1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

help with system alert down by clock

Discussion in 'Virus & Other Malware Removal' started by mr_nobody, Feb 6, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. mr_nobody

    mr_nobody Thread Starter

    Joined:
    Feb 6, 2007
    Messages:
    14
    i am having a problem with this system alert down by the clock if i click on it. it takes me to a web page to get me to buy a av scaner it's verry anoying also when i try to use firefox my desktop goes hay wire the clours look weard please help here is a hjt log :confused:

    Logfile of HijackThis v1.99.1
    Scan saved at 6:39:39 PM, on 2/6/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\system32\FreezeScreenSaver.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\Program Files\Digital Media Reader\shwiconem.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
    C:\Program Files\Lexmark 2300 Series\ezprint.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\Program Files\SierraHome\Hallmark Card Studio Special Edition\Planner\PLNRNote.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\P2PNET~1\P2PNET~1.EXE
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
    C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\WINDOWS\system32\lxcgcoms.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Documents and Settings\Owner\Desktop\hjt\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
    O2 - BHO: BHO - {00000185-C745-43D2-44F1-01A1C789C738} - C:\PROGRA~1\SB\SMART-~1\BHO010~1.DLL (file missing)
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
    O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program Files\Video ActiveX Object\isadd.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Video ActiveX Object\iesplugin.dll (file missing)
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,[email protected]
    O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [PLNRNote] "C:\Program Files\SierraHome\Hallmark Card Studio Special Edition\Planner\PLNRNote.exe"
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
    O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
    O4 - HKLM\..\Run: [requester] "C:\WINDOWS\system32\requester.12.exe"
    O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
    O4 - HKLM\..\Run: [Globe7] "C:\Program Files\Globe7\Globe7.exe" /hide
    O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup
    O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus
    O4 - HKLM\..\Run: [NI.UWAS7_0001_N91M1112] "c:\documents and settings\owner\application data\winantispyware2007freeinstall[1].exe" -nag
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [IM] C:\Program Files\IM\IMLauncher.exe /boot:1
    O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Forget Me Not.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: run_startmenu.cmd
    O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: iWatchNow Media Center - {750A64D8-DFAA-485B-A335-F7093333FBB7} - C:\Program Files\iWatchNow, Inc.\iWatchNow Media Center\iwnvod.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
    O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} (Rhapsody Player Engine) - http://forms.real.com/real/player/d.../mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135301364296
    O16 - DPF: {A364AF35-0CDF-41E8-8F3B-E0E55E15EBA1} (Zenturi Active Programs Control) - http://www.programchecker.com/dll/nixon.cab
    O18 - Protocol: bw+0 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: offline-8876480 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O21 - SSODL: hirtellous - {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - (no file)
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: FreezeScreenSaver - Unknown owner - C:\WINDOWS\system32\FreezeScreenSaver.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Add remove programs - remove logitech desktop messenger

    You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

    Please download SmitfraudFix (by S!Ri)
    Extract the content (a folder named SmitfraudFix) to your Desktop.

    Next, please reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, a menu with options should appear;
    • Select the first option, to run Windows in Safe Mode, then press "Enter".
    • Choose your usual account.
    Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
    Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

    You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

    The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

    A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.

    The report can also be found at the root of the system drive, usually at C:\rapport.txt

    Warning: running option #2 on a non infected computer will remove your Desktop background.
    ===================

    Download Superantispyware

    http://www.superantispyware.com/superantispywarefreevspro.html

    Install it and double-click the icon on your desktop to run it.
    · It will ask if you want to update the program definitions, click Yes.
    · Under Configuration and Preferences, click the Preferences button.
    · Click the Scanning Control tab.
    · Under Scanner Options make sure the following are checked:
    o Close browsers before scanning
    o Scan for tracking cookies
    o Terminate memory threats before quarantining.
    o Please leave the others unchecked.
    o Click the Close button to leave the control center screen.
    · On the main screen, under Scan for Harmful Software click Scan your computer.
    · On the left check C:\Fixed Drive.
    · On the right, under Complete Scan, choose Perform Complete Scan.
    · Click Next to start the scan. Please be patient while it scans your computer.
    · After the scan is complete a summary box will appear. Click OK.
    · Make sure everything in the white box has a check next to it, then click Next.
    · It will quarantine what it found and if it asks if you want to reboot, click Yes.
    · To retrieve the removal information for me please do the following:
    o After reboot, double-click the SUPERAntispyware icon on your desktop.
    o Click Preferences. Click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o It will open in your default text editor (such as Notepad/Wordpad).
    o Please highlight everything in the notepad, then right-click and choose copy.
    · Click close and close again to exit the program.
    · Please paste that information here for me with a new HijackThis log.
     
  3. mr_nobody

    mr_nobody Thread Starter

    Joined:
    Feb 6, 2007
    Messages:
    14
    well i may be slow with work and all but here is the logs you wonted

    SmitFraudFix v2.141

    Scan done at 17:38:22.43, Fri 02/09/2007
    Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{fa19bd7e-50bc-4203-80ac-c4edc81ca9a3}"="hirtellous"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{5c4f2cbc-f32d-4a03-9812-86f39379811b}"="breadthes"

    [HKEY_CLASSES_ROOT\CLSID\{5c4f2cbc-f32d-4a03-9812-86f39379811b}\InProcServer32]
    @="C:\WINDOWS\system32\oksrqqu.dll"

    [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{5c4f2cbc-f32d-4a03-9812-86f39379811b}\InProcServer32]
    @="C:\WINDOWS\system32\oksrqqu.dll"


    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    C:\WINDOWS\system32\oksrqqu.dll -> Hoax.Win32.Renos.gen.i
    C:\WINDOWS\system32\oksrqqu.dll -> Deleted


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    C:\Program Files\PestCapture\ Deleted
    C:\Program Files\Video ActiveX Object\ Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
  4. mr_nobody

    mr_nobody Thread Starter

    Joined:
    Feb 6, 2007
    Messages:
    14
    SUPERAntiSpyware Scan Log
    Generated 02/09/2007 at 07:13 PM

    Application Version : 3.5.1016

    Core Rules Database Version : 3181
    Trace Rules Database Version: 1191

    Scan type : Complete Scan
    Total Scan Time : 00:54:10

    Memory items scanned : 752
    Memory threats detected : 0
    Registry items scanned : 6349
    Registry threats detected : 179
    File items scanned : 40236
    File threats detected : 164

    Adware.Tracking Cookie
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][11].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][6].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][3].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][3].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][10].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected]
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected]
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected]
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected]
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][5].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected]
    C:\Documents and Settings\Owner\Cookies\[email protected]
    C:\Documents and Settings\Owner\Cookies\[email protected]
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected]
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][4].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][8].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected]
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected]
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][7].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
    C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

    Adware.Smart-Browser
    HKCR\CLSID\{00000185-C745-43D2-44F1-01A1C789C738}
    HKCR\CLSID\{00000185-C745-43D2-44F1-01A1C789C738}\InprocServer32
    HKCR\CLSID\{00000185-C745-43D2-44F1-01A1C789C738}\InprocServer32#ThreadingModel
    HKCR\CLSID\{00000185-C745-43D2-44F1-01A1C789C738}\ProgID
    HKCR\CLSID\{00000185-C745-43D2-44F1-01A1C789C738}\TypeLib
    HKCR\CLSID\{00000185-C745-43D2-44F1-01A1C789C738}\Version

    Unclassified.Unknown Origin
    HKCR\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}
    HKCR\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}\InprocServer32
    HKCR\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}\InprocServer32#ThreadingModel
    HKCR\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}\ProgID
    HKCR\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}\Programmable
    HKCR\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}\TypeLib
    HKCR\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}\VersionIndependentProgID

    Adware.WhenU
    HKCR\WUSN.1
    HKCR\WUSN.1#WUSN_Id
    HKCR\ACM.ACMFactory
    HKCR\ACM.ACMFactory\CLSID
    HKCR\ACM.ACMFactory\CurVer
    HKCR\ACM.ACMFactory.1
    HKCR\ACM.ACMFactory.1\CLSID
    HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}
    HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid
    HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid32
    HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib
    HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib#Version
    HKCR\AppId\{127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB}
    HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}
    HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}#AppID
    HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32
    HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32#ThreadingModel
    HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\ProgID
    HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\Programmable
    HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\TypeLib
    HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\VersionIndependentProgID
    HKCR\AppId\ACM.DLL
    HKCR\AppId\ACM.DLL#AppID
    HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}
    HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0
    HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\0
    HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\0\win32
    HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\FLAGS
    HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\HELPDIR
    HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}
    HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid
    HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid32
    HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib
    HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib#Version
    HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}
    HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid
    HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid32
    HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib
    HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib#Version
    HKLM\Software\WhenUSave
    HKLM\Software\WhenUSave#db_script_update
    HKLM\Software\WhenUSave#InstallDir
    HKLM\Software\WhenUSave#pats_url
    HKLM\Software\WhenUSave#pat_chunks_url
    HKLM\Software\WhenUSave#script_url
    HKLM\Software\WhenUSave#update_url
    HKLM\Software\WhenUSave#ver_url
    HKLM\Software\WhenUSave#Version
    HKLM\Software\WhenUSave#timedDBUpdate_rs
    HKLM\Software\WhenUSave#SystemParam_rs
    HKLM\Software\WhenUSave#uninst_rs
    HKLM\Software\WhenUSave#extra_url
    HKLM\Software\WhenUSave#extraver_url
    HKLM\Software\WhenUSave#ziptomsa_url
    HKLM\Software\WhenUSave#InstallTime
    HKLM\Software\WhenUSave#LastPartner
    HKLM\Software\WhenUSave#zip
    HKLM\Software\WhenUSave#uninstall_cmd_rs
    HKLM\Software\WhenUSave#acm_rs
    HKLM\Software\WhenUSave#TotalPartner
    HKLM\Software\WhenUSave#newuser_rs
    HKLM\Software\WhenUSave#Partner
    HKLM\Software\WhenUSave#PartnerB
    HKLM\Software\WhenUSave#PartnerDesc
    HKLM\Software\WhenUSave#PartnerParam
    HKLM\Software\WhenUSave#TotalPopup
    HKLM\Software\WhenUSave#HeartbeatTime
    HKLM\Software\WhenUSave#HeartbeatCount
    HKLM\Software\WhenUSave#PulseTime
    HKLM\Software\WhenUSave#PulseCount
    HKLM\Software\WhenUSave#FullDBTime
    HKLM\Software\WhenUSave#brandskin_url
    HKLM\Software\WhenUSave#brandstrip_rs
    HKLM\Software\WhenUSave#brandstrip_url
    HKLM\Software\WhenUSave#bstat_rs
    HKLM\Software\WhenUSave#himp_url
    HKLM\Software\WhenUSave#iptomsa_url
    HKLM\Software\WhenUSave#maxPopups_rs
    HKLM\Software\WhenUSave#redir3p_url
    HKLM\Software\WhenUSave#src_url
    HKLM\Software\WhenUSave#uninstalltag_rs
    HKLM\Software\WhenUSave#dbc_chunks_rs
    HKLM\Software\WhenUSave#IPToMsaFail_rs
    HKLM\Software\WhenUSave#fword_rs
    HKLM\Software\WhenUSave#TotalAbout
    HKLM\Software\WhenUSave#db_stamp_rs
    HKLM\Software\WhenUSave#db_server_update
    HKLM\Software\WhenUSave#UrlChangeCount
    HKLM\Software\WhenUSave#IPToMsaTime_rs
    HKLM\Software\WhenUSave\Partners
    HKLM\Software\WhenUSave\Partners\WUSV
    HKLM\Software\WhenUSave\Partners\WUSV#Partner
    HKLM\Software\WhenUSave\Partners\WUSV#InstallTime
    HKLM\Software\WhenUSave\Partners\WUSV#PartnerDesc
    HKLM\Software\WhenUSave\Partners\WUSV#PartnerParam
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow#DisplayIcon
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow#DisplayVersion
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow#HelpLink
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow#Publisher
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow#UninstallString
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow#UrlInfoAbout
    C:\Program Files\Save\ACM.dll
    C:\Program Files\Save\ffext.mod
    C:\Program Files\Save\save.db
    C:\Program Files\Save\Save.exe
    C:\Program Files\Save\save.htm
    C:\Program Files\Save\SaveUninst.exe
    C:\Program Files\Save\store.db
    C:\Program Files\Save
    C:\Documents and Settings\Owner\Start Menu\Programs\WhenU\Customer Support.lnk
    C:\Documents and Settings\Owner\Start Menu\Programs\WhenU\Learn More About WhenU Save.url
    C:\Documents and Settings\Owner\Start Menu\Programs\WhenU\Learn More About WhenU SaveNow.url
    C:\Documents and Settings\Owner\Start Menu\Programs\WhenU\Uninstall Instructions.lnk
    C:\Documents and Settings\Owner\Start Menu\Programs\WhenU\WhenU.com Website.url
    C:\Documents and Settings\Owner\Start Menu\Programs\WhenU

    Adware.MovieLand/MediaPipe
    HKLM\Software\ITBILL
    HKLM\Software\ITBILL#PROV
    HKLM\Software\ITBILL#Product
    HKLM\Software\ITBILL#ProductFamily
    HKLM\Software\ITBILL#TRAFFIC_TYPE
    HKLM\Software\MediaPipe
    HKLM\Software\MediaPipe\Prefs
    HKLM\Software\MediaPipe\Prefs#version
    HKLM\Software\MediaPipe\Prefs#ItBill
    HKLM\Software\MediaPipe\Prefs#ProductFamily
    HKLM\Software\MediaPipe\Prefs#Country
    HKLM\Software\MediaPipe\Prefs#Provider
    HKLM\Software\MediaPipe\Prefs#TRAFFIC_COUNTRY
    HKLM\Software\MediaPipe\Prefs#TRAFFIC_PROGRAM
    HKLM\Software\MediaPipe\Prefs#TRAFFIC_SOURCE
    HKLM\Software\MediaPipe\Prefs#TRAFFIC_SUBSOURCE
    HKLM\Software\MediaPipe\Prefs#JOIN_FORM_ID
    HKLM\Software\MediaPipe\Prefs#modem
    HKLM\Software\MediaPipe\Prefs#GUID
    HKLM\Software\MediaPipe\Prefs#Filename
    HKLM\Software\MediaPipe\Prefs\ItBill
    HKLM\Software\MediaPipe\Prefs\ItBill#Provider
    C:\Program Files\MovieLand Terms.html
    C:\Program Files\MediaPipe\Agent.dll
    C:\Program Files\MediaPipe\insdl.dll
    C:\Program Files\MediaPipe\install.log
    C:\Program Files\MediaPipe\ItBill_terms.txt
    C:\Program Files\MediaPipe\MediaPipe.ini
    C:\Program Files\MediaPipe\p2pinst.exe
    C:\Program Files\MediaPipe\p2pl.exe
    C:\Program Files\MediaPipe\register.dll
    C:\Program Files\MediaPipe
    C:\PROGRAM FILES\P2PNETWORKS\P2PNETWORKS.EXE

    Adware.180solutions/Search Assistant
    C:\Program Files\MediaGateway

    Adware.180solutions/ZangoSearch
    HKCR\CLSID\{D676F999-4608-4dc5-A135-4F51F4212739}
    HKCR\CLSID\{D676F999-4608-4dc5-A135-4F51F4212739}#rsp
    HKCR\Interface\{67A89831-6BC7-4CC0-A2C3-560F9A581E64}
    HKCR\Interface\{67A89831-6BC7-4CC0-A2C3-560F9A581E64}\ProxyStubClsid
    HKCR\Interface\{67A89831-6BC7-4CC0-A2C3-560F9A581E64}\ProxyStubClsid32
    HKCR\Interface\{67A89831-6BC7-4CC0-A2C3-560F9A581E64}\TypeLib
    HKCR\Interface\{67A89831-6BC7-4CC0-A2C3-560F9A581E64}\TypeLib#Version
    HKCR\AppId\{D28CD14C-50BE-4CFA-951E-B37F25DA3472}

    Registry Cleaner Trial
    HKLM\Software\Registry Cleaner
    HKLM\Software\Registry Cleaner\Uninstall
    HKLM\Software\Registry Cleaner\Uninstall#UnwisePath
    HKLM\Software\Registry Cleaner\Uninstall#InstallLog
    HKLM\Software\Registry Cleaner\Uninstall#RCUninstallPath
    HKLM\Software\Registry Cleaner\Uninstall#SOPROC
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Registry Cleaner
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Registry Cleaner#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Registry Cleaner#UninstallString
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\Downloaded Program Files\Install.dll [  ]

    Trojan.Security Toolbar
    C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url
    C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url

    Adware.Best Offers Network
    C:\WINDOWS\tboninst.cfg

    Adware.Best Offers Network/SmileySource
    HKCR\Anim.AnimCtl
    HKCR\Anim.AnimCtl\CurVer
    HKCR\TypeLib\{C978F52B-E584-11CF-AF44-00A0C9034837}
    HKCR\TypeLib\{C978F52B-E584-11CF-AF44-00A0C9034837}\1.0
    HKCR\TypeLib\{C978F52B-E584-11CF-AF44-00A0C9034837}\1.0\0
    HKCR\TypeLib\{C978F52B-E584-11CF-AF44-00A0C9034837}\1.0\0\win32
    HKCR\TypeLib\{C978F52B-E584-11CF-AF44-00A0C9034837}\1.0\FLAGS
    HKCR\TypeLib\{C978F52B-E584-11CF-AF44-00A0C9034837}\1.0\HELPDIR
    C:\PROGRAM FILES\MICROSOFT ANTISPYWARE\QUARANTINE\440A0AA3-5345-4225-8418-0DECA4\6EA42A6C-E1C2-48B1-8EE7-A5AD1F

    Trojan.Media-Codec
    HKCR\VideoAXObject.Chl
    HKCR\VideoAXObject.Chl\CLSID
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup#UninstallString
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D}
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#none [ C:\Program Files\Video ActiveX Object\pmsngr.exe ]
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#user32.dll [ C:\Program Files\Video ActiveX Object\isamntr.exe ]
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#rare [ C:\Program Files\Video ActiveX Object\pmsnrr.exe ]

    Adware.180solutions/Seekmo
    HKCR\AppId\SeekmoTB.DLL
    HKCR\AppId\SeekmoTB.DLL#AppID
    HKCR\AppId\{21B8997E-251A-412C-A805-B0A4F791B03E}
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Seekmo Toolbar
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Seekmo Toolbar#DisplayName
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Seekmo Toolbar#UninstallString
    C:\Program Files\Seekmo Programs

    Browser Hijacker.Favorites
    C:\DOCUMENTS AND SETTINGS\OWNER\FAVORITES\ONLINE SECURITY TEST.URL

    Trojan.Hacktool
    C:\PROGRAM FILES\COMMON FILES\{B03968FD-07C7-1033-0124-050720040001}\SYSTEM.DLL

    Trojan.NewDotNet
    C:\RECYCLER\S-1-5-21-1879238435-1967114630-2179219950-500\DC1\NEWDOTNET7_48.DLL
    C:\WINDOWS\NDNUNINSTALL6_38.EXE
    C:\WINDOWS\NDNUNINSTALL7_48.EXE

    Trojan.Freeprod
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP800\A0148429.EXE
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP800\A0148430.EXE

    Trojan Downloader-SystemAlert.Process
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP801\A0148554.DLL

    Trojan.IEXPLORER
    C:\WINDOWS\IEXPLORER.EXE
    C:\WINDOWS\SYSTEM32\POLICIES\IEXPLORER.EXE
    C:\WINDOWS\Prefetch\IEXPLORER.EXE-1D8CB1E8.pf
     
  5. mr_nobody

    mr_nobody Thread Starter

    Joined:
    Feb 6, 2007
    Messages:
    14
    Logfile of HijackThis v1.99.1
    Scan saved at 7:56:44 PM, on 2/9/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\system32\FreezeScreenSaver.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    C:\Program Files\Digital Media Reader\shwiconem.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\Program Files\Lexmark 2300 Series\ezprint.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\Program Files\SierraHome\Hallmark Card Studio Special Edition\Planner\PLNRNote.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\WINDOWS\system32\lxcgcoms.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
    C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\AWS\WeatherBug\Weather.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Microsoft Location Finder\LocationFinder.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Broderbund\AG CreataCard\agremind.exe
    C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe
    C:\Documents and Settings\Owner\Desktop\hjt\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
    O2 - BHO: (no name) - {00000185-C745-43D2-44F1-01A1C789C738} - (no file)
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SmartPics Class - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\WINDOWS\Policies.dll
    O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
    O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,[email protected]
    O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [PLNRNote] "C:\Program Files\SierraHome\Hallmark Card Studio Special Edition\Planner\PLNRNote.exe"
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3
    O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
    O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
    O4 - HKLM\..\Run: [Globe7] "C:\Program Files\Globe7\Globe7.exe" /hide
    O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup
    O4 - HKLM\..\Run: [NI.UWAS7_0001_N91M1112] "c:\documents and settings\owner\application data\winantispyware2007freeinstall[1].exe" -nag
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [IM] C:\Program Files\IM\IMLauncher.exe /boot:1
    O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Forget Me Not.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    O4 - Global Startup: run_startmenu.cmd
    O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: iWatchNow Media Center - {750A64D8-DFAA-485B-A335-F7093333FBB7} - C:\Program Files\iWatchNow, Inc.\iWatchNow Media Center\iwnvod.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
    O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} (Rhapsody Player Engine) - http://forms.real.com/real/player/d.../mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135301364296
    O16 - DPF: {A364AF35-0CDF-41E8-8F3B-E0E55E15EBA1} (Zenturi Active Programs Control) - http://www.programchecker.com/dll/nixon.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: FreezeScreenSaver - Unknown owner - C:\WINDOWS\system32\FreezeScreenSaver.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

    thanks for the help so far
     
  6. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Lets do one more since you had so much - I'll hook up with you tomorrow

    Go to the link below and download the trial version of SpySweeper:

    SpySweeper http://www.webroot.com/consumer/products/spysweeper/?acode=af1&rc=855

    (It's a 2 week trial.)

    * Click the Try Spy Sweeper for FreeDownload the trial link. (Download Antivirus if required)
    * Install it. During the install it will prompt for updates, these can be gotten now or later
    * Once the program is installed, it will open.
    * It will prompt you to update to the latest definitions, if not already done so, before proceding check to ensure that you are up to date (Click Home > Bottom middle of page will tell you) .
    * Once the definitions are installed, click Options on the left side.
    * Click the Options tab on the left hand side.
    * Chose Custom Sweep (Raido Buttom)
    * Chose Change Settings (Link)
    * Where to Sweep
    > Select My Computer
    * What to Sweep
    > Select all options available (enable Virus scan if available)
    * Skip File Types
    > Do not skip any file types
    * Advanced Options
    > Select all options available


    * Click Sweep on the left side.
    * Click the Black arrow next to start full sweep
    * Select Start Custom Sweep
    * When it's done scanning, copy Items Found into Notepad
    * Make sure everything has a check next to it, then click the Next button.
    * It will remove all of the items found.
    * Click the Summary tab and click Finish.
    * Compare the contents of the notepad to the report
    * Place the contens of the notepad into your next reply identifying any items not removed.

    If Spy Sweeper Suggests rebooting and scanning again repeat process and copy that information into your next reply as well.


    Also post a new Hijack This log.
     
  7. mr_nobody

    mr_nobody Thread Starter

    Joined:
    Feb 6, 2007
    Messages:
    14
    here we go

    9:14 PM: Removal process completed. Elapsed time 00:04:10
    9:11 PM: Quarantining All Traces: Troj/Wimad-Gen
    9:11 PM: Quarantining All Traces: Troj/RKProc-Fam
    9:10 PM: Quarantining All Traces: whenu save
    9:10 PM: Quarantining All Traces: whenu
    9:10 PM: Quarantining All Traces: whenu savenow
    9:10 PM: Quarantining All Traces: mytemplatestorage cookie
    9:10 PM: Quarantining All Traces: abcsearch cookie
    9:10 PM: Quarantining All Traces: tickle cookie
    9:10 PM: Quarantining All Traces: reliablestats cookie
    9:10 PM: Quarantining All Traces: server.iad.liveperson cookie
    9:10 PM: Quarantining All Traces: nextag cookie
    9:10 PM: Quarantining All Traces: netster cookie
    9:10 PM: Quarantining All Traces: monstermarketplace cookie
    9:10 PM: Quarantining All Traces: mediaplex cookie
    9:10 PM: Quarantining All Traces: webtrends cookie
    9:10 PM: Quarantining All Traces: imlive.com cookie
    9:10 PM: Quarantining All Traces: ic-live cookie
    9:10 PM: Quarantining All Traces: directtrack cookie
    9:10 PM: Quarantining All Traces: did-it cookie
    9:10 PM: Quarantining All Traces: delfinproject cookie
    9:10 PM: Quarantining All Traces: atlas dmt cookie
    9:10 PM: Quarantining All Traces: ask cookie
    9:10 PM: Quarantining All Traces: tacoda cookie
    9:10 PM: Quarantining All Traces: alt cookie
    9:10 PM: Quarantining All Traces: advertising cookie
    9:10 PM: Quarantining All Traces: yieldmanager cookie
    9:10 PM: Quarantining All Traces: 7search cookie
    9:10 PM: Quarantining All Traces: 2o7.net cookie
    9:10 PM: Quarantining All Traces: screenscenes
    9:10 PM: Quarantining All Traces: hotbar/zango
    9:10 PM: Quarantining All Traces: networkessentials
    9:10 PM: Quarantining All Traces: redzip toolbar
    9:10 PM: Quarantining All Traces: linkmedia
    9:10 PM: Quarantining All Traces: eqiso toolbar
    9:10 PM: Quarantining All Traces: smart-browser
    9:10 PM: Quarantining All Traces: mediapipe
    9:10 PM: Quarantining All Traces: maxifiles
    9:10 PM: Quarantining All Traces: starware toolbar
    9:10 PM: Quarantining All Traces: marketscore
    9:10 PM: Quarantining All Traces: p2pnetwork
    9:10 PM: Quarantining All Traces: comet cursor
     
  8. mr_nobody

    mr_nobody Thread Starter

    Joined:
    Feb 6, 2007
    Messages:
    14
    9:10 PM: Quarantining All Traces: trojan-downloader-zlob
    9:10 PM: Removal process initiated
    9:08 PM: ApplicationMinimized - EXIT
    9:08 PM: ApplicationMinimized - ENTER
    9:08 PM: ApplicationMinimized - EXIT
    9:08 PM: ApplicationMinimized - ENTER
    9:08 PM: ApplicationMinimized - EXIT
    9:08 PM: ApplicationMinimized - ENTER
    9:00 PM: Traces Found: 176
    9:00 PM: Custom Sweep has completed. Elapsed time 02:41:59
    9:00 PM: File Sweep Complete, Elapsed Time: 02:34:14
    Operation: File Access
    Target:
    Source: C:\PROGRAM FILES\WINDOWS DESKTOP SEARCH\WINDOWSSEARCHFILTER.EXE
    8:58 PM: Tamper Detection
    8:57 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\hotbar11.zip]
    8:57 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\antiverminspro2.zip]
    8:57 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zango8.zip]
    8:57 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zango7.zip]
    8:57 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zango.zip]
    Not enough storage is available to process this command
    8:57 PM: Warning: Unable to sweep compressed file: System Error. Code: 8.
    8:57 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration45.zip]
    8:57 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionssearchassistant4.zip]
    8:57 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionssearchassistant6.zip]
    8:56 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration107.zip]
    8:55 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration108.zip]
    8:55 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zonemapranges3.zip]
    8:55 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration112.zip]
    8:55 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zonemapranges5.zip]
    8:55 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration117.zip]
    8:55 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration118.zip]
    8:55 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration111.zip]
    8:55 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zonemapranges4.zip]
    8:55 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration124.zip]
    8:55 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zlobvideoactivexobject1.zip]
    8:55 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zlobvideoactivexobject4.zip]
    8:55 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\spyheal1.zip]
    8:55 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch9.zip]
    8:55 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch8.zip]
    8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch7.zip]
    8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionszango13.zip]
    8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch6.zip]
    8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration120.zip]
    8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\movieland7.zip]
    8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\movieland6.zip]
    8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\movieland5.zip]
    8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionszango12.zip]
    8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch18.zip]
    8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch17.zip]
    8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\registrycleaner8.zip]
    8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\movieland4.zip]
    8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\movieland3.zip]
    8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\movieland2.zip]
    8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\movieland1.zip]
    8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\movieland.zip]
    8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\microsoftwindowssecuritycenterfirewalloverride.zip]
    8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\microsoftwindowssecuritycenterantivirusoverride.zip]
    8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\marketscore1.zip]
    8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\marketscore.zip]
    8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\gaingator.zip]
    8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funwebproducts8.zip]
    8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funwebproducts7.zip]
    8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funwebproducts6.zip]
    8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funwebproducts5.zip]
    8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funwebproducts4.zip]
    8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funwebproducts3.zip]
    8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funwebproducts2.zip]
    8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funwebproducts1.zip]
    8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch16.zip]
    8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\bitcomet\downloads\useful programs\useful programs.rar]
    8:51 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\freeze4.zip]
    8:51 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funwebproducts.zip]
    8:51 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig709\enu\data1.cab]
    8:50 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionszango11.zip]
    8:50 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zlobvideoactivexobject3.zip]
    8:50 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\freeze3.zip]
    8:50 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\freeze2.zip]
    8:50 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\bitcomet\downloads\cucusoft psp movie converter\cucusoft psp movie converter.rar]
    8:50 PM: Warning: TCompressedFile.GetStreams(1): Stream read error
     
  9. mr_nobody

    mr_nobody Thread Starter

    Joined:
    Feb 6, 2007
    Messages:
    14
    8:50 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\freeze1.zip]
    8:50 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet.zip]
    8:50 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zlobvideoactivexobject2.zip]
    8:50 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zlobvideoactivexobject.zip]
    8:50 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zonemapranges1.zip]
    8:50 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zlobhomepagemonitor.zip]
    8:50 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zango9.zip]
    8:50 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zango6.zip]
    8:50 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zango5.zip]
    8:50 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zango4.zip]
    8:50 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zango3.zip]
    8:50 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zango2.zip]
    8:47 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\isearchtechistbar1.zip]
    8:47 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration116.zip]
    8:47 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\freeze.zip]
    8:47 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration127.zip]
    8:47 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration126.zip]
    8:47 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration125.zip]
    8:46 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration115.zip]
    8:46 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\bitcomet\downloads\38_pinball games pc\lula pinball\lula pinball.rar]
    8:46 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration114.zip]
    8:46 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zonemapranges2.zip]
    8:46 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionssearchassistant9.zip]
    8:44 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionszango14.zip]
    8:44 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration122.zip]
    8:44 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration129.zip]
    8:44 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration121.zip]
    8:44 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration119.zip]
    8:44 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionsmediagatewayx1.zip]
    8:44 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zango1.zip]
    8:44 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\spyheal.zip]
    8:44 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\pesttrap1.zip]
    8:44 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\pesttrap.zip]
    8:44 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch24.zip]
    8:44 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch23.zip]
    8:44 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionsmediagatewayx.zip]
    8:44 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration113.zip]
    8:44 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch22.zip]
    8:44 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch21.zip]
    8:44 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch20.zip]
    8:44 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\systemdoctor.zip]
    8:44 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zonemapranges.zip]
    8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch19.zip]
    8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\starware7.zip]
    8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\starware6.zip]
    8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch15.zip]
    8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration128.zip]
    8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch14.zip]
    8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch13.zip]
    8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch12.zip]
    8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration110.zip]
    8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\antiverminspro.zip]
    8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration123.zip]
    8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration109.zip]
    8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch11.zip]
    8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch10.zip]
    8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zlobvideoactivexobject6.zip]
    8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\ieplugin.zip]
    8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\starware5.zip]
    8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\starware.zip]
    8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\starware1.zip]
    8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\starware2.zip]
    8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\starware3.zip]
    8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\starware4.zip]
    8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch.zip]
    8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch1.zip]
    8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\registrycleaner1.zip]
    8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration27.zip]
    8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration35.zip]
    8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration38.zip]
    8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration74.zip]
    8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration39.zip]
    8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\registrycleaner2.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration21.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration22.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration49.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration53.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration62.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration63.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet29.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet28.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration67.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration69.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration75.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration76.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration84.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\hotbar6.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\hotbar7.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\hotbar8.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\hotbar9.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\hotbar10.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\noadware.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\isearchtechistbar.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\ieplugin1.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration106.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration105.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration104.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration103.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration102.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration101.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration100.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet27.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration99.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration98.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration97.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\registrycleaner3.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration96.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration95.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration94.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet15.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration93.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration92.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration91.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration90.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration89.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet14.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration88.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration87.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration86.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet13.zip]
     
  10. mr_nobody

    mr_nobody Thread Starter

    Joined:
    Feb 6, 2007
    Messages:
    14
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet12.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\registrycleaner6.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\registrycleaner7.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration13.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet11.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet10.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet9.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet8.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet7.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet6.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\hotbar.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\hotbar1.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\hotbar2.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\hotbar3.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\hotbar4.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\hotbar5.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet5.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet4.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet3.zip]
    8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu_____________________________\data1.cab]
    8:41 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu__\data1.cab]
    8:39 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu________________________________\data1.cab]
    8:38 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu_________________________\data1.cab]
    8:37 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu______________________________\data1.cab]
    8:37 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu________________\data1.cab]
    8:36 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu____\data1.cab]
    8:35 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu___________\data1.cab]
    8:34 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu___\data1.cab]
    8:33 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu_____\data1.cab]
    8:32 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu___________________________\data1.cab]
    8:32 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu________________________\data1.cab]
    8:31 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu______________________\data1.cab]
    8:30 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu____________________\data1.cab]
    8:29 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet2.zip]
    8:29 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu______________\data1.cab]
    8:28 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu_________\data1.cab]
    8:27 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu__________\data1.cab]
    8:26 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu_____________\data1.cab]
    8:25 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu_\data1.cab]
    8:24 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu________\data1.cab]
    8:23 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu____________\data1.cab]
    8:22 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu_______________\data1.cab]
    8:21 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu___________________\data1.cab]
    8:21 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu_______________________\data1.cab]
    8:19 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu____________________________\data1.cab]
    8:18 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration18.zip]
    8:18 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu__________________________\data1.cab]
    8:17 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu_________________________________\data1.cab]
    8:17 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Corrupted] on [c:\program files\broderbund\ag creatacard\unlock\cdm\install\data1.cab]
    8:16 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu______\data1.cab]
    8:15 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration64.zip]
    8:15 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Corrupted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu_____________________\data1.cab]
    8:15 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu_______________________________\data1.cab]
    8:14 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet1.zip]
    8:14 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration26.zip]
    8:13 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\microsoftwindowssecurityinternetexplorer.zip]
    8:13 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\freeze6.zip]
    8:13 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\freeze5.zip]
    8:13 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration73.zip]
    8:13 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration141.zip]
    8:13 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration140.zip]
    8:13 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration139.zip]
    8:13 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration138.zip]
    8:13 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration137.zip]
    8:13 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration136.zip]
    8:13 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration135.zip]
    8:13 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration134.zip]
    8:13 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration133.zip]
    8:13 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration132.zip]
    8:13 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\antiverminspro21.zip]
    8:13 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\antiverminspro20.zip]
    8:13 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\antiverminspro19.zip]
    8:13 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\antiverminspro18.zip]
    8:13 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\antiverminspro17.zip]
    8:13 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\antiverminspro16.zip]
    8:13 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\antiverminspro15.zip]
    8:13 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\antiverminspro14.zip]
    8:13 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\antiverminspro13.zip]
    8:13 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\antiverminspro12.zip]
    8:13 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\registrycleaner4.zip]
    8:13 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\registrycleaner5.zip]
    8:12 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration44.zip]
    8:12 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration42.zip]
    8:12 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration41.zip]
    8:12 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration43.zip]
    8:12 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\registrycleaner.zip]
    8:12 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration36.zip]
    8:12 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration33.zip]
     
  11. mr_nobody

    mr_nobody Thread Starter

    Joined:
    Feb 6, 2007
    Messages:
    14
    8:12 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration32.zip]
    8:12 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration30.zip]
    8:12 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration29.zip]
    8:12 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch5.zip]
    8:12 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch4.zip]
    8:12 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch3.zip]
    8:12 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch2.zip]
    8:12 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration19.zip]
    8:08 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration85.zip]
    8:08 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration72.zip]
    8:08 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet26.zip]
    8:08 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet25.zip]
    8:08 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet24.zip]
    8:08 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration83.zip]
    8:08 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration82.zip]
    8:08 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration81.zip]
    8:08 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration80.zip]
    8:08 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration79.zip]
    8:08 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration78.zip]
    8:08 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration77.zip]
    8:08 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration130.zip]
    8:08 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration131.zip]
    8:08 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet23.zip]
    8:08 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet22.zip]
    8:08 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet21.zip]
    8:07 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration71.zip]
    8:07 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration70.zip]
    8:07 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionssearchassistant8.zip]
    8:07 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionszango7.zip]
    8:07 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionszango8.zip]
    8:07 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionszango9.zip]
    8:07 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionszango10.zip]
    8:07 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet20.zip]
    8:07 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\antiverminspro11.zip]
    8:07 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration68.zip]
    8:07 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration66.zip]
    8:07 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration65.zip]
    8:07 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet19.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet18.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet17.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration61.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration60.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration59.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration58.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration31.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration57.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration56.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration55.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration54.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionssearchassistant5.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration52.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration51.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration50.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration20.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zlobvideoactivexobject5.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet16.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration143.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration145.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration144.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\antiverminspro10.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\antiverminspro9.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\antiverminspro8.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration1.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration25.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration47.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration142.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\antiverminspro7.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\antiverminspro6.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration48.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\antiverminspro1.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionssearchassistant13.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionssearchassistant12.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration24.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration23.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionssearchassistant11.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration17.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration16.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration15.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionssearchassistant10.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration14.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration37.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionssearchassistant7.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration12.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration11.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration10.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration9.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration8.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration7.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\antiverminspro5.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration6.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration5.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration4.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration40.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration3.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration2.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionszango6.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionszango5.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionszango4.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionszango3.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionszango2.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionszango1.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionszango.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\antiverminspro4.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration28.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration46.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionssearchassistant3.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionssearchassistant2.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionssearchassistant1.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\antiverminspro3.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionssearchassistant.zip]
    8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration34.zip]
    8:05 PM: Warning: SweepDirectories: Cannot find directory "k:". This directory was not added to the list of paths to be scanned.
    8:05 PM: Warning: SweepDirectories: Cannot find directory "j:". This directory was not added to the list of paths to be scanned.
    8:05 PM: Warning: SweepDirectories: Cannot find directory "i:". This directory was not added to the list of paths to be scanned.
    8:05 PM: Warning: SweepDirectories: Cannot find directory "h:". This directory was not added to the list of paths to be scanned.
    8:05 PM: Warning: SweepDirectories: Cannot find directory "g:". This directory was not added to the list of paths to be scanned.
    8:05 PM: Warning: SweepDirectories: Cannot find directory "e:". This directory was not added to the list of paths to be scanned.
    8:05 PM: C:\Program Files\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\components\Iwhenu_ff.xpt (ID = 296809)
    8:05 PM: C:\Program Files\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\chrome.manifest (ID = 296810)
     
  12. mr_nobody

    mr_nobody Thread Starter

    Joined:
    Feb 6, 2007
    Messages:
    14
    8:05 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP802\A0148603.ini (ID = 162695)
    8:03 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\all users\drm\cache\indiv01.tmp]
    8:02 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\owner\local settings\temp\me_yuwekrbvs0hball]
    8:02 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\owner\local settings\temp\me_pfxie7mei2fpygg]
    8:02 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\owner\local settings\temp\me_mtf2636gbvcvp7h]
    8:02 PM: Warning: Failed to open file "c:\documents and settings\owner\my documents\my music\my pictures\2006-01-21\2006-01-21\2006-01-21\2006-01-21\2006-01-21\2006-01-21\2006-01-21\2006-01-21\2006-01-21\2006-01-21\2006-01-21\2006-01-21\2006-01-21\2006-01-21\2006-01-21\2006-01-21\2006-01-21\thumbs.db:encryptable". The operation completed successfully
    8:02 PM: Warning: Failed to open file "c:\documents and settings\all users\drm\cache\indiv01.tmp". The operation completed successfully
    8:02 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temp\me_yuwekrbvs0hball". The operation completed successfully
    8:02 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temp\me_pfxie7mei2fpygg". The operation completed successfully
    8:02 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temp\me_mtf2636gbvcvp7h". The operation completed successfully
    8:01 PM: Warning: Failed to open file "c:\documents and settings\owner\my documents\my music\my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\thumbs.db:encryptable". The operation completed successfully
    8:01 PM: Warning: Failed to open file "c:\documents and settings\owner\my documents\my music\my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\picture\thumbs.db:encryptable". The operation completed successfully
    8:01 PM: Warning: Failed to open file "c:\documents and settings\owner\my documents\my music\my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\picture\picture 029.jpg". The operation completed successfully
    8:01 PM: Warning: Failed to open file "c:\documents and settings\owner\my documents\my music\my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\kodak pictures\2006-01-02\thumbs.db:encryptable". The operation completed successfully
    7:59 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\owner\local settings\temp\me_lao0x979wuyvbb3]
    7:58 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temp\me_lao0x979wuyvbb3". The operation completed successfully
    7:55 PM: C:\Program Files\Screensavers.com\Wallpaper\swpstart.exe (ID = 74759)
    Trace marked as Always Remove
    7:45 PM: C:\Program Files\BitComet\Downloads\Hot lesbo action 69 doggystyle ***** licking juices slurping orgy\69 lesbian teen oral action twat licking and ***** eating - xxx amateur outdoor homemade porn.wmv.bc! (ID = 0)
    7:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\bitcomet\downloads\38_pinball games pc\slam tilt resurrection - pirate\install.dat]
    7:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Corrupted] on [c:\program files\bitcomet\downloads\01.14.07.independence.day.1996.hdrip.x264.dts-bmdru\cd3\bmdru-id-x264-cd3.rar.bc!]
    7:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Corrupted] on [c:\program files\bitcomet\downloads\susana spears - spreads ***** in kitchen - [www.bestoftorrents.dl.am]\susana spears - spreads ***** in kitchen - [www.bestoftorrents.dl.am].rar.bc!]
    Trace marked as Always Remove
    7:43 PM: C:\Program Files\BitComet\Downloads\Hot lesbo action 69 doggystyle ***** licking juices slurping orgy\Hot Lesbo Action 69 Doggystyle In Bedroom - Amateur Homemade xxx porn sex.wmv.bc! (ID = 0)
    7:43 PM: Found Troj/Wimad-Gen: Troj/Wimad-Gen
    7:33 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP802\A0148604.exe (ID = 338051)
    7:28 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\websearch\websearchenu.pdf]
    7:28 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Scan Aborted] on [c:\owner file\20062007_125315_owner\c\docume~1\owner\mydocu~1\nef7ee~1\trackn~1.nrg.nco]
    7:24 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP802\A0148596.dll (ID = 358923)
    7:20 PM: C:\Program Files\Screensavers.com\Installer\bin\siuninst.exe (ID = 298009)
    7:19 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\messages\rdrmsgsplash.pdf]
    7:09 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\pagefile.sys]
    7:09 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\hiberfil.sys]
    7:06 PM: C:\Program Files\p2pnetworks\uninst.exe (ID = 162703)
    7:03 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\owner\application data\superantispyware.com\superantispyware\quarantine\quarantine - 02-09-2007 - 19-16-20.sbu]
    Trace marked as Always Remove
    6:58 PM: C:\WINDOWS\system32\Policies\ppdriver.sys (ID = 0)
    6:58 PM: Found Troj/RKProc-Fam: Troj/RKProc-Fam
    6:53 PM: C:\WINDOWS\system32\cemetrix.dll (ID = 243051)
    6:50 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP802\A0148606.dll (ID = 71040)
    6:50 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP802\A0148602.dll (ID = 71040)
    6:50 PM: Found Adware: networkessentials
    6:47 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP802\A0148597.exe (ID = 358924)
    6:46 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\messages\enu\rdrmsgenu.pdf]
    6:43 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP802\A0148607.exe (ID = 338031)
    6:42 PM: C:\Program Files\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\chrome\whenu_ff.jar (ID = 305736)
    6:42 PM: C:\Program Files\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\install.rdf (ID = 305737)
    6:36 PM: C:\Documents and Settings\Owner\Recent\MovieLand Terms.lnk (ID = 201283)
    6:33 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP802\A0148598.exe (ID = 358922)
    6:33 PM: Found Adware: whenu save
    6:32 PM: C:\Program Files\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\components\whenu_ff.dll (ID = 296501)
    6:32 PM: Found Adware: whenu
    6:31 PM: C:\Program Files\p2pnetworks\AlConfig.xml (ID = 163204)
    6:31 PM: C:\Program Files\p2pnetworks\sp2p.cache (ID = 163206)
    Operation: File Access
    Target:
    Source: C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\MCSHIELD.EXE
    6:27 PM: Tamper Detection
    6:26 PM: C:\Program Files\Screensavers.com (12 subtraces) (ID = 2147486931)
    6:26 PM: C:\My AccessMedia (1 subtraces) (ID = 2147498114)
    6:26 PM: C:\Program Files\p2pnetworks (6 subtraces) (ID = 2147497177)
    6:26 PM: C:\Program Files\SB (7 subtraces) (ID = 2147486978)
    6:26 PM: C:\Program Files\SB\Smart-Browser (6 subtraces) (ID = 2147526868)
    6:26 PM: C:\Program Files\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34} (8 subtraces) (ID = 2147518400)
    6:26 PM: Found Adware: whenu savenow
    6:26 PM: Starting File Sweep
    6:26 PM: Cookie Sweep Complete, Elapsed Time: 00:00:04
    6:26 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 3072)
    6:26 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 3072)
    6:26 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 3050)
    6:26 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 3050)
    6:26 PM: Found Spy Cookie: mytemplatestorage cookie
    6:26 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 3007)
    6:26 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 2034)
    6:26 PM: Found Spy Cookie: abcsearch cookie
    6:26 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 2528)
    6:26 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 3529)
    6:26 PM: Found Spy Cookie: tickle cookie
    6:26 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 6444)
    6:26 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 3254)
    6:26 PM: Found Spy Cookie: reliablestats cookie
    6:26 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 3341)
    6:26 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 3341)
    6:26 PM: Found Spy Cookie: server.iad.liveperson cookie
    6:26 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 5014)
    6:26 PM: Found Spy Cookie: nextag cookie
    6:26 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 3071)
    6:26 PM: Found Spy Cookie: netster cookie
    6:26 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 3006)
    6:26 PM: Found Spy Cookie: monstermarketplace cookie
    6:26 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 6442)
    6:26 PM: Found Spy Cookie: mediaplex cookie
    6:26 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 3669)
    6:26 PM: Found Spy Cookie: webtrends cookie
    6:26 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 2843)
    6:26 PM: Found Spy Cookie: imlive.com cookie
    6:26 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 2821)
    6:26 PM: Found Spy Cookie: ic-live cookie
    6:26 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 2527)
    6:26 PM: Found Spy Cookie: directtrack cookie
    6:26 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 2523)
    6:26 PM: Found Spy Cookie: did-it cookie
    6:26 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 2509)
    6:26 PM: Found Spy Cookie: delfinproject cookie
    6:26 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 2253)
    6:26 PM: Found Spy Cookie: atlas dmt cookie
    6:26 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 2245)
    6:26 PM: Found Spy Cookie: ask cookie
    6:26 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 6445)
    6:26 PM: Found Spy Cookie: tacoda cookie
    6:26 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 2217)
    6:26 PM: Found Spy Cookie: alt cookie
    6:26 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 2175)
    6:26 PM: Found Spy Cookie: advertising cookie
    6:26 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 3751)
    6:26 PM: Found Spy Cookie: yieldmanager cookie
    6:26 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 2011)
    6:26 PM: Found Spy Cookie: 7search cookie
    6:26 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 1957)
    6:26 PM: Found Spy Cookie: 2o7.net cookie
    6:25 PM: Starting Cookie Sweep
    6:25 PM: Registry Sweep Complete, Elapsed Time:00:00:47
    6:25 PM: HKU\S-1-5-21-1879238435-1967114630-2179219950-1003\software\microsoft\windows\currentversion\uninstall\bar888\ (ID = 1882039)
    6:25 PM: Found Adware: maxifiles
    6:25 PM: HKU\S-1-5-21-1879238435-1967114630-2179219950-1003\software\screenscenes\ (ID = 723706)
    6:25 PM: Found Adware: screenscenes
    6:25 PM: HKU\S-1-5-21-1879238435-1967114630-2179219950-1003\software\microsoft\internet explorer\toolbar\webbrowser\ || {d49e9d35-254c-4c6a-9d17-95018d228ff5} (ID = 142862)
    6:25 PM: HKU\S-1-5-21-1879238435-1967114630-2179219950-1003\software\microsoft\internet explorer\toolbar\webbrowser\ || {7bed0340-176b-44bc-915e-c21c1dd6f617} (ID = 142861)
    6:25 PM: HKU\S-1-5-21-1879238435-1967114630-2179219950-1003\software\microsoft\internet explorer\toolbar\webbrowser\ || {2d51d869-c36b-42bd-ae68-0a81bc771fa5} (ID = 142860)
    6:25 PM: HKU\S-1-5-21-1879238435-1967114630-2179219950-1003\software\microsoft\windows\currentversion\explorer\ || insid (ID = 139328)
    6:25 PM: Found Adware: redzip toolbar
    6:25 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{67982bb7-0f95-44c5-92dc-e3af3dc19d6d}\ (ID = 1918566)
    6:25 PM: Found Trojan Horse: trojan-downloader-zlob
    6:25 PM: HKLM\system\currentcontrolset\services\nwsapagent\ (ID = 1729831)
     
  13. mr_nobody

    mr_nobody Thread Starter

    Joined:
    Feb 6, 2007
    Messages:
    14
    6:25 PM: HKLM\system\controlset002\services\nwsapagent\ (ID = 1729775)
    6:25 PM: HKLM\system\controlset002\enum\root\legacy_nwsapagent\ (ID = 1729735)
    6:25 PM: HKLM\system\controlset001\services\nwsapagent\ (ID = 1729695)
    6:25 PM: HKLM\system\controlset001\enum\root\legacy_nwsapagent\ (ID = 1729645)
    6:25 PM: Found Adware: linkmedia
    6:25 PM: HKLM\software\classes\clsid\{b7d3e479-cc68-42b5-a338-938ece35f419}\ (ID = 1729347)
    6:25 PM: HKCR\clsid\{b7d3e479-cc68-42b5-a338-938ece35f419}\ (ID = 1728993)
    6:25 PM: Found Adware: eqiso toolbar
    6:25 PM: HKLM\software\microsoft\windows\currentversion\uninstall\shopperreports\ (ID = 1329363)
    6:25 PM: HKLM\software\classes\clsid\{85a616ee-142c-4d52-9f45-c469964e109e}\ (ID = 1166114)
    6:25 PM: HKCR\clsid\{85a616ee-142c-4d52-9f45-c469964e109e}\ (ID = 1166078)
    6:25 PM: Found Adware: starware toolbar
    6:25 PM: HKLM\software\classes\iceclientatl.surveyclientctl.1\ (ID = 1149360)
    6:25 PM: HKLM\software\classes\iceclientatl.surveyclientctl\ (ID = 1149354)
    6:25 PM: HKCR\iceclientatl.surveyclientctl.1\ (ID = 1149346)
    6:25 PM: HKCR\iceclientatl.surveyclientctl\ (ID = 1149340)
    6:25 PM: HKLM\software\classes\typelib\{fe844296-3c38-4b78-a272-87557622c953}\ (ID = 1144226)
    6:25 PM: HKLM\software\classes\clsid\{cd1b7795-13bc-4a12-bf42-a52748971aa2}\ (ID = 1144222)
    6:25 PM: HKCR\typelib\{fe844296-3c38-4b78-a272-87557622c953}\ (ID = 1144194)
    6:25 PM: HKCR\clsid\{cd1b7795-13bc-4a12-bf42-a52748971aa2}\ (ID = 1144173)
    6:25 PM: HKLM\software\microsoft\windows\currentversion\uninstall\ shopperreports\ (ID = 1008466)
    6:25 PM: Found Adware: hotbar/zango
    6:25 PM: HKLM\software\microsoft\windows\currentversion\uninstall\{15d612df-d417-4cda-b8b5-94f47ba21313}\ (ID = 945998)
    6:25 PM: Found Adware: marketscore
    6:25 PM: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\ || c:\program files\p2pnetworks\p2pnetworks.exe (ID = 871570)
    6:25 PM: HKLM\software\microsoft\windows\currentversion\uninstall\p2pnetworks\ (ID = 867156)
    6:25 PM: HKLM\software\classes\typelib\{ab3b59a5-8bb4-46ab-a878-dfdb237d5bd5}\ (ID = 867095)
    6:25 PM: HKLM\software\classes\typelib\{97d860c4-f072-477b-b241-409f7cffb954}\ (ID = 867085)
    6:25 PM: HKLM\software\classes\typelib\{555fb512-9f3b-4359-9d2a-3c10e750ce5e}\ (ID = 867075)
    6:25 PM: HKLM\software\classes\clsid\{dfe95408-fd86-4818-a30a-bc859d9658e1}\ (ID = 867048)
    6:25 PM: HKLM\software\classes\clsid\{1e9adaf2-4eda-4074-96ce-c9972e675c88}\ (ID = 866985)
    6:25 PM: HKLM\software\classes\appid\{99c4f93d-42a7-478d-8746-4afb6c10bc26}\ (ID = 866981)
    6:25 PM: HKLM\software\classes\appid\{626873ac-27f3-4d48-be81-535cf2360071}\ (ID = 866975)
    6:25 PM: HKLM\software\classes\appid\{4c0b0548-ae0b-4008-999d-db33b8b2eb90}\ (ID = 866973)
    6:25 PM: HKLM\software\classes\appid\trayicon.exe\ (ID = 866971)
    6:25 PM: HKLM\software\classes\appid\sp2p.exe\ (ID = 866969)
    6:25 PM: HKLM\software\classes\appid\downloadmanager.exe\ (ID = 866963)
    6:25 PM: HKLM\software\classes\sp2p.sp2p.1\ (ID = 866957)
    6:25 PM: HKLM\software\classes\sp2p.sp2p\ (ID = 866951)
    6:25 PM: HKLM\software\classes\downloadmanager.manager.1\ (ID = 866927)
    6:25 PM: HKLM\software\classes\downloadmanager.manager\ (ID = 866921)
    6:25 PM: HKCR\typelib\{ab3b59a5-8bb4-46ab-a878-dfdb237d5bd5}\ (ID = 866816)
    6:25 PM: HKCR\typelib\{97d860c4-f072-477b-b241-409f7cffb954}\ (ID = 866806)
    6:25 PM: HKCR\typelib\{555fb512-9f3b-4359-9d2a-3c10e750ce5e}\ (ID = 866796)
    6:25 PM: HKCR\clsid\{dfe95408-fd86-4818-a30a-bc859d9658e1}\ (ID = 866769)
    6:25 PM: HKCR\clsid\{1e9adaf2-4eda-4074-96ce-c9972e675c88}\ (ID = 866706)
    6:25 PM: HKCR\appid\{99c4f93d-42a7-478d-8746-4afb6c10bc26}\ (ID = 866702)
    6:25 PM: HKCR\appid\{626873ac-27f3-4d48-be81-535cf2360071}\ (ID = 866696)
    6:25 PM: HKCR\appid\{4c0b0548-ae0b-4008-999d-db33b8b2eb90}\ (ID = 866694)
    6:25 PM: HKCR\appid\trayicon.exe\ (ID = 866692)
    6:25 PM: HKCR\appid\sp2p.exe\ (ID = 866690)
    6:25 PM: HKCR\appid\downloadmanager.exe\ (ID = 866684)
    6:25 PM: HKCR\sp2p.sp2p.1\ (ID = 866678)
    6:25 PM: HKCR\sp2p.sp2p\ (ID = 866672)
    6:25 PM: HKCR\downloadmanager.manager.1\ (ID = 866648)
    6:25 PM: HKCR\downloadmanager.manager\ (ID = 866642)
    6:25 PM: HKCR\typelib\{00000182-c745-43d2-44f1-01a1c789c738}\ (ID = 141872)
    6:25 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000185-c745-43d2-44f1-01a1c789c738}\ (ID = 141867)
    6:25 PM: HKLM\software\classes\typelib\{00000182-c745-43d2-44f1-01a1c789c738}\ (ID = 141860)
    6:25 PM: HKLM\software\classes\interface\{00000183-c745-43d2-44f1-01a1c789c738}\ (ID = 141857)
    6:25 PM: HKCR\interface\{00000183-c745-43d2-44f1-01a1c789c738}\ (ID = 141850)
    6:25 PM: Found Adware: smart-browser
    6:25 PM: HKCR\typelib\{0ab5b0d8-2b74-4c1c-8fa4-e52550b8b45b}\ (ID = 140575)
    6:25 PM: HKLM\software\screensavers.com\ (ID = 140569)
    6:25 PM: HKLM\software\classes\typelib\{0ab5b0d8-2b74-4c1c-8fa4-e52550b8b45b}\ (ID = 140565)
    6:25 PM: HKLM\software\classes\clsid\{88d758a3-d33b-45fd-91e3-67749b4057fa}\ (ID = 140556)
    6:25 PM: HKLM\software\classes\clsid\{722d2939-a14a-41a9-9eac-ab8f4e295819}\ (ID = 140555)
    6:25 PM: HKCR\clsid\{88d758a3-d33b-45fd-91e3-67749b4057fa}\ (ID = 140551)
    6:25 PM: HKCR\clsid\{722d2939-a14a-41a9-9eac-ab8f4e295819}\ (ID = 140550)
    6:25 PM: Starting Registry Sweep
    6:25 PM: Memory Sweep Complete, Elapsed Time: 00:06:33
    6:18 PM: Starting Memory Sweep
    6:18 PM: HKLM\software\classes\typelib\{97d860c4-f072-477b-b241-409f7cffb954}\1.0\0\win32\ (ID = 1589903)
    6:18 PM: HKLM\software\classes\clsid\{dfe95408-fd86-4818-a30a-bc859d9658e1}\localserver32\ (ID = 1589902)
    6:18 PM: Found Trojan Horse: p2pnetwork
    6:18 PM: HKCR\typelib\{555fb512-9f3b-4359-9d2a-3c10e750ce5e}\1.0\0\win32\ (ID = 1589901)
    6:18 PM: HKCR\clsid\{1e9adaf2-4eda-4074-96ce-c9972e675c88}\localserver32\ (ID = 1589898)
    6:18 PM: HKCR\typelib\{ab3b59a5-8bb4-46ab-a878-dfdb237d5bd5}\1.0\0\win32\ (ID = 1589897)
    6:18 PM: Found Adware: mediapipe
    6:18 PM: HKCR\clsid\{722d2939-a14a-41a9-9eac-ab8f4e295819}\inprocserver32\ (ID = 1531329)
    6:18 PM: Found Adware: comet cursor
    6:18 PM: Start Custom Sweep
    6:18 PM: Sweep initiated using definitions version 845
    6:12 PM: Your virus definitions have been updated.
    6:10 PM: Informational: Loaded AntiVirus Engine: 2.41.0; SDK Version: 4.13; Virus Definitions: 2/11/2007 1:31:44 PM (GMT)
    Keylogger: Off
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites: Off
    Hosts File Shield: On
    Internet Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: Off
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    6:07 PM: Shield States
    6:07 PM: Spyware Definitions: 845
    6:07 PM: Informational: Loaded AntiVirus Engine: 2.41.0; SDK Version: 4.13; Virus Definitions: 2/11/2007 1:31:44 PM (GMT)
    6:02 PM: Spy Sweeper 5.3.1.2344 started
    6:02 PM: Spy Sweeper 5.3.1.2344 started
    6:02 PM: | Start of Session, Sunday, February 11, 2007 |
    ***************
     
  14. mr_nobody

    mr_nobody Thread Starter

    Joined:
    Feb 6, 2007
    Messages:
    14
    Logfile of HijackThis v1.99.1
    Scan saved at 9:22:04 PM, on 2/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\system32\FreezeScreenSaver.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\Program Files\Digital Media Reader\shwiconem.exe
    C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
    C:\Program Files\Lexmark 2300 Series\ezprint.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\WINDOWS\system32\lxcgcoms.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
    C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\WINDOWS\system32\dumprep.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Owner\Desktop\hjt\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SmartPics Class - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\WINDOWS\Policies.dll
    O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
    O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunKistEM] "C:\Program Files\Digital Media Reader\shwiconem.exe"
    O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
    O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,[email protected]
    O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [PLNRNote] "C:\Program Files\SierraHome\Hallmark Card Studio Special Edition\Planner\PLNRNote.exe"
    O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
    O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
    O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3
    O4 - HKLM\..\Run: [Synchronization Manager] "C:\WINDOWS\system32\mobsync.exe" /logon
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
    O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [ANIWZCS2Service] "C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe"
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
    O4 - HKLM\..\Run: [Globe7] "C:\Program Files\Globe7\Globe7.exe" /hide
    O4 - HKLM\..\Run: [D-Link AirPlus G] "C:\Program Files\D-Link\AirPlus G\AirGCFG.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
    O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup
    O4 - HKLM\..\Run: [NI.UWAS7_0001_N91M1112] "c:\documents and settings\owner\application data\winantispyware2007freeinstall[1].exe" -nag
    O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [Weather] "C:\Program Files\AWS\WeatherBug\Weather.exe" 1
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
    O4 - HKCU\..\Run: [IM] C:\Program Files\IM\IMLauncher.exe /boot:1
    O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Forget Me Not.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
    O4 - Global Startup: run_startmenu.cmd
    O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: iWatchNow Media Center - {750A64D8-DFAA-485B-A335-F7093333FBB7} - C:\Program Files\iWatchNow, Inc.\iWatchNow Media Center\iwnvod.exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
    O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} (Rhapsody Player Engine) - http://forms.real.com/real/player/d.../mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135301364296
    O16 - DPF: {A364AF35-0CDF-41E8-8F3B-E0E55E15EBA1} (Zenturi Active Programs Control) - http://www.programchecker.com/dll/nixon.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: FreezeScreenSaver - Unknown owner - C:\WINDOWS\system32\FreezeScreenSaver.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
     
  15. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Your Ewido is out of date and Ewido has been replaced with AVG AS

    Remove Ewido and get AVG AS - http://www.ewido.net/en/download/
    ==========================



    You may want to print this or save it to notepad as we will go to safe mode.

    Fix these with HiJackThis – mark them, close IE, click fix checked

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

    R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)

    O2 - BHO: SmartPics Class - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\WINDOWS\Policies.dll

    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

    O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" –k

    O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3

    O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 –k

    O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup

    O4 - HKLM\..\Run: [NI.UWAS7_0001_N91M1112] "c:\documents and settings\owner\application data\winantispyware2007freeinstall[1].exe" -nag

    DownLoad http://www.downloads.subratam.org/KillBox.zip or
    http://www.thespykiller.co.uk/files/killbox.exe

    Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

    Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

    c:\documents and settings\owner\application data\winantispyware2007freeinstall[1].exe
    C:\PROGRA~1\AQUATI~1
    C:\Program Files\Acceleration Software
    C:\WINDOWS\Policies.dll


    Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

    START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

    Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

    Not all temp files will delete and that is normal
    Empty the recycle bin
    Boot and post a new hijack log from normal NOT safe mode

    Please give feedback on what worked/didn’t work and the current status of your system
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/541873

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice