[dev_engineer]

Hi
Im having a lot of problems with my laptop. I have adaware, pestpatrol and spybot and Norton internet security but nothing seems to work. Some antivirus software (Security iGuard) keeps installing itself and windows keeps giving error messages about a tmp32.exe and open32.exe files.

My laptop also crashes when i run NAV system scan and restarts windows.
Below is my hijack this log, i hope some cna help:

Logfile of HijackThis v1.99.1
Scan saved at 22:21:04, on 28/03/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\locator.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\SLClient.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Tornado\host\x86-win32\bin\wtxregds.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\hijack folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.2.0.253:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;http://10.2.*;http:/...tes01/*;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SENS Keyboard V4 Launcher] "C:\Program Files\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Shell] open32.exe
O4 - HKLM\..\RunOnce: [InstallShieldSetup] C:\PROGRA~1\INSTAL~1\{055FE~1\setup.exe -rebootC:\PROGRA~1\INSTAL~1\{055FE~1\reboot.ini -l0x9
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Microsoft AntiSpyware helper - {1FB1FAF2-A8A8-4A61-BD6B-DA1A9EEF9650} - C:\WINDOWS\System32\wldr.dll
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {1FB1FAF2-A8A8-4A61-BD6B-DA1A9EEF9650} - C:\WINDOWS\System32\wldr.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {1FB1FAF2-A8A8-4A61-BD6B-DA1A9EEF9650} - C:\WINDOWS\System32\wldr.dll (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {1FB1FAF2-A8A8-4A61-BD6B-DA1A9EEF9650} - C:\WINDOWS\System32\wldr.dll (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {6229954E-9B52-49AD-9A8F-D3A31DDECECD} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {6229954E-9B52-49AD-9A8F-D3A31DDECECD} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {6A59FD19-2BF4-422C-9531-16B07D7F7BC0} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {6A59FD19-2BF4-422C-9531-16B07D7F7BC0} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {893A9594-7461-436A-9E4F-CB887EF292C0} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {893A9594-7461-436A-9E4F-CB887EF292C0} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {D834F5B5-4E33-4E29-B9DD-2C76EBA6F314} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D834F5B5-4E33-4E29-B9DD-2C76EBA6F314} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {EBB803BF-08CD-4134-BCA0-09E07CE48438} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {EBB803BF-08CD-4134-BCA0-09E07CE48438} - (no file) (HKCU)
O20 - Winlogon Notify: drct16 - C:\WINDOWS\SYSTEM32\drct16.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScriptLogic service (SLClient) - ScriptLogic Corporation - C:\WINDOWS\SYSTEM32\SLClient.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Tornado Registry - Unknown owner - C:\Tornado\host\x86-win32\bin\wtxregds.exe

[Advertisements]

Hi,

I will be analyzing you log and should have a repsonse shortly.

B

[Besttechie]

Hi,

I will be analyzing you log and should have a repsonse shortly.

B

[Besttechie]

Hi,

You have a Horseserver infection which requires some tools to get rid of.

• First, download HSFix from here
• After it is downloaded, create a new folder on your desktop called "HSFix" and extract all the files into the newly created folder.
• Next, download CleanUp! Install it, but do not run it yet.
• Boot into safe mode: Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.
• Locate the HSFix folder on your desktop, open it, and double-click "hsfix.bat"
• A log will be produced which you can close out of.
• Then run HijackThis again, close any open windows and browsers and fix these:
  O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
  O4 - HKLM\..\Run: [Shell] open32.exe
  O9 - Extra button: Microsoft AntiSpyware helper - {1FB1FAF2-A8A8-4A61-BD6B-DA1A9EEF9650} - C:\WINDOWS\System32\wldr.dll
  O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {1FB1FAF2-A8A8-4A61-BD6B-DA1A9EEF9650} - C:\WINDOWS\System32\wldr.dll
  O9 - Extra button: Microsoft AntiSpyware helper - {1FB1FAF2-A8A8-4A61-BD6B-DA1A9EEF9650} - C:\WINDOWS\System32\wldr.dll (HKCU)
  O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {1FB1FAF2-A8A8-4A61-BD6B-DA1A9EEF9650} - C:\WINDOWS\System32\wldr.dll (HKCU)
  O9 - Extra button: Microsoft AntiSpyware helper - {6229954E-9B52-49AD-9A8F-D3A31DDECECD} - (no file) (HKCU)
  O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {6229954E-9B52-49AD-9A8F-D3A31DDECECD} - (no file) (HKCU)
  O9 - Extra button: Microsoft AntiSpyware helper - {6A59FD19-2BF4-422C-9531-16B07D7F7BC0} - (no file) (HKCU)
  O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {6A59FD19-2BF4-422C-9531-16B07D7F7BC0} - (no file) (HKCU)
  O9 - Extra button: Microsoft AntiSpyware helper - {893A9594-7461-436A-9E4F-CB887EF292C0} - (no file) (HKCU)
  O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {893A9594-7461-436A-9E4F-CB887EF292C0} - (no file) (HKCU)
  O9 - Extra button: Microsoft AntiSpyware helper - {D834F5B5-4E33-4E29-B9DD-2C76EBA6F314} - (no file) (HKCU)
  O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D834F5B5-4E33-4E29-B9DD-2C76EBA6F314} - (no file) (HKCU)
  O9 - Extra button: Microsoft AntiSpyware helper - {EBB803BF-08CD-4134-BCA0-09E07CE48438} - (no file) (HKCU)
  O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {EBB803BF-08CD-4134-BCA0-09E07CE48438} - (no file) (HKCU)
  O20 - Winlogon Notify: drct16 - C:\WINDOWS\SYSTEM32\drct16.dll
  
• Run CleanUp! and let it clean your computer of temp files. Decline when it asks you to log off.
• Restart your computer into normal mode and run at least one of the following free, online virus scans:
  http://housecall.tre.../start_corp.asp
  http://www.pandasoft...n_principal.htm
  http://www3.ca.com/t...sinfo/scan.aspx
• Restart your computer one last time and post a new HijackThis log, as well as the HSFix log which is located at C:/hslog.txt

Good luck!

B

[dev_engineer]

Thanks i will do this now and reply asap

[dev_engineer]

I cant log in to my pc in safe mode
It wont accept the password. This may be a network problem as it is setup for my workplace workgroup although i cna log in normally at home without a problem.

I will try it tomorrow morning at work and get back to you, thansk for the help Besttechie, much appreciated

[dev_engineer]

I ran my pc in safe mode ran "hsfix.bat" below is the log file:


Horseserver Removal Tool v1.05
by Atri
-
-
1. Registry Fix Started
-
Registry fix complete
-
2. Deleted Services
-
WINLOW
[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

vdmt16
[SC] OpenService FAILED 1060:

The specified service does not exist as an installed service.

-
3. Finding files Located on system
-
klogini.dll
p2.ini
vdmt16.sys
winlow.sys
drct16.dll
mszx23.exe
cz.dll
w32tm.exe
open32.exe
-
4. Deleting files that were found.
-
unable to remove vdmt16.sys
unable to remove drct16.dll
unable to remove mszx23.exe
-
5. Checking for and Removing Winupdate
-
-
-



I then ran hijack this and corrected all the suggested files but this one did not appear in hijack this:

O4 - HKLM\..\Run: [Shell] open32.exe


I then ran norton ani-virus (up-to-date) and it deleted "C:\WINDOWS\system32\mszx23.exe"

Finally below is my newest hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 01:49:49, on 29/03/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\SLClient.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Tornado\host\x86-win32\bin\wtxregds.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\userinit.exe
C:\hijack folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.2.0.253:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;http://10.2.*;http:/...tes01/*;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SENS Keyboard V4 Launcher] "C:\Program Files\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Shell] open32.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScriptLogic service (SLClient) - ScriptLogic Corporation - C:\WINDOWS\SYSTEM32\SLClient.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Tornado Registry - Unknown owner - C:\Tornado\host\x86-win32\bin\wtxregds.exe


and as im posting this thread another security iguard has popped up!!!!
It must be the open32.exe???

[Besttechie]

Hi,

Please reboot back into safe mode and run HSfix again. Then reboot your computer into normal mode and post a new HijackThis log, as well as the HSFix log which is located at C:/hslog.txt.

Good luck!

B

[dev_engineer]

Here is the latest hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 10:49:00, on 29/03/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\SLClient.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Tornado\host\x86-win32\bin\wtxregds.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\hijack folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.2.0.253:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;http://10.2.*;http:/...tes01/*;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SENS Keyboard V4 Launcher] "C:\Program Files\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Shell] open32.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScriptLogic service (SLClient) - ScriptLogic Corporation - C:\WINDOWS\SYSTEM32\SLClient.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Tornado Registry - Unknown owner - C:\Tornado\host\x86-win32\bin\wtxregds.exe



Below is the latest hsfix log:

Horseserver Removal Tool v1.05
by Atri
-
-
1. Registry Fix Started
-
Registry fix complete
-
2. Deleted Services
-
-
3. Finding files Located on system
-
-
4. Deleting files that were found.
-
-
5. Checking for and Removing Winupdate
-
-
-


Ad-Watch runs when the pc starts and it tells me that a registry modification to root: HKEY_LOCAL_MACHINE
Key:\Software\Microsoft\Windows\CurrentVersion\Run
Value:Shell
Data:open32.exe

not sure if this helps or not but thought i should include it

[dev_engineer]

One last problem is after i ran all the fixes mentioned by desktop has lost its shortcuts!!

But when i go to documents and settings/My username/desktop all the shortcuts are there but just dont appear on my desktop!

When i copy a new shortcut to the desktop two appear! one works and the other doesnt do anything??

[Besttechie]

Hi,

Please uninstall Ad-Watch, the reason I am asking you to uninstall it is because it is interfering with the fixes I am trying to have you run. Its causing issues. Since Ad-Watch runs silently in the background stopping malware its conflicting with what we are trying to do.

After its uninstalled boot to safe mode once again, and run HSfix. Then reboot your computer into normal mode and post a new HijackThis log, as well as the HSFix log which is located at C:/hslog.txt.

As for the icons, try right clicking the desktop and choose Refresh.

Good luck!

B

[dev_engineer]

HSFIX LOG:


Horseserver Removal Tool v1.05
by Atri
-
-
1. Registry Fix Started
-
Registry fix complete
-
2. Deleted Services
-
-
3. Finding files Located on system
-
-
4. Deleting files that were found.
-
-
5. Checking for and Removing Winupdate
-
-
-


HIJACK THIS LOG:

Logfile of HijackThis v1.99.1
Scan saved at 20:38:44, on 29/03/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\SLClient.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Tornado\host\x86-win32\bin\wtxregds.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\hijack folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.2.0.253:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;http://10.2.*;http:/...tes01/*;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SENS Keyboard V4 Launcher] "C:\Program Files\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScriptLogic service (SLClient) - ScriptLogic Corporation - C:\WINDOWS\SYSTEM32\SLClient.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Tornado Registry - Unknown owner - C:\Tornado\host\x86-win32\bin\wtxregds.exe


It seems to have done the trick as i dont have any problems so far


My desktop is still all wrong though and the refresh does not work!
One funny thing though is when i right click and select properties/desktop the background in the preview image is red and the words "danger spyware" are written on the screen! I cannot change the image!!!!!

Its weird because the actual desktop is standard windows blue with no writing

[dev_engineer]

attached is a screen shot of the culprit

[dev_engineer]

The file name is zapotec.bmp ill do a search on google and this site to see if i cna find a solution

[Besttechie]

Hi,

Please run the following scan:

http://www.bitdefend...can/licence.php

After the scan finishes, go through your Windows folder and System32 folder looking for 3-letter exe files with a filesize 8kb. If you find any after the scan check the files properties and post them here. Also, search for this file desktop.html and delete it. To search for the file go to Start --> Search --> All Files and Folders --> enter desktop.html --> Hit Enter and it will start searching, once it finds it delete it. Also, Go to start > control panel > Display properties > Desktop > Customize Desktop... > Web tab > uncheck and delete everything you find in there. Then post back with how it went along with a new HijackThis log.

Good luck!

B

[dev_engineer]

Hijack log:
Logfile of HijackThis v1.99.1
Scan saved at 22:04:37, on 30/03/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Sophos\Remote Update\cachemgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\system32\SLClient.exe
C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Tornado\host\x86-win32\bin\wtxregds.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
C:\Program Files\Sophos\Remote Update\imonitor.exe
C:\Program Files\Outlook Express\MSIMN.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\hijack folder\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.2.0.253:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;http://10.2.*;http:/...tes01/*;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SENS Keyboard V4 Launcher] "C:\Program Files\SAMSUNG\SENS Keyboard V4 Launcher\SENSKBD.EXE"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Shell] open32.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: InterCheck Monitor.LNK = C:\Program Files\Sophos SWEEP for NT\ICMON.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Remote Update Monitor.lnk = C:\Program Files\Sophos\Remote Update\imonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Sophos Cache Manager (CacheMgr) - SOPHOS Plc - C:\Program Files\Sophos\Remote Update\cachemgr.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ScriptLogic service (SLClient) - ScriptLogic Corporation - C:\WINDOWS\SYSTEM32\SLClient.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sophos Anti-Virus Network (SweepNet) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWNETSUP.EXE
O23 - Service: Sophos Anti-Virus (SWEEPSRV.SYS) - Sophos Plc - C:\Program Files\Sophos SWEEP for NT\SWEEPSRV.SYS
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Tornado Registry - Unknown owner - C:\Tornado\host\x86-win32\bin\wtxregds.exe



Bitdefender Log:
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom.zip=>[email protected][2].txt: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom1.zip=>lynchc@advertising[1].txt: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated.zip=>related.htm: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated1.zip=>related.htm: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AvenueAInc.zip=>lynchc@atdmt[2].txt: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AvenueAInc.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CometCursors.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CometCursors.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CometCursors1.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CometCursors1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp1.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp2.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp3.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp3.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp4.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp4.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp5.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp5.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp6.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp6.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp7.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp7.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp8.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp8.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp9.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchCameUp9.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchGooglems.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchGooglems.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchGooglems1.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchGooglems1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchToolband.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchToolband.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit1.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit2.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit3.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit3.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit4.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit4.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\EffectiveBandToolbar.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\EffectiveBandToolbar.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FastClick.zip=>lynchc@fastclick[2].txt: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FastClick.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GIGAsearch.zip=>Poker.url: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GIGAsearch.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GIGAsearch1.zip=>Online Pharmacy.url: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GIGAsearch1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GIGAsearch2.zip=>Online Dating.url: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GIGAsearch2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GIGAsearch3.zip=>Home Mortgages.url: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\GIGAsearch3.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HaxdoorH.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HaxdoorH.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HaxdoorH1.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HaxdoorH1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HaxdoorH2.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HaxdoorH2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HaxdoorH3.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HaxdoorH3.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HaxdoorH4.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HaxdoorH4.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HaxdoorH5.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HaxdoorH5.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HaxdoorH6.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HaxdoorH6.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HaxdoorH7.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HaxdoorH7.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HaxdoorH8.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\HaxdoorH8.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Iwantsearch.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Iwantsearch.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PeopleOnPage.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PeopleOnPage.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\TEMP\My Documents\research papers\Programming, Languages\-.NET\eBook.Addison.Wesley.-.NET.for.Java.Developers.ShareReactor.chm=>/0672324024_ch13lev1sec3.html: suspect BAT.Delete
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask=>arrow1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask=>arrow2.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask=>bck1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask=>bck2.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask=>bt11.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask=>bt12.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask=>bt13.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask=>bt21.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask=>bt22.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask=>bt23.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask=>bt31.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask=>bt32.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask=>bt33.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask=>bt41.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask=>bt42.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask=>bt43.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask=>bt51.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask=>bt52.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask=>bt53.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask=>bt61.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask=>bt62.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask=>checkbox1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask=>checkbox2.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask=>checkbox3.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask=>checkbox4.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask=>default.skn: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask=>defbtn1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask=>defbtn2.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask=>defbtn3.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask=>glyph1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask=>glyph2.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask=>glyph3.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask=>glyph4.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask=>glyph5.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask=>glyph6.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask=>glyph7.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask=>main.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask=>preview.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask=>sprite1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask=>tab1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Ad-Aware SE default.ask=>tab2.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask=>arrow1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask=>arrow2.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask=>awgrad1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask=>awgrad2.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask=>bck1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask=>bck2.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask=>bt11.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask=>bt12.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask=>bt13.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask=>bt21.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask=>bt22.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask=>bt23.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask=>bt31.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask=>bt32.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask=>bt33.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask=>bt41.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask=>bt42.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask=>bt43.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask=>bt51.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask=>bt52.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask=>bt53.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask=>bt61.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask=>bt62.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask=>checkbox1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask=>checkbox2.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask=>checkbox3.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask=>checkbox4.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask=>defbtn1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask=>defbtn2.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask=>defbtn3.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask=>glyph1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask=>glyph2.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask=>glyph3.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask=>glyph4.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask=>glyph5.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask=>glyph6.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask=>glyph7.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask=>greyskin.skn: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask=>main.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask=>preview.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask=>sprite1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask=>tab1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Greyscale.ask=>tab2.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask=>arrow1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask=>arrow2.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask=>awgrad1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask=>awgrad2.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask=>bck1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask=>bck2.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask=>bt11.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask=>bt12.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask=>bt13.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask=>bt21.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask=>bt22.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask=>bt23.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask=>bt31.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask=>bt32.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask=>bt33.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask=>bt41.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask=>bt42.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask=>bt43.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask=>bt51.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask=>bt52.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask=>bt53.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask=>bt61.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask=>bt62.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask=>checkbox1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask=>checkbox2.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask=>checkbox3.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask=>checkbox4.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask=>defbtn1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask=>defbtn2.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask=>defbtn3.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask=>glyph1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask=>glyph2.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask=>glyph3.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask=>glyph4.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask=>glyph5.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask=>glyph6.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask=>glyph7.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask=>main.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask=>mediumblue.skn: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask=>preview.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask=>sprite1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask=>tab1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Medium Blue.ask=>tab2.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask=>arrow1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask=>arrow2.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask=>awgrad1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask=>awgrad2.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask=>bck1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask=>bck2.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask=>bt11.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask=>bt12.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask=>bt13.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask=>bt21.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask=>bt22.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask=>bt23.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask=>bt31.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask=>bt32.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask=>bt33.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask=>bt41.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask=>bt42.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask=>bt43.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask=>bt51.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask=>bt52.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask=>bt53.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask=>bt61.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask=>bt62.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask=>checkbox1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask=>checkbox2.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask=>checkbox3.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask=>checkbox4.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask=>defbtn1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask=>defbtn2.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask=>defbtn3.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask=>glyph1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask=>glyph2.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask=>glyph3.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask=>glyph4.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask=>glyph5.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask=>glyph6.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask=>glyph7.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask=>main.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask=>MHQ.skn: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask=>preview.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask=>slider.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask=>sprite1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask=>tab1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\MHQ - BlueWonder.ask=>tab2.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask=>arrow1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask=>arrow2.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask=>awgrad1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask=>awgrad2.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask=>bck1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask=>bck2.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask=>bt11.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask=>bt12.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask=>bt13.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask=>bt21.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask=>bt22.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask=>bt23.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask=>bt31.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask=>bt32.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask=>bt33.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask=>bt41.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask=>bt42.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask=>bt43.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask=>bt51.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask=>bt52.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask=>bt53.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask=>bt61.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask=>bt62.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask=>checkbox1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask=>checkbox2.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask=>checkbox3.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask=>checkbox4.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask=>defbtn1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask=>defbtn2.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask=>defbtn3.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask=>glyph1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask=>glyph2.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask=>glyph3.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask=>glyph4.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask=>glyph5.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask=>glyph6.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask=>glyph7.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask=>main.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask=>preview.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask=>sprite1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask=>tab1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask=>tab2.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Skins\Yellow Sky.ask=>testskin.skn: password protected
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\Quarantine\02DE0F19.tmp=>(Quarantine-2): infected with Trojan.Downloader.Small.VQ
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\Quarantine\060A7BE4=>(Quarantine-2): infected with Trojan.Downloader.InService.H
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\Quarantine\0A20409F.html: suspect JS.Exploit.DialogArg.B
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\Quarantine\0B770BC5.htm=>(Quarantine-2): infected with Exploit.Html.MhtRedir.Gen
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\Quarantine\0E307A9B.tmp=>(Quarantine-2): infected with Trojan.Downloader.Small.VQ
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\Quarantine\0EED7DCB.tmp=>(Quarantine-2): infected with Dropped:Trojan.PWS.Ldpinch.AK
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\Quarantine\12065100.tmp=>(Quarantine-2): infected with Trojan.Downloader.Small.VQ
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\Quarantine\161F2B04=>(Quarantine-2): infected with Trojan.Downloader.IstBar.ER
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\Quarantine\16F372B7.tmp=>(Quarantine-2): infected with Dropped:Trojan.PWS.Ldpinch.AK
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\Quarantine\18F04208=>(Quarantine-2): infected with Trojan.Downloader.InService.H
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\Quarantine\18F36C04=>(Quarantine-2): infected with Trojan.Downloader.InService.H
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\Quarantine\18F61601=>(Quarantine-2): infected with Trojan.Downloader.InService.H
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\Quarantine\2CDE20D1.tmp=>(Quarantine-2): infected with Dropped:Trojan.PWS.Ldpinch.AK
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\Quarantine\34D91014.tmp=>(Quarantine-2): infected with Trojan.Downloader.Small.VQ
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\Quarantine\34F933F0.tmp=>(Quarantine-2): infected with Dropped:Trojan.PWS.Ldpinch.AK
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\Quarantine\3A2C3B59.htm=>(Quarantine-2): infected with Exploit.Html.MhtRedir.Gen
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\Quarantine\3A6019FB.tmp=>(Quarantine-2): infected with Trojan.Downloader.Small.VQ
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\Quarantine\3A6A17F0.tmp=>(Quarantine-2): infected with Dropped:Trojan.PWS.Ldpinch.AK
C:\Program Files\Norton Internet Security Professional\Norton AntiVirus\Quarantine\40421DE5=>(Quarantine-2): infected with Trojan.Downloader.InService.H
C:\Program Files\PestPatrol\Spyware.dat=>c: password protected
C:\Program Files\PestPatrol\Spyware.dat=>co: password protected
C:\Program Files\PestPatrol\Spyware.dat=>d: password protected
C:\Program Files\PestPatrol\Spyware.dat=>f: password protected
C:\Program Files\PestPatrol\Spyware.dat=>r: password protected
C:\Software\adaware se\aawsepro.exe=>wise0040=>arrow1.bmp: password protected
C:\Software\adaware se\aawsepro.exe=>wise0040=>arrow2.bmp: password protected
C:\Software\adaware se\aawsepro.exe=>wise0040=>bck1.bmp: password protected
C:\Software\adaware se\aawsepro.exe=>wise0040=>bck2.bmp: password protected
C:\Software\adaware se\aawsepro.exe=>wise0040=>bt11.bmp: password protected
C:\Software\adaware se\aawsepro.exe=>wise0040=>bt12.bmp: password protected
C:\Software\adaware se\aawsepro.exe=>wise0040=>bt13.bmp: password protected
C:\Software\adaware se\aawsepro.exe=>wise0040=>bt21.bmp: password protected
C:\Software\adaware se\aawsepro.exe=>wise0040=>bt22.bmp: password protected
C:\Software\adaware se\aawsepro.exe=>wise0040=>bt23.bmp: password protected
C:\Software\adaware se\aawsepro.exe=>wise0040=>bt31.bmp: password protected
C:\Software\adaware se\aawsepro.exe=>wise0040=>bt32.bmp: password protected
C:\Software\adaware se\aawsepro.exe=>wise0040=>bt33.bmp: password protected
C:\Software\adaware se\aawsepro.exe=>wise0040=>bt41.bmp: password protected
C:\Software\adaware se\aawsepro.exe=>wise0040=>bt42.bmp: password protected
C:\Software\adaware se\aawsepro.exe=>wise0040=>bt43.bmp: password protected
C:\Software\adaware se\aawsepro.exe=>wise0040=>bt51.bmp: password protected
C:\Software\adaware se\aawsepro.exe=>wise0040=>bt52.bmp: password protected
C:\Software\adaware se\aawsepro.exe=>wise0040=>bt53.bmp: password protected
C:\Software\adaware se\aawsepro.exe=>wise0040=>bt61.bmp: password protected
C:\Software\adaware se\aawsepro.exe=>wise0040=>bt62.bmp: password protected
C:\Software\adaware se\aawsepro.exe=>wise0040=>checkbox1.bmp: password protected
C:\Software\adaware se\aawsepro.exe=>wise0040=>checkbox2.bmp: password protected
C:\Software\adaware se\aawsepro.exe=>wise0040=>checkbox3.bmp: password protected
C:\Software\adaware se\aawsepro.exe=>wise0040=>checkbox4.bmp: password protected
C:\Software\adaware se\aawsepro.exe=>wise0040=>default.skn: password protected
C:\Software\adaware se\aawsepro.exe=>wise0040=>defbtn1.bmp: password protected
C:\Software\adaware se\aawsepro.exe=>wise0040=>defbtn2.bmp: password protected
C:\Software\adaware se\aawsepro.exe=>wise0040=>defbtn3.bmp: password protected
C:\Software\adaware se\aawsepro.exe=>wise0040=>glyph1.bmp: password protected
C:\Software\adaware se\aawsepro.exe=>wise0040=>glyph2.bmp: password protected
C:\Software\adaware se\aawsepro.exe=>wise0040=>glyph3.bmp: password protected
C:\Software\adaware se\aawsepro.exe=>wise0040=>glyph4.bmp: password protected
C:\Software\adaware se\aawsepro.exe=>wise0040=>glyph5.bmp: password protected
C:\Software\adaware se\aawsepro.exe=>wise0040=>glyph6.bmp: password protected
C:\Software\adaware se\aawsepro.exe=>wise0040=>glyph7.bmp: password protected
C:\Software\adaware se\aawsepro.exe=>wise0040=>main.bmp: password protected
C:\Software\adaware se\aawsepro.exe=>wise0040=>preview.bmp: password protected
C:\Software\adaware se\aawsepro.exe=>wise0040=>sprite1.bmp: password protected
C:\Software\adaware se\aawsepro.exe=>wise0040=>tab1.bmp: password protected
C:\Software\adaware se\aawsepro.exe=>wise0040=>tab2.bmp: password protected
C:\Software\adaware se\aawsepro.exe=>wise0041=>arrow1.bmp: password protected
C:\Software\adaware se\aawsepro.exe=>wise0041=>arrow2.bmp: password protected
C:\Software\adaware se\aawsepro.exe=>wise0041=>awgrad1.bmp: password protected
C:\Software\adaware se\aawsepro.exe=>wise0041=>awgrad2.bmp: password protected
C:\Software\adaware se\aawsepro.exe=>wise0041=>bck1.bmp: password protected
C:\Software\adaware se\aawsepro.exe=>wise0041=>bck2.bmp: password protected
C:\Software\adaware se\aawsepro.exe=>wise0041=>bt11.bmp: password protected
C:\Software\adaware se\aawsepro.exe=>wise0041=>bt12.bmp: password protected
C:\Software\adaware se\aawsepro.exe=>wise0041=>bt13.bmp: password protected
C:\Software\adaware se\aawsepro.exe=>wise0041=>bt21.bmp: password protected
C:\Software\adaware se\aawsepro.exe=>wise0041=>bt22.bmp: password protected
C:\Software\adaware se\aawsepro.exe=>wise0041=>bt23.bmp: password protected
C:\Software\adaware se\aawsepro.exe=>wise0041=>bt31.bmp: password protected
C:\Software\adaware se\aawsepro.exe=>wise0041=>bt32.bmp: password protected
C:\Software\adaware se\