Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT Log - aviewoflife


  • Please log in to reply
11 replies to this topic

#1 aviewoflife

aviewoflife

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 06 June 2005 - 09:17 PM

It says there is a porblem with Windows Explorer, I can barely get into my C drive to delete and i can barely open up anything!!!!!!!!!!!!!!!!!!!!!!

Logfile of HijackThis v1.99.1
Scan saved at 10:09:01 PM, on 6/6/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\FCHQENC.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
E:\Program Files\iTunesHelper.exe
C:\WINDOWS\System32\paytime.exe
C:\WINDOWS\system32\svcnut32.exe
E:\Program Files\aim.exe
C:\WINDOWS\System32\paytime.exe
E:\Program Files\bin\iPodService.exe
C:\Program Files\V-Stream Multimedia\TV878 Utilities\C7XRCtl.exe
C:\PROGRA~1\Grisoft\AVG7\avgwb.dat
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\explorer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\shdocpa.dll/security.htm#subID=PRFV;6784
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.95.218.172/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://shdocpa.dll/asst.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: 127.0.0.3 n-glx.s-redirect.com
O1 - Hosts: 127.0.0.3 x.full-tgp.net
O1 - Hosts: 127.0.0.3 counter.sexmaniack.com
O1 - Hosts: 127.0.0.3 autoescrowpay.com
O1 - Hosts: 127.0.0.3 www.autoescrowpay.com
O1 - Hosts: 127.0.0.3 www.awmdabest.com
O1 - Hosts: 127.0.0.3 www.sexfiles.nu
O1 - Hosts: 127.0.0.3 awmdabest.com
O1 - Hosts: 127.0.0.3 sexfiles.nu
O1 - Hosts: 127.0.0.3 allforadult.com
O1 - Hosts: 127.0.0.3 www.allforadult.com
O1 - Hosts: 127.0.0.3 www.iframe.biz
O1 - Hosts: 127.0.0.3 iframe.biz
O1 - Hosts: 127.0.0.3 www.newiframe.biz
O1 - Hosts: 127.0.0.3 newiframe.biz
O1 - Hosts: 127.0.0.3 www.vesbiz.biz
O1 - Hosts: 127.0.0.3 vesbiz.biz
O1 - Hosts: 127.0.0.3 www.pizdato.biz
O1 - Hosts: 127.0.0.3 pizdato.biz
O1 - Hosts: 127.0.0.3 www.aaasexypics.com
O1 - Hosts: 127.0.0.3 aaasexypics.com
O1 - Hosts: 127.0.0.3 www.virgin-tgp.net
O1 - Hosts: 127.0.0.3 virgin-tgp.net
O1 - Hosts: 127.0.0.3 www.awmcash.biz
O1 - Hosts: 127.0.0.3 awmcash.biz
O1 - Hosts: 127.0.0.3 buldog-stats.com
O1 - Hosts: 127.0.0.3 www.buldog-stats.com
O1 - Hosts: 127.0.0.3 fregat.drocherway.com
O1 - Hosts: 127.0.0.3 slutmania.biz
O1 - Hosts: 127.0.0.3 www.slutmania.biz
O1 - Hosts: 127.0.0.3 toolbarpartner.com
O1 - Hosts: 127.0.0.3 www.toolbarpartner.com
O1 - Hosts: 127.0.0.3 www.megapornix.com
O1 - Hosts: 127.0.0.3 megapornix.com
O1 - Hosts: 127.0.0.3 www.sp2bleeped.biz
O1 - Hosts: 127.0.0.3 sp2bleeped.biz
O1 - Hosts: 127.0.0.3 greg-tut.com
O1 - Hosts: 127.0.0.3 www.greg-tut.com
O1 - Hosts: 127.0.0.3 nylonsexy.com
O1 - Hosts: 127.0.0.3 www.nylonsexy.com
O1 - Hosts: 127.0.0.3 vparivalka.com
O1 - Hosts: 127.0.0.3 www.vparivalka.com
O1 - Hosts: 127.0.0.3 iframeprofit.com
O1 - Hosts: 127.0.0.3 www.iframeprofit.com
O1 - Hosts: 127.0.0.3 topsearch10.com
O1 - Hosts: 127.0.0.3 www.topsearch10.com
O1 - Hosts: 127.0.0.3 statscash.biz
O1 - Hosts: 127.0.0.3 www.statscash.biz
O1 - Hosts: 127.0.0.3 vxiframe.biz
O1 - Hosts: 127.0.0.3 www.vxiframe.biz
O1 - Hosts: 127.0.0.3 crazy-toolbar.com
O1 - Hosts: 127.0.0.3 www.crazy-toolbar.com
O1 - Hosts: 127.0.0.3 topcash.biz
O1 - Hosts: 127.0.0.3 www.topcash.biz
O1 - Hosts: 127.0.0.3 loadcash.biz
O1 - Hosts: 127.0.0.3 www.loadcash.biz
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr52.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - C:\WINDOWS\System32\nsp5.dll
O2 - BHO: WinStat - {F007E221-018D-4baf-924A-B0E9092F3853} - C:\WINDOWS\System32\WinStat11.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitexnw32.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [Sysnet] C:\WINDOWS\System32\snuninst.exe
O4 - HKLM\..\Run: [FCHQENC] C:\WINDOWS\FCHQENC.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [AWMON] "E:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [osrj3FQ] qossrv32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] E:\Program Files\iTunesHelper.exe
O4 - HKLM\..\Run: [sdpwvbc] C:\WINDOWS\System32\sdpwvbc.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 - HKLM\..\Run: [FastStart] C:\WINDOWS\system32\svcnut32.exe home
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [ZB0tRPcnR] wmvoci.exe
O4 - HKCU\..\Run: [sf] C:\Program Files\sf\sf.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] E:\Program Files\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: TV878 Remote Control.lnk = C:\Program Files\V-Stream Multimedia\TV878 Utilities\C7XRCtl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\aim.exe
O9 - Extra button: Microsoft AntiSpyware helper - {0E6516F0-C0CF-432B-93D8-D89C9DE5B56F} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0E6516F0-C0CF-432B-93D8-D89C9DE5B56F} - (no file) (HKCU)
O15 - Trusted Zone: http://www.neededware.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 81.222.131.59
O16 - DPF: NDWCab - http://www.neededware.com/ndw2.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15012/CTSUEng.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2558d87cec4139...ip/RdxIE601.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15012/CTPID.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll
O20 - Winlogon Notify: drct16 - drct16.dll (file missing)
O20 - Winlogon Notify: style2 - C:\WINDOWS\q858140_disk.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - E:\Program Files\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

BC AdBot (Login to Remove)

 


m

#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,400 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:23 PM

Posted 08 June 2005 - 12:04 PM

Print out these instructions and then close all windows including Internet Explorer.

Then I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://C:\WINDOWS\system32\shdocpa.dll/security.htm#subID=PRFV;6784
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.95.218.172/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://shdocpa.dll/asst.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: 127.0.0.3 n-glx.s-redirect.com
O1 - Hosts: 127.0.0.3 x.full-tgp.net
O1 - Hosts: 127.0.0.3 counter.sexmaniack.com
O1 - Hosts: 127.0.0.3 autoescrowpay.com
O1 - Hosts: 127.0.0.3 www.autoescrowpay.com
O1 - Hosts: 127.0.0.3 www.awmdabest.com
O1 - Hosts: 127.0.0.3 www.sexfiles.nu
O1 - Hosts: 127.0.0.3 awmdabest.com
O1 - Hosts: 127.0.0.3 sexfiles.nu
O1 - Hosts: 127.0.0.3 allforadult.com
O1 - Hosts: 127.0.0.3 www.allforadult.com
O1 - Hosts: 127.0.0.3 www.iframe.biz
O1 - Hosts: 127.0.0.3 iframe.biz
O1 - Hosts: 127.0.0.3 www.newiframe.biz
O1 - Hosts: 127.0.0.3 newiframe.biz
O1 - Hosts: 127.0.0.3 www.vesbiz.biz
O1 - Hosts: 127.0.0.3 vesbiz.biz
O1 - Hosts: 127.0.0.3 www.pizdato.biz
O1 - Hosts: 127.0.0.3 pizdato.biz
O1 - Hosts: 127.0.0.3 www.aaasexypics.com
O1 - Hosts: 127.0.0.3 aaasexypics.com
O1 - Hosts: 127.0.0.3 www.virgin-tgp.net
O1 - Hosts: 127.0.0.3 virgin-tgp.net
O1 - Hosts: 127.0.0.3 www.awmcash.biz
O1 - Hosts: 127.0.0.3 awmcash.biz
O1 - Hosts: 127.0.0.3 buldog-stats.com
O1 - Hosts: 127.0.0.3 www.buldog-stats.com
O1 - Hosts: 127.0.0.3 fregat.drocherway.com
O1 - Hosts: 127.0.0.3 slutmania.biz
O1 - Hosts: 127.0.0.3 www.slutmania.biz
O1 - Hosts: 127.0.0.3 toolbarpartner.com
O1 - Hosts: 127.0.0.3 www.toolbarpartner.com
O1 - Hosts: 127.0.0.3 www.megapornix.com
O1 - Hosts: 127.0.0.3 megapornix.com
O1 - Hosts: 127.0.0.3 www.sp2bleeped.biz
O1 - Hosts: 127.0.0.3 sp2bleeped.biz
O1 - Hosts: 127.0.0.3 greg-tut.com
O1 - Hosts: 127.0.0.3 www.greg-tut.com
O1 - Hosts: 127.0.0.3 nylonsexy.com
O1 - Hosts: 127.0.0.3 www.nylonsexy.com
O1 - Hosts: 127.0.0.3 vparivalka.com
O1 - Hosts: 127.0.0.3 www.vparivalka.com
O1 - Hosts: 127.0.0.3 iframeprofit.com
O1 - Hosts: 127.0.0.3 www.iframeprofit.com
O1 - Hosts: 127.0.0.3 topsearch10.com
O1 - Hosts: 127.0.0.3 www.topsearch10.com
O1 - Hosts: 127.0.0.3 statscash.biz
O1 - Hosts: 127.0.0.3 www.statscash.biz
O1 - Hosts: 127.0.0.3 vxiframe.biz
O1 - Hosts: 127.0.0.3 www.vxiframe.biz
O1 - Hosts: 127.0.0.3 crazy-toolbar.com
O1 - Hosts: 127.0.0.3 www.crazy-toolbar.com
O1 - Hosts: 127.0.0.3 topcash.biz
O1 - Hosts: 127.0.0.3 www.topcash.biz
O1 - Hosts: 127.0.0.3 loadcash.biz
O1 - Hosts: 127.0.0.3 www.loadcash.biz
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr52.dll
O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - C:\WINDOWS\System32\nsp5.dll
O2 - BHO: WinStat - {F007E221-018D-4baf-924A-B0E9092F3853} - C:\WINDOWS\System32\WinStat11.dll
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitexnw32.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [Sysnet] C:\WINDOWS\System32\snuninst.exe
O4 - HKLM\..\Run: [FCHQENC] C:\WINDOWS\FCHQENC.EXE
O4 - HKLM\..\Run: [osrj3FQ] qossrv32.exe
O4 - HKLM\..\Run: [sdpwvbc] C:\WINDOWS\System32\sdpwvbc.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 - HKLM\..\Run: [FastStart] C:\WINDOWS\system32\svcnut32.exe home
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKCU\..\Run: [ZB0tRPcnR] wmvoci.exe
O4 - HKCU\..\Run: [sf] C:\Program Files\sf\sf.exe
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O15 - Trusted Zone: http://www.neededware.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 81.222.131.59
O16 - DPF: NDWCab - http://www.neededware.com/ndw2.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2558d87cec4139...ip/RdxIE601.cab
O18 - Filter: text/html - {950238FB-C706-4791-8674-4D429F85897E} - C:\WINDOWS\isrvs\mfiltis.dll
O20 - Winlogon Notify: drct16 - drct16.dll (file missing)
O20 - Winlogon Notify: style2 - C:\WINDOWS\q858140_disk.dll

Reboot your computer into Safe Mode

Then delete these files or directories (Do not be concerned if they do not exist)


C:\WINDOWS\System32\nsp5.dll
C:\WINDOWS\System32\WinStat11.dll
C:\windows\system32\elitexnw32.exe
C:\WINDOWS\cfgmgr52.dll
C:\WINDOWS\System32\snuninst.exe
C:\WINDOWS\FCHQENC.EXE
c:\windows\system32\qossrv32.exe
C:\WINDOWS\System32\sdpwvbc.exe
C:\WINDOWS\system32\svcnut32.exe
C:\Program Files\Security iGuard\
c:\windows\system32\wmvoci.exe
C:\Program Files\sf\
C:\WINDOWS\System32\paytime.exe
C:\WINDOWS\isrvs\
c:\windows\system32\drct16.dll
C:\WINDOWS\q858140_disk.dll

Reboot your computer to go back to normal mode and post a new log.

#3 aviewoflife

aviewoflife
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 08 June 2005 - 03:28 PM

Logfile of HijackThis v1.99.1
Scan saved at 4:25:22 PM, on 6/8/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
E:\Program Files\iTunesHelper.exe
E:\Program Files\bin\iPodService.exe
C:\Program Files\V-Stream Multimedia\TV878 Utilities\C7XRCtl.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG7\avgw.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://195.95.218.172/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://195.95.218.172/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://shdocpa.dll/asst.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://195.95.218.172/index.php
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: VBRunDLL Class - {197B8CA4-E215-46DD-8F33-E0544A80E5C4} - C:\WINDOWS\System32\vbrundll.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [AWMON] "E:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] E:\Program Files\iTunesHelper.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [regsync] C:\WINDOWS\System32\regsync.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [sdpwvbc] C:\WINDOWS\System32\sdpwvbc.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "E:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: TV878 Remote Control.lnk = C:\Program Files\V-Stream Multimedia\TV878 Utilities\C7XRCtl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\aim.exe
O9 - Extra button: Microsoft AntiSpyware helper - {0E6516F0-C0CF-432B-93D8-D89C9DE5B56F} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0E6516F0-C0CF-432B-93D8-D89C9DE5B56F} - (no file) (HKCU)
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15012/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15012/CTPID.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - Winlogon Notify: style2 - C:\WINDOWS\q858140_disk.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - E:\Program Files\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe



*** in Display properties I am now not ablw to change my desktop settings, i can't change the wallpaper ti stays black***

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,400 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:23 PM

Posted 08 June 2005 - 04:52 PM

Doint worry about the display. We will fix that when we are done with the malware cleanup.

Follow the instructions here, reboot and post anew log:

http://www.bleepingcomputer.com/forums/How...rvs-t11662.html

#5 aviewoflife

aviewoflife
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 08 June 2005 - 06:28 PM

This is the KAV log...

Statistics:
Start time: 6/8/2005 7:07:36 PM
Completion time: 6/8/2005 7:21:44 PM
Objects scanned: 134004
Dangerous objects detected: 18
Viruses disinfected: 0
Objects deleted: 18
Objects quarantined: 0

Settings:
Objects to scan:
My Computer
If a dangerous object is detected:
Perform recommended action
Scan level:
Maximum Protection
Exclusions from the scan scope:
Option not used

Report:
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AbetterInternet.zip\wupdt.exe password protected, has not been processed 6/8/2005 7:07:54 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AbetterInternet.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:54 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AbetterInternet1.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:54 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AbetterInternet1.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:54 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AdshooterDrs.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:54 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AdshooterDrs.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:54 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated.zip\related.htm password protected, has not been processed 6/8/2005 7:07:54 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:54 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated1.zip\related.htm password protected, has not been processed 6/8/2005 7:07:54 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated1.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:54 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:54 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia1.zip\ace.dll password protected, has not been processed 6/8/2005 7:07:55 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia1.zip\AI_20-05-2005.log password protected, has not been processed 6/8/2005 7:07:55 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia1.zip\atl.dll password protected, has not been processed 6/8/2005 7:07:55 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia1.zip\CxtPls.dll password protected, has not been processed 6/8/2005 7:07:55 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia1.zip\CxtPls.exe password protected, has not been processed 6/8/2005 7:07:55 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia1.zip\data.bin password protected, has not been processed 6/8/2005 7:07:55 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia1.zip\libexpat.dll password protected, has not been processed 6/8/2005 7:07:55 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia1.zip\ProxyStub.dll password protected, has not been processed 6/8/2005 7:07:55 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia1.zip\uninstaller.exe password protected, has not been processed 6/8/2005 7:07:55 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia1.zip\WinGenerics.dll password protected, has not been processed 6/8/2005 7:07:55 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia1.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:55 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia10.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:55 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia10.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:55 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia11.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:55 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia11.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:55 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia12.zip\ace.dll_tobedeleted password protected, has not been processed 6/8/2005 7:07:56 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia12.zip\AI_23-05-2005.log password protected, has not been processed 6/8/2005 7:07:56 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia12.zip\atl.dll_tobedeleted password protected, has not been processed 6/8/2005 7:07:56 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia12.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:56 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia2.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:56 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia3.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:56 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia3.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:56 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia4.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:56 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia4.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:56 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia5.zip\ace.dll password protected, has not been processed 6/8/2005 7:07:56 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia5.zip\AI_22-05-2005.log password protected, has not been processed 6/8/2005 7:07:56 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia5.zip\atl.dll password protected, has not been processed 6/8/2005 7:07:56 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia5.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:56 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia6.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:56 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia6.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:56 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia7.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:56 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia7.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:56 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia8.zip\ace.dll password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia8.zip\AI_23-05-2005.log password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia8.zip\atl.dll password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia8.zip\CxtPls.dll password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia8.zip\CxtPls.exe password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia8.zip\data.bin password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia8.zip\libexpat.dll password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia8.zip\ProxyStub.dll password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia8.zip\uninstaller.exe password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia8.zip\WinGenerics.dll password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia8.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia9.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace1.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace1.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace10.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace10.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace11.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace11.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace12.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace12.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace13.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace13.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace14.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace14.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace15.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace15.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace16.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace16.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace17.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace17.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace18.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace18.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace19.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace19.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace2.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace2.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace20.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace20.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace21.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace21.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace22.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace22.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace23.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace23.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace24.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace24.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace25.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace25.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace26.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace26.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace27.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace27.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace28.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace28.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace29.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace29.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace3.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace3.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace30.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace30.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace31.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace31.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace32.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace32.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace33.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace33.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace34.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace34.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace35.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace35.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace36.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace36.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace37.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace37.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace38.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace38.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace39.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace39.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace4.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace4.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace40.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace40.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace41.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace41.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace42.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace42.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace43.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace43.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace44.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace44.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace45.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace45.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace46.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace46.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace5.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace5.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace6.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace6.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace7.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace7.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace8.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace8.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace9.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace9.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\DyFuCASafeSurf.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\DyFuCASafeSurf.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\DyFuCASafeSurf1.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\DyFuCASafeSurf1.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\EGive.zip\data.~ password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\EGive.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy.zip\javexulm.vxd password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy1.zip\mqexdlm.srg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy1.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy10.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy10.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy11.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy11.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy12.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy12.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy13.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy13.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy14.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy14.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy15.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy15.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy16.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy16.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy17.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy17.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy18.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy18.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy19.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy19.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy2.zip\bbchk.exe password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy2.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy20.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy20.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:57 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy21.zip\nls.exe password protected, has not been processed 6/8/2005 7:07:58 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy21.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:58 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy22.zip\adv.exe password protected, has not been processed 6/8/2005 7:07:58 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy22.zip\adx.exe password protected, has not been processed 6/8/2005 7:07:58 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy22.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:58 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy23.zip\ad.dat password protected, has not been processed 6/8/2005 7:07:59 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy23.zip\ub.dat password protected, has not been processed 6/8/2005 7:07:59 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy23.zip\Uninstall.exe password protected, has not been processed 6/8/2005 7:07:59 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy23.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:59 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy24.zip\ad.dat password protected, has not been processed 6/8/2005 7:07:59 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy24.zip\Uninstall.exe password protected, has not been processed 6/8/2005 7:07:59 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy24.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:59 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy25.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:59 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy25.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:59 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy26.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:59 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy26.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:59 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy27.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:59 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy27.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:59 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy28.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:59 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy28.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:59 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy29.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:59 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy29.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:59 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy3.zip\exul1.exe password protected, has not been processed 6/8/2005 7:07:59 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy3.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:59 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy30.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:59 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy30.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:59 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy31.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:59 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy31.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:59 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy32.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:59 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy32.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:59 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy33.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:59 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy33.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:59 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy34.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:59 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy34.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:59 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy35.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:07:59 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy35.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:59 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy4.zip\exul.exe password protected, has not been processed 6/8/2005 7:07:59 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy4.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:59 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy5.zip\exdl2.exe password protected, has not been processed 6/8/2005 7:07:59 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy5.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:59 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy6.zip\exdl.exe password protected, has not been processed 6/8/2005 7:07:59 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy6.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:07:59 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy7.zip\msbe.dll password protected, has not been processed 6/8/2005 7:08:00 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy7.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:08:00 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy8.zip\nvms.dll password protected, has not been processed 6/8/2005 7:08:00 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy8.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:08:00 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy9.zip\bargains.exe password protected, has not been processed 6/8/2005 7:08:00 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy9.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:08:00 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\HaxdoorH.zip\i.a3d password protected, has not been processed 6/8/2005 7:08:00 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\HaxdoorH.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:08:00 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\HaxdoorH1.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:08:00 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\HaxdoorH1.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:08:00 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\HaxdoorH2.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:08:00 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\HaxdoorH2.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:08:00 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\HotSearchBar.zip\DrPMon.dll password protected, has not been processed 6/8/2005 7:08:00 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\HotSearchBar.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:08:00 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\HotsearchBar1.zip\kill internet popups5.ico password protected, has not been processed 6/8/2005 7:08:00 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\HotsearchBar1.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:08:00 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\HotsearchBar2.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:08:00 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\HotsearchBar2.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:08:00 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\IBISToolbar.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:08:00 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\IBISToolbar.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:08:00 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\IEPlugin.zip\systb.dll password protected, has not been processed 6/8/2005 7:08:00 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\IEPlugin.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:08:00 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\IEPlugin1.zip\wupdt.exe password protected, has not been processed 6/8/2005 7:08:00 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\IEPlugin1.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:08:00 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\IEPlugin10.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:08:00 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\IEPlugin10.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:08:00 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\IEPlugin11.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:08:00 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\IEPlugin11.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:08:00 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\IEPlugin12.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:08:00 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\IEPlugin12.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:08:00 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\IEPlugin13.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:08:00 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\IEPlugin13.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:08:00 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\IEPlugin14.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:08:00 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\IEPlugin14.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:08:00 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\IEPlugin15.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:08:00 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\IEPlugin15.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:08:00 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\IEPlugin16.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:08:00 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\IEPlugin16.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:08:00 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\IEPlugin17.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:08:00 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\IEPlugin17.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:08:00 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\IEPlugin18.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:08:00 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\IEPlugin18.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:08:00 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\IEPlugin19.zip\sbRecovery.reg password protected, has not been processed 6/8/2005 7:08:00 PM
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\IEPlugin19.zip\sbRecovery.ini password protected, has not been processed 6/8/2005 7:08:00 PM

Edited by aviewoflife, 08 June 2005 - 06:29 PM.


#6 aviewoflife

aviewoflife
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 08 June 2005 - 06:30 PM

Here is the HJT log.....

Logfile of HijackThis v1.99.1
Scan saved at 7:30:07 PM, on 6/8/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
E:\Program Files\iTunesHelper.exe
E:\Program Files\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\V-Stream Multimedia\TV878 Utilities\C7XRCtl.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: VBRunDLL Class - {197B8CA4-E215-46DD-8F33-E0544A80E5C4} - C:\WINDOWS\System32\vbrundll.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [AWMON] "E:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] E:\Program Files\iTunesHelper.exe
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [regsync] C:\WINDOWS\System32\regsync.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [sdpwvbc] C:\WINDOWS\System32\sdpwvbc.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: TV878 Remote Control.lnk = C:\Program Files\V-Stream Multimedia\TV878 Utilities\C7XRCtl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\aim.exe
O9 - Extra button: Microsoft AntiSpyware helper - {0E6516F0-C0CF-432B-93D8-D89C9DE5B56F} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0E6516F0-C0CF-432B-93D8-D89C9DE5B56F} - (no file) (HKCU)
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15012/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15012/CTPID.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O20 - Winlogon Notify: style2 - C:\WINDOWS\q858140_disk.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - E:\Program Files\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

#7 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,400 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:23 PM

Posted 09 June 2005 - 09:48 AM

Print out these instructions and then close all windows including Internet Explorer.

Reboot your computer into Safe Mode

Then I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:

O2 - BHO: VBRunDLL Class - {197B8CA4-E215-46DD-8F33-E0544A80E5C4} - C:\WINDOWS\System32\vbrundll.dll
O4 - HKLM\..\Run: [ffis] C:\WINDOWS\isrvs\ffisearch.exe
O4 - HKLM\..\Run: [regsync] C:\WINDOWS\System32\regsync.exe
O4 - HKLM\..\Run: [sdpwvbc] C:\WINDOWS\System32\sdpwvbc.exe
O9 - Extra button: Microsoft AntiSpyware helper - {0E6516F0-C0CF-432B-93D8-D89C9DE5B56F} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0E6516F0-C0CF-432B-93D8-D89C9DE5B56F} - (no file) (HKCU)
O15 - Trusted Zone: http://www.neededware.com
O20 - Winlogon Notify: style2 - C:\WINDOWS\q858140_disk.dll (file missing)


Then delete these files or directories (Do not be concerned if they do not exist)

C:\WINDOWS\System32\vbrundll.dll
C:\WINDOWS\isrvs\ <-- If you can not delete this directory, right click on it and go into properties and uncheck read only
C:\WINDOWS\System32\regsync.exe
C:\WINDOWS\System32\sdpwvbc.exe

Reboot your computer to go back to normal mode and post a new log.

#8 aviewoflife

aviewoflife
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 09 June 2005 - 10:59 AM

Logfile of HijackThis v1.99.1
Scan saved at 11:58:15 AM, on 6/9/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
E:\Program Files\iTunesHelper.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
E:\Program Files\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\V-Stream Multimedia\TV878 Utilities\C7XRCtl.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\Roxio\Roxio DVDMax Player\PDVDServ.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [AWMON] "E:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] E:\Program Files\iTunesHelper.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: TV878 Remote Control.lnk = C:\Program Files\V-Stream Multimedia\TV878 Utilities\C7XRCtl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\aim.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15012/CTSUEng.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15012/CTPID.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - E:\Program Files\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

#9 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,400 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:23 PM

Posted 09 June 2005 - 06:14 PM

Your log is clean! Great job!

Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and reenable system restore here:

Managing Windows Millenium System Restore

or

Windows XP System Restore Guide

Renable system restore with instructions from tutorial above


Next,

This process will clean out your Temp files and your Temporary Internet Files. Please do both steps:

Step 1:Delete Temp Files
To clean out your temp files, click on Start and then run, and type %temp% and press the ok button.

This should open up the temp directory that your machine uses. Please delete all files that are found there. If you get an error when deleting a file, skip that file and delete all the others. If you had trouble deleting a file, reboot into Safe Mode and follow this step again. You should now be able to delete all the files.

Step 2: Delete Temporary Internet Files
Now I want you to open up Internet Explorer, and click on the Tools menu and then Internet Options. At the General tab, which should be the first tab you are currently on, click on the Delete Files button and put a checkmark in Delete offline content. Then press the OK button. This may take quite a while, so do not be alarmed with how long it takes. When it is done, your Temporary Internet Files will now be deleted.

Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet


Glad I was able to help and if there any other problems related to your computer please feel free to post them in the appropriate forum. Though we help people with spyware and viruses here at BC, we also help people with other computer problems! Do not forget to tell your friends about us!

#10 aviewoflife

aviewoflife
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 10 June 2005 - 09:54 AM

Sorry I didn't mean to send you the message but I didnt want you to not check back here........ So I did the system restore but I only have one point and this was does like yesterday, so it didnt rtestore to where i can get my full display properties back

#11 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,400 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:23 PM

Posted 10 June 2005 - 10:25 AM

Download the following file to your desktop:

http://www.bleepingcomputer.com/files/reg/smitfraud.reg

Then double-click on it and let the information merge into your registry. Then reboot and tell me if you can change your desktop now.

#12 aviewoflife

aviewoflife
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 10 June 2005 - 11:20 AM

it works perfectly! thanks




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users