View Full Version : I need some serious help
bamabrat2719
2008-03-17, 01:44
I have ran spybot s&d, ad-adware se personal, smitrem, smitfraudfix, and am running kaspersky and will post in next log. My computer is running better but everytime i scan with either of these things still show up can you enlighten me on what I am missing?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:37:52 PM, on 3/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Bat\X_Bat.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Bat - Auto Update.lnk = C:\Program Files\Bat\Bat.exe
O4 - Startup: RABCO - Auto Update.lnk = C:\Program Files\RABCO\RABCOse.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 5946 bytes
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 2:49:24 PM 3/16/2008
+ Scan result:
C:\Program Files\180search assistant -> Adware.180Solutions : Cleaned.
C:\Program Files\180search assistant\180sa.exe -> Adware.180Solutions : Cleaned.
C:\Program Files\180search assistant\sau.exe -> Adware.180Solutions : Cleaned.
C:\Program Files\180searchassistant -> Adware.180Solutions : Cleaned.
C:\Program Files\180searchassistant\saap.exe -> Adware.180Solutions : Cleaned.
C:\Program Files\180searchassistant\sac.exe -> Adware.180Solutions : Cleaned.
C:\Program Files\webHancer -> Adware.Webhancer : Cleaned.
C:\Program Files\webHancer\Programs -> Adware.Webhancer : Cleaned.
C:\Program Files\webHancer\Programs\license.txt -> Adware.Webhancer : Cleaned.
C:\Program Files\webHancer\Programs\readme.txt -> Adware.Webhancer : Cleaned.
C:\Program Files\webHancer\Programs\sporder.dll -> Adware.Webhancer : Cleaned.
C:\Program Files\webHancer\Programs\webhdll.dll -> Adware.Webhancer : Cleaned.
C:\Program Files\webHancer\Programs\whagent.exe -> Adware.Webhancer : Cleaned.
C:\Program Files\webHancer\Programs\whagent.ini -> Adware.Webhancer : Cleaned.
C:\Program Files\webHancer\Programs\whiehlpr.dll -> Adware.Webhancer : Cleaned.
C:\Program Files\webHancer\Programs\whinstaller.exe -> Adware.Webhancer : Cleaned.
C:\Program Files\ContextAdvisor\ContextAdvisor-2.dll -> Not-A-Virus.Adware.Agent : Ignored.
C:\Program Files\PlayMP3z\PlayMP3.exe -> Not-A-Virus.Adware.Agent : Ignored.
C:\Documents and Settings\HP_Owner\Application Data\ѕуstem32\rеgsvr32.exe -> Not-A-Virus.Adware.PurityScan : Ignored.
C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe -> Not-A-Virus.Adware.PurityScan : Ignored.
C:\Program Files\Outerinfo\FF\components\FF.dll -> Not-A-Virus.Adware.ZenoSearch : Ignored.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.a : Ignored.
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.a : Ignored.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.a : Ignored.
::Report end
smitRem © log file
version 3.2
by noahdfear
Microsoft Windows XP [Version 5.1.2600]
"IE"="6.0000"
The current date is: Sun 03/16/2008
The current time is: 17:52:40.57
Running from
C:\Documents and Settings\HP_Owner\Desktop\smitRem
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Pre-run SharedTask Export
(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com
Registry Pseudo-Format Mode (Not a valid reg file):
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Appinitdll check ........ Thank you Grinler!
dumphive.exe (C)2000-2004 Markus Stephany
REGEDIT4
[Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
XP Firewall allowed access
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"="C:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe:*:Enabled:BackWeb for Pavilion"
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"="C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe:*:Enabled:Earthlink"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
checking for ShudderLTD key
ShudderLTD key not present!
checking for PSGuard.com key
PSGuard.com key not present!
checking for WinHound.com key
WinHound.com key not present!
checking for drsmartload2 key
drsmartload2 key not present!
spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present
AlfaCleaner uninstaller NOT present
SpyFalcon uninstaller NOT present
SpywareQuake uninstaller NOT present
SpywareSheriff uninstaller NOT present
Trust Cleaner uninstaller NOT present
SpyHeal uninstaller NOT present
VirusBurst uninstaller NOT present
BraveSentry uninstaller NOT present
AntiVermins uninstaller NOT present
VirusBursters uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Existing Pre-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1224 'explorer.exe'
Starting registry repairs
Registry repairs complete
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SharedTask Export after registry fix
(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com
Registry Pseudo-Format Mode (Not a valid reg file):
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Deleting files
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Remaining Post-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~ Wininet.dll ~~~
CLEAN! :)
SmitFraudFix v2.305
Scan done at 19:42:28.90, Sun 03/16/2008
Run from C:\Documents and Settings\HP_Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wdfmgr.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Bat\X_Bat.exe
C:\WINDOWS\system32\wuauclt.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
C:\WINDOWS\default.htm FOUND !
C:\WINDOWS\Tasks\At?.job FOUND !
C:\WINDOWS\Tasks\At??.job FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Owner
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Owner\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HP_Owner\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
DNS Server Search Order: 68.87.68.162
DNS Server Search Order: 68.87.74.162
HKLM\SYSTEM\CCS\Services\Tcpip\..\{4E73F872-076F-42B0-89F0-DDBB9314E0D9}: DhcpNameServer=68.87.68.162 68.87.74.162
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4E73F872-076F-42B0-89F0-DDBB9314E0D9}: DhcpNameServer=68.87.68.162 68.87.74.162
HKLM\SYSTEM\CS3\Services\Tcpip\..\{4E73F872-076F-42B0-89F0-DDBB9314E0D9}: DhcpNameServer=68.87.68.162 68.87.74.162
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.68.162 68.87.74.162
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.87.68.162 68.87.74.162
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.87.68.162 68.87.74.162
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
bamabrat2719
2008-03-17, 05:56
Protection : running
--------------------
Total scanned: 609047
Detected: 8
Untreated: 0
Attacks blocked: 2
Start time: 3/16/2008 8:08:21 PM
Duration: 03:38:41
Detected
--------
Status Object
------ ------
deleted: Trojan program Trojan.Win32.Obfuscated.gx File: C:\Documents and Settings\All Users\Application Data\rszmvkxc.dll//PE_Patch.UPX//UPX
deleted: Trojan program Trojan-Downloader.Win32.Agent.kwg File: C:\Program Files\Common Files\M?crosoft.NET\wuauclt.exe//PE_Patch.UPX//UPX
deleted: adware not-a-virus:AdWare.Win32.AdBand.n File: C:\Program Files\QdrPack\QdrPack14.exe
deleted: adware not-a-virus:AdWare.Win32.Shopper.v File: C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
deleted: Trojan program Trojan.Win32.Obfuscated.gx File: C:\WINDOWS\dcdsvwbk.exe//PE_Patch.UPX//UPX
deleted: Trojan program Trojan.Win32.Obfuscated.gx File: C:\WINDOWS\jehihyfm.dll//PE_Patch.UPX//UPX
deleted: Trojan program Trojan-Downloader.Win32.Agent.lbx File: C:\WINDOWS\mrofinu72.exe//PE_Patch.Upolyx//PE_Patch.UPX//UPX
deleted: adware not-a-virus:AdWare.Win32.MyWay.j File: D:\I386\Apps\APP07885\src\HPSummer2005.exe//WiseSFXDropper//WISE0016.BIN
Events
------
Time Event
---- -----
3/16/2008 8:08:21 PM Database is out of date, leaving your computer at risk of infection. Please update your database.
3/16/2008 8:08:21 PM Protection of your computer is enabled.
3/16/2008 8:09:56 PM Process (PID 1752) tried to access Kaspersky Internet Security process (PID 184), but the action has been blocked by the Self-Defense component. No action on your part is required.
3/16/2008 8:11:05 PM Update completed successfully
3/16/2008 8:16:53 PM Intrusion.Win.MSSQL.worm.Helkern! Attacker IP address: 202.99.11.99. Protocol/service: UDP on local port 1434. Time: 3/16/2008 8:16:53 PM
3/16/2008 8:20:28 PM File C:\Documents and Settings\All Users\Application Data\rszmvkxc.dll//PE_Patch.UPX//UPX: detected: Trojan program 'Trojan.Win32.Obfuscated.gx'.
3/16/2008 8:20:28 PM Security threats have been detected. You are advised to neutralize them immediately.
3/16/2008 8:20:28 PM File C:\Documents and Settings\All Users\Application Data\rszmvkxc.dll//PE_Patch.UPX//UPX: is still infected, postponed.
3/16/2008 8:21:14 PM Intrusion.Win.MSSQL.worm.Helkern! Attacker IP address: 219.133.37.40. Protocol/service: UDP on local port 1434. Time: 3/16/2008 8:21:14 PM
3/16/2008 8:26:06 PM Process (PID 152) tried to access Kaspersky Internet Security process (PID 1960), but the action has been blocked by the Self-Defense component. No action on your part is required.
3/16/2008 8:26:06 PM Process (PID 152) tried to access Kaspersky Internet Security process (PID 184), but the action has been blocked by the Self-Defense component. No action on your part is required.
3/16/2008 8:29:19 PM Process (PID 800) tried to access Kaspersky Internet Security process (PID 184), but the action has been blocked by the Self-Defense component. No action on your part is required.
3/16/2008 8:53:03 PM File C:\Documents and Settings\All Users\Application Data\rszmvkxc.dll//PE_Patch.UPX//UPX: detected: Trojan program 'Trojan.Win32.Obfuscated.gx'.
3/16/2008 8:53:03 PM File C:\Documents and Settings\All Users\Application Data\rszmvkxc.dll//PE_Patch.UPX//UPX: is still infected, postponed.
3/16/2008 8:53:18 PM File c:\documents and settings\all users\application data\rszmvkxc.dll//PE_Patch.UPX//UPX: detected: Trojan program 'Trojan.Win32.Obfuscated.gx'.
3/16/2008 8:53:46 PM File c:\documents and settings\all users\application data\rszmvkxc.dll//PE_Patch.UPX//UPX: is still infected, cannot be disinfected.
3/16/2008 8:53:55 PM File c:\documents and settings\all users\application data\rszmvkxc.dll: deleted.
3/16/2008 6:55:05 PM Incorrect key activation date.
System date was possibly changed.
3/16/2008 7:12:06 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdSpyTTC.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:06 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdSpyTTC.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:06 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdSpyTTC1.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:06 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdSpyTTC1.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:06 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ClickspringOuterInfo.zip/install.rdf: is password protected.
3/16/2008 7:12:06 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ClickspringOuterInfo.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:06 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ClickspringOuterInfo1.zip/OuterinfoAds.xpt: is password protected.
3/16/2008 7:12:06 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ClickspringOuterInfo1.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:06 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ClickspringOuterInfo10.zip/OuterinfoAds.xpt: is password protected.
3/16/2008 7:12:06 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ClickspringOuterInfo10.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:06 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ClickspringOuterInfo11.zip/Uninstall.lnk: is password protected.
3/16/2008 7:12:06 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ClickspringOuterInfo11.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:06 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ClickspringOuterInfo12.zip/Terms.lnk: is password protected.
3/16/2008 7:12:06 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ClickspringOuterInfo12.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:06 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ClickspringOuterInfo13.zip/Terms.rtf: is password protected.
3/16/2008 7:12:07 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ClickspringOuterInfo13.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:07 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ClickspringOuterInfo14.zip/FF.dll: is password protected.
3/16/2008 7:12:07 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ClickspringOuterInfo14.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:07 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ClickspringOuterInfo15.zip/chrome.manifest: is password protected.
3/16/2008 7:12:07 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ClickspringOuterInfo15.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:07 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ClickspringOuterInfo16.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:07 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ClickspringOuterInfo2.zip/Uninstall.lnk: is password protected.
3/16/2008 7:12:07 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ClickspringOuterInfo2.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:07 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ClickspringOuterInfo3.zip/Terms.lnk: is password protected.
3/16/2008 7:12:07 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ClickspringOuterInfo3.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:07 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ClickspringOuterInfo4.zip/Terms.rtf: is password protected.
3/16/2008 7:12:07 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ClickspringOuterInfo4.zip/sbRecovery.ini: is password protected.
bamabrat2719
2008-03-17, 06:01
3/16/2008 7:12:07 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ClickspringOuterInfo5.zip/chrome.manifest: is password protected.
3/16/2008 7:12:07 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ClickspringOuterInfo5.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:07 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ClickspringOuterInfo6.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:07 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ClickspringOuterInfo7.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:07 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ClickspringOuterInfo7.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:07 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ClickspringOuterInfo8.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:07 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ClickspringOuterInfo8.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:07 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ClickspringOuterInfo9.zip/install.rdf: is password protected.
3/16/2008 7:12:07 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ClickspringOuterInfo9.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:07 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService.zip/atmtd.dll.tmp: is password protected.
3/16/2008 7:12:07 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:07 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService1.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:07 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService1.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:07 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService10.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:07 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService10.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:07 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService11.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:07 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService11.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:07 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService12.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:07 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService12.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:07 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService13.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:07 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService13.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:07 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService2.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:07 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService2.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:08 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService3.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:08 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService3.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:08 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService4.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:08 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService4.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:08 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService5.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:08 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService5.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:08 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService6.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:08 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService6.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:08 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService7.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:08 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService7.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:08 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService8.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:08 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService8.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:08 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService9.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:08 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommandService9.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:08 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText.zip/AtlBrowser.exe: is password protected.
3/16/2008 7:12:08 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:08 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText1.zip/AtlBrowser.exe: is password protected.
3/16/2008 7:12:08 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText1.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:08 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText2.zip/AtlBrowser.exe: is password protected.
3/16/2008 7:12:08 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eZulaHotText2.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:08 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterTaskManager.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:08 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterTaskManager.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:08 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterTaskManager1.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:08 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterTaskManager1.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:08 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterTaskManager2.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:08 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterTaskManager2.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:08 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterTaskManager3.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:08 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterTaskManager3.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:08 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterTaskManager4.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:08 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterTaskManager4.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:08 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterTaskManager5.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:08 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterTaskManager5.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:08 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterTaskManager6.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:08 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterTaskManager6.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:08 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterTaskManager7.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:08 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterTaskManager7.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:08 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSystem.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:08 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSystem.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:08 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSystem1.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:08 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSystem1.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:08 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSystem2.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:08 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSystem2.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:08 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSystem3.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:08 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSystem3.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:08 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:08 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor1.zip/domains.txt: is password protected.
3/16/2008 7:12:08 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor1.zip/log.txt: is password protected.
3/16/2008 7:12:08 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor1.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:08 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor2.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:09 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor2.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:09 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor3.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:09 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor3.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:09 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor4.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:09 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor4.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:09 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor5.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:09 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NetworkMonitor5.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:09 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\RabioSearchEnhancer.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:09 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\RabioSearchEnhancer1.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:09 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\RabioSearchEnhancer10.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:09 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\RabioSearchEnhancer10.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:09 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\RabioSearchEnhancer11.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:09 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\RabioSearchEnhancer11.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:09 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\RabioSearchEnhancer12.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:09 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\RabioSearchEnhancer12.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:09 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\RabioSearchEnhancer2.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:09 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\RabioSearchEnhancer3.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:09 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\RabioSearchEnhancer3.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:09 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\RabioSearchEnhancer4.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:09 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\RabioSearchEnhancer4.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:09 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\RabioSearchEnhancer5.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:09 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\RabioSearchEnhancer5.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:09 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\RabioSearchEnhancer6.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:09 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\RabioSearchEnhancer6.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:09 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\RabioSearchEnhancer7.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:09 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\RabioSearchEnhancer7.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:09 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\RabioSearchEnhancer8.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:09 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\RabioSearchEnhancer8.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:09 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\RabioSearchEnhancer9.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:09 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Search.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:09 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Search.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:09 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Search1.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:09 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Search1.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:09 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Search2.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:09 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Search2.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:09 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Search3.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:09 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Search3.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:09 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Search4.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:09 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Search4.zip/sbRecovery.ini: is password protected.
bamabrat2719
2008-03-17, 06:06
3/16/2008 7:12:09 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Search5.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:09 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Search5.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:09 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Search6.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:09 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Search6.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:09 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:09 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:09 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:09 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:09 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC10.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:09 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC10.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:10 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC11.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:10 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC11.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:10 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC12.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:10 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC12.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:10 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC13.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:10 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC13.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:10 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC14.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:10 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC14.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:10 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC15.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:10 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC15.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:10 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC16.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:10 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC16.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:10 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC17.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:10 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC17.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:10 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC18.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:10 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC18.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:10 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC19.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:10 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC19.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:10 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:10 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:10 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC20.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:10 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC20.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:10 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC21.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:10 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC21.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:10 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC22.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:10 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC22.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:10 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC23.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:10 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC23.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:10 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC24.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:10 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC24.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:10 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:10 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:10 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC4.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:10 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC4.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:10 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC5.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:10 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC5.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:10 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC6.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:10 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC6.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:10 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC7.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:10 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC7.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:10 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC8.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:10 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC8.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:10 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC9.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:10 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC9.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:10 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCCoreService.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:10 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCCoreService1.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:10 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCCoreService2.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:10 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCCoreService3.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:10 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:10 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:10 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant1.zip/sais.exe: is password protected.
3/16/2008 7:12:10 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant1.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:10 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant10.zip/180ax.exe: is password protected.
3/16/2008 7:12:10 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant10.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:10 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant11.zip/saap.exe: is password protected.
3/16/2008 7:12:10 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant11.zip/sac.exe: is password protected.
3/16/2008 7:12:10 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant11.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:10 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant12.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:10 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant12.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:11 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant13.zip/sais.exe: is password protected.
3/16/2008 7:12:11 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant13.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:11 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant14.zip/180ax.exe: is password protected.
3/16/2008 7:12:11 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant14.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:11 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant15.zip/saap.exe: is password protected.
3/16/2008 7:12:11 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant15.zip/sac.exe: is password protected.
3/16/2008 7:12:11 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant15.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:11 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant16.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:11 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant16.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:11 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant17.zip/sais.exe: is password protected.
3/16/2008 7:12:11 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant17.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:11 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant18.zip/180ax.exe: is password protected.
3/16/2008 7:12:11 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant18.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:11 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant19.zip/saap.exe: is password protected.
3/16/2008 7:12:11 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant19.zip/sac.exe: is password protected.
3/16/2008 7:12:11 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant19.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:11 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant2.zip/180ax.exe: is password protected.
3/16/2008 7:12:11 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant2.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:11 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant20.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:11 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant20.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:11 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant21.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:11 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant21.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:11 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant22.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:11 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant22.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:11 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant23.zip/sais.exe: is password protected.
3/16/2008 7:12:11 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant23.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:11 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant24.zip/180ax.exe: is password protected.
3/16/2008 7:12:11 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant24.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:11 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant25.zip/saap.exe: is password protected.
3/16/2008 7:12:11 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant25.zip/sac.exe: is password protected.
3/16/2008 7:12:11 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant25.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:11 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant26.zip/sais.exe: is password protected.
3/16/2008 7:12:11 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant26.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:11 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant27.zip/180ax.exe: is password protected.
3/16/2008 7:12:11 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant27.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:11 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant28.zip/saap.exe: is password protected.
bamabrat2719
2008-03-17, 06:08
3/16/2008 7:12:11 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant27.zip/180ax.exe: is password protected.
3/16/2008 7:12:11 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant27.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:11 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant28.zip/saap.exe: is password protected.
3/16/2008 7:12:11 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant28.zip/sac.exe: is password protected.
3/16/2008 7:12:11 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant28.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:11 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant3.zip/saap.exe: is password protected.
3/16/2008 7:12:11 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant3.zip/sac.exe: is password protected.
3/16/2008 7:12:11 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant3.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:11 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant4.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:11 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant4.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:11 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant5.zip/sais.exe: is password protected.
3/16/2008 7:12:11 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant5.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:11 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant6.zip/180ax.exe: is password protected.
3/16/2008 7:12:11 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant6.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:11 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant7.zip/saap.exe: is password protected.
3/16/2008 7:12:11 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant7.zip/sac.exe: is password protected.
3/16/2008 7:12:11 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant7.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:11 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant8.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:11 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant8.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:11 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant9.zip/sais.exe: is password protected.
3/16/2008 7:12:11 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SolutionsSearchAssistant9.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:11 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde.zip/removalfile.bat: is password protected.
3/16/2008 7:12:11 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:12 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde1.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:12 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde1.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:12 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde2.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:12 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde2.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:12 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde3.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:12 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde3.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:12 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde4.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:12 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde4.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:12 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde5.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:12 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde5.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:12 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde6.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:12 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde6.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:12 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde7.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:12 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde7.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:12 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\webHancer.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:12 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\webHancer.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:12 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Zango.zip/seekmohook.dll: is password protected.
3/16/2008 7:12:12 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Zango.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:12 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Zango1.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:12 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Zango1.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:12 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Zango10.zip/zango.exe: is password protected.
3/16/2008 7:12:12 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Zango10.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:12 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Zango11.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:12 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Zango11.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:12 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Zango2.zip/zango.exe: is password protected.
3/16/2008 7:12:12 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Zango2.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:12 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Zango3.zip/seekmohook.dll: is password protected.
3/16/2008 7:12:12 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Zango3.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:12 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Zango4.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:12 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Zango4.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:12 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Zango5.zip/zango.exe: is password protected.
3/16/2008 7:12:12 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Zango5.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:12 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Zango6.zip/seekmohook.dll: is password protected.
3/16/2008 7:12:12 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Zango6.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:12 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Zango7.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:12 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Zango7.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:12 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Zango8.zip/zango.exe: is password protected.
3/16/2008 7:12:12 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Zango8.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:12 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Zango9.zip/seekmohook.dll: is password protected.
3/16/2008 7:12:12 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Zango9.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:12 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:12 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:12 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger1.zip/sbRecovery.reg: is password protected.
3/16/2008 7:12:12 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDNSChanger1.zip/sbRecovery.ini: is password protected.
3/16/2008 7:12:38 PM Process (PID 3748) tried to access Kaspersky Internet Security process (PID 184), but the action has been blocked by the Self-Defense component. No action on your part is required.
3/16/2008 8:13:27 PM File C:\Program Files\Common Files\M?crosoft.NET\wuauclt.exe//PE_Patch.UPX//UPX: detected: Trojan program 'Trojan-Downloader.Win32.Agent.kwg'.
3/16/2008 8:13:27 PM Security threats have been detected. You are advised to neutralize them immediately.
3/16/2008 8:13:27 PM File C:\Program Files\Common Files\M?crosoft.NET\wuauclt.exe//PE_Patch.UPX//UPX: is still infected, postponed.
3/16/2008 8:14:55 PM File C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI//Cabs.w1.cab/AdAware_SE_default.ask/Ad-Aware SE Default.skn: is password protected.
3/16/2008 8:14:55 PM File C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI//Cabs.w1.cab/AdAware_SE_default.ask/arrow1.bmp: is password protected.
3/16/2008 8:14:55 PM File C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI//Cabs.w1.cab/AdAware_SE_default.ask/arrow2.bmp: is password protected.
3/16/2008 8:14:55 PM File C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI//Cabs.w1.cab/AdAware_SE_default.ask/bck1.bmp: is password protected.
3/16/2008 8:14:55 PM File C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI//Cabs.w1.cab/AdAware_SE_default.ask/bt11.bmp: is password protected.
3/16/2008 8:14:55 PM File C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI//Cabs.w1.cab/AdAware_SE_default.ask/bt12.bmp: is password protected.
3/16/2008 8:14:55 PM File C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI//Cabs.w1.cab/AdAware_SE_default.ask/bt13.bmp: is password protected.
3/16/2008 8:14:55 PM File C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI//Cabs.w1.cab/AdAware_SE_default.ask/bt21.bmp: is password protected.
3/16/2008 8:14:55 PM File C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI//Cabs.w1.cab/AdAware_SE_default.ask/bt22.bmp: is password protected.
3/16/2008 8:14:55 PM File C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI//Cabs.w1.cab/AdAware_SE_default.ask/bt23.bmp: is password protected.
3/16/2008 8:14:55 PM File C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI//Cabs.w1.cab/AdAware_SE_default.ask/bt31.bmp: is password protected.
3/16/2008 8:14:55 PM File C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI//Cabs.w1.cab/AdAware_SE_default.ask/bt32.bmp: is password protected.
3/16/2008 8:14:55 PM File C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI//Cabs.w1.cab/AdAware_SE_default.ask/bt33.bmp: is password protected.
3/16/2008 8:14:55 PM File C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI//Cabs.w1.cab/AdAware_SE_default.ask/bt41.bmp: is password protected.
3/16/2008 8:14:55 PM File C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI//Cabs.w1.cab/AdAware_SE_default.ask/bt42.bmp: is password protected.
3/16/2008 8:14:55 PM File C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI//Cabs.w1.cab/AdAware_SE_default.ask/bt43.bmp: is password protected.
3/16/2008 8:14:55 PM File C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI//Cabs.w1.cab/AdAware_SE_default.ask/bt51.bmp: is password protected.
3/16/2008 8:14:55 PM File C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI//Cabs.w1.cab/AdAware_SE_default.ask/bt52.bmp: is password protected.
3/16/2008 8:14:55 PM File C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI//Cabs.w1.cab/AdAware_SE_default.ask/bt53.bmp: is password protected.
3/16/2008 8:14:55 PM File C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI//Cabs.w1.cab/AdAware_SE_default.ask/bt61.bmp: is password protected.
3/16/2008 8:14:55 PM File C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI//Cabs.w1.cab/AdAware_SE_default.ask/bt62.bmp: is password protected.
3/16/2008 8:14:55 PM File C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI//Cabs.w1.cab/AdAware_SE_default.ask/checkbox1.bmp: is password protected.
3/16/2008 8:14:55 PM File C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI//Cabs.w1.cab/AdAware_SE_default.ask/checkbox2.bmp: is password protected.
3/16/2008 8:14:55 PM File C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI//Cabs.w1.cab/AdAware_SE_default.ask/checkbox3.bmp: is password protected.
3/16/2008 8:14:55 PM File C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI//Cabs.w1.cab/AdAware_SE_default.ask/checkbox4.bmp: is password protected.
3/16/2008 8:14:55 PM File C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI//Cabs.w1.cab/AdAware_SE_default.ask/defbtn1.bmp: is password protected.
3/16/2008 8:14:55 PM File C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI//Cabs.w1.cab/AdAware_SE_default.ask/defbtn2.bmp: is password protected.
3/16/2008 8:14:55 PM File C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI//Cabs.w1.cab/AdAware_SE_default.ask/defbtn3.bmp: is password protected.
3/16/2008 8:14:55 PM File C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI//Cabs.w1.cab/AdAware_SE_default.ask/glyph1.bmp: is password protected.
3/16/2008 8:14:55 PM File C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI//Cabs.w1.cab/AdAware_SE_default.ask/glyph2.bmp: is password protected.
3/16/2008 8:14:55 PM File C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI//Cabs.w1.cab/AdAware_SE_default.ask/glyph3.bmp: is password protected.
3/16/2008 8:14:55 PM File C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI//Cabs.w1.cab/AdAware_SE_default.ask/glyph4.bmp: is password protected.
3/16/2008 8:14:55 PM File C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI//Cabs.w1.cab/AdAware_SE_default.ask/glyph5.bmp: is password protected.
3/16/2008 8:14:55 PM File C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI//Cabs.w1.cab/AdAware_SE_default.ask/glyph6.bmp: is password protected.
3/16/2008 8:14:55 PM File C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI//Cabs.w1.cab/AdAware_SE_default.ask/glyph7.bmp: is password protected.
3/16/2008 8:14:55 PM File C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI//Cabs.w1.cab/AdAware_SE_default.ask/main.bmp: is password protected.
3/16/2008 8:14:55 PM File C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI//Cabs.w1.cab/AdAware_SE_default.ask/preview.bmp: is password protected.
3/16/2008 8:14:55 PM File C:\Program Files\Common Files\Wise Installation Wizard\WIS78CC3BABDE2A4FB48FBBE4DADDC26747_1_0_6.MSI//Cabs.w1.cab/AdAware_SE_default.ask/sprite1.bmp: is password protected.
bamabrat2719
2008-03-17, 06:09
3/16/2008 9:00:22 PM File C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/Ad-Aware SE Default.skn: is password protected.
3/16/2008 9:00:22 PM File C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/arrow1.bmp: is password protected.
3/16/2008 9:00:22 PM File C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/arrow2.bmp: is password protected.
3/16/2008 9:00:22 PM File C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bck1.bmp: is password protected.
3/16/2008 9:00:22 PM File C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt11.bmp: is password protected.
3/16/2008 9:00:22 PM File C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt12.bmp: is password protected.
3/16/2008 9:00:22 PM File C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt13.bmp: is password protected.
3/16/2008 9:00:22 PM File C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt21.bmp: is password protected.
3/16/2008 9:00:22 PM File C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt22.bmp: is password protected.
3/16/2008 9:00:22 PM File C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt23.bmp: is password protected.
3/16/2008 9:00:22 PM File C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt31.bmp: is password protected.
3/16/2008 9:00:22 PM File C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt32.bmp: is password protected.
3/16/2008 9:00:22 PM File C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt33.bmp: is password protected.
3/16/2008 9:00:22 PM File C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt41.bmp: is password protected.
3/16/2008 9:00:22 PM File C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt42.bmp: is password protected.
3/16/2008 9:00:22 PM File C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt43.bmp: is password protected.
3/16/2008 9:00:22 PM File C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt51.bmp: is password protected.
3/16/2008 9:00:22 PM File C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt52.bmp: is password protected.
3/16/2008 9:00:22 PM File C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt53.bmp: is password protected.
3/16/2008 9:00:22 PM File C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt61.bmp: is password protected.
3/16/2008 9:00:22 PM File C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/bt62.bmp: is password protected.
3/16/2008 9:00:22 PM File C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/checkbox1.bmp: is password protected.
3/16/2008 9:00:22 PM File C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/checkbox2.bmp: is password protected.
3/16/2008 9:00:22 PM File C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/checkbox3.bmp: is password protected.
3/16/2008 9:00:22 PM File C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/checkbox4.bmp: is password protected.
3/16/2008 9:00:22 PM File C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/defbtn1.bmp: is password protected.
3/16/2008 9:00:22 PM File C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/defbtn2.bmp: is password protected.
3/16/2008 9:00:22 PM File C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/defbtn3.bmp: is password protected.
3/16/2008 9:00:22 PM File C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/glyph1.bmp: is password protected.
3/16/2008 9:00:22 PM File C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/glyph2.bmp: is password protected.
3/16/2008 9:00:22 PM File C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/glyph3.bmp: is password protected.
3/16/2008 9:00:22 PM File C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/glyph4.bmp: is password protected.
3/16/2008 9:00:23 PM File C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/glyph5.bmp: is password protected.
3/16/2008 9:00:23 PM File C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/glyph6.bmp: is password protected.
3/16/2008 9:00:23 PM File C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/glyph7.bmp: is password protected.
3/16/2008 9:00:23 PM File C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/main.bmp: is password protected.
3/16/2008 9:00:23 PM File C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/preview.bmp: is password protected.
3/16/2008 9:00:23 PM File C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask/sprite1.bmp: is password protected.
3/16/2008 9:31:19 PM File C:\Program Files\QdrPack\QdrPack14.exe: detected: adware 'not-a-virus:AdWare.Win32.AdBand.n'.
3/16/2008 9:31:19 PM Security threats have been detected. You are advised to neutralize them immediately.
3/16/2008 9:31:19 PM File C:\Program Files\QdrPack\QdrPack14.exe: is still infected, postponed.
3/16/2008 9:35:50 PM File C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll: detected: adware 'not-a-virus:AdWare.Win32.Shopper.v'.
3/16/2008 9:35:50 PM Security threats have been detected. You are advised to neutralize them immediately.
3/16/2008 9:35:50 PM File C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll: is still infected, postponed.
3/16/2008 9:41:06 PM File C:\WINDOWS\dcdsvwbk.exe//PE_Patch.UPX//UPX: detected: Trojan program 'Trojan.Win32.Obfuscated.gx'.
3/16/2008 9:41:06 PM Security threats have been detected. You are advised to neutralize them immediately.
3/16/2008 9:41:06 PM File C:\WINDOWS\dcdsvwbk.exe//PE_Patch.UPX//UPX: is still infected, postponed.
3/16/2008 9:41:09 PM File C:\WINDOWS\jehihyfm.dll//PE_Patch.UPX//UPX: detected: Trojan program 'Trojan.Win32.Obfuscated.gx'.
3/16/2008 9:41:09 PM File C:\WINDOWS\jehihyfm.dll//PE_Patch.UPX//UPX: is still infected, postponed.
3/16/2008 9:41:20 PM File C:\WINDOWS\mrofinu72.exe//PE_Patch.Upolyx//PE_Patch.UPX//UPX: detected: Trojan program 'Trojan-Downloader.Win32.Agent.lbx'.
3/16/2008 9:41:20 PM File C:\WINDOWS\mrofinu72.exe//PE_Patch.Upolyx//PE_Patch.UPX//UPX: is still infected, postponed.
3/16/2008 9:41:31 PM File c:\windows\dcdsvwbk.exe//PE_Patch.UPX//UPX: detected: Trojan program 'Trojan.Win32.Obfuscated.gx'.
3/16/2008 9:41:32 PM File c:\windows\dcdsvwbk.exe: deleted.
3/16/2008 9:41:37 PM File c:\windows\jehihyfm.dll//PE_Patch.UPX//UPX: detected: Trojan program 'Trojan.Win32.Obfuscated.gx'.
3/16/2008 9:41:37 PM File c:\windows\jehihyfm.dll: deleted.
3/16/2008 9:41:41 PM File c:\windows\mrofinu72.exe//PE_Patch.Upolyx//PE_Patch.UPX//UPX: detected: Trojan program 'Trojan-Downloader.Win32.Agent.lbx'.
3/16/2008 9:41:41 PM File c:\windows\mrofinu72.exe: deleted.
3/16/2008 10:15:12 PM Update completed successfully
3/16/2008 11:23:12 PM File D:\I386\Apps\APP07885\src\HPSummer2005.exe//WiseSFXDropper//WISE0016.BIN: detected: adware 'not-a-virus:AdWare.Win32.MyWay.j'.
3/16/2008 11:23:12 PM Security threats have been detected. You are advised to neutralize them immediately.
3/16/2008 11:23:12 PM File D:\I386\Apps\APP07885\src\HPSummer2005.exe//WiseSFXDropper//WISE0016.BIN: is still infected, postponed.
3/16/2008 11:23:32 PM File d:\i386\apps\app07885\src\hpsummer2005.exe//WiseSFXDropper//WISE0016.BIN: detected: adware 'not-a-virus:AdWare.Win32.MyWay.j'.
3/16/2008 11:23:36 PM File d:\i386\apps\app07885\src\hpsummer2005.exe: deleted.
Reports
-------
Component Status Start Finish Size
--------- ------ ----- ------ ----
Firewall running 3/16/2008 8:08:21 PM 35.8 KB
Anti-Spam running 3/16/2008 8:08:21 PM 0 bytes
Privacy Control running 3/16/2008 8:08:21 PM 0 bytes
Proactive Defense running 3/16/2008 8:08:21 PM 0 bytes
File Anti-Virus running 3/16/2008 8:08:21 PM 1.4 MB
Mail Anti-Virus running 3/16/2008 8:08:21 PM 0 bytes
Web Anti-Virus running 3/16/2008 8:08:21 PM 784.0 KB
Update completed 3/16/2008 8:08:45 PM 3/16/2008 8:11:05 PM 0 bytes
Scan startup objects completed 3/16/2008 8:10:29 PM 3/16/2008 8:19:39 PM 340.9 KB
Scan stopped 3/16/2008 8:14:16 PM 3/16/2008 8:24:07 PM 2.2 MB
Scan My Computer completed 3/16/2008 8:51:36 PM 3/16/2008 11:32:16 PM 123.0 MB
Update completed 3/16/2008 10:11:21 PM 3/16/2008 10:15:12 PM 25.9 KB
Scan critical areas completed 3/16/2008 11:35:57 PM 3/16/2008 11:40:43 PM 702.8 KB
Quarantine
----------
Status Object Size Added
------ ------ ---- -----
Backup
------
Status Object Size
------ ------ ----
pskelley
2008-03-18, 13:56
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.
Read the directions, you have posted information not requested and a Kaspersky Scan is not from the online scan as requested.
http://www.symantec.com/security_response/writeup.jsp?docid=2007-040208-5335-99&tabid=2
The Trojan deletes cookies in the Internet Explorer URL cache so that users will have to re-insert passwords when logging into banking Web sites.
It reads PStore to steal saved passwords on the compromised computer.
Intercept network traffic
Intercept keyboard input
Steal information from Windows clipboard
You're infected, one or more of the identified infections steal information. If this system is used for online banking or has credit card information on it, all passwords should be changed immediately by using a different computer (not the infected one!) to make the changes. Banking and credit card institutions, if any, should be notified of the possible security breech. I suggest that you read this article too.
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
http://www.dslreports.com/faq/10451
When Should I Format, How Should I Reinstall
http://www.dslreports.com/faq/10063
Let me know if you wish to proceed with this.
Thanks
pskelley
2008-03-25, 13:45
Due to the lack of feedback this Topic is closed.
If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.
If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.
Everyone else please begin a New Topic.