Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • This topic is locked This topic is locked
60 replies to this topic

#1 maggieM

maggieM

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 13 August 2005 - 07:03 PM

Logfile of HijackThis v1.99.1
Scan saved at 7:50:38 PM, on 8/13/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\SOUNDMAN.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\KNNKAH.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\PROGRAM FILES\HLRE\RARB.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/lobby/search.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...=5.5&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...=5.5&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O1 - Hosts: 216.239.51.99 www.kazaa-gold.com
O1 - Hosts: 216.239.51.99 kazaagold.com
O1 - Hosts: 216.239.51.99 www.kazaa-download.de
O1 - Hosts: 216.239.51.99 www.mp3downloadhq.com
O1 - Hosts: 216.239.51.99 www.easymusicdownload.com
O1 - Hosts: 216.239.51.99 easymusicdownload.com
O1 - Hosts: 216.239.51.99 www.mp3madeeasy.com
O1 - Hosts: 216.239.51.99 www.monstershare.com
O1 - Hosts: 216.239.51.99 monstershare.com
O1 - Hosts: 216.239.51.99 www.kazaa-plus.net
O1 - Hosts: 216.239.51.99 kazaa-plus.net
O1 - Hosts: 216.239.51.99 www.kazaa-plus.com
O1 - Hosts: 216.239.51.99 www.edonkey.com
O1 - Hosts: 216.239.51.99 www.kazaa-file-sharing-downloads.com
O1 - Hosts: 216.239.51.99 www.kazaaplatinum.com
O1 - Hosts: 216.239.51.99 www.madeformusic.com
O1 - Hosts: 216.239.51.99 www.ikazaa.net
O1 - Hosts: 216.239.51.99 ikazaa.net
O1 - Hosts: 216.239.51.99 www.mp3u.com
O1 - Hosts: 216.239.51.99 www.mp3specialty.com
O1 - Hosts: 216.239.51.99 music-download-world.com
O1 - Hosts: 216.239.51.99 song-download-world.com
O1 - Hosts: 216.239.51.99 www.flixs.net
O1 - Hosts: 216.239.51.99 www.ishareit.net
O1 - Hosts: 216.239.51.99 www.ishareit.com
O1 - Hosts: 216.239.51.99 www.download-doctor.com
O1 - Hosts: 216.239.51.99 www.ezmp3download.com
O1 - Hosts: 216.239.51.99 www.kazaamedia.com
O1 - Hosts: 216.239.51.99 mp3-network.com
O1 - Hosts: 216.239.51.99 www.mp3-network.com
O1 - Hosts: 216.239.51.99 www.mp3grandcentral.net
O1 - Hosts: 216.239.51.99 www.mp333.com
O1 - Hosts: 216.239.51.99 www.kazaamate.com
O1 - Hosts: 216.239.51.99 www.kazaa-download.de
O1 - Hosts: 216.239.51.99 www.emule.biz
O1 - Hosts: 216.239.51.99 www.kazaam8.tk
O1 - Hosts: 216.239.51.99 www.rippro.com
O4 - HKLM\..\Run: [SiSSoundMan] C:\WINDOWS\SYSTEM\SoundMan.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SiSSetCDfmt] C:\WINDOWS\SYSTEM\SetCDfmt.exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\knnkah.exe reg_run
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TeaTimer.exe
O4 - HKCU\..\Run: [Hlir] C:\Program Files\hlre\rarb.exe
O4 - Startup: dppd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O9 - Extra button: Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\PROGRA~1\INTERN~1\Toolbar\toolbar.hta
O9 - Extra 'Tools' menuitem: &Toolbar Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\PROGRA~1\INTERN~1\Toolbar\toolbar.hta
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM95\AIM.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://sc.communities.msn.com/controls/chat/msnchat45.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://f1.pg.photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by10fd.bay10.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tri...Transporter.cab?
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://wsc2.perfora.net/app/static/activex/msxml4.cab
O16 - DPF: {7BA7BCE2-D359-4407-82D9-CDF9A74C487A} (DownLoadStub Class) - http://www.hpphoto.com/downloads/DownloadPhotos.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.com/app/ST/ActiveX.ocx
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/...ropper1_6us.cab

:thumbsup: thank you ~ maggieM
~*~maggie~*~

BC AdBot (Login to Remove)

 


#2 maggieM

maggieM
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 13 August 2005 - 07:24 PM

To give further information... my computer is suddenly filled with popup ads. I get about 4 at a time and if I walk away they will fill my screen and freeze me up. I've run adaware, and spybot and destroy and they find nothing but cookies which I've deleted. This is my log after running both of those. I also have Norton as my antispyware program running constantly so I'm totally confused. :-) ~ maggie
~*~maggie~*~

#3 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:09:31 AM

Posted 15 August 2005 - 10:15 AM

Welcome to the BleepingComputer forum. We are currently studying your log and will have instructions for you shortly. Thank you for your patience.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#4 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:09:31 AM

Posted 15 August 2005 - 03:03 PM

We have some work to do.

Step 1

To help prevent further infection, please download, install, and update SpywareBlaster SpywareBlaster will help to:
  • prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
  • block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
  • restrict the actions of potentially unwanted sites in Internet Explorer.
Step 2

Please download the free tool Hoster from HERE
If needed, there is a Tutorial HERE

Unzip the file to your desktop. It will create a folder called: Hoster

Open the folder and doubleclick on Hoster.exe to run it.

Press 'Restore Original Hosts' and press 'OK'
Exit Program

Step 3

You will need to disable TeaTimer. Open Spybot S&D in advanced mode, click Tools > Resident, and remove the check from "Resident Tea-Timer". Reboot after unchecking the entry. Please download ResetTeaTimer.bat. Double click the file to remove all entries set by TeaTimer.

Please do not turn TeaTimer back on until your log is clean.

Step 4

Please download the trial version of Kaspersky Anti-Virus
Install. Do not run yet.

Step 5

Then Reboot to safe mode. If you donít know how to boot in safe mode, there is a tutorial HERE .
NOTE: To avoid the risk of any of the files or folders not being found due to their having the 'Hidden' attribute, first make sure that in Folder Options > View hidden and operating system files are set to show:
http://www.xtra.co.nz/help/0,,4155-1916458,00.html
Or items 8 & 9 from this link :
http://www.russelltexas.com/malware/faqhijackthis.htm .

Step 6

Please scan with Kaspersky Anti-virus. Be sure to save log.

Step 7

Reboot to normal mode.

Please scan with HiJackThis in normal mode. Post a new HiJackThis log and the log from Kaspersky.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#5 maggieM

maggieM
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 15 August 2005 - 10:43 PM

:thumbsup: Dear Sue,
Thank you SO much for your response. I'm afraid I have a new problem since I last posted! *sigh* Today, my dear step daughter, thought she was helping to get rid of popups and downloaded AOL browser onto my machine!! I'm about to scream at the moment since I just discovered what she did! UUUUUGHHHHH So anyway now everything is even more messed up. :-( I'm running spybot and adaware again and unclicked all of the new entries in my startup and am about to reboot. Whether they stay uncliced or not is another thing but when I've finished the reboot I am going to upload a new log. Hopefully this will not change your instructions but I thought I should tell you. :-(((( I'm so sorry and about to strangle said step daughter here!!

I will download and run kasperky tomorrow anyways but haven't had a chance yet because of the AOL disaster. :flowers:
~*~maggie~*~

#6 maggieM

maggieM
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 16 August 2005 - 12:11 AM

Logfile of HijackThis v1.99.1
Scan saved at 1:07:32 AM, on 8/16/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SOUNDMAN.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\KNNKAH.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\MEDIA ACCESS\MEDIAACCK.EXE
C:\PROGRAM FILES\MEDIA ACCESS\MEDIAACCESS.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/lobby/search.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...=5.5&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...=5.5&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\PROGRAM FILES\SURFSIDEKICK 3\SSKBHO.DLL
O1 - Hosts: 216.239.51.99 www.kazaa-gold.com
O1 - Hosts: 216.239.51.99 kazaagold.com
O1 - Hosts: 216.239.51.99 www.kazaa-download.de
O1 - Hosts: 216.239.51.99 www.mp3downloadhq.com
O1 - Hosts: 216.239.51.99 www.easymusicdownload.com
O1 - Hosts: 216.239.51.99 easymusicdownload.com
O1 - Hosts: 216.239.51.99 www.mp3madeeasy.com
O1 - Hosts: 216.239.51.99 www.monstershare.com
O1 - Hosts: 216.239.51.99 monstershare.com
O1 - Hosts: 216.239.51.99 www.kazaa-plus.net
O1 - Hosts: 216.239.51.99 kazaa-plus.net
O1 - Hosts: 216.239.51.99 www.kazaa-plus.com
O1 - Hosts: 216.239.51.99 www.edonkey.com
O1 - Hosts: 216.239.51.99 www.kazaa-file-sharing-downloads.com
O1 - Hosts: 216.239.51.99 www.kazaaplatinum.com
O1 - Hosts: 216.239.51.99 www.madeformusic.com
O1 - Hosts: 216.239.51.99 www.ikazaa.net
O1 - Hosts: 216.239.51.99 ikazaa.net
O1 - Hosts: 216.239.51.99 www.mp3u.com
O1 - Hosts: 216.239.51.99 www.mp3specialty.com
O1 - Hosts: 216.239.51.99 music-download-world.com
O1 - Hosts: 216.239.51.99 song-download-world.com
O1 - Hosts: 216.239.51.99 www.flixs.net
O1 - Hosts: 216.239.51.99 www.ishareit.net
O1 - Hosts: 216.239.51.99 www.ishareit.com
O1 - Hosts: 216.239.51.99 www.download-doctor.com
O1 - Hosts: 216.239.51.99 www.ezmp3download.com
O1 - Hosts: 216.239.51.99 www.kazaamedia.com
O1 - Hosts: 216.239.51.99 mp3-network.com
O1 - Hosts: 216.239.51.99 www.mp3-network.com
O1 - Hosts: 216.239.51.99 www.mp3grandcentral.net
O1 - Hosts: 216.239.51.99 www.mp333.com
O1 - Hosts: 216.239.51.99 www.kazaamate.com
O1 - Hosts: 216.239.51.99 www.kazaa-download.de
O1 - Hosts: 216.239.51.99 www.emule.biz
O1 - Hosts: 216.239.51.99 www.kazaam8.tk
O1 - Hosts: 216.239.51.99 www.rippro.com
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\CFGMGR52.DLL
O4 - HKLM\..\Run: [SiSSoundMan] C:\WINDOWS\SYSTEM\SoundMan.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SiSSetCDfmt] C:\WINDOWS\SYSTEM\SetCDfmt.exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SurfSideKick 3] C:\PROGRAM FILES\SURFSIDEKICK 3\Ssk.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\CFGMGR52.DLL,DllRun
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\knnkah.exe reg_run
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\SYSTEM\wintask.exe
O4 - HKLM\..\Run: [Media Access] C:\PROGRAM FILES\MEDIA ACCESS\MediaAccK.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\Run: [SurfSideKick 3] C:\PROGRAM FILES\SURFSIDEKICK 3\Ssk.exe
O4 - Startup: dppd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\PROGRA~1\INTERN~1\Toolbar\toolbar.hta
O9 - Extra 'Tools' menuitem: &Toolbar Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\PROGRA~1\INTERN~1\Toolbar\toolbar.hta
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://sc.communities.msn.com/controls/chat/msnchat45.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://f1.pg.photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by10fd.bay10.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tri...Transporter.cab?
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://wsc2.perfora.net/app/static/activex/msxml4.cab
O16 - DPF: {7BA7BCE2-D359-4407-82D9-CDF9A74C487A} (DownLoadStub Class) - http://www.hpphoto.com/downloads/DownloadPhotos.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.com/app/ST/ActiveX.ocx
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/...ropper1_6us.cab
O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (CDToolCtrl Class) - http://free.aol.com/tryaolfree/cdt175/aolcdt175.cab

:thumbsup:
~*~maggie~*~

#7 maggieM

maggieM
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 16 August 2005 - 12:15 AM

If your previous instructions still apply Sue, I have downloaded the 3 things you instructed and will go ahead and do as you said. I was just worried this new log above may have changed something.

Thank you again so much for your help with this. Step daughter has been banned from my computer.
~*~maggie~*~

#8 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:09:31 AM

Posted 16 August 2005 - 11:40 PM

Go ahead with previous instructions. Please post a new HiJackThis log and the log from Kaspersky.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#9 maggieM

maggieM
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 17 August 2005 - 08:31 AM

:thumbsup: Ok!! Thank you so much Sue! :-) I am peeking in from work at the moment but I will be sure to do that as soon as I get home around 4:30 pm this evening!!
~*~maggie~*~

#10 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:09:31 AM

Posted 18 August 2005 - 10:09 AM

Be sure to save the Kaspersky log and include that with a new HiJackThis log in your next reply. :thumbsup:
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#11 fishie

fishie

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 18 August 2005 - 10:53 PM

Hi Sue,
I'm a friend of maggie's and am posting at her request - her browser's not working at the moment but she was able to talk to me on MSN messenger.
Maggie installed SpywareBlaster and Kaspersky and reset the Hosts file with Hoster. The computer froze up and she couldn't do anything but reboot. Kaspersky ran automatically and advised removal of a trojan. She told it not to remove it, for now - should she allow Kaspersky to remove the trojan?
Maggie has gone off to reboot in safe mode and run Kaspersky. I will let you know what happens, if she's still unable to connect using IE.
fishie

#12 maggieM

maggieM
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:09:31 AM

Posted 19 August 2005 - 07:57 AM

Hi... It's maggie again... :thumbsup: Thank you so much Fishie for helping me out here. I'm posting from work. Ok after many reboots and closing of Zone Alarm and Kaspersky which was automatically scanning on reboot, I opened in Safe Mode and scanned during the night. This morning I am not able to click on any of my desktop shortcuts or open my browser but I was able to open MSN Messenger and I sent my log of Kasperky which was run in safe mode, and my Hijack This log which I ran after I rebooted in Normal mode, to my friend Fishie who is going to post them for me this morning. It found a lot of trojans it seems but some are in quarantine in my spybot. I didn't turn off spybot but just the teatimer as you instructed. Hope that was ok. I will check back during the day from work to see if any response and I can print out any instructions you send from here I think.

Thank you again so much Sue!!
~*~maggie~*~

#13 fishie

fishie

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 19 August 2005 - 08:30 AM

Maggie's Kaspersky Log

Statistics:
Start time: 8/18/2005 11:26:29 PM
Completion time: 8/19/2005 7:41:27 AM
Objects scanned: 355348
Dangerous objects detected: 56
Viruses disinfected: 0
Objects deleted: 0
Objects quarantined: 0

Settings:
Objects to scan:
My Computer
If a dangerous object is detected:
Prompt user for action once the scan is completed
Scan level:
Recommended
Exclusions from the scan scope:
Option not used

Report:
c:\pi1_60.exe;is a Trojan Trojan-Downloader.Win32.Small.aal;8/18/2005 11:26:49 PM
c:\pi1_60.exe;object could not be disinfected, disinfection postponed;8/18/2005 11:26:49 PM
c:\m190309.exe;is a Trojan Trojan-Downloader.Win32.Delmed.a;8/18/2005 11:26:49 PM
c:\m190309.exe;object could not be disinfected, disinfection postponed;8/18/2005 11:26:49 PM
c:\uci.exe;is a Trojan Trojan-Dropper.Win32.Agent.hl;8/18/2005 11:26:49 PM
c:\uci.exe;object could not be disinfected, disinfection postponed;8/18/2005 11:26:49 PM
c:\verticlick_3_220.exe;is a Trojan Trojan-Downloader.Win32.Qoologic.aa;8/18/2005 11:26:49 PM
c:\verticlick_3_220.exe;object could not be disinfected, disinfection postponed;8/18/2005 11:26:50 PM
c:\shopinst.exe;is a Trojan Trojan-Downloader.Win32.Small.apm;8/18/2005 11:26:50 PM
c:\shopinst.exe;object could not be disinfected, disinfection postponed;8/18/2005 11:26:50 PM
c:\cxtpls_loader.exe;is a Trojan Trojan-Downloader.Win32.Apropo.ae;8/18/2005 11:26:50 PM
c:\cxtpls_loader.exe;object could not be disinfected, disinfection postponed;8/18/2005 11:26:51 PM
c:\VB3.exe;is a Trojan Trojan-Dropper.Win32.Agent.hl;8/18/2005 11:26:51 PM
c:\VB3.exe;object could not be disinfected, disinfection postponed;8/18/2005 11:26:51 PM
c:\InstallAPS.exe;is a Trojan Trojan-Dropper.Win32.Agent.lu;8/18/2005 11:26:51 PM
c:\InstallAPS.exe;object could not be disinfected, disinfection postponed;8/18/2005 11:26:51 PM
c:\setup1047.exe;is a Trojan Trojan-Downloader.Win32.Small.aal;8/18/2005 11:26:51 PM
c:\setup1047.exe;object could not be disinfected, disinfection postponed;8/18/2005 11:26:51 PM
c:\_RESTORE\TEMP\TRKGIF.0;is a Trojan Trojan-Clicker.Win32.VB.ex;8/18/2005 11:32:49 PM
c:\_RESTORE\TEMP\TRKGIF.0;object could not be disinfected, disinfection postponed;8/18/2005 11:32:49 PM
c:\_RESTORE\TEMP\TSM2.0;is a Trojan Trojan-Downloader.Win32.TSUpdate.g;8/18/2005 11:32:50 PM
c:\_RESTORE\TEMP\TSM2.0;object could not be disinfected, disinfection postponed;8/18/2005 11:32:50 PM
c:\_RESTORE\TEMP\TSL2.0;is a Trojan Trojan-Downloader.Win32.TSUpdate.g;8/18/2005 11:32:50 PM
c:\_RESTORE\TEMP\TSL2.0;object could not be disinfected, disinfection postponed;8/18/2005 11:32:50 PM
c:\_RESTORE\TEMP\TS2.0;is a Trojan Trojan-Downloader.Win32.TSUpdate.h;8/18/2005 11:32:50 PM
c:\_RESTORE\TEMP\TS2.0;object could not be disinfected, disinfection postponed;8/18/2005 11:32:50 PM
c:\_RESTORE\TEMP\INSTAL~1.0;is a Trojan Trojan-Dropper.Win32.Agent.lu;8/18/2005 11:33:17 PM
c:\_RESTORE\TEMP\INSTAL~1.0;object could not be disinfected, disinfection postponed;8/18/2005 11:33:17 PM
c:\_RESTORE\TEMP\INSTAL~2.0;is a Trojan Trojan-Downloader.Win32.Qoologic.v;8/18/2005 11:33:29 PM
c:\_RESTORE\TEMP\INSTAL~2.0;object could not be disinfected, disinfection postponed;8/18/2005 11:33:29 PM
c:\WINDOWS\eooeknk.dll;is a Trojan Trojan-Downloader.Win32.Qoologic.aa;8/19/2005 12:00:56 AM
c:\WINDOWS\eooeknk.dll;object could not be disinfected, disinfection postponed;8/19/2005 12:00:56 AM
c:\WINDOWS\SYSTEM\AUNPS2.dll;is a Trojan Trojan-Clicker.Win32.Small.ez;8/19/2005 12:02:12 AM
c:\WINDOWS\SYSTEM\AUNPS2.dll;object could not be disinfected, disinfection postponed;8/19/2005 12:02:12 AM
c:\WINDOWS\SYSTEM\web2_212.exe;is a Trojan Trojan-Downloader.Win32.Qoologic.v;8/19/2005 12:02:15 AM
c:\WINDOWS\SYSTEM\web2_212.exe;object could not be disinfected, disinfection postponed;8/19/2005 12:02:15 AM
c:\WINDOWS\SYSTEM\supdate.dll;is a Trojan Trojan-Downloader.Win32.Qoologic.p;8/19/2005 12:02:15 AM
c:\WINDOWS\SYSTEM\supdate.dll;object could not be disinfected, disinfection postponed;8/19/2005 12:02:15 AM
c:\WINDOWS\SYSTEM\stlb2.dll;is a Trojan Trojan-Downloader.Win32.Braidupdate.d;8/19/2005 12:02:37 AM
c:\WINDOWS\SYSTEM\stlb2.dll;object could not be disinfected, disinfection postponed;8/19/2005 12:02:37 AM
c:\WINDOWS\SYSTEM\e6f1873b.dll;is a Trojan Trojan-Downloader.Win32.Braidupdate.d;8/19/2005 12:02:38 AM
c:\WINDOWS\SYSTEM\e6f1873b.dll;object could not be disinfected, disinfection postponed;8/19/2005 12:02:38 AM
c:\WINDOWS\SYSTEM\datadx.dll;is a Trojan Trojan-Downloader.Win32.Qoologic.aa;8/19/2005 12:02:41 AM
c:\WINDOWS\SYSTEM\datadx.dll;object could not be disinfected, disinfection postponed;8/19/2005 12:02:41 AM
c:\WINDOWS\SYSTEM\conres.cpl;is a Trojan Trojan-Downloader.Win32.Qoologic.p;8/19/2005 12:02:41 AM
c:\WINDOWS\SYSTEM\conres.cpl;object could not be disinfected, disinfection postponed;8/19/2005 12:02:41 AM
c:\WINDOWS\SYSTEM\wintask.exe;is a Trojan Trojan-Downloader.Win32.Small.abd;8/19/2005 12:02:45 AM
c:\WINDOWS\SYSTEM\wintask.exe;object could not be disinfected, disinfection postponed;8/19/2005 12:02:45 AM
c:\WINDOWS\Start Menu\Programs\Disabled Startup Items\dppd.exe;is a Trojan Trojan-Downloader.Win32.Qoologic.u;8/19/2005 12:06:33 AM
c:\WINDOWS\Start Menu\Programs\Disabled Startup Items\dppd.exe;object could not be disinfected, disinfection postponed;8/19/2005 12:06:33 AM
c:\WINDOWS\TEMP\b.com;is a Trojan Trojan-Dropper.Win32.Agent.pb;8/19/2005 12:06:41 AM
c:\WINDOWS\TEMP\b.com;object could not be disinfected, disinfection postponed;8/19/2005 12:06:41 AM
c:\WINDOWS\Downloaded Program Files\jao.dll;is a Trojan Trojan-Spy.Win32.Briss.k;8/19/2005 12:10:35 AM
c:\WINDOWS\Downloaded Program Files\jao.dll;object could not be disinfected, disinfection postponed;8/19/2005 12:10:35 AM
c:\WINDOWS\Temporary Internet Files\installer_MARKETING58.exe;is a Trojan Trojan-Downloader.Win32.Adload.a;8/19/2005 12:10:37 AM
c:\WINDOWS\Temporary Internet Files\installer_MARKETING58.exe;object could not be disinfected, disinfection postponed;8/19/2005 12:10:37 AM
c:\WINDOWS\Temporary Internet Files\SSK39.exe;is a Trojan Trojan-Dropper.Win32.Small.qn;8/19/2005 12:10:37 AM
c:\WINDOWS\Temporary Internet Files\SSK39.exe;object could not be disinfected, disinfection postponed;8/19/2005 12:10:37 AM
c:\WINDOWS\Temporary Internet Files\shopinst.exe;is a Trojan Trojan-Downloader.Win32.Small.apm;8/19/2005 12:10:38 AM
c:\WINDOWS\Temporary Internet Files\shopinst.exe;object could not be disinfected, disinfection postponed;8/19/2005 12:10:38 AM
c:\WINDOWS\Temporary Internet Files\pi1_51.exe;is a Trojan Trojan-Downloader.Win32.Small.aal;8/19/2005 12:10:38 AM
c:\WINDOWS\Temporary Internet Files\pi1_51.exe;object could not be disinfected, disinfection postponed;8/19/2005 12:10:38 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdultLinksQcBar1.zip\QcBar.inf;password protected, has not been processed;8/19/2005 12:11:03 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdultLinksQcBar1.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:03 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdultLinksQcBar.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdultLinksQcBar.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb.zip\Installr/1.bin/F3EZSETP.DLL;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb.zip\Installr/Cache/files.ini;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb.zip\Installr/Cache/004DD7A4;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb.zip\Installr/Cache/004DFBA0;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb.zip\Installr/Cache/004DFC7F;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb.zip\Installr/Cache/004DFD7C;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb.zip\Installr/Cache/004DFE1B;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb.zip\Shared/Cache/SmileyCentralBtn.html;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb.zip\Shared/Cache/CursorManiaBtn.html;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb.zip\Shared/Cache/MyStationeryBtn.html;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb.zip\Shared/Cache/MailStampBtn.html;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb.zip\Shared/Cache/SmileyCentralBtn-new.html;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb.zip\Shared/Cache/CursorManiaBtn-new.html;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdultLinksQcBar2.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdultLinksQcBar2.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\BlazeFindBridge.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\BlazeFindBridge.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\BlazeFindBridge1.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\BlazeFindBridge1.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\BlazeFindBridge2.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\BlazeFindBridge2.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCA.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCA.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\Roings.zip\objsafe.tlb;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\Roings.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb1.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb1.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb2.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb2.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb3.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb3.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb4.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb4.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb5.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb5.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb6.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb6.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb7.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb7.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb8.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb8.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb9.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb9.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb10.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb10.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb11.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb11.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated.zip\RELATED.HTM;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\SexList.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\SexList.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\StatblasterAllfiles.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\StatblasterAllfiles.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\CometCursors.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\CometCursors.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\CometCursors1.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\CometCursors1.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\CometCursors2.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\CometCursors2.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:04 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:05 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:05 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\StatblasterAllfiles1.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:05 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\StatblasterAllfiles1.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:05 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\BlazeFindBrowserhelper.zip\2_0_1browserhelper2.dll;password protected, has not been processed;8/19/2005 12:11:05 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\BlazeFindBrowserhelper.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:05 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsAdTools.zip\ide21201.vxd;password protected, has not been processed;8/19/2005 12:11:05 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindowsAdTools.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:05 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:05 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:05 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer1.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:05 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer1.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:05 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy.zip\instsrv.exe;password protected, has not been processed;8/19/2005 12:11:05 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:05 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\nCase.zip\hgvuraf.exe;password protected, has not been processed;8/19/2005 12:11:05 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\nCase.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:05 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCA1.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:05 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCA1.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:05 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCA2.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:05 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\DyFuCA2.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:05 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy1.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:05 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy1.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:05 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy2.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:05 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy2.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:05 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy3.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:05 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy3.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:05 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechPowerScan.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:05 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechPowerScan.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:05 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\nCase1.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:05 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\nCase1.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:05 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\nCase2.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:05 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\nCase2.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:05 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\nCase3.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:05 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\nCase3.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:05 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\nCase4.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:05 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\nCase4.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:05 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts1.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:05 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts1.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:05 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:05 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:05 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch1.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:05 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch1.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:05 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch2.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:05 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch2.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:05 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindUpdates.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:05 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindUpdates.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:05 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindUpdates1.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:05 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\WindUpdates1.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:05 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechSideFind.zip\exclean.exe;password protected, has not been processed;8/19/2005 12:11:05 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechSideFind.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:05 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\eGroupInstantAccess.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:05 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\eGroupInstantAccess.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:05 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace1.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace1.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace2.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace2.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace3.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace3.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace4.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace4.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace5.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace5.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace6.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace6.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\Pacimedia.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\Pacimedia.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace7.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace7.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace8.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace8.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace9.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace9.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace10.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace10.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace11.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace11.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace12.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace12.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace13.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace13.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank1.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank1.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank2.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank2.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank3.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank3.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank4.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank4.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank5.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank5.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank6.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank6.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank7.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchAboutblank7.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy4.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy4.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy5.zip\javexulm.vxd;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy5.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy6.zip\bbchk.exe;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy6.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy7.zip\exul.exe;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy7.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy8.zip\exdl.exe;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy8.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy9.zip\msbe.dll;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy9.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechSideFind1.zip\exdl.exe;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechSideFind1.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\Pacimedia1.zip\wintask.exe;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\Pacimedia1.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:06 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\Pacimedia2.zip\mqexdlm.srg;password protected, has not been processed;8/19/2005 12:11:07 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\Pacimedia2.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:07 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\Pacimedia3.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:07 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\Pacimedia3.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:07 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia1.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:07 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\AproposMedia1.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:07 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:07 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearch.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:07 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\Targetsaver.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:07 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\Targetsaver.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:07 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdmilliService.zip\ide21201.vxd;password protected, has not been processed;8/19/2005 12:11:07 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdmilliService.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:07 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechSideFind2.zip\exdl.exe;password protected, has not been processed;8/19/2005 12:11:07 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechSideFind2.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:07 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace14.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:07 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace14.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:07 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace15.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:07 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace15.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:07 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace16.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:07 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace16.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:07 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace17.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:07 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace17.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:07 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace18.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:07 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace18.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:07 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace19.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:07 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace19.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:07 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace20.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:07 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace20.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:07 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\Pacimedia4.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:07 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\Pacimedia4.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:07 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\Tango.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:07 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\Tango.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:07 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy10.zip\icon.gif;password protected, has not been processed;8/19/2005 12:11:07 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy10.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:07 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy11.zip\javexulm.vxd;password protected, has not been processed;8/19/2005 12:11:07 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy11.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:07 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy12.zip\bbchk.exe;password protected, has not been processed;8/19/2005 12:11:07 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy12.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:07 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy13.zip\exul.exe;password protected, has not been processed;8/19/2005 12:11:07 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy13.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:07 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy14.zip\exdl3.exe;password protected, has not been processed;8/19/2005 12:11:07 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy14.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:07 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy15.zip\exdl2.exe;password protected, has not been processed;8/19/2005 12:11:07 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy15.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:07 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy16.zip\exdl.exe;password protected, has not been processed;8/19/2005 12:11:07 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy16.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:07 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy17.zip\msbe.dll;password protected, has not been processed;8/19/2005 12:11:07 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy17.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:07 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy18.zip\nvms.dll;password protected, has not been processed;8/19/2005 12:11:07 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy18.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:07 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy19.zip\mscb.dll;password protected, has not been processed;8/19/2005 12:11:08 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy19.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:08 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy20.zip\blank.gif;password protected, has not been processed;8/19/2005 12:11:08 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy20.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:08 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy21.zip\bb_welcome.html;password protected, has not been processed;8/19/2005 12:11:08 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy21.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:08 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy22.zip\bb_welcome1.swf;password protected, has not been processed;8/19/2005 12:11:08 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy22.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:08 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy23.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:08 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy23.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:08 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy24.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:08 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy24.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:08 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy25.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:08 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy25.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:08 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy26.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:08 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy26.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:08 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy27.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:08 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy27.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:08 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy28.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:08 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy28.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:08 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy29.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:08 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy29.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:08 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy30.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:08 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy30.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:08 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy31.zip\sbRecovery.reg;password protected, has not been processed;8/19/2005 12:11:08 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy31.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:08 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy32.zip\nls.exe;password protected, has not been processed;8/19/2005 12:11:08 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy32.zip\sbRecovery.ini;password protected, has not been processed;8/19/2005 12:11:08 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy33.zip\cashback.exe;password protected, has not been processed;8/19/2005 12:11:08 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdvertisingBargainsBuddy33.zip\cb.exe;password protected, has not been processed;8/19/2005 12:11:08 AM
c:\WINDOWS\All Users\Application Data\Spybot - Search & Destroy\Recovery\ExactAdverti

#14 fishie

fishie

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 19 August 2005 - 08:31 AM

Logfile of HijackThis v1.99.1
Scan saved at 8:10:19 AM, on 8/19/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\KAVSVC.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\SOUNDMAN.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\KASPERSKY LAB\KASPERSKY ANTI-VIRUS PERSONAL\KAV.EXE
C:\PROGRAM FILES\MEDIA ACCESS\MEDIAACCK.EXE
C:\PROGRAM FILES\MEDIA ACCESS\MEDIAACCESS.EXE
C:\WINDOWS\ETB\POKAPOKA63.EXE
C:\WINDOWS\K44KPS.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\CTFMON.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/lobby/search.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...=5.5&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...=5.5&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.msn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\PROGRAM FILES\SURFSIDEKICK 3\SSKBHO.DLL
O4 - HKLM\..\Run: [SiSSoundMan] C:\WINDOWS\SYSTEM\SoundMan.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SiSSetCDfmt] C:\WINDOWS\SYSTEM\SetCDfmt.exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [Media Access] C:\PROGRAM FILES\MEDIA ACCESS\MediaAccK.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\PROGRAM FILES\SURFSIDEKICK 3\Ssk.exe
O4 - HKLM\..\Run: [System service63] C:\WINDOWS\ETB\POKAPOKA63.EXE
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\k44kps.exe reg_run
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [kavsvc] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\Run: [SurfSideKick 3] C:\PROGRAM FILES\SURFSIDEKICK 3\Ssk.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Hlir] C:\Program Files\hlre\rarb.exe
O4 - Startup: dppd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL/cmtrans.html
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\PROGRA~1\INTERN~1\Toolbar\toolbar.hta
O9 - Extra 'Tools' menuitem: &Toolbar Wallpaper - {c23dd370-cb79-11d2-898a-00c04f80a47f} - C:\PROGRA~1\INTERN~1\Toolbar\toolbar.hta
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://sc.communities.msn.com/controls/chat/msnchat45.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://f1.pg.photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by10fd.bay10.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tri...Transporter.cab?
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://wsc2.perfora.net/app/static/activex/msxml4.cab
O16 - DPF: {7BA7BCE2-D359-4407-82D9-CDF9A74C487A} (DownLoadStub Class) - http://www.hpphoto.com/downloads/DownloadPhotos.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.com/app/ST/ActiveX.ocx
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/...ropper1_6us.cab
O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (CDToolCtrl Class) - http://free.aol.com/tryaolfree/cdt175/aolcdt175.cab

#15 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:09:31 AM

Posted 19 August 2005 - 03:49 PM

You can do all this in safe mode. Do not reboot until instructed to do so.

IMPORTANT: Before you reboot into normal mode or go online, since you need Kaspersky right now, you may want to uninstall/disable Norton Anti-Virus. Please read this:

There are basically two types of anti-virus programs:
On-Access and On-Demand

On-Access Scanners
As the name implies, it runs in the background all the time the PC is turned on and running. The main function of an on-access scanner is to monitor activity on your machine.

On-Demand Scanners
As the name implies, are scanners that only run when you ask them to.
Such as:
Online Scans and scanners that run on your machine but are not actively scanning your machine

Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. I notice that you are using more than one anti-virus program. This is very dangerous, as multiple anti-virus programs can interfere with one another and actually allow MORE viruses to get through. Running two anti-virus programs at the same time could lead to both of them trying to scan the same file at the same time, scan the same email at the same time and so on which could lead to conflicts. I strongly suggest you either (1) configure only one anti-virus program to enable automatic realtime scanning, and leave the rest disabled most of the time, or (2) go to Start -> Control Panel -> Add/Remove Programs and uninstall all but one anti-virus program.

The viruses Kaspersky found in Restore will not do any harm as long as you do not do a System Restore. When we get your computer clean, we will turn System Restore off, reboot, and turn it back on.

You may want to print out this page. Make sure to work through the fixes in the order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.
  • Run Kaspersky in safe mode and let it fix what it finds.
  • Use "Control Panel > Internet Options > General tab" and click the "Delete File" button. When prompted place a check in: "Delete all offline content", then click OK.
  • Use Windows Explorer to clean out ALL the other temp folders on your system (navigate to the folder, use "Edit > Select All", press "Delete", click "Yes"):
    • C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
    • C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
    • C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
  • C:\Windows\Prefetch\
  • Empty your "Recycle Bin"
  • Open Spybot S&D.
    • Click the Recovery icon.
    • You will then see all the files that S&D has cleaned from your system.
    • Check all of them.
    • Click on the Red X Purge Selected Items.
    • Close Spybot S&D
Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) or use HiJackThis {Open the Misc Tools Section then open UninStall Manager.) Do not worry if they are not there:

MEDIA ACCESS

Winupdates

EliteToolbar

ETB

SURFSIDEKICK 3

SearchMiracle.EliteBar

hlre


Use 'ctrl' + 'alt' + 'del' (Three keys together) to get task manager. Find these processes and 'end task' them.
OR]
Use the process viewer in Hijackthis, Open the Misc Tools Section then Open Process Manager, find these programs and ďkill processĒ the following running processes (Do not worry if they are not there)


MEDIAACCESS.EXE

POKAPOKA63.EXE

K44KPS.EXE

rarb.exe

KNNKAH.EXE

InstallAPS.exe

VB3.exe

cxtpls_loader.exe

pi1_60.exe

m190309.exe

uci.exe

verticlick_3_220.exe

shopinst.exe

setup1047.exe

web2_212.exe

wintask.exe

dppd.exe

installer_MARKETING58.exe

SSK39.exe

shopinst.exe

pi1_51.exe

Ssk.exe


Now we will address the HijackThis fixes.

Please run HijackThis and click "Scan." Place checks next to the following entries (make sure not to miss any):

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://home.microsoft.com/access/autosearch.asp?p=%s

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/lobby/search.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...=5.5&ar=msnhome

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...=5.5&ar=msnhome

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.msn.com/

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\PROGRAM FILES\SURFSIDEKICK 3\SSKBHO.DLL

O4 - HKLM\..\Run: [Media Access] C:\PROGRAM FILES\MEDIA ACCESS\MediaAccK.exe

O4 - HKLM\..\Run: [SurfSideKick 3] C:\PROGRAM FILES\SURFSIDEKICK 3\Ssk.exe

O4 - HKLM\..\Run: [System service63] C:\WINDOWS\ETB\POKAPOKA63.EXE

O4 - HKLM\..\Run: [winsync] C:\WINDOWS\k44kps.exe reg_run

O4 - HKCU\..\Run: [SurfSideKick 3] C:\PROGRAM FILES\SURFSIDEKICK 3\Ssk.exe

O4 - HKCU\..\Run: [Hlir] C:\Program Files\hlre\rarb.exe

O4 - Startup: dppd.exe

O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tri...Transporter.cab?

O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://wsc2.perfora.net/app/static/activex/msxml4.cab

O16 - DPF: {7BA7BCE2-D359-4407-82D9-CDF9A74C487A} (DownLoadStub Class) - http://www.hpphoto.com/downloads/DownloadPhotos.cab

O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN.cab

O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) - http://www.icannnews.com/app/ST/ActiveX.ocx

O16 - DPF: {B8E71371-F7F7-11D2-A2CE-0060B0FB9D0D} (CDToolCtrl Class) - http://free.aol.com/tryaolfree/cdt175/aolcdt175.cab


The following have randomly named file names, and as such are normally malware, UNLESS you know what they are, and they are from a safe source, please check to fix.

O4 - HKCU\..\Run: [Hlir] C:\Program Files\hlre\rarb.exe

O4 - Startup: dppd.exe


Close all browsers and other windows except for HijackThis, and click "Fix Checked" to have HijackThis fix the entries you checked.

NOTE: To avoid the risk of any of the above not being found due to them having the 'Hidden' attribute, show all files as follows:
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Using Windows Explorer, locate the following files/folders, and DELETE them (Do not worry if they are not there):

Search for and delete these folders:

C:\PROGRAM FILES\MEDIA ACCESS which contains MEDIAACCK.EXE

C:\WINDOWS\ETB which contains POKAPOKA63.EXE

C:\PROGRAM FILES\SURFSIDEKICK 3\SSKBHO.DLL and Ssk.exe

C:\PROGRAM FILES\HLRE which contains RARB.EXE

Search for and delete these files :

C:\Windows\EliteToolBar

C:\Windows\EliteSideBar

C:\Windows\EliteBar

C:\Windows\System32\Error.dat

C:\Windows\System32\eliteerror32.dat

C:\WINDOWS\KNNKAH.EXE

C:\WINDOWS\k44kps.exe reg_run

c:\WINDOWS\eooeknk.dll

c:\InstallAPS.exe

c:\VB3.exe

c:\cxtpls_loader.exe

c:\pi1_60.exe

c:\m190309.exe

c:\uci.exe

c:\verticlick_3_220.exe

c:\shopinst.exe

c:\setup1047.exe

c:\WINDOWS\SYSTEM\AUNPS2.dll

c:\WINDOWS\SYSTEM\web2_212.exe

c:\WINDOWS\SYSTEM\supdate.dll

c:\WINDOWS\SYSTEM\stlb2.dll

c:\WINDOWS\SYSTEM\e6f1873b.dll

c:\WINDOWS\SYSTEM\datadx.dll

c:\WINDOWS\SYSTEM\conres.cpl

c:\WINDOWS\SYSTEM\wintask.exe

c:\WINDOWS\Start Menu\Programs\Disabled Startup Items\dppd.exe

c:\WINDOWS\TEMP\b.com

c:\WINDOWS\Downloaded Program Files\jao.dll

c:\WINDOWS\Temporary Internet Files\installer_MARKETING58.exe

c:\WINDOWS\Temporary Internet Files\SSK39.exe

c:\WINDOWS\Temporary Internet Files\shopinst.exe

c:\WINDOWS\Temporary Internet Files\pi1_51.exe

Reboot normally and run at least 2 of the following on-line virus scans:

TrendMicro Housecall<<<Put on 'Autoclean' and delete what it can't clean

Panda ActiveScan <<<Accept default settings.

BitDefender<<<Add a check by 'Autoclean'.

Trend Micro Housecall<<<Put on 'Autoclean' and delete what it can't clean. This scanner from TrendMicro does not require an activeX to run, this means that you can use Firefox or any other browser to run it as long as the browser supports Java.

If you do not already have Ad-Aware SE 1.06 then follow these download and setup instructions: Ad-Aware SE Setup. Otherwise, just check for updates. Please download Ad-Aware SE HERE.

Click Start, choose Perform Smart System scan and click Next. Fix everything that Ad-aware has found as suspicious after the scan finishes. A tutorial for using AdAware can be found HERE

Start Ad-aware SE, click the Start button and choose Perform Full System Scan. Click the Next button and wait for the scan to complete. If anything was found, right-click on the list and choose Select All and remove all it finds.

b]When you have completed the scans, if you get a report of files that canít be cleaned / deleted, please write down the filenames and locations and post that in your reply.[/b]

Please go to the following web addresses and download Cleanup HERE CleanUp! is a powerful and easy-to-use application that removes temporary files created while surfing the web, empties the Recycle Bin, deletes files from your temporary folders and more. Do not run it yet.

Letís run Cleanup to ensure no malware is hiding in temporary folders and for general computer cleanup to free space on your computer.

Please run HijackThis again and post a fresh log, just so I can make sure that all the malware was deleted according to plan
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users