VBS:Malware-gen

Advertise at AfterDawn.com

Link to us!

Private messages

Compose a private message

List of all updated threads

Threads without replies

Search messages

Thursday 6.3.2025 / 13:59

Search AfterDawn Forums:

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > vbs:malware-gen

Browse by topic

Forums

Start a new thread

VBS:Malware-gen

Jump to:

Posted

Message

rtreasure

Newbie

25. July 2008 @ 12:49

Link to this message

Hi, 1st post, reading similar ones i've DL'ed Hijackthis and combofix and have the same issue as other posters, i've got the above malware and Avast doesn't seem to be trying too hard to get rid of it!

Anyway here are both logs, can you help please? Thanks in advance.

ComboFix 08-07-24.6 - RobTreasure 2008-07-25 17:10:48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1621 [GMT 1:00]
Running from: C:\Documents and Settings\RobTreasure\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\erms.exe
C:\WINDOWS\system32\blphcardj0etb1.scr
C:\WINDOWS\system32\phcardj0etb1.bmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINCOM32
-------\Service_npf

((((((((((((((((((((((((( Files Created from 2008-06-25 to 2008-07-25 )))))))))))))))))))))))))))))))
.

2008-07-24 13:53 . 2008-07-24 13:53 244 --ah----- C:\sqmnoopt19.sqm
2008-07-24 13:53 . 2008-07-24 13:53 232 --ah----- C:\sqmdata19.sqm
2008-07-23 08:04 . 2008-07-23 08:04 159 --a------ C:\WINDOWS\wininit.ini
2008-07-23 00:28 . 2008-07-23 00:28 244 --ah----- C:\sqmnoopt18.sqm
2008-07-23 00:28 . 2008-07-23 00:28 232 --ah----- C:\sqmdata18.sqm
2008-07-23 00:18 . 2008-07-23 00:18 244 --ah----- C:\sqmnoopt17.sqm
2008-07-23 00:18 . 2008-07-23 00:18 232 --ah----- C:\sqmdata17.sqm
2008-07-17 11:47 . 2008-07-17 11:47 244 --ah----- C:\sqmnoopt16.sqm
2008-07-17 11:47 . 2008-07-17 11:47 232 --ah----- C:\sqmdata16.sqm
2008-07-17 11:42 . 2008-07-17 11:42 244 --ah----- C:\sqmnoopt15.sqm
2008-07-17 11:42 . 2008-07-17 11:42 232 --ah----- C:\sqmdata15.sqm
2008-07-16 14:41 . 2008-07-16 14:41 244 --ah----- C:\sqmnoopt14.sqm
2008-07-16 14:41 . 2008-07-16 14:41 232 --ah----- C:\sqmdata14.sqm
2008-07-16 14:40 . 2008-07-16 14:40 244 --ah----- C:\sqmnoopt13.sqm
2008-07-16 14:40 . 2008-07-16 14:40 232 --ah----- C:\sqmdata13.sqm
2008-07-16 01:12 . 2008-07-16 01:12 244 --ah----- C:\sqmnoopt12.sqm
2008-07-16 01:12 . 2008-07-16 01:12 232 --ah----- C:\sqmdata12.sqm
2008-07-05 20:57 . 2008-07-05 20:57 <DIR> d-------- C:\Program Files\Download Manager
2008-07-05 20:57 . 2008-07-05 21:18 <DIR> d-------- C:\Documents and Settings\RobTreasure\Application Data\IGN_DLM
2008-07-05 20:40 . 2008-07-05 20:40 94,208 --a------ C:\WINDOWS\DIIUnin.exe
2008-07-05 20:40 . 2008-07-05 21:19 36,048 --a------ C:\WINDOWS\DIIUnin.dat
2008-07-05 20:40 . 2008-07-05 20:40 2,829 --a------ C:\WINDOWS\DIIUnin.pif
2008-07-05 20:16 . 2008-07-05 20:16 <DIR> d-------- C:\Diablo II
2008-07-05 09:17 . 2008-07-20 19:51 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-05 09:17 . 2008-07-05 09:17 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-30 08:00 . 2008-06-30 08:00 244 --ah----- C:\sqmnoopt11.sqm
2008-06-30 08:00 . 2008-06-30 08:00 232 --ah----- C:\sqmdata11.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-23 20:35 --------- d-----w C:\Program Files\Diablo II
2008-07-20 08:49 --------- d-----w C:\Program Files\Napster
2008-07-05 21:00 90,112 ----a-w C:\WINDOWS\Internet Logs\xDB1BD.tmp
2008-07-05 20:06 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-07-05 20:06 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-07-05 20:06 12,067 -c--atw C:\WINDOWS\system32\SIntf16.dll
2008-06-30 21:35 61,440 ----a-w C:\WINDOWS\Internet Logs\xDB1BC.tmp
2008-06-28 13:42 54,272 ----a-w C:\WINDOWS\Internet Logs\xDB1BB.tmp
2008-06-22 21:37 619,008 ----a-w C:\WINDOWS\Internet Logs\xDB1BA.tmp
2008-06-18 19:51 --------- d-----w C:\Documents and Settings\RobTreasure\Application Data\GetRightToGo
2008-06-18 19:50 --------- d-----w C:\Documents and Settings\RobTreasure\Application Data\Turbine
2008-06-18 19:28 --------- d-----w C:\Program Files\Codemasters
2008-06-17 19:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-17 19:14 24,968,227 -c--a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-06-17 11:27 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-06-17 11:27 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2008-06-17 11:18 21,672 ----a-w C:\WINDOWS\system32\drivers\ggsemc.sys
2008-06-17 11:18 13,352 ----a-w C:\WINDOWS\system32\drivers\ggflt.sys
2008-06-17 11:18 1,419,232 ----a-w C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-06-17 11:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-06-17 11:16 --------- d-----w C:\Program Files\Sony Ericsson
2008-06-14 07:04 --------- d-----w C:\Program Files\EA GAMES
2008-05-28 20:02 --------- d-----w C:\Program Files\Common Files\Stardock
2008-05-28 20:01 --------- d-----w C:\Program Files\Stardock
2008-05-18 11:36 52,736 ----a-w C:\WINDOWS\Internet Logs\xDB1B9.tmp
2008-05-18 07:12 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-05-18 06:45 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-05-16 22:36 389,632 ----a-w C:\WINDOWS\Internet Logs\xDB1B8.tmp
2008-04-27 14:34 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-03-13 19:06 22,328 ----a-w C:\Documents and Settings\RobTreasure\Application Data\PnkBstrK.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-10-05 09:52 98304]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:56 15360]
"igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 22:57 1103480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 18:14 8491008]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-03-16 11:34 755480]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51 257088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 18:14 81920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"nwiz"="nwiz.exe" [2007-10-04 18:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 19:48 77824 C:\WINDOWS\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:56 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless G Desktop Card Client Utility.lnk - C:\Program Files\Belkin\PCI F5D700F\Wireless Utility\Belkinwcui.exe [2007-05-13 14:42:00 1556480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"SandraTheSrv"=3 (0x3)
"SandraDataSrv"=3 (0x3)
"PnkBstrA"=2 (0x2)
"iPod Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 00:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 00:16]
R3 Belkin700F;Belkin Wireless G Desktop Card Service v7;C:\WINDOWS\system32\DRIVERS\BLKWGDv7.sys [2006-10-19 10:44]
R3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2002-10-02 09:57]
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-06-17 12:18]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2006-02-17 20:34]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2006-11-19 19:10]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2006-11-19 19:10]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2006-11-19 19:10]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2006-11-19 19:10]
S3 se46bus;Sony Ericsson Device 070 driver (WDM);C:\WINDOWS\system32\DRIVERS\se46bus.sys [2006-11-30 15:11]
S3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se46mdfl.sys [2006-11-30 15:11]
S3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se46mdm.sys [2006-11-30 15:11]
S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se46mgmt.sys [2006-11-30 15:11]
S3 se46nd5;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se46nd5.sys [2006-11-30 15:11]
S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se46obex.sys [2006-11-30 15:11]
S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se46unic.sys [2006-11-30 15:11]
S3 ULI5261;ULi Based Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN.SYS [2004-07-26 22:19]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-07-03 15:03:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
- - - - ORPHANS REMOVED - - - -

SSODL-evgratsm-{0D96FBFB-E9D8-4F6C-A058-18731591ED24} - C:\WINDOWS\evgratsm.dll

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.co.uk
R1 -: HKCU-SearchURL,(Default) = hxxp://search.aol.co.uk/web?isinit=true&query=%s
O8 -: &Search - ?p=ZKxdm011YYGB
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-25 17:15:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2008-07-25 17:21:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-25 16:21:38

Pre-Run: 14,236,442,624 bytes free
Post-Run: 14,299,652,096 bytes free

186

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:46:35, on 25/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\PCI F5D700F\Wireless Utility\Belkinwcui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Outlook Express\msimn.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Registration .LNK = C:\Program Files\Ubisoft\Dark Messiah of Might and Magic\RegistrationReminder.exe
O4 - Global Startup: Belkin Wireless G Desktop Card Client Utility.lnk = ?
O8 - Extra context menu item: &Search - ?p=ZKxdm011YYGB
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar) - http://sib1.od2.com/common/musicmanager/...nagerPlugin.CAB
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6826 bytes

[ + quote]

cdavfrew

Senior Member

25. July 2008 @ 13:07

Link to this message

Hi rtreasure

Before I tell you what things to fix from your logs, please do the following two steps:

***************************************************
1. Download Superantispyware Free, install it, and update it. We will use it later.

2.. Scan with Avast in safe mode. Quarantine (Move to chest) all detected items, and post a scan log here. To boot into safe mode, just press the F8 key repeatedly after you press the power button.

3. With your computer still in safe mode, scan with Superantispyware Free, quarantine all detected items, and then post a scan log here.
***************************************************

Best Regards :D

[ + quote]

Life is but a dream; you dont feel any pain unless you want to or you fall off the bed.
Success is relative; the more success the more relatives.
A computer once beat me at chess, but it was no match for me at kickboxing.
To be or not to be; thats a dumb question.

rtreasure

Newbie

26. July 2008 @ 07:02

Link to this message

Right, phew!

Done all that, well almost all, going back to quarantine from Superantispyware but here's the logs.

..... I'm going to kill my mate who is staying and infected my lovely computer with this! A little knowledge is a dangerous thing :o) Thanks for your help.

AVAST did some odd stuff, I think it was trying to delete the file i'd already sent to vault.

*
* avast! Report
* This file is generated automatically
*
* Task 'Simple user interface' used
* Started on 25 July 2008 20:42:31
* VPS: 080725-0, 25/07/2008
*

C:\Documents and Settings\Administrator\Local Settings\Temp\_avast4_\unp212071442.tmp\{app}\autostart.exe [L] Win32:Adware-gen [Adw] (0)
While moving file to chest, error occurred: Virus chest server is not running. RPC communication failed.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb1.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb1.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb10.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb10.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb11.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb11.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb12.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb12.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb13.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb13.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb14.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb14.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb15.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb15.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb2.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb2.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb3.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb3.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb4.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb4.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb5.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb5.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb6.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb6.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb7.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb7.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb8.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb8.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb9.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb9.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts1.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts1.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts10.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts10.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts11.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts11.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts12.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts12.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts13.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts13.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts14.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts14.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts15.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts15.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts16.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts16.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts17.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts17.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts18.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts18.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts19.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts19.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts2.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts2.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts20.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts20.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts21.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts21.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts22.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts22.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts23.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts23.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts24.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts24.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts25.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts25.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts26.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts26.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts27.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts27.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts28.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts28.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts29.zip\PopSwatr\History\allowed [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts29.zip\PopSwatr\History\notallow [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts29.zip\Shared\Cache\CursorManiaBtn.html [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts29.zip\Shared\Cache\MailStampBtn.html [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts29.zip\Shared\Cache\MyStationeryBtn.html [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts29.zip\Shared\Cache\SmileyCentralBtn.html [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts29.zip\Shared\Cache\WebfettiBtn.html [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts29.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts3.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts3.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts30.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts30.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts31.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts31.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts32.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts32.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts33.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts33.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts34.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts34.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts35.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts35.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts36.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts36.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts37.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts37.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts38.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts38.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts39.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts39.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts4.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts4.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts40.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts40.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts41.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts41.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts42.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts42.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts43.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts43.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts44.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts44.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts45.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts45.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts46.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts46.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts47.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts47.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts48.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts48.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts49.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts49.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts5.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts5.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts50.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts50.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts51.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts51.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts52.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts52.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts53.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts53.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts54.zip\f3PSSavr.scr [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts54.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts55.zip\f3initialsetup1.0.0.15-3.inf [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts55.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts56.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts56.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts57.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts58.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts59.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts59.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts6.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts6.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts7.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts7.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts8.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts8.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts9.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts9.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusDisableNotify.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusDisableNotify.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusDisableNotify1.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusDisableNotify1.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisableNotify.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisableNotify.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisableNotify1.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisableNotify1.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterUpdateDisableNotify.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterUpdateDisableNotify.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterUpdateDisableNotify1.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterUpdateDisableNotify1.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSystem.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSystem.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSystem1.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSystem1.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch.zip\MWSBAR.DLL [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch1.zip\MWSSRCAS.DLL [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch1.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch10.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch10.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch11.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch11.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch12.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch12.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch13.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch13.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch14.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch14.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch15.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch15.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch16.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch16.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch17.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch17.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch18.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch18.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch19.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch19.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch2.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch2.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch20.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch20.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch22.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch22.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch23.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch23.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch24.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch24.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch25.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch25.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch26.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch26.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch27.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch27.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch28.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch28.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch29.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch29.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch3.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch3.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch30.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch30.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch31.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch31.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch32.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch32.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch33.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch33.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\F3BKGERR.JPG [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\F3BROVLY.DLL [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\F3CJPEG.DLL [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\F3DTACTL.DLL [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\F3HISTSW.DLL [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\F3HTTPCT.DLL [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\F3IMSTUB.DLL [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\F3POPSWT.DLL [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\F3PSSAVR.SCR [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\F3REPROX.DLL [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\F3RESTUB.DLL [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\F3SCHMON.EXE [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\F3SCRCTR.DLL [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\F3SHLLVW.DLL [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\F3SPACER.WMV [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\F3WALLPP.DAT [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\F3WPHOOK.DLL [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\M3FFXTBR.JAR [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\M3FFXTBR.MANIFEST [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\M3HTML.DLL [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\M3IDLE.DLL [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\M3IMPIPE.EXE [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\M3MSG.DLL [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\M3NTSTBR.JAR [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\M3NTSTBR.MANIFEST [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\M3OUTLCN.DLL [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\M3PLUGIN.DLL [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\M3SKIN.DLL [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\M3SKPLAY.EXE [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\M3SLSRCH.EXE [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\M3SRCHMN.EXE [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\MWSOEMON.EXE [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\MWSOEPLG.DLL [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\MWSOESTB.DLL [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\NPMYWEBS.DLL [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Avatar\COMMON.F3S [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Cache\01826ADA [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Cache\01826E25 [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Cache\01827039.bin [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Cache\01827886.bin [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Cache\01827B35.bin [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Cache\01827C4E.bin [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Cache\01827E04.bin [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Cache\01EA1F9E.bin [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Cache\01EA279D.bin [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Cache\01EA2933.bin [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Cache\01EA2A8B.bin [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Cache\files.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Game\CHECKERS.F3S [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Game\CHESS.F3S [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Game\REVERSI.F3S [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\History\search2 [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Message\COMMON.F3S [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Notifier\COMMON.F3S [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Notifier\DOG.F3S [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Notifier\FISH.F3S [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Notifier\KUNGFU.F3S [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Notifier\LIFEGARD.F3S [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Notifier\MAID.F3S [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Notifier\MAILBOX.F3S [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Notifier\OPERA.F3S [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Notifier\ROBOT.F3S [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Notifier\SEDUCT.F3S [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Notifier\SURFER.F3S [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Settings\prevcfg2.htm [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Settings\setting2.htm [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Settings\settings.dat [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Settings\s_pid.dat [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch35.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch35.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch36.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch36.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch37.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch37.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch38.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch38.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch39.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch39.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch4.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch4.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch40.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch40.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch41.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch41.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch42.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch42.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch43.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch43.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch44.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch44.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch45.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch45.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch46.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch46.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch47.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch47.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch48.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch48.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch49.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch49.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch5.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch5.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch50.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch50.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch51.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch51.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch52.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch52.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch53.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch53.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch54.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch54.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch55.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch55.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch56.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch56.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch57.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch57.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch58.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch58.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch59.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch59.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch6.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch6.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch60.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch60.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch61.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch61.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch62.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch62.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch63.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch63.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch64.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch64.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch65.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch65.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch66.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch66.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch67.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch67.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch68.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch68.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch69.zip\bar\1.bin\MWSOEMON.EXE [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch69.zip\bar\1.bin\MWSOESTB.DLL [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch69.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch7.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch7.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch70.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch70.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch71.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch71.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch8.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch8.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch9.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch9.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch1.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch1.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch10.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch10.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch11.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch11.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch12.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch12.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch13.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch13.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch14.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch14.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch15.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch15.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch16.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch16.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch17.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch17.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch18.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch18.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch19.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch19.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch2.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch2.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch20.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch20.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch21.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch21.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch3.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch3.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch4.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch4.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch5.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch5.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch6.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch6.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch7.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch7.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch8.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch8.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch9.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch9.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NurechA.zip\wincom32.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NurechA.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip\zlbw.dll [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC4.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC4.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCToolbar.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCToolbar.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCToolbar1.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCToolbar1.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCToolbar2.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCToolbar2.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Tibsvq.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Tibsvq.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Tibsvq1.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Tibsvq1.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloaderrid.zip\qndsfmao.dll [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloaderrid.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloadervcd.zip\evgratsm.dll [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloadervcd.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\RobTreasure\Desktop\stuff\winzip81.exe\SETUP.WZ\WINZIP32.EX_ [E] Archive is password protected. (42056)
C:\Downloads\mmsetup_10004015a_ENU.exe\TDM\TDMInstall.exe\Wise0010.bin [E] Installer archive is corrupted. (42146)
C:\Program Files\Alwil Software\Avast4\DATA\moved\.tt6.tmp.vbs [L] VBS:Malware-gen (0)
While moving file to chest, error occurred: Virus chest server is not running. RPC communication failed.
While moving file to chest, error occurred: Virus chest server is not running. RPC communication failed.
Infected files: 2
Total files: 425596
Total folders: 6502
Total size: 44.4 GB

*
* Task stopped: 26 July 2008 01:59:33
* Run-time was 5 hour(s), 17 minute(s), 2 second(s)
*

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/26/2008 at 11:53 AM

Application Version : 4.15.1000

Core Rules Database Version : 3514
Trace Rules Database Version: 1505

Scan type : Quick Scan
Total Scan Time : 00:19:01

Memory items scanned : 386
Memory threats detected : 0
Registry items scanned : 392
Registry threats detected : 0
File items scanned : 13994
File threats detected : 69

Adware.Tracking Cookie
C:\Documents and Settings\RobTreasure\Cookies\robtreasure@media.adrevolver[2].txt
C:\Documents and Settings\RobTreasure\Cookies\robtreasure@chitika[2].txt
C:\Documents and Settings\RobTreasure\Cookies\robtreasure@bs.serving-sys[1].txt
C:\Documents and Settings\RobTreasure\Cookies\robtreasure@indextools[2].txt
C:\Documents and Settings\RobTreasure\Cookies\robtreasure@serving-sys[2].txt
C:\Documents and Settings\RobTreasure\Cookies\robtreasure@specificclick[2].txt
C:\Documents and Settings\RobTreasure\Cookies\robtreasure@casalemedia[2].txt
C:\Documents and Settings\RobTreasure\Cookies\robtreasure@doubleclick[1].txt
C:\Documents and Settings\RobTreasure\Cookies\robtreasure@adrevolver[2].txt
C:\Documents and Settings\RobTreasure\Cookies\robtreasure@pornvideosday[2].txt
C:\Documents and Settings\RobTreasure\Cookies\robtreasure@www.system-defender[1].txt
C:\Documents and Settings\RobTreasure\Cookies\robtreasure@ad.yieldmanager[2].txt
C:\Documents and Settings\RobTreasure\Cookies\robtreasure@adviva[2].txt
C:\Documents and Settings\RobTreasure\Cookies\robtreasure@revsci[1].txt
C:\Documents and Settings\RobTreasure\Cookies\robtreasure@adultadworld[1].txt
C:\Documents and Settings\RobTreasure\Cookies\robtreasure@atdmt[2].txt
C:\Documents and Settings\RobTreasure\Cookies\robtreasure@kontera[2].txt
C:\Documents and Settings\RobTreasure\Cookies\robtreasure@mediaplex[1].txt
C:\Documents and Settings\RobTreasure\Cookies\robtreasure@adtech[1].txt
C:\Documents and Settings\RobTreasure\Cookies\robtreasure@fuckingmotherfucker[2].txt
C:\Documents and Settings\RobTreasure\Cookies\robtreasure@socialmedia[1].txt
C:\Documents and Settings\RobTreasure\Cookies\robtreasure@media.adrevolver[3].txt
C:\Documents and Settings\RobTreasure\Cookies\robtreasure@ads.techguy[1].txt
C:\Documents and Settings\RobTreasure\Cookies\robtreasure@trinitymirror.112.2o7[1].txt
C:\Documents and Settings\RobTreasure\Cookies\robtreasure@apmebf[2].txt
C:\Documents and Settings\RobTreasure\Cookies\robtreasure@pornvideosday[1].txt
C:\Documents and Settings\RobTreasure\Cookies\robtreasure@tribalfusion[2].txt
D:\Documents and Settings\Rob T\Cookies\rob t@tribalfusion[1].txt
D:\Documents and Settings\Rob T\Cookies\rob t@adtech[2].txt
D:\Documents and Settings\Rob T\Cookies\rob t@etype.adbureau[2].txt
D:\Documents and Settings\Rob T\Cookies\rob t@adviva[2].txt
D:\Documents and Settings\Rob T\Cookies\rob t@ads.multimania.lycos[1].txt
D:\Documents and Settings\Rob T\Cookies\rob t@www.dgm2[1].txt
D:\Documents and Settings\Rob T\Cookies\rob t@bfast[2].txt
D:\Documents and Settings\Rob T\Cookies\rob t@bluestreak[1].txt
D:\Documents and Settings\Rob T\Cookies\rob t@www.burstbeacon[2].txt
D:\Documents and Settings\Rob T\Cookies\rob t@as-us.falkag[2].txt
D:\Documents and Settings\Rob T\Cookies\rob t@statcounter[1].txt
D:\Documents and Settings\Rob T\Cookies\rob t@bannersng.yell[2].txt
D:\Documents and Settings\Rob T\Cookies\rob t@burstnet[1].txt
D:\Documents and Settings\Rob T\Cookies\rob t@atdmt[2].txt
D:\Documents and Settings\Rob T\Cookies\rob t@as-eu.falkag[2].txt
D:\Documents and Settings\Rob T\Cookies\rob t@247realmedia[1].txt
D:\Documents and Settings\Rob T\Cookies\rob t@2o7[1].txt
D:\Documents and Settings\Rob T\Cookies\rob t@advertising[1].txt
D:\Documents and Settings\Rob T\Cookies\rob t@atwola[1].txt
D:\Documents and Settings\Rob T\Cookies\rob t@bilbo.counted[1].txt
D:\Documents and Settings\Rob T\Cookies\rob t@ehg-idg.hitbox[1].txt
D:\Documents and Settings\Rob T\Cookies\rob t@buyonline.ontrack[1].txt
D:\Documents and Settings\Rob T\Cookies\rob t@casalemedia[1].txt
D:\Documents and Settings\Rob T\Cookies\rob t@doubleclick[1].txt
D:\Documents and Settings\Rob T\Cookies\rob t@ehg-bestwestern.hitbox[2].txt
D:\Documents and Settings\Rob T\Cookies\rob t@fastclick[2].txt
D:\Documents and Settings\Rob T\Cookies\rob t@File-Investigator-File-Find[1].txt
D:\Documents and Settings\Rob T\Cookies\rob t@hitbox[1].txt
D:\Documents and Settings\Rob T\Cookies\rob t@mediaplex[1].txt
D:\Documents and Settings\Rob T\Cookies\rob t@toplist[1].txt
D:\Documents and Settings\Rob T\Cookies\rob t@ontrack[1].txt
D:\Documents and Settings\Rob T\Cookies\rob t@questionmarket[1].txt
D:\Documents and Settings\Rob T\Cookies\rob t@realmedia[2].txt
D:\Documents and Settings\Rob T\Cookies\rob t@sdc.krollontrack[2].txt
D:\Documents and Settings\Rob T\Cookies\rob t@servedby.advertising[1].txt
D:\Documents and Settings\Rob T\Cookies\rob t@tripod[1].txt
D:\Documents and Settings\Rob T\Cookies\rob t@valueclick[1].txt
D:\Documents and Settings\Rob T\Cookies\rob t@www.click-now[1].txt
D:\Documents and Settings\Rob T\Cookies\rob t@yadro[2].txt
D:\Documents and Settings\Rob T\Cookies\rob t@www.ontrack[2].txt
D:\Documents and Settings\Rob T\Cookies\rob t@xiti[1].txt
D:\Documents and Settings\Rob T\Cookies\rob t@z1.adserver[1].txt

[ + quote]

cdavfrew

Senior Member

26. July 2008 @ 12:06

Link to this message

Hey rtreasure

You seem clean! Avast detected a lot of stuff in Spybot's Recovery section, so the big log from Avast should be of no worry.

Now, just post a new HijackThis log, and tell me what problems you have left.

Best Regards :D

[ + quote]

rtreasure

Newbie

27. July 2008 @ 13:30

Link to this message

Wow! Great stuff, here's the latest Hijack log, all good still?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:28:43, on 27/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\PCI F5D700F\Wireless Utility\Belkinwcui.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Registration .LNK = C:\Program Files\Ubisoft\Dark Messiah of Might and Magic\RegistrationReminder.exe
O4 - Global Startup: Belkin Wireless G Desktop Card Client Utility.lnk = ?
O8 - Extra context menu item: &Search - ?p=ZKxdm011YYGB
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar) - http://sib1.od2.com/common/musicmanager/...nagerPlugin.CAB
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6897 bytes

[ + quote]

rtreasure

Newbie

27. July 2008 @ 13:37

Link to this message

Here we go!

All good still?

>>>>>>>>>>>>>>>>>

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:28:43, on 27/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Belkin\PCI F5D700F\Wireless Utility\Belkinwcui.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Registration .LNK = C:\Program Files\Ubisoft\Dark Messiah of Might and Magic\RegistrationReminder.exe
O4 - Global Startup: Belkin Wireless G Desktop Card Client Utility.lnk = ?
O8 - Extra context menu item: &Search - ?p=ZKxdm011YYGB
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar) - http://sib1.od2.com/common/musicmanager/...nagerPlugin.CAB
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6897 bytes

[ + quote]

cdavfrew

Senior Member

28. July 2008 @ 03:31

Link to this message

Hey rtreasure

So all your problems are gone? Please thoroughly check your system's functionality, and see if things such as Command Prompt, Control Panel, Regedit, etc, are working.

Please also fix the following entries in HijackThis:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O8 - Extra context menu item: &Search - ?p=ZKxdm011YYGB

This one is optional and will disable the Dark Messiah of Might and Magic registration reminder if fixed.

O4 - Startup: Registration .LNK = C:\Program Files\Ubisoft\Dark Messiah of Might and Magic\RegistrationReminder.exe

Best Regards :D

[ + quote]

Start a new thread

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > vbs:malware-gen


		User name	Password

		Not registered yet? Register here. Lost your password? Click here.