Hello!

Here is the back story. I've been having bad luck with my computer lately. Last week, without warning, I lost my entire hard drive. I had a new hard drive installed, and the reinstallation of Windows sent me back to 2003. While trying to update windows and get my 2007 anti-virus program installed (I had purchased and downloaded it from the internet, so I didn't have the CD to install it before logging online) I was immediately attacked left and right by storms of viruses and other malware. Some of these viruses were so uncontrollable (they would shut my computer down every 30 seconds and prevent me from accessing thed internet, among other surprises) that I decided to start from scratch and wound up reinstalling Windows two more times. Eleven hours later, I was able to finally get Panda Titanium + Firewall 2007 up and working. Needless to say, some problems, however, seem to have remained in my computer. The biggest issue is that it shuts down with a blue screen that says there's a problem with a device driver.

Here are the steps I have taken to try to resolve the issue. First and foremost, I have installed all available updates from Microsoft/Windows. I have updated and run several full scans with my anti-virus program. I have run fully updated versions of SpyBot, AdAware, CWShredder, MalWhere, the free part of Registry Mechanic, and HijackThis. I have removed several problems, but two major issues continue to come back.

The worst problem is that my computer will occasionally still go into that blue screen. The second major problem that keeps coming back is shown in SpyBot as a series of Microsoft Windows Automatic Updates disablers. I have tried to turn automatic updates back on manually more times than I can count. I'm out of ideas and programs that can help me to resolve these issues, so I'm really hoping that you can tell me what else I can do.

This is a copy of my latest HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 1:25:47 PM, on 1/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\panda software\panda antivirus + firewall 2007\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\system\mside.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\psimsvc.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\EzButton\CplBTQ00.EXE
C:\Program Files\Toshiba Controls\CpRmtKey.EXE
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
c:\program files\panda software\panda antivirus + firewall 2007\WebProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\psimreal.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe
C:\Documents and Settings\Home\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CSMHelperObj Class - {0F660F64-F4C9-477F-8529-44181B717472} - C:\Program Files\AT&T\WnClient\Programs\CSMBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [CplBTQ00] C:\Program Files\EzButton\CplBTQ00.EXE
O4 - HKLM\..\Run: [CpRmtKey] "C:\Program Files\Toshiba Controls\CpRmtKey.EXE"
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: AnyWho - {0264505A-6793-44E0-AC75-9DCE3B13185C} - C:\Program Files\AT&T\WnClient\Programs\AnyWho.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168600361609
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D05B7A0-02E8-4086-BBA9-965C16C39631}: NameServer = 85.37.17.5 151.99.125.1
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft Sata emulation (mside) - Unknown owner - C:\WINDOWS\system\mside.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda antivirus + firewall 2007\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\psimsvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe
O23 - Service: Windows Driver Framework - Unknown owner - C:\WINDOWS\svchost.exe (file missing)



Thank you so, so much for all of your help and kindness.

All the best,

Linnea

Hello Linnea and welcome to the forum, sorry for the delay, have you resolved your problem? If not I would like to try to help. We have what is probably a very nasty worm running from your services, see this:
http://www.sophos.com/virusinfo/analyses/trojkeylogat.html
Now it may not be that trojan at all but I am fairly certain it is a worm. I really need to give you this information:
One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

However, if you do not have the resources to reinstall your computer and would like me to attempt to clean it, I will be happy to do so.
Should you have any questions, please feel free to ask.

Please let us know what you have decided to do in your next post.

Broadband Reports.com

One or more of the identified infections steal information. If this system is used for online banking or has credit card information on it, all passwords should be changed immediately by using a different computer (not the infected one!) to make the changes. Banking and credit card institutions, if any, should be notified of the possible security breech. I suggest that you read this article too:
http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall
http://www.dslreports.com/faq/10063

You can be considering that information as we identify this worm.

You will need to enable all files and folders or you may not find it:
http://www.xtra.co.nz/help/0,,4155-1916458,00.html

Use one or more of these free online scanners to identify it and post the results for me to view:
http://virusscan.jotti.org/
http://www.kaspersky.com/scanforvirus
http://www.virustotal.com/flash/index_en.html

Here is the item: O23 - Service: Windows Driver Framework - Unknown owner - C:\WINDOWS\svchost.exe (file missing)

Scan this file: C:\WINDOWS\svchost.exe and be careful not to confuse it with the legitimate file which would be running in the C:\Windows\System32\ folder.

You also said this:
The biggest issue is that it shuts down with a blue screen that says there's a problem with a device driver.I must have any error messages posted "word for word", that is the only way we have a chance at researching them.

Let me know what you find out and what you wish to do.

Thanks

Hello! Thanks so much for getting back to me with such a thorough analysis. I've read everything you've sent and I followed all the links. It looks like I was - and might still be - in a very scary situation. I should note that I am not very computer savvy. I've included a lot of information in this reply, so I hope that I haven't broken any rules of forum etiquette by posting so much information. I have broken it into parts because it exceeded the character limit in the frames. Here we go.

I took some action on my own before you got back to me, so I'd like to explain what I did and what has changed so that we're on the same page.

I got my hands on a copy of Kaspersky 6.0, and it was able to pick up all kinds of things that Panda Titanium + Firewall 2007 didn't catch. Here is the list of horrible things that were fished out of the system:

deleted: Trojan program Backdoor.Win32.SdBot.xd File: C:\WINDOWS\system\mside.exe//DotFix NiceProtect//PE_Patch.UPX//UPX
deleted: Trojan program Trojan.Win32.Agent.wl File: C:\System Volume Information\_restore{31882CA9-A57D-4B69-88CE-5DD3BBFE2D94}\RP125\A0019692.exe
deleted: Trojan program Trojan.Win32.Agent.wl File: C:\System Volume Information\_restore{31882CA9-A57D-4B69-88CE-5DD3BBFE2D94}\RP128\A0020742.EXE
deleted: Trojan program Backdoor.Win32.IRCBot.ul File: C:\System Volume Information\_restore{31882CA9-A57D-4B69-88CE-5DD3BBFE2D94}\RP24\A0003653.exe//PE_Patch//PE_Patch
deleted: virus Packed.Win32.CryptExe (modification) File: C:\System Volume Information\_restore{31882CA9-A57D-4B69-88CE-5DD3BBFE2D94}\RP24\A0003654.exe//PE_Patch
deleted: Trojan program Backdoor.Win32.IRCBot.ul File: C:\System Volume Information\_restore{31882CA9-A57D-4B69-88CE-5DD3BBFE2D94}\RP25\A0003675.exe//PE_Patch//PE_Patch
deleted: virus Packed.Win32.CryptExe (modification) File: C:\System Volume Information\_restore{31882CA9-A57D-4B69-88CE-5DD3BBFE2D94}\RP25\A0003681.exe//PE_Patch
deleted: Trojan program Backdoor.Win32.IRCBot.ul File: C:\System Volume Information\_restore{31882CA9-A57D-4B69-88CE-5DD3BBFE2D94}\RP26\A0003686.exe//PE_Patch
deleted: Trojan program Backdoor.Win32.IRCBot.ul File: C:\System Volume Information\_restore{31882CA9-A57D-4B69-88CE-5DD3BBFE2D94}\RP27\A0003694.exe//PE_Patch
deleted: virus Packed.Win32.CryptExe (modification) File: C:\System Volume Information\_restore{31882CA9-A57D-4B69-88CE-5DD3BBFE2D94}\RP28\A0003702.exe//PE_Patch
deleted: Trojan program Trojan-Dropper.Win32.Pakes File: C:\System Volume Information\_restore{31882CA9-A57D-4B69-88CE-5DD3BBFE2D94}\RP29\A0003789.exe
deleted: Trojan program Backdoor.Win32.Rbot.bnz File: C:\System Volume Information\_restore{31882CA9-A57D-4B69-88CE-5DD3BBFE2D94}\RP30\A0003816.exe
deleted: Trojan program Trojan-Dropper.Win32.Pakes File: C:\System Volume Information\_restore{31882CA9-A57D-4B69-88CE-5DD3BBFE2D94}\RP31\A0005826.exe//CryptFF
deleted: virus Net-Worm.Win32.Allaple.d File: C:\System Volume Information\_restore{31882CA9-A57D-4B69-88CE-5DD3BBFE2D94}\RP31\A0005827.exe//CryptFF
deleted: Trojan program Backdoor.Win32.Rbot.bnz File: C:\System Volume Information\_restore{31882CA9-A57D-4B69-88CE-5DD3BBFE2D94}\RP31\A0005828.exe//CryptFF
deleted: Trojan program Backdoor.Win32.PoeBot.c File: C:\System Volume Information\_restore{31882CA9-A57D-4B69-88CE-5DD3BBFE2D94}\RP33\A0006256.exe//NPack
deleted: Trojan program Backdoor.Win32.Rbot.btf File: C:\System Volume Information\_restore{31882CA9-A57D-4B69-88CE-5DD3BBFE2D94}\RP33\A0006257.exe
deleted: Trojan program Trojan-Proxy.Win32.Agent.by File: C:\System Volume Information\_restore{31882CA9-A57D-4B69-88CE-5DD3BBFE2D94}\RP33\A0006258.exe
deleted: Trojan program Backdoor.Win32.SdBot.xd File: C:\System Volume Information\_restore{31882CA9-A57D-4B69-88CE-5DD3BBFE2D94}\RP130\A0022932.exe//DotFix NiceProtect//PE_Patch.UPX//UPX


Since that mega-fix, the blue screens and windows update disablers that were picked up by SpyBot have disappeared completely. The only thing that keeps returning in SpyBot is:

Avenue A., Inc.

I have no idea if it's related, but like I said it keeps coming back and I have no idea what's causing it or how to remove it. Scans with AdAware, CWShredder and MalWhere come out clean.



While I'm thrilled that so many other things seem to have been deleted, after reading your post I did a little more investigating into my computer and noticed some things that might be related to my original problem that keep showing up in the Kaspersky log through "Protection ---> Events." This is only a section of the large log, but I'm pretty sure that this is the cycle. The gist is that Kaspersky goes through SpyBot, Microsoft Windows Security Center and AdAware saying that they're "password protected," and then (this is the sketchy part) there are a bunch of intrusions listed from "Win.MSSQL.worm.Helkern!". I don't know what this is about, but I'd rather be safe than sorry. Here is the slice:



1/19/2007 3:36:46 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated.zip/related.htm: is password protected.
1/19/2007 3:36:46 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:46 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Ardamax.zip/lan.001: is password protected.
1/19/2007 3:36:46 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Ardamax.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:47 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Ardamax1.zip/iexplorer.001: is password protected.
1/19/2007 3:36:47 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Ardamax1.zip/iexplorer.006: is password protected.
1/19/2007 3:36:47 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Ardamax1.zip/iexplorer.007: is password protected.
1/19/2007 3:36:47 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Ardamax1.zip/_Nosso_error.log: is password protected.
1/19/2007 3:36:47 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Ardamax1.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:47 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Ardamax2.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:47 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusDisableNotify.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:47 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusDisableNotify.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:47 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusDisableNotify1.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:47 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusDisableNotify1.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:47 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusDisableNotify2.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:47 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusDisableNotify2.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:47 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusDisableNotify3.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:47 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusDisableNotify3.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:47 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusDisableNotify4.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:47 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusDisableNotify4.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:47 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusDisableNotify5.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:47 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusDisableNotify5.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:47 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusDisableNotify6.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:47 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusDisableNotify6.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:48 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusDisableNotify7.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:48 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusDisableNotify7.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:48 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusDisableNotify8.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:48 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusDisableNotify8.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:48 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusDisableNotify9.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:48 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusDisableNotify9.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:48 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:48 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:48 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride1.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:48 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride1.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:48 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride2.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:48 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride2.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:48 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride3.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:48 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride3.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:48 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride4.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:48 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride4.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:49 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride5.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:49 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride5.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:49 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride6.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:49 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride6.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:49 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride7.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:49 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride7.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:49 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride8.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:49 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride8.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:49 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride9.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:49 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusOverride9.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:49 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:49 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:49 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled1.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:49 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled1.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:49 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled2.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:49 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled2.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:49 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled3.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:49 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled3.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:49 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled4.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:49 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled4.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:49 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled5.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:49 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled5.zip/sbRecovery.ini: is password protected.

1/19/2007 3:36:50 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled6.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:50 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled6.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:50 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled7.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:50 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled7.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:50 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled8.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:50 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled8.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:50 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled9.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:50 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled9.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:50 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisabled.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:50 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisabled.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:50 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisabled1.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:50 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisabled1.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:50 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisabled10.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:50 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisabled10.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:50 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisabled11.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:50 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisabled11.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:50 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisabled12.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:50 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisabled12.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:50 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisabled13.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:50 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisabled13.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:50 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisabled14.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:50 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisabled14.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:50 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisabled15.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:50 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisabled15.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:51 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisabled16.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:51 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisabled16.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:51 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisabled17.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:51 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisabled17.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:51 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisabled18.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:51 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisabled18.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:51 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisabled19.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:51 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisabled19.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:51 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisabled2.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:51 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisabled2.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:51 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisabled3.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:51 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisabled3.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:51 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisabled4.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:51 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisabled4.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:51 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisabled5.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:51 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisabled5.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:51 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisabled6.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:51 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisabled6.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:51 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisabled7.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:51 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisabled7.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:51 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisabled8.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:51 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisabled8.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:51 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisabled9.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:51 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisabled9.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:51 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisableNotify.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:51 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisableNotify.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:52 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisableNotify1.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:52 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisableNotify1.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:52 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisableNotify2.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:52 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisableNotify2.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:52 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisableNotify3.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:52 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisableNotify3.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:52 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisableNotify4.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:52 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisableNotify4.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:52 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisableNotify5.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:52 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisableNotify5.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:52 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisableNotify6.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:52 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisableNotify6.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:52 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisableNotify7.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:52 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisableNotify7.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:52 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisableNotify8.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:52 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisableNotify8.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:52 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisableNotify9.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:52 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisableNotify9.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:52 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallOverride.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:52 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallOverride.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:52 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallOverride1.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:52 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallOverride1.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:52 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallOverride2.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:52 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallOverride2.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:52 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallOverride3.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:52 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallOverride3.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:52 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallOverride4.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:52 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallOverride4.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:53 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallOverride5.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:53 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallOverride5.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:53 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallOverride6.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:53 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallOverride6.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:53 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallOverride7.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:53 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallOverride7.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:53 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallOverride8.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:53 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallOverride8.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:53 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallOverride9.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:53 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallOverride9.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:53 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterSPUpdate.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:53 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterSPUpdate.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:53 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterSPUpdate1.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:53 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterSPUpdate1.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:53 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterSPUpdate2.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:53 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterSPUpdate2.zip/sbRecovery.ini: is password protected.

1/19/2007 3:36:53 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterSPUpdate3.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:53 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterSPUpdate3.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:53 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterSPUpdate4.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:53 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterSPUpdate4.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:53 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterSPUpdate5.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:53 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterSPUpdate5.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:53 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterSPUpdate6.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:53 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterSPUpdate6.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:53 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterSPUpdate7.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:53 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterSPUpdate7.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:53 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterSPUpdate8.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:53 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterSPUpdate8.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:53 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterSPUpdate9.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:53 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterSPUpdate9.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:54 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterUpdateDisableNotify.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:54 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterUpdateDisableNotify.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:54 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterUpdateDisableNotify1.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:54 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterUpdateDisableNotify1.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:54 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterUpdateDisableNotify2.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:54 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterUpdateDisableNotify2.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:54 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterUpdateDisableNotify3.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:54 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterUpdateDisableNotify3.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:54 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterUpdateDisableNotify4.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:54 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterUpdateDisableNotify4.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:54 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterUpdateDisableNotify5.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:54 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterUpdateDisableNotify5.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:54 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterUpdateDisableNotify6.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:54 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterUpdateDisableNotify6.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:54 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterUpdateDisableNotify7.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:54 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterUpdateDisableNotify7.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:54 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterUpdateDisableNotify8.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:54 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterUpdateDisableNotify8.zip/sbRecovery.ini: is password protected.
1/19/2007 3:36:54 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterUpdateDisableNotify9.zip/sbRecovery.reg: is password protected.
1/19/2007 3:36:54 AM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterUpdateDisableNotify9.zip/sbRecovery.ini: is password protected.
1/19/2007 3:37:29 AM File C:\Documents and Settings\Home\Desktop\aawsepersonal.exe//WISE0020.BIN/Ad-Aware SE Default.skn: is password protected.
1/19/2007 3:37:29 AM File C:\Documents and Settings\Home\Desktop\aawsepersonal.exe//WISE0020.BIN/arrow1.bmp: is password protected.
1/19/2007 3:37:29 AM File C:\Documents and Settings\Home\Desktop\aawsepersonal.exe//WISE0020.BIN/arrow2.bmp: is password protected.
1/19/2007 3:37:29 AM File C:\Documents and Settings\Home\Desktop\aawsepersonal.exe//WISE0020.BIN/bck1.bmp: is password protected.
1/19/2007 3:37:29 AM File C:\Documents and Settings\Home\Desktop\aawsepersonal.exe//WISE0020.BIN/bt11.bmp: is password protected.
1/19/2007 3:37:29 AM File C:\Documents and Settings\Home\Desktop\aawsepersonal.exe//WISE0020.BIN/bt12.bmp: is password protected.
1/19/2007 3:37:29 AM File C:\Documents and Settings\Home\Desktop\aawsepersonal.exe//WISE0020.BIN/bt13.bmp: is password protected.
1/19/2007 3:37:29 AM File C:\Documents and Settings\Home\Desktop\aawsepersonal.exe//WISE0020.BIN/bt21.bmp: is password protected.
1/19/2007 3:37:29 AM File C:\Documents and Settings\Home\Desktop\aawsepersonal.exe//WISE0020.BIN/bt22.bmp: is password protected.
1/19/2007 3:37:29 AM File C:\Documents and Settings\Home\Desktop\aawsepersonal.exe//WISE0020.BIN/bt23.bmp: is password protected.
1/19/2007 3:37:29 AM File C:\Documents and Settings\Home\Desktop\aawsepersonal.exe//WISE0020.BIN/bt31.bmp: is password protected.
1/19/2007 3:37:29 AM File C:\Documents and Settings\Home\Desktop\aawsepersonal.exe//WISE0020.BIN/bt32.bmp: is password protected.
1/19/2007 3:37:29 AM File C:\Documents and Settings\Home\Desktop\aawsepersonal.exe//WISE0020.BIN/bt33.bmp: is password protected.
1/19/2007 3:37:29 AM File C:\Documents and Settings\Home\Desktop\aawsepersonal.exe//WISE0020.BIN/bt41.bmp: is password protected.
1/19/2007 3:37:29 AM File C:\Documents and Settings\Home\Desktop\aawsepersonal.exe//WISE0020.BIN/bt42.bmp: is password protected.
1/19/2007 3:37:29 AM File C:\Documents and Settings\Home\Desktop\aawsepersonal.exe//WISE0020.BIN/bt43.bmp: is password protected.
1/19/2007 3:37:29 AM File C:\Documents and Settings\Home\Desktop\aawsepersonal.exe//WISE0020.BIN/bt51.bmp: is password protected.
1/19/2007 3:37:29 AM File C:\Documents and Settings\Home\Desktop\aawsepersonal.exe//WISE0020.BIN/bt52.bmp: is password protected.
1/19/2007 3:37:29 AM File C:\Documents and Settings\Home\Desktop\aawsepersonal.exe//WISE0020.BIN/bt53.bmp: is password protected.
1/19/2007 3:37:29 AM File C:\Documents and Settings\Home\Desktop\aawsepersonal.exe//WISE0020.BIN/bt61.bmp: is password protected.
1/19/2007 3:37:29 AM File C:\Documents and Settings\Home\Desktop\aawsepersonal.exe//WISE0020.BIN/bt62.bmp: is password protected.
1/19/2007 3:37:29 AM File C:\Documents and Settings\Home\Desktop\aawsepersonal.exe//WISE0020.BIN/checkbox1.bmp: is password protected.
1/19/2007 3:37:29 AM File C:\Documents and Settings\Home\Desktop\aawsepersonal.exe//WISE0020.BIN/checkbox2.bmp: is password protected.
1/19/2007 3:37:29 AM File C:\Documents and Settings\Home\Desktop\aawsepersonal.exe//WISE0020.BIN/checkbox3.bmp: is password protected.
1/19/2007 3:37:29 AM File C:\Documents and Settings\Home\Desktop\aawsepersonal.exe//WISE0020.BIN/checkbox4.bmp: is password protected.
1/19/2007 3:37:29 AM File C:\Documents and Settings\Home\Desktop\aawsepersonal.exe//WISE0020.BIN/defbtn1.bmp: is password protected.
1/19/2007 3:37:29 AM File C:\Documents and Settings\Home\Desktop\aawsepersonal.exe//WISE0020.BIN/defbtn2.bmp: is password protected.
1/19/2007 3:37:29 AM File C:\Documents and Settings\Home\Desktop\aawsepersonal.exe//WISE0020.BIN/defbtn3.bmp: is password protected.
1/19/2007 3:37:29 AM File C:\Documents and Settings\Home\Desktop\aawsepersonal.exe//WISE0020.BIN/glyph1.bmp: is password protected.
1/19/2007 3:37:29 AM File C:\Documents and Settings\Home\Desktop\aawsepersonal.exe//WISE0020.BIN/glyph2.bmp: is password protected.
1/19/2007 3:37:29 AM File C:\Documents and Settings\Home\Desktop\aawsepersonal.exe//WISE0020.BIN/glyph3.bmp: is password protected.
1/19/2007 3:37:29 AM File C:\Documents and Settings\Home\Desktop\aawsepersonal.exe//WISE0020.BIN/glyph4.bmp: is password protected.
1/19/2007 3:37:29 AM File C:\Documents and Settings\Home\Desktop\aawsepersonal.exe//WISE0020.BIN/glyph5.bmp: is password protected.
1/19/2007 3:37:29 AM File C:\Documents and Settings\Home\Desktop\aawsepersonal.exe//WISE0020.BIN/glyph6.bmp: is password protected.
1/19/2007 3:37:29 AM File C:\Documents and Settings\Home\Desktop\aawsepersonal.exe//WISE0020.BIN/glyph7.bmp: is password protected.
1/19/2007 3:37:29 AM File C:\Documents and Settings\Home\Desktop\aawsepersonal.exe//WISE0020.BIN/main.bmp: is password protected.
1/19/2007 3:37:29 AM File C:\Documents and Settings\Home\Desktop\aawsepersonal.exe//WISE0020.BIN/preview.bmp: is password protected.
1/19/2007 3:37:29 AM File C:\Documents and Settings\Home\Desktop\aawsepersonal.exe//WISE0020.BIN/sprite1.bmp: is password protected.
1/19/2007 4:03:43 AM File C:\Program Files\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/Ad-Aware SE Default.skn: is password protected.
1/19/2007 4:03:43 AM File C:\Program Files\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/arrow1.bmp: is password protected.
1/19/2007 4:03:43 AM File C:\Program Files\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/arrow2.bmp: is password protected.
1/19/2007 4:03:43 AM File C:\Program Files\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bck1.bmp: is password protected.
1/19/2007 4:03:43 AM File C:\Program Files\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt11.bmp: is password protected.
1/19/2007 4:03:43 AM File C:\Program Files\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt12.bmp: is password protected.
1/19/2007 4:03:43 AM File C:\Program Files\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt13.bmp: is password protected.
1/19/2007 4:03:43 AM File C:\Program Files\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt21.bmp: is password protected.
1/19/2007 4:03:43 AM File C:\Program Files\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt22.bmp: is password protected.
1/19/2007 4:03:43 AM File C:\Program Files\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt23.bmp: is password protected.
1/19/2007 4:03:43 AM File C:\Program Files\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt31.bmp: is password protected.
1/19/2007 4:03:43 AM File C:\Program Files\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt32.bmp: is password protected.
1/19/2007 4:03:43 AM File C:\Program Files\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt33.bmp: is password protected.
1/19/2007 4:03:43 AM File C:\Program Files\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt41.bmp: is password protected.
1/19/2007 4:03:43 AM File C:\Program Files\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt42.bmp: is password protected.
1/19/2007 4:03:43 AM File C:\Program Files\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt43.bmp: is password protected.
1/19/2007 4:03:43 AM File C:\Program Files\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt51.bmp: is password protected.
1/19/2007 4:03:43 AM File C:\Program Files\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt52.bmp: is password protected.
1/19/2007 4:03:43 AM File C:\Program Files\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt53.bmp: is password protected.
1/19/2007 4:03:43 AM File C:\Program Files\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt61.bmp: is password protected.
1/19/2007 4:03:43 AM File C:\Program Files\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt62.bmp: is password protected.
1/19/2007 4:03:43 AM File C:\Program Files\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/checkbox1.bmp: is password protected.
1/19/2007 4:03:43 AM File C:\Program Files\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/checkbox2.bmp: is password protected.
1/19/2007 4:03:43 AM File C:\Program Files\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/checkbox3.bmp: is password protected.
1/19/2007 4:03:43 AM File C:\Program Files\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/checkbox4.bmp: is password protected.
1/19/2007 4:03:43 AM File C:\Program Files\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/defbtn1.bmp: is password protected.
1/19/2007 4:03:43 AM File C:\Program Files\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/defbtn2.bmp: is password protected.
1/19/2007 4:03:43 AM File C:\Program Files\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/defbtn3.bmp: is password protected.
1/19/2007 4:03:43 AM File C:\Program Files\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/glyph1.bmp: is password protected.
1/19/2007 4:03:43 AM File C:\Program Files\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/glyph2.bmp: is password protected.
1/19/2007 4:03:43 AM File C:\Program Files\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/glyph3.bmp: is password protected.
1/19/2007 4:03:43 AM File C:\Program Files\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/glyph4.bmp: is password protected.
1/19/2007 4:03:43 AM File C:\Program Files\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/glyph5.bmp: is password protected.
1/19/2007 4:03:43 AM File C:\Program Files\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/glyph6.bmp: is password protected.
1/19/2007 4:03:43 AM File C:\Program Files\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/glyph7.bmp: is password protected.
1/19/2007 4:03:44 AM File C:\Program Files\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/main.bmp: is password protected.
1/19/2007 4:03:44 AM File C:\Program Files\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/preview.bmp: is password protected.
1/19/2007 4:03:44 AM File C:\Program Files\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/sprite1.bmp: is password protected.
1/19/2007 4:56:14 AM Intrusion.Win.MSSQL.worm.Helkern! Attacker's IP address: 220.178.47.9. Protocol/service: UDP on local port 1434. Time: 1/19/2007 4:56:14 AM
1/19/2007 5:23:35 AM Update completed successfully.
1/19/2007 6:43:08 AM Intrusion.Win.MSSQL.worm.Helkern! Attacker's IP address: 222.183.174.229. Protocol/service: UDP on local port 1434. Time: 1/19/2007 6:43:08 AM
1/19/2007 9:21:42 AM Intrusion.Win.MSSQL.worm.Helkern! Attacker's IP address: 222.169.21.236. Protocol/service: UDP on local port 1434. Time: 1/19/2007 9:21:42 AM
1/19/2007 9:23:42 AM Update completed successfully.
1/19/2007 12:13:20 PM Real-time protection started.
1/19/2007 2:17:14 PM Update completed successfully.
1/19/2007 7:24:03 AM Intrusion.Win.MSSQL.worm.Helkern! Attacker's IP address: 60.170.56.29. Protocol/service: UDP on local port 1434. Time: 1/19/2007 7:24:03 AM
1/19/2007 6:02:56 PM Intrusion.Win.MSSQL.worm.Helkern! Attacker's IP address: 61.175.252.139. Protocol/service: UDP on local port 1434. Time: 1/19/2007 6:02:56 PM
1/19/2007 7:09:17 PM Update completed successfully.
1/19/2007 8:48:28 PM Intrusion.Win.MSSQL.worm.Helkern! Attacker's IP address: 202.100.109.213. Protocol/service: UDP on local port 1434. Time: 1/19/2007 8:48:28 PM
1/19/2007 9:03:58 PM Intrusion.Win.MSSQL.worm.Helkern! Attacker's IP address: 201.239.223.36. Protocol/service: UDP on local port 1434. Time: 1/19/2007 9:03:58 PM
1/19/2007 9:36:56 PM Process (PID 2816) tried to access Kaspersky Internet Security process (PID 1616), but the action has been blocked by the Self-Defense component. No action on your part is necessary.
1/19/2007 9:37:32 PM Process (PID 2816) tried to access Kaspersky Internet Security process (PID 2224), but the action has been blocked by the Self-Defense component. No action on your part is necessary.
1/19/2007 9:57:16 PM Intrusion.Win.MSSQL.worm.Helkern! Attacker's IP address: 121.94.81.144. Protocol/service: UDP on local port 1434. Time: 1/19/2007 9:57:16 PM
1/19/2007 10:32:51 PM Intrusion.Win.MSSQL.worm.Helkern! Attacker's IP address: 219.138.124.5. Protocol/service: UDP on local port 1434. Time: 1/19/2007 10:32:51 PM
1/19/2007 10:42:42 PM Intrusion.Win.MSSQL.worm.Helkern! Attacker's IP address: 218.201.122.105. Protocol/service: UDP on local port 1434. Time: 1/19/2007 10:42:42 PM


If you have any idea what this means, what might be causing it, or what I can do to stop it from happening, I would be extraordinarily grateful.

An attempted scan of the file "C:\WINDOWS\svchost.exe" at http://virusscan.jotti.org/ failed with this message: "The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file." I tried fiddling around with my firewall to see if I could get it to permit the scan, but it wouldn't let me turn the firewall off. I couldn't get the scan to work with the online Kaspersky file scanner either, but I don't know why it wouldn't go through (although I was using the latest version of Internet Explorer).

This is the result of the scan from www.virustotal.com:

Complete scanning result of "svchost.exe", received in VirusTotal at 01.19.2007, 23:59:00 (CET).

Antivirus Version Update Result
AntiVir 7.3.0.26 01.19.2007 no virus found
Authentium 4.93.8 01.19.2007 no virus found
Avast 4.7.936.0 01.18.2007 no virus found
AVG 386 01.19.2007 no virus found
BitDefender 7.2 01.19.2007 no virus found
CAT-QuickHeal 9.00 01.19.2007 no virus found
ClamAV devel-20060426 01.19.2007 no virus found
DrWeb 4.33 01.19.2007 no virus found
eSafe 7.0.14.0 01.19.2007 no virus found
eTrust-InoculateIT 23.73.117 01.19.2007 no virus found
eTrust-Vet 30.3.3336 01.19.2007 no virus found
Ewido 4.0 01.19.2007 no virus found
Fortinet 2.82.0.0 01.19.2007 no virus found
F-Prot 3.16f 01.19.2007 no virus found
F-Prot4 4.2.1.29 01.19.2007 no virus found
Ikarus T3.1.0.27 01.09.2007 no virus found
Kaspersky 4.0.2.24 01.19.2007 no virus found
McAfee 4943 01.19.2007 no virus found
Microsoft 1.1904 01.19.2007 no virus found
NOD32v2 1991 01.19.2007 no virus found
Norman 5.80.02 01.19.2007 no virus found
Panda 9.0.0.4 01.19.2007 no virus found
Prevx1 V2 01.20.2007 no virus found
Sophos 4.13.0 01.19.2007 no virus found
Sunbelt 2.2.907.0 01.12.2007 no virus found
TheHacker 6.0.3.151 01.19.2007 no virus found
UNA 1.83 01.19.2007 no virus found
VBA32 3.11.2 01.19.2007 no virus found
VirusBuster 4.3.19:9 01.19.2007 no virus found

Aditional Information
File size: 0 bytes
MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709


I am including a recent log from HijackThis in case it helps. Here it is:


Logfile of HijackThis v1.99.1
Scan saved at 12:07:03 AM, on 1/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\EzButton\CplBTQ00.EXE
C:\Program Files\Toshiba Controls\CpRmtKey.EXE
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
C:\WINDOWS\SYSTEM32\taskmgr.exe
C:\Documents and Settings\Home\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CSMHelperObj Class - {0F660F64-F4C9-477F-8529-44181B717472} - C:\Program Files\AT&T\WnClient\Programs\CSMBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [CplBTQ00] C:\Program Files\EzButton\CplBTQ00.EXE
O4 - HKLM\..\Run: [CpRmtKey] "C:\Program Files\Toshiba Controls\CpRmtKey.EXE"
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: AnyWho - {0264505A-6793-44E0-AC75-9DCE3B13185C} - C:\Program Files\AT&T\WnClient\Programs\AnyWho.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168600361609
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D05B7A0-02E8-4086-BBA9-965C16C39631}: NameServer = 85.37.17.5 151.99.125.1
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: "C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll"
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Windows Driver Framework - Unknown owner - C:\WINDOWS\svchost.exe (file missing)


As you can see, the last item "O23 - Service: Windows Driver Framework - Unknown owner - C:\WINDOWS\svchost.exe (file missing)" is still there. I wanted to mention something that might be really bad. When everything was going haywire, I did a scan with MalWhere, which showed a file in its Startup List that was listed in red as being a threat with 100% certainty, so I hit the delete button supplied on the MalWhere screen. I'm not 100% positive that it was svchost.exe, but I'm pretty sure that's what it was. I really hope that I didn't take a chunk out of my computer's brain, but that's what it's beginning to look like. I don't know what to do about this at all.


Because the blue screens have stopped, I don't have the exact message that was shown. Most of the time the blue screens would just flash onto the screen for half a second and then restart the computer.


If there is any way on earth that I can resolve this situation without erasing and reinstalling Windows, I would be grateful beyond belief. The reason this whole thing started is because I had to get my anti-virus program from the internet and my new hard drive wasn't protected enough for me to get there. If something happens in the future, can I save it my antivirus program onto a regular blank CD? I'm out in Italy for several months, so the only way I have access to another computer is by going to a local internet point. I don't know how safe that might be virus-wise, or what I would be allowed to save on those computers. All I know is that I have spent every waking hour of the last 8 days finally getting everything back onto my computer, and I suffer from tendonitis that is making an unbelievably painful mess of my hands. Plus, if I have to reinstall my whole computer again I think I might go insane. Really.

I can't thank you enough for all of your wonderful help and technical wisdom. Truly, thank you. And as I wrote earlier, I hope I haven't stepped on anyone's toes with this incredibly detailed post. I just hope the right information has been included. If there's anything else I should know or do, just let me know.

Thank you, thank you, thank you.

Best regards,

Linnea

Since so much information is moving between us, make a note of any question I have not answered so we get an answer before we finish...Thanks.

I have to assume you wish me to do my best to help you get your computer is as clean as possible.
This is a lot of information you have posted, I will do my best to help you with your questions. Let's look at the Spybot information first.
This should explain a lot of it for you:
Why does Spybot-S&D flag changes in the Windows Security Center?
http://www.safer-networking.org/en/faq/46.html
http://www.safer-networking.org/en/faq/index.html
http://forums.spybot.info/showthread.php?t=250

Avenue A., Inc. <<< for now let's call that a cookie. We can revisit that issue a little later.

Open your Spybot program and I have to assume you have the newest version 1.4 and all of your data bases are up to date.
Click on the Recovery button with the Red Cross on it. When Spybot finds stuff it makes backups of everything for you to be safe unless you tell it not to. Everytime you have deleted stuff with Spybot it kept accumulating those backups. That includes the false positives you read about above.
I really believe keeping them from one run to the next is plenty for safety. In eight years I have never had to Recover anything Spybot said was bad. Now you need to Purge everything in there, you may have a coice to selete all, but I have nothing to purge on my computer so I can't say. One way or another PURGE everything in there.

Kaspersky also appears to be seeing stuff in Ad-aware, some of the stuff like skins which are protected are not really bad, but it is picking up junk in the Quarantine areas. Open Ad-aware, and again I am assumeing you have the newest version. Click on the lock at the top right of the interface. Highlite and delete everything in there.
It is also picking up stuff in System Restore and to my knowledge it can not delete that stuff, the only way to clean the System Restore files, and we may have to do this again later to be sure, is like this. And you can follow these directions now:
Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Reboot

Turn ON System Restore,
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

Now some of the stuff Kaspersky actually removed for you, so I will look at the HJT log now.

Let's take a moment to read this:
http://www.sophos.com/virusinfo/analyses/trojkeylogat.html
and under the Advanced tab:
The file <Windows folder>\svchost.exe is registered as a new system driver service named "Fast User Switching Compatibil", with a display name of "FastUserSwitchingCompatibil" and a startup type of automatic, so that it is started automatically during system startup. Registry entries are created under:
HKLM\SYSTEM\CurrentControlSet\Services\Fast User Switching Compatibil\

O23 - Service: Windows Driver Framework - Unknown owner - C:\WINDOWS\svchost.exe (file missing) <<< you can forget the (file missing), that is a glitch. You would have to browse to that file to upload it for scanning.

Let's try to remove it like this:

Make sure all viewing all files and folder is enabled:
http://www.xtra.co.nz/help/0,,4155-1916458,00.html

Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.

Disable the Service
Click Start > Run and type services.msc
Scroll down to Windows Driver Framework and right click on it.
Click Properties and under Service Status click Stop, then under Startup Type change it to Disabled.

Delete the Service
Open HijackThis and click Config -> Misc Tools -> Delete an NT service.
In the Delete window, type Windows Driver Framework and press OK.
OK any prompts, close HijackThis, and restart your computer.

Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

O23 - Service: Windows Driver Framework - Unknown owner - C:\WINDOWS\svchost.exe (file missing)

Close all programs but HJT and all browser windows, then click on "Fix Checked"

RIGHT Click on Start then click on Explore. Locate and delete these items:

C:\WINDOWS\svchost.exe <<< delete that file if there

Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Make sure you have removed all items in Spybot "Recovery", all items in Ad-Aware "Quarantine" and that you have followed the instructions to clean the System Restore files. Now run another Kaspersky scan and post it along with a new HJT log.

Thanks

Hi, and thanks so much for such a speedy reply. I have a quick question to ask about the latest post.

I have purged SpyBot and AdAware of their recovery and quarantined files. I was about to turn off system restore and proceed with the rest of your advice, but I started thinking about something that might have thrown us off track, and I was hoping you could tell me if I should go ahead as planned or if I should do something else instead.

[QUOTE=pskelley;65003]
The file <Windows folder>\svchost.exe is registered as a new system driver service named "Fast User Switching Compatibil", with a display name of "FastUserSwitchingCompatibil" and a startup type of automatic, so that it is started automatically during system startup. Registry entries are created under:
HKLM\SYSTEM\CurrentControlSet\Services\Fast User Switching Compatibil\

O23 - Service: Windows Driver Framework - Unknown owner - C:\WINDOWS\svchost.exe (file missing) <<< you can forget the (file missing), that is a glitch. You would have to browse to that file to upload it for scanning.[QUOTE]

I just wanted to run something by you to make sure I haven't misled you by my possible human error.

I wrote in the my last post, "An attempted scan of the file "C:\WINDOWS\svchost.exe" at http://virusscan.jotti.org/ failed with this message: "The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file." I tried fiddling around with my firewall to see if I could get it to permit the scan, but it wouldn't let me turn the firewall off. I couldn't get the scan to work with the online Kaspersky file scanner either, but I don't know why it wouldn't go through (although I was using the latest version of Internet Explorer)."

Here's the thing. I made sure to open all hidden files, folders and protected operating system files, but I still couldn't locate the file in Windows. When I tried to browse for the file in C:\WINDOWS, it just wasn't there. Therefore, I tried copying and pasting C:\WINDOWS\svchost.exe into the search bar. Perhaps the reason scans failed with http://virusscan.jotti.org/ and http://www.kaspersky.com/scanforvirus is that the file wasn't there to begin with. Then I noticed something else that makes me think that I really am actually missing C:\WINDOWS\svchost.exe from my registry. This info was printed at the bottom of the scan with http://www.virustotal.com/flash/index_en.html:

This is the result of the scan from www.virustotal.com:
Aditional Information
File size: 0 bytes
MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709

It says that the file size is 0 bytes. Pairing this with the fact that I couldn't find the file anywhere, I'm beginning to think that HijackThis isn't picking up a glitch that needs to be removed. Rather, I think I actually need to find that file somewhere else and reinstall it on my computer.

Should I go ahead and continue with the rest of the suggestions exactly as they were written, or is there a part that has changed as a result of this theory?

I really have to tell you how wonderful you've been in all of this, and I thank you tremendously for all of your patience. I'm very ready to perform all actions necessary as soon as I know that I'm still doing the right thing.

All the thanks in the world,

Linnea

I was about to turn off system restore Turn it off then restart the computer and turn it back on. It is important that we have a restore point if we need it. We conclude that even a bad restore point is better than no restore point.

Then I noticed something else that makes me think that I really am actually missing C:\WINDOWS\svchost.exe from my registry. This info was printed at the bottom of the scan with

http://www.virustotal.com/flash/index_en.html: <<< nothing here?Please continue with the instructions to the best of your ability. We will know more when we have the new HJT log and Kaspersky scan to review.

Thanks

Hello again! I have performed all the actions you assigned to me, but unfortunately my biggest issues do not seem to have been resolved yet.

SUMMARY OF ACTIONS TAKEN AS REQUESTED BY YOUR LAST POST: I purged SpyBot and AdAware of their records and/or quarantined items, and then I turned off system restore, rebooted the computer, and turned system restore back on. I downloaded ATF Cleaner and saved it to my desktop. Next I disabled the service by entering Click Start > Run and type services.msc, and then I changed the Startup Type change to Disabled. I did all the things you said to do with HijackThis, including the reboot, but when I asked it to do a new scan, the problem I was trying to delete “O23 - Service: Windows Driver Framework - Unknown owner - C:\WINDOWS\svchost.exe (file missing)” wasn’t there anymore. Then I right-clicked on Start then clicked on Explore, but C:\WINDOWS\svchost.exe wasn’t there. I ran ATF Cleaner, clicked Select All and then clicked on Empty Selected.

Before posting again, I wanted to see if there were any noticeable changes in my computer’s behavior. To my complete dismay, within 24 hours it did that weird blue screen again. I say that it’s weird because the letters and numbers are kind of cut off at the tops and bottoms. Keep in mind that my hard drive is only 2 weeks old. Just in case you want to be reminded of what was going on before, it’s all in my 1st and 2nd posts. One interesting thing to note is that I think most, if not all, of the blue screens occurred when I was running at least one virus or malware scan. The last blue screen occurred while I was running Spybot. I don’t know if there’s a connection here, but I thought it was worth mentioning.

Here is all of the information I was able to get from the blue screen and the following notifications and error reports displayed upon the reboot:


ON THE BLUE SCREEN (which was very hard to read because, as I said, the letters and numbers on some of the lines were slightly cut off on the tops and bottoms – also, please keep in mind that sometimes it was difficult to distinguish between the letter “o” and the number “0”):

A problem has been detected and Windows has been shut down to prevent damage to your computer.

DRIVER_IRQL_NOT_LESS_OR_EQUAL

If this is the first time you’ve seen this stop error screen, restart your computer. If this screen appears again, follow these steps:
Check to make sure any new hardware or software is properly installed…restart in safe mode.

Technical information:

[THIS WAS THE HARDEST LINE TO READ] [here there were three shapes like rounded x’s with a little dot over each one] STOP: OXOOOOOOD1 (OXOOOOOOOC, OXOOOOOOO2, OXOOOOOOOO, OXF6F60A5F)
[the same three shapes like rounded x’s with a little dot over each one] tcpip.sys-Address F6E60A5E base at F6E5COOO, Datestamp 444775d3

Beginning dump of physical memory
Physical memory dump complete.


UPON REBOOT OF WINDOWS - ERROR REPORT:
Error signature
BBCode: 1OOOOOd1 BCP1:OOOOOOOC BCP2: OOOOOOO2 BCP3:OOOOOOOO BCP4:F6E6QA5E OSVer:5_1_2600 SP:2_O Product: 768_1

ERROR REPORT CONTENTS:
The following files will be included in this error report:
C:\DOCUME~1\Home\Locals~1\Temp\WERd086.dir00\Mini012207-01.dmp
C:\DOCUME~1\Home\Locals~1\Temp\WERd086.dir00\sysdata.xml

THEN IN A GREY BOX WITH A RED CIRCLE AND AN “X” INSIDE:
[attention: there was a symbol on the error that I cannot find on my computer. It looks like a backwards “3” attached to a lower-case “t”. I will insert brackets and the word “symbol” where it was found!]
http://oca.microsoft.com/resredir.aspx?sid=10[SYMBOL]Bucket=0XD1_tcpip!TCPDataRequestComplete%2b12[SYMBOL]State=1[SYMBOL]ID=6de0d843-cc89-4263...
Windows cannot find ‘-bfe2-36f5a91b27e7&LCID=10338OS=5.1.2600.2.00010300.2.0’. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click search.


HERE IS THE SITE I WAS SENT TO – FIREFOX WAS NOT ABLE TO IDENTIFY wer.microsoft.com AS A TRUSTED SITE!:
http://wer.microsoft.com/responses/Response.aspx/10/en-us/5.1.2600.2.00010300.2.0?SGD=6de0d843-cc89-4263-bfe2-36f5a91b27e7
The site’s info:
Problem caused by Device Driver
You received this message because a device driver installed on your computer caused the Windows operating system to stop unexpectedly. This type of error is referred to as a "stop error." A stop error requires you to restart your computer.
More information
________________________________________

Problem report summary
Problem type Windows stop error (a message appears on a blue screen with error code information)
Solution available? No
What does this problem mean? Windows has encountered a problem it cannot recover from and it needs to be restarted
Cause Unknown
Computer symptoms A message appears on a blue screen with error code information (for example: 0x0000001E, KMODE_EXCEPTION_NOT_HANDLED)
Additional steps for you to take Please continue to send problem reports so analysts at Microsoft can study and try to correct the problem as quickly as possible

Technical Information
How to Troubleshoot Hardware and Software Driver Problems in Windows XP (Q322205)



THIS LINK TO TECHNICAL INFORMATION LEADS TO:
http://support.microsoft.com/?kbid=322205



Just so you know, the cookie Avenue A., Inc has not returned. There are, however still a number of critical issues that need addressing other than the blue screen. If my computer is left on for more than a few to 24 hours, it slows down to a snail’s pace. This can also cause programs like Firefox, Kaspersky or Microsoft Word to stop responding, so I have to shut them down. A reboot brings the speed back to normal. AdAware and SpyBot come out with clean scans, but there are a number of issues I don’t understand with Kaspersky. The cycles of “password protected” objects have continued. A full scan from my version of Kaspersky shows 1 object in “My Documents” and 4 objects in “Local Disc (C:)” as corrupted, but it won’t show me what they are. 78 objects are “password protected”. I have seen warnings for intrusions and/or attempted intrusions and/or attacks by at worms – if I can find out where that record is kept, I’ll post it ASAP.


By the way, I was able to find svchost.exe through a Windows “search”. It is located at these points:
SVCHOST.EXE-3530F672.PF C:\WINDOWS\Prefetch
svchost C:\WINDOWS\system32
svchost C:\WINDOWS\ServicePackFiles\i386


Right now, for example, I had Kaspersky open. It wasn’t scanning anything, but it has stopped responding. I have tried to close it, but I get an error saying that I cannot end the program because it is locked by the system.
I often hear it making its short screeching noise, but I don’t know where it’s coming from.

Concerned that there might be something fishy going on with my version of Kaspersky, I have performed a Kaspersky online virus scan. As you will see, a great deal of objects are “locked.” I have no idea what this means or what locked them. Here is the log of the online report:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, January 24, 2007 2:56:05 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 24/01/2007
Kaspersky Anti-Virus database records: 246679
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 54569
Number of viruses found: 0
Number of infected objects: 0 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:22:26

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\0210_File_Monitoring_eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\0213_Web_Monitoring_eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\0214_ids_eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\0228_Updater_eventcritlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\0228_Updater_eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\detected.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\detected.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\report.rpt Object is locked skipped
C:\Documents and Settings\Home\Application Data\Azureus\ipfilter.cache Object is locked skipped
C:\Documents and Settings\Home\Application Data\Azureus\tmp\AZU24720.tmp Object is locked skipped
C:\Documents and Settings\Home\Application Data\Azureus\tmp\AZU24721.tmp Object is locked skipped
C:\Documents and Settings\Home\Application Data\Azureus\tmp\AZU24722.tmp Object is locked skipped
C:\Documents and Settings\Home\Application Data\Azureus\tmp\AZU24723.tmp Object is locked skipped
C:\Documents and Settings\Home\Application Data\Azureus\tmp\AZU24724.tmp Object is locked skipped
C:\Documents and Settings\Home\Application Data\Azureus\tmp\AZU24725.tmp Object is locked skipped
C:\Documents and Settings\Home\Application Data\Microsoft\Templates\Normal.dotm Object is locked skipped
C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\e4ksxian.default\cert8.db Object is locked skipped
C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\e4ksxian.default\history.dat Object is locked skipped
C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\e4ksxian.default\key3.db Object is locked skipped
C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\e4ksxian.default\parent.lock Object is locked skipped
C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\e4ksxian.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\e4ksxian.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Home\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Google\Google Desktop Search\dbc2e.ht1 Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Google\Google Desktop Search\dbdam Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Google\Google Desktop Search\dbdao Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Google\Google Desktop Search\dbeam Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Google\Google Desktop Search\dbeao Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Google\Google Desktop Search\dbm Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Google\Google Desktop Search\dbu2d.ht1 Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Google\Google Desktop Search\dbvm.cf1 Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Google\Google Desktop Search\dbvmh.ht1 Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Google\Google Desktop Search\fii.cf1 Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Google\Google Desktop Search\fiih.ht1 Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Google\Google Desktop Search\rpm.cf1 Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Google\Google Desktop Search\rpmh.ht1 Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\e4ksxian.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\e4ksxian.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\e4ksxian.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\e4ksxian.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Home\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Temp\hsperfdata_Home\2052 Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Temp\Perflib_Perfdata_10c.dat Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Temp\Perflib_Perfdata_818.dat Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Temp\~DF3937.tmp Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Temp\~DF3963.tmp Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.Word\~WRF{7EE33199-9D24-4B81-A2A4-3ABB1FFD9B22}.tmp Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.Word\~WRS{7A7B5901-624D-4B36-B281-2F97CC6F3008}.tmp Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.Word\~WRS{8FC3B674-18C4-445B-9EC2-E557D524859D}.tmp Object is locked skipped
C:\Documents and Settings\Home\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Home\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Azureus\Azureus Downloads\Cast_Iron_Chef\Cast Iron Chef - Bonus Materials - Behind the Scenes.avi Object is locked skipped
C:\Program Files\Azureus\Azureus Downloads\Cast_Iron_Chef\Cast Iron Chef - Bread Battle.avi Object is locked skipped
C:\Program Files\Azureus\Azureus Downloads\Cast_Iron_Chef\Cast Iron Chef - Hot Dog Battle.avi Object is locked skipped
C:\Program Files\Azureus\Azureus Downloads\Cast_Iron_Chef\Cast Iron Chef - Ramen Noodle Battle.avi Object is locked skipped
C:\Program Files\Azureus\Azureus Downloads\Cast_Iron_Chef\Cast Iron Chef - Ultimate Battle (Egg Pop-up Episode).avi Object is locked skipped
C:\Program Files\Azureus\Azureus Downloads\Dr.Phil.2006.12.12.s05e061.Convince Me!-NewWorld\Dr.Phil.2006.12.12.s05e061.Convince Me!-NewWorld.avi Object is locked skipped
C:\Program Files\Azureus\Azureus Downloads\Harry Potter and the Chamber of Secrets (2002) [ENG] [DVDrip]\Harry Potter and the Chamber of Secrets (2002) [ENG] [DVDrip] CD.avi Object is locked skipped
C:\Program Files\Azureus\Azureus Downloads\Harry Potter and the Chamber of Secrets (2002) [ENG] [DVDrip]\Harry Potter and the Chamber of Secrets (2002) [ENG] [DVDrip] CD1.avi Object is locked skipped
C:\Program Files\Azureus\Azureus Downloads\Harry Potter and the Philosophers Stone (2001) [ENG] [DVDrip] [FS]\Harry Potter and the Philosophers Stone [ENG] [DVDrip] CD1.avi Object is locked skipped
C:\Program Files\Azureus\Azureus Downloads\Harry Potter and the Philosophers Stone (2001) [ENG] [DVDrip] [FS]\Harry Potter and the Philosophers Stone [ENG] [DVDrip] CD2.avi Object is locked skipped
C:\Program Files\Azureus\Azureus Downloads\Oprah 20th Disc 1 of 6\Oprah.20th.dvd.1.of.6.part015.rar Object is locked skipped
C:\Program Files\Azureus\Azureus Downloads\Oprah 20th Disc 1 of 6\Oprah.20th.dvd.1.of.6.part018.rar Object is locked skipped
C:\Program Files\Azureus\Azureus Downloads\Oprah 20th Disc 1 of 6\Oprah.20th.dvd.1.of.6.part024.rar Object is locked skipped
C:\Program Files\Azureus\Azureus Downloads\Oprah 20th Disc 1 of 6\Oprah.20th.dvd.1.of.6.part086.rar Object is locked skipped
C:\Program Files\Azureus\Azureus Downloads\Oprah 20th Disc 2 of 6\Oprah 20th Disc 2 of 6.part002.rar Object is locked skipped
C:\Program Files\Azureus\Azureus Downloads\Oprah 20th Disc 2 of 6\Oprah 20th Disc 2 of 6.part061.rar Object is locked skipped
C:\Program Files\Azureus\Azureus Downloads\Oprah 20th Disc 2 of 6\Oprah 20th Disc 2 of 6.part068.rar Object is locked skipped
C:\Program Files\Azureus\Azureus Downloads\Oprah 20th Disc 2 of 6\Oprah 20th Disc 2 of 6.part077.rar Object is locked skipped
C:\Program Files\Azureus\Azureus Downloads\Oprah 20th Disc 2 of 6\Oprah 20th Disc 2 of 6.part092.rar Object is locked skipped
C:\Program Files\Azureus\Azureus Downloads\This.Film.Is.Not.Yet.Rated.LIMITED.DVDRip.XviD-DMT.avi Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{31882CA9-A57D-4B69-88CE-5DD3BBFE2D94}\RP4\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\MEMORY.DMP Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped
C:\WINDOWS\system32\FxsTmp\fxs2F1D.tmp Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\cch~1e71b0b9b09a.htp Object is locked skipped
C:\WINDOWS\Temp\cch~1e71b0e9145e.htp Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

HERE IS THE LOG FROM MY MOST RECENT SCAN BY HIJACKTHIS:

Logfile of HijackThis v1.99.1
Scan saved at 3:50:05 PM, on 1/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\EzButton\CplBTQ00.EXE
C:\Program Files\Toshiba Controls\CpRmtKey.EXE
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
C:\toshiba\ivp\ism\ivpsvmgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\SYSTEM32\taskmgr.exe
C:\Documents and Settings\Home\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CSMHelperObj Class - {0F660F64-F4C9-477F-8529-44181B717472} - C:\Program Files\AT&T\WnClient\Programs\CSMBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [CplBTQ00] C:\Program Files\EzButton\CplBTQ00.EXE
O4 - HKLM\..\Run: [CpRmtKey] "C:\Program Files\Toshiba Controls\CpRmtKey.EXE"
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: AnyWho - {0264505A-6793-44E0-AC75-9DCE3B13185C} - C:\Program Files\AT&T\WnClient\Programs\AnyWho.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168600361609
O17 - HKLM\System\CCS\Services\Tcpip\..\{1D05B7A0-02E8-4086-BBA9-965C16C39631}: NameServer = 85.37.17.5 151.99.125.1
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: "C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll"
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe



SUMMARY OF ISSUES: Blue screen with strange errors. Possible problem with device drivers. Check on svchost.exe. Kaspersky cycles of “password protected” files in “Events”. Possible return of worms, worm intrusions, or worm intrusion attempts, often by the same name (to be listed as soon as I find them, hopefully when Kaspersky starts working again). Kaspersky “locked by the system” in “not responding” mode. Significant slowing down of all programs when computer is left on for a few hours. Programs start “not responding” when left open for a few hours. 5 “corrupted” objects shown in home-version of Kaspersky virus scan that haven’t been identified.



QUESTIONS: What is this story about locked or password protected files, and what causes it? Is this normal? If, in the absolute worst-case scenario I have to reinstall Windows, is there any way for me to save my anti-virus and other programs onto CD so that I can install them before opening myself up to the internet to be crushed by attacks again? Additionally, can I save Windows Service Packs 1 and 2 to a CD so that I can install those, too? My reinstallation disc sends be right back to the stone ages of 2003. I would do anything possible to save me from having to do another reinstallation of windows because I’ve been building it all back up again for the last 2 weeks.
Thank you, thank you, thank you for working with me on this. I really would be completely helpless without you.

Again, thank you so much for all of your wonderful help. You’re brilliant, and I know you can help me to figure out what to do.

Best regards,

Linnea

If you remember, my suggestion because of the worm, was a reformat. I believe you have issues not related to malware, see this information:

http://www.google.com/search?sourceid=navclient&ie=UTF-8&rls=GGLG,GGLG:2006-16,GGLG:en&q=DRIVER%5fIRQL%5fNOT%5fLESS%5fOR%5fEQUAL

You might try a diagnostic here: http://www.pcpitstop.com/
If you need help with the results, you can get that here:
http://pcpitstop.invisionzone.com/index.php?showforum=6
post a link to the results, I may spot something.

These hardware issues are not something I do, I may be able to direct you to where you can get help, but if this hard drive is new as I think you said, you may want to start where you purchased it.

Logfile of HijackThis v1.99.1 Scan saved at 3:50:05 PM, on 1/24/2007
While I can not say there is no infection on your computer, I can say this last HJT log you posted appears clean of malware.

Kaspersky: This is a product you are paying for, take your questions about it to their technical support:
http://www.google.com/search?sourceid=navclient&ie=UTF-8&rls=GGLG,GGLG:2006-16,GGLG:en&q=Kaspersky+technical+support

To try and answer a few of your questions, I will first request you review the links I posted in my first post, that deal with many of your questions.
Using Google: http://www.google.com/ to ask your questions will get you all the information you want, like this:
http://www.google.com/search?sourceid=navclient&ie=UTF-8&rls=GGLG,GGLG:2006-16,GGLG:en&q=how+to+reformat

Thanks

This topic has been closed to prevent others with similar issues posting in it.

If you need it re-opened please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic. :)