is clean.

:Remove bad HijackThis entries:

Run HijackThis
Click on the Scan button
Put a check beside all of the items listed below (if present):
- R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
  O2 - BHO: (no name) - MRI_DISABLED - (no file)
  O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
  O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
Close all open windows and browsers/email, etc...
Click on the "Fix Checked" button
When completed, close the application.

: Malwarebytes' Anti-Malware :

Please download Malwarebytes' Anti-Malware to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
- Update Malwarebytes' Anti-Malware
- and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
- If you accidently close it, the log file is saved here and will be named like this:
- C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

:Run Kaspersky Online AV Scanner:

Order to use it you have to use Internet Explorer.
Go to Kaspersky and click the Accept button at the end of the page.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
Read the Requirements and limitations before you click Accept.
Allow the ActiveX download if necessary.
Once the database has downloaded, click Next.
Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
Click on "My Computer"
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

Copy and paste the report into your next reply

:information and logs:

In your next post I need the following

1.log from MBAM
2.log from Kaspersky
3.new hijackthis log
[/list]
Gringo

#5 gangstu

New Member

New Member
5 posts

Posted 15 April 2008 - 06:15 PM

I couldn't find anything about "Home page sheild" or "automatically restore default without notification" in spysweeper

Malwarebytes' Anti-Malware 1.11
Database version: 633

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 147200
Time elapsed: 30 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I wasn't given the option to save when I finished the Kaspersky scan.
However, It did say that it found one infected item, but the only button was to "end scan" even though it said it was done. If i clicked that it asked "do you want to end scan without saving report" or something close to that.
I'll try again tonight.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:14:39 PM, on 4/15/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\NETGEAR\WNDA3100\wnda3100.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/home.php?
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...h...TP&M=FX7024
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...h...TP&M=FX7024
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...h...TP&M=FX7024
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [NvSvc] "RUNDLL32.EXE" C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-584053641-3088307684-1831299302-1000\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\Sidebar.exe" /detectMem (User 'IUSR_NMPR')
O4 - Global Startup: NETGEAR WNDA3100 Smart Wizard.lnk = C:\Program Files\NETGEAR\WNDA3100\wnda3100.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® DHTrace Controller (DHTRACE) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Intel® NMSCore (NMSCore) - Intel® Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Intel® Quality Manager (QualityManager) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8007 bytes

#6 gringo_pr

Silver Member

Visiting Fellow
423 posts

Posted 15 April 2008 - 09:17 PM

hello gangstu

I would like to see the kaspersky scan so lets get rid of some unneeded files

:Clean temp files:

Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.Double-click ATF Cleaner.exe to open it.

Under Main choose: Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
recycle bin
*The other boxes are optional*
Then click the Empty Selected button.
if you use Firefox: Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
if you use Opera: Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program
[/list]
if you still have problem with kaspersky you can try this one

:Eset NOD32 Online AntiVirus:

Run Eset NOD32 Online AntiVirus
http://www.eset.eu/online-scanner
Note: You will need to use Internet Explorer for this scan.
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Disable your current Antivirus software. You can usually do this with its Notfication Tray icon near the clock.
Click Start
Make sure that the option "Remove found threats" is Un-checked, and the option "Scan unwanted applications" is checked
Click Scan
Wait for the scan to finish
Re-enable your Anvirisus software.
A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

:information and logs:

In your next post I need the following

1.let me have the log from kaspersky or Eset NOD32
2.how is the computer doing now?
[/list]
Gringo

#7 gangstu

New Member

New Member
5 posts

Posted 16 April 2008 - 09:18 AM

I let kespersky run again and this time it worked out: ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Wednesday, April 16, 2008 11:15:31 AM Operating System: Microsoft Windows Vista Home Edition, (Build 6000) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 16/04/2008 Kaspersky Anti-Virus database records: 710100 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\ Scan Statistics: Total number of scanned objects: 100815 Number of viruses found: 0 Number of infected objects: 0 Number of suspicious objects: 0 Duration of the scan process: 00:53:59 Infected Object Name / Virus Name / Last Action C:\Program Files\Nero\Nero8\Nero BackItUp\BIU18D2.txt Object is locked skipped C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\7598aa5ceff696f714b6000f2bed242d_c355f3d6-7b75-49cc-91ad-4af58b2cf318 Object is locked skipped C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.61.Crwl Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.61.gthr Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000E.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010010.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010011.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010012.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010014.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010016.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010017.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010018.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010019.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001B.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010021.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010022.ci Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010022.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010022.wsb Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010023.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010024.wid Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy21.gthr Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf270B.tmp Object is locked skipped C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf273B.tmp Object is locked skipped C:\ProgramData\Microsoft\Windows\DRM\drmstore.hds Object is locked skipped C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-11022006-050241.log Object is locked skipped C:\ProgramData\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\Users\Andy\AppData\Local\Adobe\Acrobat\8.0\Updater\updater.log Object is locked skipped C:\Users\Andy\AppData\Local\Adobe\Updater5\aumLib.log Object is locked skipped C:\Users\Andy\AppData\Local\Ahead\Nero Home\bl.db Object is locked skipped C:\Users\Andy\AppData\Local\Ahead\Nero Home\is2.db Object is locked skipped C:\Users\Andy\AppData\Local\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped C:\Users\Andy\AppData\Local\AOL OCP\AIM\Storage\data\rubberz123\localStorage\common.cls Object is locked skipped C:\Users\Andy\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Users\Andy\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped C:\Users\Andy\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped C:\Users\Andy\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008041520080416\index.dat Object is locked skipped C:\Users\Andy\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008041620080417\index.dat Object is locked skipped C:\Users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Users\Andy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Users\Andy\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Users\Andy\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped C:\Users\Andy\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped C:\Users\Andy\AppData\Local\Microsoft\Windows\UsrClass.dat{648d9298-dcdc-11dc-960a-001cc0258f3e}.TM.blf Object is locked skipped C:\Users\Andy\AppData\Local\Microsoft\Windows\UsrClass.dat{648d9298-dcdc-11dc-960a-001cc0258f3e}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped C:\Users\Andy\AppData\Local\Microsoft\Windows\UsrClass.dat{648d9298-dcdc-11dc-960a-001cc0258f3e}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped C:\Users\Andy\AppData\Roaming\acccore\nss\cert8.db Object is locked skipped C:\Users\Andy\AppData\Roaming\acccore\nss\key3.db Object is locked skipped C:\Users\Andy\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped C:\Users\Andy\AppData\Roaming\Webroot\Spy Sweeper\Logs\080415131500.ses Object is locked skipped C:\Users\Andy\NTUSER.DAT Object is locked skipped C:\Users\Andy\ntuser.dat.LOG1 Object is locked skipped C:\Users\Andy\ntuser.dat.LOG2 Object is locked skipped C:\Users\Andy\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped C:\Users\Andy\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped C:\Users\Andy\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped C:\Users\IUSR_NMPR\AppData\Local\Intel\IntelDH\mediaserver\db\mb_collectiondb.mdb1 Object is locked skipped C:\Users\IUSR_NMPR\AppData\Local\Intel\IntelDH\mediaserver\db\mb_collectiondb.mdb2 Object is locked skipped C:\Users\IUSR_NMPR\AppData\Local\Intel\IntelDH\mediaserver\db\mb_collectionnameindex.mdb1 Object is locked skipped C:\Users\IUSR_NMPR\AppData\Local\Intel\IntelDH\mediaserver\db\mb_collectionnameindex.mdb2 Object is locked skipped C:\Users\IUSR_NMPR\AppData\Local\Intel\IntelDH\mediaserver\db\mb_collectionrevindex.mdb1 Object is locked skipped C:\Users\IUSR_NMPR\AppData\Local\Intel\IntelDH\mediaserver\db\mb_collectionrevindex.mdb2 Object is locked skipped C:\Users\IUSR_NMPR\AppData\Local\Intel\IntelDH\mediaserver\db\mb_collectiontypedateindex.mdb1 Object is locked skipped C:\Users\IUSR_NMPR\AppData\Local\Intel\IntelDH\mediaserver\db\mb_collectiontypedateindex.mdb2 Object is locked skipped C:\Users\IUSR_NMPR\AppData\Local\Intel\IntelDH\mediaserver\db\mb_collectiontypeindex.mdb1 Object is locked skipped C:\Users\IUSR_NMPR\AppData\Local\Intel\IntelDH\mediaserver\db\mb_collectiontypeindex.mdb2 Object is locked skipped C:\Users\IUSR_NMPR\AppData\Local\Intel\IntelDH\mediaserver\db\mb_collectiontypenameindex.mdb1 Object is locked skipped C:\Users\IUSR_NMPR\AppData\Local\Intel\IntelDH\mediaserver\db\mb_collectiontypenameindex.mdb2 Object is locked skipped C:\Users\IUSR_NMPR\AppData\Local\Intel\IntelDH\mediaserver\db\mb_content.mdb1 Object is locked skipped C:\Users\IUSR_NMPR\AppData\Local\Intel\IntelDH\mediaserver\db\mb_content.mdb2 Object is locked skipped C:\Users\IUSR_NMPR\AppData\Local\Intel\IntelDH\mediaserver\db\mb_creationdateindex.mdb1 Object is locked skipped C:\Users\IUSR_NMPR\AppData\Local\Intel\IntelDH\mediaserver\db\mb_creationdateindex.mdb2 Object is locked skipped C:\Users\IUSR_NMPR\AppData\Local\Intel\IntelDH\mediaserver\db\mb_propdb.mdb1 Object is locked skipped C:\Users\IUSR_NMPR\AppData\Local\Intel\IntelDH\mediaserver\db\mb_propdb.mdb2 Object is locked skipped C:\Users\IUSR_NMPR\AppData\Local\Intel\IntelDH\mediaserver\db\mb_typenameindex.mdb1 Object is locked skipped C:\Users\IUSR_NMPR\AppData\Local\Intel\IntelDH\mediaserver\db\mb_typenameindex.mdb2 Object is locked skipped C:\Users\IUSR_NMPR\AppData\Local\Intel\IntelDH\mediaserver\db\mb_urldb.mdb1 Object is locked skipped C:\Users\IUSR_NMPR\AppData\Local\Intel\IntelDH\mediaserver\db\mb_urldb.mdb2 Object is locked skipped C:\Users\IUSR_NMPR\AppData\Local\Intel\IntelDH\mediaserver\db\mb_urlindex.mdb1 Object is locked skipped C:\Users\IUSR_NMPR\AppData\Local\Intel\IntelDH\mediaserver\db\mb_urlindex.mdb2 Object is locked skipped C:\Users\IUSR_NMPR\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Users\IUSR_NMPR\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped C:\Users\IUSR_NMPR\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped C:\Users\IUSR_NMPR\AppData\Local\Microsoft\Windows\UsrClass.dat{4b117429-c5ef-11dc-86c4-8094ce9a4344}.TM.blf Object is locked skipped C:\Users\IUSR_NMPR\AppData\Local\Microsoft\Windows\UsrClass.dat{4b117429-c5ef-11dc-86c4-8094ce9a4344}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped C:\Users\IUSR_NMPR\AppData\Local\Microsoft\Windows\UsrClass.dat{4b117429-c5ef-11dc-86c4-8094ce9a4344}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped C:\Users\IUSR_NMPR\NTUSER.DAT Object is locked skipped C:\Users\IUSR_NMPR\ntuser.dat.LOG1 Object is locked skipped C:\Users\IUSR_NMPR\ntuser.dat.LOG2 Object is locked skipped C:\Users\IUSR_NMPR\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped C:\Users\IUSR_NMPR\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped C:\Users\IUSR_NMPR\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped C:\Windows\Debug\PASSWD.LOG Object is locked skipped C:\Windows\Debug\sam.log Object is locked skipped C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Object is locked skipped C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Object is locked skipped C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WindowsUpdate.log Object is locked skipped C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Object is locked skipped C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Object is locked skipped C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Object is locked skipped C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Object is locked skipped C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Object is locked skipped C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Object is locked skipped C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped C:\Windows\SoftwareDistribution\EventCache\{D887652B-C327-40B2-914C-3FA906F7C58E}.bin Object is locked skipped C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped C:\Windows\System32\catroot2\edb.log Object is locked skipped C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped C:\Windows\System32\config\COMPONENTS Object is locked skipped C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped C:\Windows\System32\config\DEFAULT Object is locked skipped C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped C:\Windows\System32\config\RegBack\COMPONENTS Object is locked skipped C:\Windows\System32\config\RegBack\DEFAULT Object is locked skipped C:\Windows\System32\config\RegBack\SAM Object is locked skipped C:\Windows\System32\config\RegBack\SECURITY Object is locked skipped C:\Windows\System32\config\RegBack\SOFTWARE Object is locked skipped C:\Windows\System32\config\RegBack\SYSTEM Object is locked skipped C:\Windows\System32\config\SAM Object is locked skipped C:\Windows\System32\config\SAM.LOG1 Object is locked skipped C:\Windows\System32\config\SAM.LOG2 Object is locked skipped C:\Windows\System32\config\SECURITY Object is locked skipped C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped C:\Windows\System32\config\SOFTWARE Object is locked skipped C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped C:\Windows\System32\config\SYSTEM Object is locked skipped C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS00329B6D-C2F4-48EA-BF80-0B6775B4706A.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS014EA82F-A3BB-41DE-B8BA-9088CEB05B59.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS0740F0CD-A6BF-46E1-8AC7-5766699226D7.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS0B25336C-D961-47F6-A8DA-938B928235EC.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS0EBCA9F8-6363-479B-AB6B-BA5CF0D6DBE2.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS0F840807-E276-4159-9FC5-11AD1B296C43.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS15DE585F-AFE5-4C41-AC98-B3145B973A10.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS1903939C-CB1E-4429-AF07-AE8C687CAA85.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS1A4FFDC6-DD23-4BAB-B954-D5D13A362A65.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS1DFA9670-C7DD-4621-AA1F-DBCFA91AB4CE.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS20413977-5597-471A-A46C-D320502CD970.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS204A3F37-89D6-446C-9542-7942F3F15D2C.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS265C5725-9E44-471A-B090-6FC74B35800C.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS2B264E15-E7DD-46AB-A289-E3267D7C91CD.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS2B99B36E-57C1-4D9F-B47D-C40AE4DBC74E.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS2C8ECDD5-1FEA-44B9-97B6-C2B987FC3075.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS2F616424-A060-4A6A-9878-4D5554F212CF.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS308D025C-2E50-49A2-BE6F-8AAB0CBA05AF.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS311FF679-9B2F-42D9-AA9B-732E2B6367CE.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS3243D1C8-C854-4A48-A205-C6C1E88F5518.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS34D1066F-D25B-4292-BB26-E7D4BC6B3859.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS3C62F898-0B46-4254-B8C7-D6B5EDFEE7BA.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS3DDEEA85-7B23-408C-9641-6D9C3D1EA35C.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS409CCC0C-BB3B-486B-8BB6-B2F50F530461.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS45BFE6E8-DE0D-4FC0-9066-BF1CF1316580.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS4660D59A-162A-4956-BFCD-32E133EE411B.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS46AE7D55-C8D8-4C19-A658-A77BC13C290A.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS48622102-F37B-4AEE-B1BD-FD396281900E.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS49569D36-BDA5-4641-8DF3-0C76CF566DDC.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS49D28310-5AA1-42BD-BD94-2C29501C5A00.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS53098EC4-8FE2-4406-8111-DF9220997CE2.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS54DC22D3-F6D8-416D-AB46-A21B5B4FE07A.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS54FFC5EB-8F18-46AF-989B-8F02C2F244CC.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS55DD0F4F-EE9F-41C1-B025-0DC4985564C3.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS586346D1-E113-4398-9B03-09522A06BA9E.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS5FE15516-1293-406C-BF7D-7A76A0F431C7.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS61FB735E-C92C-410F-A634-B3DFD9B71EE0.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS6446F2A6-2917-46CE-AFA0-139FFD5A4249.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS66CBC6A9-7CF1-4FF1-81DD-CC58BCAF7017.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS67869B79-3BC2-4A7D-95F8-4FA456718E54.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS6968EE84-D59A-4B1E-A08C-A67EEE00B15C.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS69BFB4A9-05EB-46C4-8C1C-245DFB58A88C.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS6A29234B-ADFD-4193-943A-C19F3516ECA5.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS6A69BA68-6142-471F-A828-D0668A7ADA3E.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS6E86BD2B-687E-494E-AE26-FA6712C962F1.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS70D49036-5F41-494D-94E0-F43BFEBB4635.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS7653C6B6-EAE3-4FC3-AE0E-C99DBCE7DF03.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS7C5EF42D-8320-434F-99AF-648CECBD371F.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS7E67FB76-ED10-47ED-9196-85C171AE0707.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS7EB5FF2B-765B-4275-ACD8-721B5B8370CB.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS82BCCCD1-1FDD-463B-944C-87096275CA23.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS871AACFC-3125-4EA1-A45D-4F48EBB2A4FC.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS8B2C93DF-7F1D-4204-AE80-41C26E16DEF1.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS92AFA508-2F05-4EE8-9F72-471DCCE5AB4F.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS953C3F71-9AF8-4511-A86B-8A7D4A2D550F.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS95FA9C9E-AD79-4217-ABA6-4DEDC8AC96F3.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS96D4CD8A-CFE1-4173-B769-D28AA487B326.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS97CF7071-7F6D-4AFC-ACE3-D85CC9CEC013.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS9AF02CBC-2ADA-490C-86F9-5716689AB184.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMS9DAC8C55-D1F7-4258-BB29-D74B55A6D412.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMSAA3ADDDF-1EA8-4C89-9B3B-0EF6E66BF5DD.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMSAAEEBA4A-329C-4E1F-AE56-1473EECFA15C.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMSADDFB905-525F-4982-934F-7BC75DB364BD.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMSB18D82D2-480D-492F-A06E-E7A43D29DA7F.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMSBBBB80A4-63F3-4B5D-A808-522E13AF9F94.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMSBCA0F625-F760-4E3B-B778-36AFA3AE94CC.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMSC0F5DA93-B4B6-43CF-9944-EF72AD803BC9.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMSC2034E4E-E829-4BB8-BE3A-DC891272A611.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMSC4708D45-E6CB-4858-A31C-33F8C96B1945.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMSC6496F09-CB3C-41D7-A223-B699BA95E080.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMSC748E589-A4C0-468B-82D7-071C37FF53B0.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMSCC723F23-4246-4337-92D6-31B9F59B7277.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMSD1080D2C-ABC6-41F7-BBAA-3297F793A56B.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMSD54304C0-2E7A-4A5C-B0F7-CCC24119F223.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMSD600F4D9-DB82-4808-8CC7-13F7F576C563.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMSD72A7598-8038-472A-B3F2-B8842680A30C.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMSDDDA18AA-58CA-45AD-A60D-115026F156A4.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMSDEE252AE-2E86-42E3-9292-30132A8FCB2C.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMSE1054DE1-B7AC-4261-8255-3B6681203FCD.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMSE4EE01E1-CD6F-4C46-9CCE-5C1AC1BDE784.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMSEA0BD100-5D08-42FD-A931-BB934572EB81.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMSEB6F04CD-0AF1-4E89-A676-ECCC9AC5E0DB.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMSEC6DBC56-3E9F-43F5-B4EC-55C6714ED0DB.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMSECEAD9B9-317A-4CF9-8D47-F09169BF7175.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMSEE886B2D-0EF2-4323-B9B6-3AA88059C514.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMSF26E53D2-7043-4A20-BB52-E5B6AEA7ABBB.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMSF55C839B-BF7A-46FE-BC1C-CE9032AA2E16.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMSF8A4593C-88B7-45A6-9B42-4214853EC9C8.tmp Object is locked skipped C:\Windows\System32\config\systemprofile\AppData\Roaming\Webroot\Spy Sweeper\Temp\SSMSFD5779AE-6945-4218-B308-13E98D546CA2.tmp Object is locked skipped C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped C:\Windows\System32\LogFiles\HTTPERR\httperr1.log Object is locked skipped C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped C:\Windows\System32\Msdtc\KtmRmTm.blf Object is locked skipped C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000001 Object is locked skipped C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000002 Object is locked skipped C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT Object is locked skipped C:\Windows\System32\SMI\Store\Machine\schema.dat.LOG1 Object is locked skipped C:\Windows\System32\SMI\Store\Machine\schema.dat.LOG2 Object is locked skipped C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{3a53986d-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{3a53986d-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{3a53986d-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.002 Object is locked skipped C:\Windows\System32\wfp\wfpdiag.etl Object is locked skipped C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\IntelDH.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped C:\Windows\WindowsUpdate.log Object is locked skipped D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped Scan process completed. The computer is still sometimes and very randomly playing the "growl" audio clip. And before I said it was only happening while using VLC, well it actually happened a couple of days ago without VLC being open.

#8 gringo_pr

Silver Member

Visiting Fellow
423 posts

Posted 18 April 2008 - 06:11 PM

hello

your logs show no signs of malware so I don't think it is comming from malware. You could check in the windows section here at what the tech and see what they have to say

This is my general post for when your logs show no more signs of malware

- Please let me know if you still are having problems with your computer and what these problems are

:Set correct settings for files:

Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
If unchecked please check Hide protected operating system files (Recommended)
If necessary check "Display content of system folders"
If necessary Uncheck Hide file extensions for known file types.
Click OK

:clear system restore points:

This is a good time to clear your existing system restore points and establish a new clean restore point:
Go to Start > All Programs > Accessories > System Tools > System Restore
Select Create a restore point, and Ok it.
Next, go to Start > Run and type in cleanmgr
Select the More options tab
Choose the option to clean up system restore and OK it.

This will remove all restore points except the new one you just created.

:Make your Internet Explorer more secure:please visit this page that gives instructions to do this
http://surfthenetsaf.../ieseczone8.htm

Turn On Automatic Updates

Turn On Automatic Updates
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

:antispyware programs:

you have a couple of good antispyware programs on this computer but you still can try some of these others to see if you like them also

I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:
WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
Spybot Search & Destroy - Spybot is a tool like Ad-Aware SE whereas it seeks out and removes known spyware from your machine. These two tools (Ad-Aware & spybot) are perfect complements to each other as one will most always find something the other missed.
Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
IE_Spyad - Works by placing known "bad" sites into your Internet Explorer "Restricted Zones" prohibiting them from doing potentially problematic things to your computer.

Consider a custom hosts file
Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

Also please read this great article by Tony Klein So How Did I Get Infected In First Place

Now you have followed my advice - it's time to lodge a complaint against what you have suffered.........

Malware Complaints
If you were infected .... Stand Up and be Counted.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

Gringo

#9 gangstu

New Member

New Member
5 posts

Posted 18 April 2008 - 10:30 PM

Thank you very much for your help Gringo, I haven't heard the noise for a while now. I guess we'll just see what happens. Thank you. Gangstu

#10 gringo_pr

Silver Member

Visiting Fellow
423 posts

Posted 19 April 2008 - 09:18 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

Body Background

skin color theme