help with system alert down by clock

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

mr_nobody

Thread Starter
Joined
Feb 6, 2007
Messages
14
i am having a problem with this system alert down by the clock if i click on it. it takes me to a web page to get me to buy a av scaner it's verry anoying also when i try to use firefox my desktop goes hay wire the clours look weard please help here is a hjt log :confused:

Logfile of HijackThis v1.99.1
Scan saved at 6:39:39 PM, on 2/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\FreezeScreenSaver.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\SierraHome\Hallmark Card Studio Special Edition\Planner\PLNRNote.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\P2PNET~1\P2PNET~1.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Documents and Settings\Owner\Desktop\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: BHO - {00000185-C745-43D2-44F1-01A1C789C738} - C:\PROGRA~1\SB\SMART-~1\BHO010~1.DLL (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program Files\Video ActiveX Object\isadd.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Video ActiveX Object\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,[email protected]
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [PLNRNote] "C:\Program Files\SierraHome\Hallmark Card Studio Special Edition\Planner\PLNRNote.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [requester] "C:\WINDOWS\system32\requester.12.exe"
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [Globe7] "C:\Program Files\Globe7\Globe7.exe" /hide
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup
O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus
O4 - HKLM\..\Run: [NI.UWAS7_0001_N91M1112] "c:\documents and settings\owner\application data\winantispyware2007freeinstall[1].exe" -nag
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [IM] C:\Program Files\IM\IMLauncher.exe /boot:1
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Forget Me Not.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: run_startmenu.cmd
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: iWatchNow Media Center - {750A64D8-DFAA-485B-A335-F7093333FBB7} - C:\Program Files\iWatchNow, Inc.\iWatchNow Media Center\iwnvod.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} (Rhapsody Player Engine) - http://forms.real.com/real/player/d.../mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135301364296
O16 - DPF: {A364AF35-0CDF-41E8-8F3B-E0E55E15EBA1} (Zenturi Active Programs Control) - http://www.programchecker.com/dll/nixon.cab
O18 - Protocol: bw+0 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {A1634B88-4F32-45DB-BCD7-3AB02B8A3C16} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: hirtellous - {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - (no file)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: FreezeScreenSaver - Unknown owner - C:\WINDOWS\system32\FreezeScreenSaver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
 
Joined
Sep 7, 2004
Messages
49,014
Add remove programs - remove logitech desktop messenger

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.

The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning: running option #2 on a non infected computer will remove your Desktop background.
===================

Download Superantispyware

http://www.superantispyware.com/superantispywarefreevspro.html

Install it and double-click the icon on your desktop to run it.
· It will ask if you want to update the program definitions, click Yes.
· Under Configuration and Preferences, click the Preferences button.
· Click the Scanning Control tab.
· Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
· On the main screen, under Scan for Harmful Software click Scan your computer.
· On the left check C:\Fixed Drive.
· On the right, under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan. Please be patient while it scans your computer.
· After the scan is complete a summary box will appear. Click OK.
· Make sure everything in the white box has a check next to it, then click Next.
· It will quarantine what it found and if it asks if you want to reboot, click Yes.
· To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
· Click close and close again to exit the program.
· Please paste that information here for me with a new HijackThis log.
 

mr_nobody

Thread Starter
Joined
Feb 6, 2007
Messages
14
well i may be slow with work and all but here is the logs you wonted

SmitFraudFix v2.141

Scan done at 17:38:22.43, Fri 02/09/2007
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{fa19bd7e-50bc-4203-80ac-c4edc81ca9a3}"="hirtellous"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{5c4f2cbc-f32d-4a03-9812-86f39379811b}"="breadthes"

[HKEY_CLASSES_ROOT\CLSID\{5c4f2cbc-f32d-4a03-9812-86f39379811b}\InProcServer32]
@="C:\WINDOWS\system32\oksrqqu.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{5c4f2cbc-f32d-4a03-9812-86f39379811b}\InProcServer32]
@="C:\WINDOWS\system32\oksrqqu.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\system32\oksrqqu.dll -> Hoax.Win32.Renos.gen.i
C:\WINDOWS\system32\oksrqqu.dll -> Deleted


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\Program Files\PestCapture\ Deleted
C:\Program Files\Video ActiveX Object\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
 

mr_nobody

Thread Starter
Joined
Feb 6, 2007
Messages
14
SUPERAntiSpyware Scan Log
Generated 02/09/2007 at 07:13 PM

Application Version : 3.5.1016

Core Rules Database Version : 3181
Trace Rules Database Version: 1191

Scan type : Complete Scan
Total Scan Time : 00:54:10

Memory items scanned : 752
Memory threats detected : 0
Registry items scanned : 6349
Registry threats detected : 179
File items scanned : 40236
File threats detected : 164

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][11].txt
C:\Documents and Settings\Owner\Cookies\[email protected][6].txt
C:\Documents and Settings\Owner\Cookies\[email protected][3].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][3].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][10].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected]
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected]
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected]
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected]
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][5].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected]
C:\Documents and Settings\Owner\Cookies\[email protected]
C:\Documents and Settings\Owner\Cookies\[email protected]
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected]
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][4].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][8].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected]
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected]
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][7].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt

Adware.Smart-Browser
HKCR\CLSID\{00000185-C745-43D2-44F1-01A1C789C738}
HKCR\CLSID\{00000185-C745-43D2-44F1-01A1C789C738}\InprocServer32
HKCR\CLSID\{00000185-C745-43D2-44F1-01A1C789C738}\InprocServer32#ThreadingModel
HKCR\CLSID\{00000185-C745-43D2-44F1-01A1C789C738}\ProgID
HKCR\CLSID\{00000185-C745-43D2-44F1-01A1C789C738}\TypeLib
HKCR\CLSID\{00000185-C745-43D2-44F1-01A1C789C738}\Version

Unclassified.Unknown Origin
HKCR\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}
HKCR\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}\InprocServer32
HKCR\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}\InprocServer32#ThreadingModel
HKCR\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}\ProgID
HKCR\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}\Programmable
HKCR\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}\TypeLib
HKCR\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}\VersionIndependentProgID

Adware.WhenU
HKCR\WUSN.1
HKCR\WUSN.1#WUSN_Id
HKCR\ACM.ACMFactory
HKCR\ACM.ACMFactory\CLSID
HKCR\ACM.ACMFactory\CurVer
HKCR\ACM.ACMFactory.1
HKCR\ACM.ACMFactory.1\CLSID
HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}
HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid
HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\ProxyStubClsid32
HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib
HKCR\Interface\{572FB162-C0BA-4EDF-8CFF-E3846153B9B0}\TypeLib#Version
HKCR\AppId\{127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB}
HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}
HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}#AppID
HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32
HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\InprocServer32#ThreadingModel
HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\ProgID
HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\Programmable
HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\TypeLib
HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}\VersionIndependentProgID
HKCR\AppId\ACM.DLL
HKCR\AppId\ACM.DLL#AppID
HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}
HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0
HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\0
HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\0\win32
HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\FLAGS
HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}\1.0\HELPDIR
HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}
HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid
HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\ProxyStubClsid32
HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib
HKCR\Interface\{72A836D1-BC00-43C0-A941-17960E4FB842}\TypeLib#Version
HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}
HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid
HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\ProxyStubClsid32
HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib
HKCR\Interface\{43382522-A846-46F4-AC57-1F71AE6E1086}\TypeLib#Version
HKLM\Software\WhenUSave
HKLM\Software\WhenUSave#db_script_update
HKLM\Software\WhenUSave#InstallDir
HKLM\Software\WhenUSave#pats_url
HKLM\Software\WhenUSave#pat_chunks_url
HKLM\Software\WhenUSave#script_url
HKLM\Software\WhenUSave#update_url
HKLM\Software\WhenUSave#ver_url
HKLM\Software\WhenUSave#Version
HKLM\Software\WhenUSave#timedDBUpdate_rs
HKLM\Software\WhenUSave#SystemParam_rs
HKLM\Software\WhenUSave#uninst_rs
HKLM\Software\WhenUSave#extra_url
HKLM\Software\WhenUSave#extraver_url
HKLM\Software\WhenUSave#ziptomsa_url
HKLM\Software\WhenUSave#InstallTime
HKLM\Software\WhenUSave#LastPartner
HKLM\Software\WhenUSave#zip
HKLM\Software\WhenUSave#uninstall_cmd_rs
HKLM\Software\WhenUSave#acm_rs
HKLM\Software\WhenUSave#TotalPartner
HKLM\Software\WhenUSave#newuser_rs
HKLM\Software\WhenUSave#Partner
HKLM\Software\WhenUSave#PartnerB
HKLM\Software\WhenUSave#PartnerDesc
HKLM\Software\WhenUSave#PartnerParam
HKLM\Software\WhenUSave#TotalPopup
HKLM\Software\WhenUSave#HeartbeatTime
HKLM\Software\WhenUSave#HeartbeatCount
HKLM\Software\WhenUSave#PulseTime
HKLM\Software\WhenUSave#PulseCount
HKLM\Software\WhenUSave#FullDBTime
HKLM\Software\WhenUSave#brandskin_url
HKLM\Software\WhenUSave#brandstrip_rs
HKLM\Software\WhenUSave#brandstrip_url
HKLM\Software\WhenUSave#bstat_rs
HKLM\Software\WhenUSave#himp_url
HKLM\Software\WhenUSave#iptomsa_url
HKLM\Software\WhenUSave#maxPopups_rs
HKLM\Software\WhenUSave#redir3p_url
HKLM\Software\WhenUSave#src_url
HKLM\Software\WhenUSave#uninstalltag_rs
HKLM\Software\WhenUSave#dbc_chunks_rs
HKLM\Software\WhenUSave#IPToMsaFail_rs
HKLM\Software\WhenUSave#fword_rs
HKLM\Software\WhenUSave#TotalAbout
HKLM\Software\WhenUSave#db_stamp_rs
HKLM\Software\WhenUSave#db_server_update
HKLM\Software\WhenUSave#UrlChangeCount
HKLM\Software\WhenUSave#IPToMsaTime_rs
HKLM\Software\WhenUSave\Partners
HKLM\Software\WhenUSave\Partners\WUSV
HKLM\Software\WhenUSave\Partners\WUSV#Partner
HKLM\Software\WhenUSave\Partners\WUSV#InstallTime
HKLM\Software\WhenUSave\Partners\WUSV#PartnerDesc
HKLM\Software\WhenUSave\Partners\WUSV#PartnerParam
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow#DisplayIcon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow#DisplayVersion
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow#HelpLink
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow#Publisher
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow#UrlInfoAbout
C:\Program Files\Save\ACM.dll
C:\Program Files\Save\ffext.mod
C:\Program Files\Save\save.db
C:\Program Files\Save\Save.exe
C:\Program Files\Save\save.htm
C:\Program Files\Save\SaveUninst.exe
C:\Program Files\Save\store.db
C:\Program Files\Save
C:\Documents and Settings\Owner\Start Menu\Programs\WhenU\Customer Support.lnk
C:\Documents and Settings\Owner\Start Menu\Programs\WhenU\Learn More About WhenU Save.url
C:\Documents and Settings\Owner\Start Menu\Programs\WhenU\Learn More About WhenU SaveNow.url
C:\Documents and Settings\Owner\Start Menu\Programs\WhenU\Uninstall Instructions.lnk
C:\Documents and Settings\Owner\Start Menu\Programs\WhenU\WhenU.com Website.url
C:\Documents and Settings\Owner\Start Menu\Programs\WhenU

Adware.MovieLand/MediaPipe
HKLM\Software\ITBILL
HKLM\Software\ITBILL#PROV
HKLM\Software\ITBILL#Product
HKLM\Software\ITBILL#ProductFamily
HKLM\Software\ITBILL#TRAFFIC_TYPE
HKLM\Software\MediaPipe
HKLM\Software\MediaPipe\Prefs
HKLM\Software\MediaPipe\Prefs#version
HKLM\Software\MediaPipe\Prefs#ItBill
HKLM\Software\MediaPipe\Prefs#ProductFamily
HKLM\Software\MediaPipe\Prefs#Country
HKLM\Software\MediaPipe\Prefs#Provider
HKLM\Software\MediaPipe\Prefs#TRAFFIC_COUNTRY
HKLM\Software\MediaPipe\Prefs#TRAFFIC_PROGRAM
HKLM\Software\MediaPipe\Prefs#TRAFFIC_SOURCE
HKLM\Software\MediaPipe\Prefs#TRAFFIC_SUBSOURCE
HKLM\Software\MediaPipe\Prefs#JOIN_FORM_ID
HKLM\Software\MediaPipe\Prefs#modem
HKLM\Software\MediaPipe\Prefs#GUID
HKLM\Software\MediaPipe\Prefs#Filename
HKLM\Software\MediaPipe\Prefs\ItBill
HKLM\Software\MediaPipe\Prefs\ItBill#Provider
C:\Program Files\MovieLand Terms.html
C:\Program Files\MediaPipe\Agent.dll
C:\Program Files\MediaPipe\insdl.dll
C:\Program Files\MediaPipe\install.log
C:\Program Files\MediaPipe\ItBill_terms.txt
C:\Program Files\MediaPipe\MediaPipe.ini
C:\Program Files\MediaPipe\p2pinst.exe
C:\Program Files\MediaPipe\p2pl.exe
C:\Program Files\MediaPipe\register.dll
C:\Program Files\MediaPipe
C:\PROGRAM FILES\P2PNETWORKS\P2PNETWORKS.EXE

Adware.180solutions/Search Assistant
C:\Program Files\MediaGateway

Adware.180solutions/ZangoSearch
HKCR\CLSID\{D676F999-4608-4dc5-A135-4F51F4212739}
HKCR\CLSID\{D676F999-4608-4dc5-A135-4F51F4212739}#rsp
HKCR\Interface\{67A89831-6BC7-4CC0-A2C3-560F9A581E64}
HKCR\Interface\{67A89831-6BC7-4CC0-A2C3-560F9A581E64}\ProxyStubClsid
HKCR\Interface\{67A89831-6BC7-4CC0-A2C3-560F9A581E64}\ProxyStubClsid32
HKCR\Interface\{67A89831-6BC7-4CC0-A2C3-560F9A581E64}\TypeLib
HKCR\Interface\{67A89831-6BC7-4CC0-A2C3-560F9A581E64}\TypeLib#Version
HKCR\AppId\{D28CD14C-50BE-4CFA-951E-B37F25DA3472}

Registry Cleaner Trial
HKLM\Software\Registry Cleaner
HKLM\Software\Registry Cleaner\Uninstall
HKLM\Software\Registry Cleaner\Uninstall#UnwisePath
HKLM\Software\Registry Cleaner\Uninstall#InstallLog
HKLM\Software\Registry Cleaner\Uninstall#RCUninstallPath
HKLM\Software\Registry Cleaner\Uninstall#SOPROC
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Registry Cleaner
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Registry Cleaner#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Registry Cleaner#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs#C:\WINDOWS\Downloaded Program Files\Install.dll [  ]

Trojan.Security Toolbar
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url
C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url

Adware.Best Offers Network
C:\WINDOWS\tboninst.cfg

Adware.Best Offers Network/SmileySource
HKCR\Anim.AnimCtl
HKCR\Anim.AnimCtl\CurVer
HKCR\TypeLib\{C978F52B-E584-11CF-AF44-00A0C9034837}
HKCR\TypeLib\{C978F52B-E584-11CF-AF44-00A0C9034837}\1.0
HKCR\TypeLib\{C978F52B-E584-11CF-AF44-00A0C9034837}\1.0\0
HKCR\TypeLib\{C978F52B-E584-11CF-AF44-00A0C9034837}\1.0\0\win32
HKCR\TypeLib\{C978F52B-E584-11CF-AF44-00A0C9034837}\1.0\FLAGS
HKCR\TypeLib\{C978F52B-E584-11CF-AF44-00A0C9034837}\1.0\HELPDIR
C:\PROGRAM FILES\MICROSOFT ANTISPYWARE\QUARANTINE\440A0AA3-5345-4225-8418-0DECA4\6EA42A6C-E1C2-48B1-8EE7-A5AD1F

Trojan.Media-Codec
HKCR\VideoAXObject.Chl
HKCR\VideoAXObject.Chl\CLSID
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\System Alert Popup#UninstallString
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#none [ C:\Program Files\Video ActiveX Object\pmsngr.exe ]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#user32.dll [ C:\Program Files\Video ActiveX Object\isamntr.exe ]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#rare [ C:\Program Files\Video ActiveX Object\pmsnrr.exe ]

Adware.180solutions/Seekmo
HKCR\AppId\SeekmoTB.DLL
HKCR\AppId\SeekmoTB.DLL#AppID
HKCR\AppId\{21B8997E-251A-412C-A805-B0A4F791B03E}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Seekmo Toolbar
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Seekmo Toolbar#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Seekmo Toolbar#UninstallString
C:\Program Files\Seekmo Programs

Browser Hijacker.Favorites
C:\DOCUMENTS AND SETTINGS\OWNER\FAVORITES\ONLINE SECURITY TEST.URL

Trojan.Hacktool
C:\PROGRAM FILES\COMMON FILES\{B03968FD-07C7-1033-0124-050720040001}\SYSTEM.DLL

Trojan.NewDotNet
C:\RECYCLER\S-1-5-21-1879238435-1967114630-2179219950-500\DC1\NEWDOTNET7_48.DLL
C:\WINDOWS\NDNUNINSTALL6_38.EXE
C:\WINDOWS\NDNUNINSTALL7_48.EXE

Trojan.Freeprod
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP800\A0148429.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP800\A0148430.EXE

Trojan Downloader-SystemAlert.Process
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP801\A0148554.DLL

Trojan.IEXPLORER
C:\WINDOWS\IEXPLORER.EXE
C:\WINDOWS\SYSTEM32\POLICIES\IEXPLORER.EXE
C:\WINDOWS\Prefetch\IEXPLORER.EXE-1D8CB1E8.pf
 

mr_nobody

Thread Starter
Joined
Feb 6, 2007
Messages
14
Logfile of HijackThis v1.99.1
Scan saved at 7:56:44 PM, on 2/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\FreezeScreenSaver.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\SierraHome\Hallmark Card Studio Special Edition\Planner\PLNRNote.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Broderbund\AG CreataCard\agremind.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe
C:\Documents and Settings\Owner\Desktop\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: (no name) - {00000185-C745-43D2-44F1-01A1C789C738} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SmartPics Class - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\WINDOWS\Policies.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,[email protected]
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [PLNRNote] "C:\Program Files\SierraHome\Hallmark Card Studio Special Edition\Planner\PLNRNote.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [Globe7] "C:\Program Files\Globe7\Globe7.exe" /hide
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup
O4 - HKLM\..\Run: [NI.UWAS7_0001_N91M1112] "c:\documents and settings\owner\application data\winantispyware2007freeinstall[1].exe" -nag
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [IM] C:\Program Files\IM\IMLauncher.exe /boot:1
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Forget Me Not.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: run_startmenu.cmd
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: iWatchNow Media Center - {750A64D8-DFAA-485B-A335-F7093333FBB7} - C:\Program Files\iWatchNow, Inc.\iWatchNow Media Center\iwnvod.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} (Rhapsody Player Engine) - http://forms.real.com/real/player/d.../mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135301364296
O16 - DPF: {A364AF35-0CDF-41E8-8F3B-E0E55E15EBA1} (Zenturi Active Programs Control) - http://www.programchecker.com/dll/nixon.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: FreezeScreenSaver - Unknown owner - C:\WINDOWS\system32\FreezeScreenSaver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

thanks for the help so far
 
Joined
Sep 7, 2004
Messages
49,014
Lets do one more since you had so much - I'll hook up with you tomorrow

Go to the link below and download the trial version of SpySweeper:

SpySweeper http://www.webroot.com/consumer/products/spysweeper/?acode=af1&rc=855

(It's a 2 week trial.)

* Click the Try Spy Sweeper for FreeDownload the trial link. (Download Antivirus if required)
* Install it. During the install it will prompt for updates, these can be gotten now or later
* Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, if not already done so, before proceding check to ensure that you are up to date (Click Home > Bottom middle of page will tell you) .
* Once the definitions are installed, click Options on the left side.
* Click the Options tab on the left hand side.
* Chose Custom Sweep (Raido Buttom)
* Chose Change Settings (Link)
* Where to Sweep
> Select My Computer
* What to Sweep
> Select all options available (enable Virus scan if available)
* Skip File Types
> Do not skip any file types
* Advanced Options
> Select all options available


* Click Sweep on the left side.
* Click the Black arrow next to start full sweep
* Select Start Custom Sweep
* When it's done scanning, copy Items Found into Notepad
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click the Summary tab and click Finish.
* Compare the contents of the notepad to the report
* Place the contens of the notepad into your next reply identifying any items not removed.

If Spy Sweeper Suggests rebooting and scanning again repeat process and copy that information into your next reply as well.


Also post a new Hijack This log.
 

mr_nobody

Thread Starter
Joined
Feb 6, 2007
Messages
14
here we go

9:14 PM: Removal process completed. Elapsed time 00:04:10
9:11 PM: Quarantining All Traces: Troj/Wimad-Gen
9:11 PM: Quarantining All Traces: Troj/RKProc-Fam
9:10 PM: Quarantining All Traces: whenu save
9:10 PM: Quarantining All Traces: whenu
9:10 PM: Quarantining All Traces: whenu savenow
9:10 PM: Quarantining All Traces: mytemplatestorage cookie
9:10 PM: Quarantining All Traces: abcsearch cookie
9:10 PM: Quarantining All Traces: tickle cookie
9:10 PM: Quarantining All Traces: reliablestats cookie
9:10 PM: Quarantining All Traces: server.iad.liveperson cookie
9:10 PM: Quarantining All Traces: nextag cookie
9:10 PM: Quarantining All Traces: netster cookie
9:10 PM: Quarantining All Traces: monstermarketplace cookie
9:10 PM: Quarantining All Traces: mediaplex cookie
9:10 PM: Quarantining All Traces: webtrends cookie
9:10 PM: Quarantining All Traces: imlive.com cookie
9:10 PM: Quarantining All Traces: ic-live cookie
9:10 PM: Quarantining All Traces: directtrack cookie
9:10 PM: Quarantining All Traces: did-it cookie
9:10 PM: Quarantining All Traces: delfinproject cookie
9:10 PM: Quarantining All Traces: atlas dmt cookie
9:10 PM: Quarantining All Traces: ask cookie
9:10 PM: Quarantining All Traces: tacoda cookie
9:10 PM: Quarantining All Traces: alt cookie
9:10 PM: Quarantining All Traces: advertising cookie
9:10 PM: Quarantining All Traces: yieldmanager cookie
9:10 PM: Quarantining All Traces: 7search cookie
9:10 PM: Quarantining All Traces: 2o7.net cookie
9:10 PM: Quarantining All Traces: screenscenes
9:10 PM: Quarantining All Traces: hotbar/zango
9:10 PM: Quarantining All Traces: networkessentials
9:10 PM: Quarantining All Traces: redzip toolbar
9:10 PM: Quarantining All Traces: linkmedia
9:10 PM: Quarantining All Traces: eqiso toolbar
9:10 PM: Quarantining All Traces: smart-browser
9:10 PM: Quarantining All Traces: mediapipe
9:10 PM: Quarantining All Traces: maxifiles
9:10 PM: Quarantining All Traces: starware toolbar
9:10 PM: Quarantining All Traces: marketscore
9:10 PM: Quarantining All Traces: p2pnetwork
9:10 PM: Quarantining All Traces: comet cursor
 

mr_nobody

Thread Starter
Joined
Feb 6, 2007
Messages
14
9:10 PM: Quarantining All Traces: trojan-downloader-zlob
9:10 PM: Removal process initiated
9:08 PM: ApplicationMinimized - EXIT
9:08 PM: ApplicationMinimized - ENTER
9:08 PM: ApplicationMinimized - EXIT
9:08 PM: ApplicationMinimized - ENTER
9:08 PM: ApplicationMinimized - EXIT
9:08 PM: ApplicationMinimized - ENTER
9:00 PM: Traces Found: 176
9:00 PM: Custom Sweep has completed. Elapsed time 02:41:59
9:00 PM: File Sweep Complete, Elapsed Time: 02:34:14
Operation: File Access
Target:
Source: C:\PROGRAM FILES\WINDOWS DESKTOP SEARCH\WINDOWSSEARCHFILTER.EXE
8:58 PM: Tamper Detection
8:57 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\hotbar11.zip]
8:57 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\antiverminspro2.zip]
8:57 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zango8.zip]
8:57 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zango7.zip]
8:57 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zango.zip]
Not enough storage is available to process this command
8:57 PM: Warning: Unable to sweep compressed file: System Error. Code: 8.
8:57 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration45.zip]
8:57 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionssearchassistant4.zip]
8:57 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionssearchassistant6.zip]
8:56 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration107.zip]
8:55 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration108.zip]
8:55 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zonemapranges3.zip]
8:55 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration112.zip]
8:55 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zonemapranges5.zip]
8:55 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration117.zip]
8:55 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration118.zip]
8:55 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration111.zip]
8:55 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zonemapranges4.zip]
8:55 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration124.zip]
8:55 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zlobvideoactivexobject1.zip]
8:55 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zlobvideoactivexobject4.zip]
8:55 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\spyheal1.zip]
8:55 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch9.zip]
8:55 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch8.zip]
8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch7.zip]
8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionszango13.zip]
8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch6.zip]
8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration120.zip]
8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\movieland7.zip]
8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\movieland6.zip]
8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\movieland5.zip]
8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionszango12.zip]
8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch18.zip]
8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch17.zip]
8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\registrycleaner8.zip]
8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\movieland4.zip]
8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\movieland3.zip]
8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\movieland2.zip]
8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\movieland1.zip]
8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\movieland.zip]
8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\microsoftwindowssecuritycenterfirewalloverride.zip]
8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\microsoftwindowssecuritycenterantivirusoverride.zip]
8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\marketscore1.zip]
8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\marketscore.zip]
8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\gaingator.zip]
8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funwebproducts8.zip]
8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funwebproducts7.zip]
8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funwebproducts6.zip]
8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funwebproducts5.zip]
8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funwebproducts4.zip]
8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funwebproducts3.zip]
8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funwebproducts2.zip]
8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funwebproducts1.zip]
8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch16.zip]
8:54 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\bitcomet\downloads\useful programs\useful programs.rar]
8:51 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\freeze4.zip]
8:51 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\funwebproducts.zip]
8:51 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig709\enu\data1.cab]
8:50 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionszango11.zip]
8:50 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zlobvideoactivexobject3.zip]
8:50 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\freeze3.zip]
8:50 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\freeze2.zip]
8:50 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\bitcomet\downloads\cucusoft psp movie converter\cucusoft psp movie converter.rar]
8:50 PM: Warning: TCompressedFile.GetStreams(1): Stream read error
 

mr_nobody

Thread Starter
Joined
Feb 6, 2007
Messages
14
8:50 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\freeze1.zip]
8:50 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet.zip]
8:50 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zlobvideoactivexobject2.zip]
8:50 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zlobvideoactivexobject.zip]
8:50 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zonemapranges1.zip]
8:50 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zlobhomepagemonitor.zip]
8:50 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zango9.zip]
8:50 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zango6.zip]
8:50 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zango5.zip]
8:50 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zango4.zip]
8:50 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zango3.zip]
8:50 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zango2.zip]
8:47 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\isearchtechistbar1.zip]
8:47 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration116.zip]
8:47 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\freeze.zip]
8:47 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration127.zip]
8:47 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration126.zip]
8:47 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration125.zip]
8:46 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration115.zip]
8:46 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\bitcomet\downloads\38_pinball games pc\lula pinball\lula pinball.rar]
8:46 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration114.zip]
8:46 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zonemapranges2.zip]
8:46 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionssearchassistant9.zip]
8:44 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionszango14.zip]
8:44 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration122.zip]
8:44 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration129.zip]
8:44 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration121.zip]
8:44 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration119.zip]
8:44 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionsmediagatewayx1.zip]
8:44 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zango1.zip]
8:44 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\spyheal.zip]
8:44 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\pesttrap1.zip]
8:44 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\pesttrap.zip]
8:44 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch24.zip]
8:44 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch23.zip]
8:44 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionsmediagatewayx.zip]
8:44 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration113.zip]
8:44 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch22.zip]
8:44 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch21.zip]
8:44 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch20.zip]
8:44 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\systemdoctor.zip]
8:44 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zonemapranges.zip]
8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch19.zip]
8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\starware7.zip]
8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\starware6.zip]
8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch15.zip]
8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration128.zip]
8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch14.zip]
8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch13.zip]
8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch12.zip]
8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration110.zip]
8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\antiverminspro.zip]
8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration123.zip]
8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration109.zip]
8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch11.zip]
8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch10.zip]
8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zlobvideoactivexobject6.zip]
8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\ieplugin.zip]
8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\starware5.zip]
8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\starware.zip]
8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\starware1.zip]
8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\starware2.zip]
8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\starware3.zip]
8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\starware4.zip]
8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch.zip]
8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch1.zip]
8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\registrycleaner1.zip]
8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration27.zip]
8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration35.zip]
8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration38.zip]
8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration74.zip]
8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration39.zip]
8:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\registrycleaner2.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration21.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration22.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration49.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration53.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration62.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration63.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet29.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet28.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration67.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration69.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration75.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration76.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration84.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\hotbar6.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\hotbar7.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\hotbar8.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\hotbar9.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\hotbar10.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\noadware.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\isearchtechistbar.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\ieplugin1.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration106.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration105.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration104.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration103.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration102.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration101.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration100.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet27.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration99.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration98.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration97.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\registrycleaner3.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration96.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration95.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration94.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet15.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration93.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration92.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration91.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration90.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration89.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet14.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration88.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration87.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration86.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet13.zip]
 

mr_nobody

Thread Starter
Joined
Feb 6, 2007
Messages
14
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet12.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\registrycleaner6.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\registrycleaner7.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration13.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet11.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet10.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet9.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet8.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet7.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet6.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\hotbar.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\hotbar1.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\hotbar2.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\hotbar3.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\hotbar4.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\hotbar5.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet5.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet4.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet3.zip]
8:42 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu_____________________________\data1.cab]
8:41 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu__\data1.cab]
8:39 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu________________________________\data1.cab]
8:38 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu_________________________\data1.cab]
8:37 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu______________________________\data1.cab]
8:37 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu________________\data1.cab]
8:36 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu____\data1.cab]
8:35 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu___________\data1.cab]
8:34 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu___\data1.cab]
8:33 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu_____\data1.cab]
8:32 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu___________________________\data1.cab]
8:32 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu________________________\data1.cab]
8:31 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu______________________\data1.cab]
8:30 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu____________________\data1.cab]
8:29 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet2.zip]
8:29 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu______________\data1.cab]
8:28 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu_________\data1.cab]
8:27 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu__________\data1.cab]
8:26 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu_____________\data1.cab]
8:25 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu_\data1.cab]
8:24 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu________\data1.cab]
8:23 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu____________\data1.cab]
8:22 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu_______________\data1.cab]
8:21 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu___________________\data1.cab]
8:21 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu_______________________\data1.cab]
8:19 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu____________________________\data1.cab]
8:18 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration18.zip]
8:18 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu__________________________\data1.cab]
8:17 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu_________________________________\data1.cab]
8:17 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Corrupted] on [c:\program files\broderbund\ag creatacard\unlock\cdm\install\data1.cab]
8:16 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu______\data1.cab]
8:15 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration64.zip]
8:15 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Corrupted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu_____________________\data1.cab]
8:15 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\setup files\rdrbig\enu_______________________________\data1.cab]
8:14 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet1.zip]
8:14 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration26.zip]
8:13 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\microsoftwindowssecurityinternetexplorer.zip]
8:13 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\freeze6.zip]
8:13 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\freeze5.zip]
8:13 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration73.zip]
8:13 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration141.zip]
8:13 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration140.zip]
8:13 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration139.zip]
8:13 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration138.zip]
8:13 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration137.zip]
8:13 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration136.zip]
8:13 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration135.zip]
8:13 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration134.zip]
8:13 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration133.zip]
8:13 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration132.zip]
8:13 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\antiverminspro21.zip]
8:13 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\antiverminspro20.zip]
8:13 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\antiverminspro19.zip]
8:13 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\antiverminspro18.zip]
8:13 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\antiverminspro17.zip]
8:13 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\antiverminspro16.zip]
8:13 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\antiverminspro15.zip]
8:13 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\antiverminspro14.zip]
8:13 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\antiverminspro13.zip]
8:13 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\antiverminspro12.zip]
8:13 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\registrycleaner4.zip]
8:13 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\registrycleaner5.zip]
8:12 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration44.zip]
8:12 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration42.zip]
8:12 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration41.zip]
8:12 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration43.zip]
8:12 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\registrycleaner.zip]
8:12 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration36.zip]
8:12 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration33.zip]
 

mr_nobody

Thread Starter
Joined
Feb 6, 2007
Messages
14
8:12 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration32.zip]
8:12 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration30.zip]
8:12 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration29.zip]
8:12 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch5.zip]
8:12 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch4.zip]
8:12 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch3.zip]
8:12 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\mywaymywebsearch2.zip]
8:12 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration19.zip]
8:08 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration85.zip]
8:08 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration72.zip]
8:08 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet26.zip]
8:08 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet25.zip]
8:08 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet24.zip]
8:08 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration83.zip]
8:08 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration82.zip]
8:08 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration81.zip]
8:08 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration80.zip]
8:08 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration79.zip]
8:08 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration78.zip]
8:08 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration77.zip]
8:08 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration130.zip]
8:08 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration131.zip]
8:08 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet23.zip]
8:08 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet22.zip]
8:08 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet21.zip]
8:07 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration71.zip]
8:07 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration70.zip]
8:07 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionssearchassistant8.zip]
8:07 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionszango7.zip]
8:07 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionszango8.zip]
8:07 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionszango9.zip]
8:07 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionszango10.zip]
8:07 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet20.zip]
8:07 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\antiverminspro11.zip]
8:07 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration68.zip]
8:07 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration66.zip]
8:07 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration65.zip]
8:07 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet19.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet18.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet17.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration61.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration60.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration59.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration58.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration31.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration57.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration56.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration55.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration54.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionssearchassistant5.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration52.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration51.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration50.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration20.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\zlobvideoactivexobject5.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\newdotnet16.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration143.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration145.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration144.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\antiverminspro10.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\antiverminspro9.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\antiverminspro8.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration1.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration25.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration47.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration142.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\antiverminspro7.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\antiverminspro6.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration48.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\antiverminspro1.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionssearchassistant13.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionssearchassistant12.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration24.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration23.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionssearchassistant11.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration17.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration16.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration15.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionssearchassistant10.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration14.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration37.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionssearchassistant7.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration12.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration11.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration10.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration9.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration8.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration7.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\antiverminspro5.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration6.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration5.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration4.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration40.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration3.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration2.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionszango6.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionszango5.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionszango4.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionszango3.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionszango2.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionszango1.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionszango.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\antiverminspro4.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration28.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration46.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionssearchassistant3.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionssearchassistant2.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionssearchassistant1.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\antiverminspro3.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\solutionssearchassistant.zip]
8:06 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\all users\application data\spybot - search destroy\recovery\eacceleration34.zip]
8:05 PM: Warning: SweepDirectories: Cannot find directory "k:". This directory was not added to the list of paths to be scanned.
8:05 PM: Warning: SweepDirectories: Cannot find directory "j:". This directory was not added to the list of paths to be scanned.
8:05 PM: Warning: SweepDirectories: Cannot find directory "i:". This directory was not added to the list of paths to be scanned.
8:05 PM: Warning: SweepDirectories: Cannot find directory "h:". This directory was not added to the list of paths to be scanned.
8:05 PM: Warning: SweepDirectories: Cannot find directory "g:". This directory was not added to the list of paths to be scanned.
8:05 PM: Warning: SweepDirectories: Cannot find directory "e:". This directory was not added to the list of paths to be scanned.
8:05 PM: C:\Program Files\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\components\Iwhenu_ff.xpt (ID = 296809)
8:05 PM: C:\Program Files\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\chrome.manifest (ID = 296810)
 

mr_nobody

Thread Starter
Joined
Feb 6, 2007
Messages
14
8:05 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP802\A0148603.ini (ID = 162695)
8:03 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\all users\drm\cache\indiv01.tmp]
8:02 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\owner\local settings\temp\me_yuwekrbvs0hball]
8:02 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\owner\local settings\temp\me_pfxie7mei2fpygg]
8:02 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\owner\local settings\temp\me_mtf2636gbvcvp7h]
8:02 PM: Warning: Failed to open file "c:\documents and settings\owner\my documents\my music\my pictures\2006-01-21\2006-01-21\2006-01-21\2006-01-21\2006-01-21\2006-01-21\2006-01-21\2006-01-21\2006-01-21\2006-01-21\2006-01-21\2006-01-21\2006-01-21\2006-01-21\2006-01-21\2006-01-21\2006-01-21\thumbs.db:encryptable". The operation completed successfully
8:02 PM: Warning: Failed to open file "c:\documents and settings\all users\drm\cache\indiv01.tmp". The operation completed successfully
8:02 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temp\me_yuwekrbvs0hball". The operation completed successfully
8:02 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temp\me_pfxie7mei2fpygg". The operation completed successfully
8:02 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temp\me_mtf2636gbvcvp7h". The operation completed successfully
8:01 PM: Warning: Failed to open file "c:\documents and settings\owner\my documents\my music\my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\thumbs.db:encryptable". The operation completed successfully
8:01 PM: Warning: Failed to open file "c:\documents and settings\owner\my documents\my music\my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\picture\thumbs.db:encryptable". The operation completed successfully
8:01 PM: Warning: Failed to open file "c:\documents and settings\owner\my documents\my music\my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\my pictures\picture\picture 029.jpg". The operation completed successfully
8:01 PM: Warning: Failed to open file "c:\documents and settings\owner\my documents\my music\my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\copy of my pictures\kodak pictures\2006-01-02\thumbs.db:encryptable". The operation completed successfully
7:59 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\documents and settings\owner\local settings\temp\me_lao0x979wuyvbb3]
7:58 PM: Warning: Failed to open file "c:\documents and settings\owner\local settings\temp\me_lao0x979wuyvbb3". The operation completed successfully
7:55 PM: C:\Program Files\Screensavers.com\Wallpaper\swpstart.exe (ID = 74759)
Trace marked as Always Remove
7:45 PM: C:\Program Files\BitComet\Downloads\Hot lesbo action 69 doggystyle ***** licking juices slurping orgy\69 lesbian teen oral action twat licking and ***** eating - xxx amateur outdoor homemade porn.wmv.bc! (ID = 0)
7:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\bitcomet\downloads\38_pinball games pc\slam tilt resurrection - pirate\install.dat]
7:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Corrupted] on [c:\program files\bitcomet\downloads\01.14.07.independence.day.1996.hdrip.x264.dts-bmdru\cd3\bmdru-id-x264-cd3.rar.bc!]
7:43 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Corrupted] on [c:\program files\bitcomet\downloads\susana spears - spreads ***** in kitchen - [www.bestoftorrents.dl.am]\susana spears - spreads ***** in kitchen - [www.bestoftorrents.dl.am].rar.bc!]
Trace marked as Always Remove
7:43 PM: C:\Program Files\BitComet\Downloads\Hot lesbo action 69 doggystyle ***** licking juices slurping orgy\Hot Lesbo Action 69 Doggystyle In Bedroom - Amateur Homemade xxx porn sex.wmv.bc! (ID = 0)
7:43 PM: Found Troj/Wimad-Gen: Troj/Wimad-Gen
7:33 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP802\A0148604.exe (ID = 338051)
7:28 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\websearch\websearchenu.pdf]
7:28 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Scan Aborted] on [c:\owner file\20062007_125315_owner\c\docume~1\owner\mydocu~1\nef7ee~1\trackn~1.nrg.nco]
7:24 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP802\A0148596.dll (ID = 358923)
7:20 PM: C:\Program Files\Screensavers.com\Installer\bin\siuninst.exe (ID = 298009)
7:19 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\messages\rdrmsgsplash.pdf]
7:09 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\pagefile.sys]
7:09 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [Access Denied] on [c:\hiberfil.sys]
7:06 PM: C:\Program Files\p2pnetworks\uninst.exe (ID = 162703)
7:03 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\documents and settings\owner\application data\superantispyware.com\superantispyware\quarantine\quarantine - 02-09-2007 - 19-16-20.sbu]
Trace marked as Always Remove
6:58 PM: C:\WINDOWS\system32\Policies\ppdriver.sys (ID = 0)
6:58 PM: Found Troj/RKProc-Fam: Troj/RKProc-Fam
6:53 PM: C:\WINDOWS\system32\cemetrix.dll (ID = 243051)
6:50 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP802\A0148606.dll (ID = 71040)
6:50 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP802\A0148602.dll (ID = 71040)
6:50 PM: Found Adware: networkessentials
6:47 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP802\A0148597.exe (ID = 358924)
6:46 PM: Warning: AntiVirus engine for IdentifyFileObject.ProcessAVResult returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\messages\enu\rdrmsgenu.pdf]
6:43 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP802\A0148607.exe (ID = 338031)
6:42 PM: C:\Program Files\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\chrome\whenu_ff.jar (ID = 305736)
6:42 PM: C:\Program Files\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\install.rdf (ID = 305737)
6:36 PM: C:\Documents and Settings\Owner\Recent\MovieLand Terms.lnk (ID = 201283)
6:33 PM: C:\System Volume Information\_restore{f845e3db-f751-4be4-a620-64f2ca1bfb5f}\RP802\A0148598.exe (ID = 358922)
6:33 PM: Found Adware: whenu save
6:32 PM: C:\Program Files\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\components\whenu_ff.dll (ID = 296501)
6:32 PM: Found Adware: whenu
6:31 PM: C:\Program Files\p2pnetworks\AlConfig.xml (ID = 163204)
6:31 PM: C:\Program Files\p2pnetworks\sp2p.cache (ID = 163206)
Operation: File Access
Target:
Source: C:\PROGRAM FILES\NETWORK ASSOCIATES\VIRUSSCAN\MCSHIELD.EXE
6:27 PM: Tamper Detection
6:26 PM: C:\Program Files\Screensavers.com (12 subtraces) (ID = 2147486931)
6:26 PM: C:\My AccessMedia (1 subtraces) (ID = 2147498114)
6:26 PM: C:\Program Files\p2pnetworks (6 subtraces) (ID = 2147497177)
6:26 PM: C:\Program Files\SB (7 subtraces) (ID = 2147486978)
6:26 PM: C:\Program Files\SB\Smart-Browser (6 subtraces) (ID = 2147526868)
6:26 PM: C:\Program Files\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34} (8 subtraces) (ID = 2147518400)
6:26 PM: Found Adware: whenu savenow
6:26 PM: Starting File Sweep
6:26 PM: Cookie Sweep Complete, Elapsed Time: 00:00:04
6:26 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 3072)
6:26 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 3072)
6:26 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 3050)
6:26 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 3050)
6:26 PM: Found Spy Cookie: mytemplatestorage cookie
6:26 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 3007)
6:26 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 2034)
6:26 PM: Found Spy Cookie: abcsearch cookie
6:26 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 2528)
6:26 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 3529)
6:26 PM: Found Spy Cookie: tickle cookie
6:26 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 6444)
6:26 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 3254)
6:26 PM: Found Spy Cookie: reliablestats cookie
6:26 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 3341)
6:26 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 3341)
6:26 PM: Found Spy Cookie: server.iad.liveperson cookie
6:26 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 5014)
6:26 PM: Found Spy Cookie: nextag cookie
6:26 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 3071)
6:26 PM: Found Spy Cookie: netster cookie
6:26 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 3006)
6:26 PM: Found Spy Cookie: monstermarketplace cookie
6:26 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 6442)
6:26 PM: Found Spy Cookie: mediaplex cookie
6:26 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 3669)
6:26 PM: Found Spy Cookie: webtrends cookie
6:26 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 2843)
6:26 PM: Found Spy Cookie: imlive.com cookie
6:26 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 2821)
6:26 PM: Found Spy Cookie: ic-live cookie
6:26 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 2527)
6:26 PM: Found Spy Cookie: directtrack cookie
6:26 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 2523)
6:26 PM: Found Spy Cookie: did-it cookie
6:26 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 2509)
6:26 PM: Found Spy Cookie: delfinproject cookie
6:26 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 2253)
6:26 PM: Found Spy Cookie: atlas dmt cookie
6:26 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 2245)
6:26 PM: Found Spy Cookie: ask cookie
6:26 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 6445)
6:26 PM: Found Spy Cookie: tacoda cookie
6:26 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 2217)
6:26 PM: Found Spy Cookie: alt cookie
6:26 PM: c:\documents and settings\owner\cookies\[email protected][1].txt (ID = 2175)
6:26 PM: Found Spy Cookie: advertising cookie
6:26 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 3751)
6:26 PM: Found Spy Cookie: yieldmanager cookie
6:26 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 2011)
6:26 PM: Found Spy Cookie: 7search cookie
6:26 PM: c:\documents and settings\owner\cookies\[email protected][2].txt (ID = 1957)
6:26 PM: Found Spy Cookie: 2o7.net cookie
6:25 PM: Starting Cookie Sweep
6:25 PM: Registry Sweep Complete, Elapsed Time:00:00:47
6:25 PM: HKU\S-1-5-21-1879238435-1967114630-2179219950-1003\software\microsoft\windows\currentversion\uninstall\bar888\ (ID = 1882039)
6:25 PM: Found Adware: maxifiles
6:25 PM: HKU\S-1-5-21-1879238435-1967114630-2179219950-1003\software\screenscenes\ (ID = 723706)
6:25 PM: Found Adware: screenscenes
6:25 PM: HKU\S-1-5-21-1879238435-1967114630-2179219950-1003\software\microsoft\internet explorer\toolbar\webbrowser\ || {d49e9d35-254c-4c6a-9d17-95018d228ff5} (ID = 142862)
6:25 PM: HKU\S-1-5-21-1879238435-1967114630-2179219950-1003\software\microsoft\internet explorer\toolbar\webbrowser\ || {7bed0340-176b-44bc-915e-c21c1dd6f617} (ID = 142861)
6:25 PM: HKU\S-1-5-21-1879238435-1967114630-2179219950-1003\software\microsoft\internet explorer\toolbar\webbrowser\ || {2d51d869-c36b-42bd-ae68-0a81bc771fa5} (ID = 142860)
6:25 PM: HKU\S-1-5-21-1879238435-1967114630-2179219950-1003\software\microsoft\windows\currentversion\explorer\ || insid (ID = 139328)
6:25 PM: Found Adware: redzip toolbar
6:25 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{67982bb7-0f95-44c5-92dc-e3af3dc19d6d}\ (ID = 1918566)
6:25 PM: Found Trojan Horse: trojan-downloader-zlob
6:25 PM: HKLM\system\currentcontrolset\services\nwsapagent\ (ID = 1729831)
 

mr_nobody

Thread Starter
Joined
Feb 6, 2007
Messages
14
6:25 PM: HKLM\system\controlset002\services\nwsapagent\ (ID = 1729775)
6:25 PM: HKLM\system\controlset002\enum\root\legacy_nwsapagent\ (ID = 1729735)
6:25 PM: HKLM\system\controlset001\services\nwsapagent\ (ID = 1729695)
6:25 PM: HKLM\system\controlset001\enum\root\legacy_nwsapagent\ (ID = 1729645)
6:25 PM: Found Adware: linkmedia
6:25 PM: HKLM\software\classes\clsid\{b7d3e479-cc68-42b5-a338-938ece35f419}\ (ID = 1729347)
6:25 PM: HKCR\clsid\{b7d3e479-cc68-42b5-a338-938ece35f419}\ (ID = 1728993)
6:25 PM: Found Adware: eqiso toolbar
6:25 PM: HKLM\software\microsoft\windows\currentversion\uninstall\shopperreports\ (ID = 1329363)
6:25 PM: HKLM\software\classes\clsid\{85a616ee-142c-4d52-9f45-c469964e109e}\ (ID = 1166114)
6:25 PM: HKCR\clsid\{85a616ee-142c-4d52-9f45-c469964e109e}\ (ID = 1166078)
6:25 PM: Found Adware: starware toolbar
6:25 PM: HKLM\software\classes\iceclientatl.surveyclientctl.1\ (ID = 1149360)
6:25 PM: HKLM\software\classes\iceclientatl.surveyclientctl\ (ID = 1149354)
6:25 PM: HKCR\iceclientatl.surveyclientctl.1\ (ID = 1149346)
6:25 PM: HKCR\iceclientatl.surveyclientctl\ (ID = 1149340)
6:25 PM: HKLM\software\classes\typelib\{fe844296-3c38-4b78-a272-87557622c953}\ (ID = 1144226)
6:25 PM: HKLM\software\classes\clsid\{cd1b7795-13bc-4a12-bf42-a52748971aa2}\ (ID = 1144222)
6:25 PM: HKCR\typelib\{fe844296-3c38-4b78-a272-87557622c953}\ (ID = 1144194)
6:25 PM: HKCR\clsid\{cd1b7795-13bc-4a12-bf42-a52748971aa2}\ (ID = 1144173)
6:25 PM: HKLM\software\microsoft\windows\currentversion\uninstall\ shopperreports\ (ID = 1008466)
6:25 PM: Found Adware: hotbar/zango
6:25 PM: HKLM\software\microsoft\windows\currentversion\uninstall\{15d612df-d417-4cda-b8b5-94f47ba21313}\ (ID = 945998)
6:25 PM: Found Adware: marketscore
6:25 PM: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\ || c:\program files\p2pnetworks\p2pnetworks.exe (ID = 871570)
6:25 PM: HKLM\software\microsoft\windows\currentversion\uninstall\p2pnetworks\ (ID = 867156)
6:25 PM: HKLM\software\classes\typelib\{ab3b59a5-8bb4-46ab-a878-dfdb237d5bd5}\ (ID = 867095)
6:25 PM: HKLM\software\classes\typelib\{97d860c4-f072-477b-b241-409f7cffb954}\ (ID = 867085)
6:25 PM: HKLM\software\classes\typelib\{555fb512-9f3b-4359-9d2a-3c10e750ce5e}\ (ID = 867075)
6:25 PM: HKLM\software\classes\clsid\{dfe95408-fd86-4818-a30a-bc859d9658e1}\ (ID = 867048)
6:25 PM: HKLM\software\classes\clsid\{1e9adaf2-4eda-4074-96ce-c9972e675c88}\ (ID = 866985)
6:25 PM: HKLM\software\classes\appid\{99c4f93d-42a7-478d-8746-4afb6c10bc26}\ (ID = 866981)
6:25 PM: HKLM\software\classes\appid\{626873ac-27f3-4d48-be81-535cf2360071}\ (ID = 866975)
6:25 PM: HKLM\software\classes\appid\{4c0b0548-ae0b-4008-999d-db33b8b2eb90}\ (ID = 866973)
6:25 PM: HKLM\software\classes\appid\trayicon.exe\ (ID = 866971)
6:25 PM: HKLM\software\classes\appid\sp2p.exe\ (ID = 866969)
6:25 PM: HKLM\software\classes\appid\downloadmanager.exe\ (ID = 866963)
6:25 PM: HKLM\software\classes\sp2p.sp2p.1\ (ID = 866957)
6:25 PM: HKLM\software\classes\sp2p.sp2p\ (ID = 866951)
6:25 PM: HKLM\software\classes\downloadmanager.manager.1\ (ID = 866927)
6:25 PM: HKLM\software\classes\downloadmanager.manager\ (ID = 866921)
6:25 PM: HKCR\typelib\{ab3b59a5-8bb4-46ab-a878-dfdb237d5bd5}\ (ID = 866816)
6:25 PM: HKCR\typelib\{97d860c4-f072-477b-b241-409f7cffb954}\ (ID = 866806)
6:25 PM: HKCR\typelib\{555fb512-9f3b-4359-9d2a-3c10e750ce5e}\ (ID = 866796)
6:25 PM: HKCR\clsid\{dfe95408-fd86-4818-a30a-bc859d9658e1}\ (ID = 866769)
6:25 PM: HKCR\clsid\{1e9adaf2-4eda-4074-96ce-c9972e675c88}\ (ID = 866706)
6:25 PM: HKCR\appid\{99c4f93d-42a7-478d-8746-4afb6c10bc26}\ (ID = 866702)
6:25 PM: HKCR\appid\{626873ac-27f3-4d48-be81-535cf2360071}\ (ID = 866696)
6:25 PM: HKCR\appid\{4c0b0548-ae0b-4008-999d-db33b8b2eb90}\ (ID = 866694)
6:25 PM: HKCR\appid\trayicon.exe\ (ID = 866692)
6:25 PM: HKCR\appid\sp2p.exe\ (ID = 866690)
6:25 PM: HKCR\appid\downloadmanager.exe\ (ID = 866684)
6:25 PM: HKCR\sp2p.sp2p.1\ (ID = 866678)
6:25 PM: HKCR\sp2p.sp2p\ (ID = 866672)
6:25 PM: HKCR\downloadmanager.manager.1\ (ID = 866648)
6:25 PM: HKCR\downloadmanager.manager\ (ID = 866642)
6:25 PM: HKCR\typelib\{00000182-c745-43d2-44f1-01a1c789c738}\ (ID = 141872)
6:25 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000185-c745-43d2-44f1-01a1c789c738}\ (ID = 141867)
6:25 PM: HKLM\software\classes\typelib\{00000182-c745-43d2-44f1-01a1c789c738}\ (ID = 141860)
6:25 PM: HKLM\software\classes\interface\{00000183-c745-43d2-44f1-01a1c789c738}\ (ID = 141857)
6:25 PM: HKCR\interface\{00000183-c745-43d2-44f1-01a1c789c738}\ (ID = 141850)
6:25 PM: Found Adware: smart-browser
6:25 PM: HKCR\typelib\{0ab5b0d8-2b74-4c1c-8fa4-e52550b8b45b}\ (ID = 140575)
6:25 PM: HKLM\software\screensavers.com\ (ID = 140569)
6:25 PM: HKLM\software\classes\typelib\{0ab5b0d8-2b74-4c1c-8fa4-e52550b8b45b}\ (ID = 140565)
6:25 PM: HKLM\software\classes\clsid\{88d758a3-d33b-45fd-91e3-67749b4057fa}\ (ID = 140556)
6:25 PM: HKLM\software\classes\clsid\{722d2939-a14a-41a9-9eac-ab8f4e295819}\ (ID = 140555)
6:25 PM: HKCR\clsid\{88d758a3-d33b-45fd-91e3-67749b4057fa}\ (ID = 140551)
6:25 PM: HKCR\clsid\{722d2939-a14a-41a9-9eac-ab8f4e295819}\ (ID = 140550)
6:25 PM: Starting Registry Sweep
6:25 PM: Memory Sweep Complete, Elapsed Time: 00:06:33
6:18 PM: Starting Memory Sweep
6:18 PM: HKLM\software\classes\typelib\{97d860c4-f072-477b-b241-409f7cffb954}\1.0\0\win32\ (ID = 1589903)
6:18 PM: HKLM\software\classes\clsid\{dfe95408-fd86-4818-a30a-bc859d9658e1}\localserver32\ (ID = 1589902)
6:18 PM: Found Trojan Horse: p2pnetwork
6:18 PM: HKCR\typelib\{555fb512-9f3b-4359-9d2a-3c10e750ce5e}\1.0\0\win32\ (ID = 1589901)
6:18 PM: HKCR\clsid\{1e9adaf2-4eda-4074-96ce-c9972e675c88}\localserver32\ (ID = 1589898)
6:18 PM: HKCR\typelib\{ab3b59a5-8bb4-46ab-a878-dfdb237d5bd5}\1.0\0\win32\ (ID = 1589897)
6:18 PM: Found Adware: mediapipe
6:18 PM: HKCR\clsid\{722d2939-a14a-41a9-9eac-ab8f4e295819}\inprocserver32\ (ID = 1531329)
6:18 PM: Found Adware: comet cursor
6:18 PM: Start Custom Sweep
6:18 PM: Sweep initiated using definitions version 845
6:12 PM: Your virus definitions have been updated.
6:10 PM: Informational: Loaded AntiVirus Engine: 2.41.0; SDK Version: 4.13; Virus Definitions: 2/11/2007 1:31:44 PM (GMT)
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: Off
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
6:07 PM: Shield States
6:07 PM: Spyware Definitions: 845
6:07 PM: Informational: Loaded AntiVirus Engine: 2.41.0; SDK Version: 4.13; Virus Definitions: 2/11/2007 1:31:44 PM (GMT)
6:02 PM: Spy Sweeper 5.3.1.2344 started
6:02 PM: Spy Sweeper 5.3.1.2344 started
6:02 PM: | Start of Session, Sunday, February 11, 2007 |
***************
 

mr_nobody

Thread Starter
Joined
Feb 6, 2007
Messages
14
Logfile of HijackThis v1.99.1
Scan saved at 9:22:04 PM, on 2/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\FreezeScreenSaver.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\dumprep.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SmartPics Class - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\WINDOWS\Policies.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunKistEM] "C:\Program Files\Digital Media Reader\shwiconem.exe"
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,[email protected]
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [PLNRNote] "C:\Program Files\SierraHome\Hallmark Card Studio Special Edition\Planner\PLNRNote.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3
O4 - HKLM\..\Run: [Synchronization Manager] "C:\WINDOWS\system32\mobsync.exe" /logon
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [ANIWZCS2Service] "C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [Globe7] "C:\Program Files\Globe7\Globe7.exe" /hide
O4 - HKLM\..\Run: [D-Link AirPlus G] "C:\Program Files\D-Link\AirPlus G\AirGCFG.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup
O4 - HKLM\..\Run: [NI.UWAS7_0001_N91M1112] "c:\documents and settings\owner\application data\winantispyware2007freeinstall[1].exe" -nag
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Weather] "C:\Program Files\AWS\WeatherBug\Weather.exe" 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [IM] C:\Program Files\IM\IMLauncher.exe /boot:1
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Forget Me Not.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: run_startmenu.cmd
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: iWatchNow Media Center - {750A64D8-DFAA-485B-A335-F7093333FBB7} - C:\Program Files\iWatchNow, Inc.\iWatchNow Media Center\iwnvod.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {2871FC9B-5E34-4AAE-9E9C-EBD1652D5C92} (Rhapsody Player Engine) - http://forms.real.com/real/player/d.../mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135301364296
O16 - DPF: {A364AF35-0CDF-41E8-8F3B-E0E55E15EBA1} (Zenturi Active Programs Control) - http://www.programchecker.com/dll/nixon.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: FreezeScreenSaver - Unknown owner - C:\WINDOWS\system32\FreezeScreenSaver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
 
Joined
Sep 7, 2004
Messages
49,014
Your Ewido is out of date and Ewido has been replaced with AVG AS

Remove Ewido and get AVG AS - http://www.ewido.net/en/download/
==========================



You may want to print this or save it to notepad as we will go to safe mode.

Fix these with HiJackThis – mark them, close IE, click fix checked

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)

O2 - BHO: SmartPics Class - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\WINDOWS\Policies.dll

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" –k

O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3

O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 –k

O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup

O4 - HKLM\..\Run: [NI.UWAS7_0001_N91M1112] "c:\documents and settings\owner\application data\winantispyware2007freeinstall[1].exe" -nag

DownLoad http://www.downloads.subratam.org/KillBox.zip or
http://www.thespykiller.co.uk/files/killbox.exe

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

c:\documents and settings\owner\application data\winantispyware2007freeinstall[1].exe
C:\PROGRA~1\AQUATI~1
C:\Program Files\Acceleration Software
C:\WINDOWS\Policies.dll


Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and post a new hijack log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top