On a side note I have another issue - I unsubscribed from Vongo several months ago but everytime i restart my PC windows installer reinstalls the program and i cant uninstall it. and i noticed in my hyjackthis log that it seems that i have several operations running that i never use and i am not even sure if they are still installed on my pc - how can i check this and fix it - thank you again
SUPERAntiSpyware Scan Log
Generated 01/24/2008 at 10:42 PM
Application Version : 3.6.1000
Core Rules Database Version : 3388
Trace Rules Database Version: 1382
Scan type : Complete Scan
Total Scan Time : 02:06:10
Memory items scanned : 355
Memory threats detected : 2
Registry items scanned : 4986
Registry threats detected : 28
File items scanned : 57222
File threats detected : 2
Adware.E404 Helper/Variant
C:\PROGRAM FILES\HELPER\USAFINDSITE.DLL
C:\PROGRAM FILES\HELPER\USAFINDSITE.DLL
C:\PROGRAM FILES\HELPER\LOOKERLIVE.DLL
C:\PROGRAM FILES\HELPER\LOOKERLIVE.DLL
Adware.E404 Helper/Hij
HKLM\Software\Classes\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}
HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}
HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}
HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}\InprocServer32
HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}\InprocServer32#ThreadingModel
HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}\ProgID
HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}\Programmable
HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}\TypeLib
HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}\VersionIndependentProgID
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}
HKCR\E404.e404mgr
HKCR\E404.e404mgr\CLSID
HKCR\E404.e404mgr\CurVer
HKCR\E404.e404mgr.1
HKCR\E404.e404mgr.1\CLSID
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\0
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\0\win32
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\FLAGS
HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\HELPDIR
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid32
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib
HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib#Version
Trojan.DNSChanger-Codec
HKCR\CLSID\E404.e404mgr
HKCR\CLSID\E404.e404mgr#UserId
Panda Report
Incident Status Location
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\98bhcgcw.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\98bhcgcw.default\cookies.txt[counter.hitslink.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\98bhcgcw.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\98bhcgcw.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\98bhcgcw.default\cookies.txt[.realmedia.com/]
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Potentially unwanted tool:Application/KillApp.A Not disinfected C:\hp\bin\Terminator.exe
Kaspersky Report
Protection : running
--------------------
Total scanned: 363602
Detected: 3
Untreated: 0
Attacks blocked: 0
Start time: 1/25/2008 5:33:19 AM
Duration: 12:12:38
Detected
--------
Status Object
------ ------
detected: riskware Hidden data sending Running process: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
detected: riskware Invader Running process: C:\Program Files\Internet Explorer\iexplore.exe
detected: Trojan program Backdoor.Win32.Agent.cym URL: http://xtraload.net/..._Patch.UPX//UPX
Events
------
Time Event
---- -----
1/24/2008 6:10:59 PM Process (PID 492) tried to access Kaspersky Internet Security process (PID 548), but the action has been blocked by the Self-Defense component. No action on your part is required.
1/24/2008 6:11:57 PM You are advised to perform a full computer scan as soon as possible.
1/24/2008 6:12:01 PM Database is out of date, leaving your computer at risk of infection. Please update your database.
1/24/2008 6:12:01 PM Protection of your computer is enabled.
1/24/2008 6:15:12 PM Process C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (PID: 256): attempt to perform suspicious actions is blocked.
1/24/2008 6:15:17 PM Process C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (PID: 256): attempt to perform suspicious actions is blocked.
1/24/2008 6:18:53 PM Update completed successfully
1/24/2008 6:36:11 PM Process (PID 976) tried to access Kaspersky Internet Security process (PID 1004), but the action has been blocked by the Self-Defense component. No action on your part is required.
1/24/2008 6:37:06 PM You are advised to perform a full computer scan as soon as possible.
1/24/2008 6:37:06 PM Protection of your computer is enabled.
1/24/2008 6:39:16 PM Process C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (PID: 1008): attempt to perform suspicious actions is blocked.
1/24/2008 6:39:17 PM Process C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (PID: 1008): attempt to perform suspicious actions is blocked.
1/24/2008 6:47:26 PM Protection of your computer is not running. You are advised to resume protection.
1/24/2008 8:27:30 PM Process (PID 968) tried to access Kaspersky Internet Security process (PID 992), but the action has been blocked by the Self-Defense component. No action on your part is required.
1/24/2008 8:28:10 PM Your evaluation period will end in 29 days. To ensure uninterrupted protection, please <a v(buy)>click here to purchase</a>.
1/24/2008 8:28:13 PM You are advised to perform a full computer scan as soon as possible.
1/24/2008 8:28:14 PM Protection of your computer is enabled.
1/24/2008 8:30:03 PM Process C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (PID: 900): attempt to perform suspicious actions is allowed.
1/24/2008 8:30:06 PM Process C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (PID: 900): attempt to perform suspicious actions is allowed.
1/24/2008 8:33:06 PM Update completed successfully
1/24/2008 8:35:59 PM Process (PID 900) tried to access Kaspersky Internet Security process (PID 784), but the action has been blocked by the Self-Defense component. No action on your part is required.
1/24/2008 8:35:59 PM Process (PID 900) tried to access Kaspersky Internet Security process (PID 992), but the action has been blocked by the Self-Defense component. No action on your part is required.
1/24/2008 10:50:39 PM Update completed successfully
1/25/2008 1:10:17 AM Update completed successfully
1/25/2008 3:30:12 AM Update completed successfully
1/25/2008 5:30:28 AM Protection of your computer is not running. You are advised to resume protection.
1/25/2008 5:32:39 AM Process (PID 264) tried to access Kaspersky Internet Security process (PID 288), but the action has been blocked by the Self-Defense component. No action on your part is required.
1/25/2008 5:33:15 AM Your evaluation period will end in 29 days. To ensure uninterrupted protection, please <a v(buy)>click here to purchase</a>.
1/25/2008 5:33:18 AM You are advised to perform a full computer scan as soon as possible.
1/25/2008 5:33:19 AM Protection of your computer is enabled.
1/25/2008 5:34:00 AM Process C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (PID: 788): attempt to perform suspicious actions is allowed.
1/25/2008 5:34:01 AM Process C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (PID: 788): attempt to perform suspicious actions is allowed.
1/25/2008 5:36:43 AM Update completed successfully
1/25/2008 6:05:33 AM Process (PID 3800) tried to access Kaspersky Internet Security process (PID 652), but the action has been blocked by the Self-Defense component. No action on your part is required.
1/25/2008 6:05:33 AM Process (PID 3800) tried to access Kaspersky Internet Security process (PID 288), but the action has been blocked by the Self-Defense component. No action on your part is required.
1/25/2008 6:29:58 AM Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3800): attempt to embed itself into another process allowed.
1/25/2008 6:32:43 AM Process C:\Program Files\Internet Explorer\iexplore.exe (PID: 3800): attempt to embed itself into another process allowed.
1/25/2008 8:12:49 AM Not all components were updated
1/25/2008 10:16:30 AM Update completed successfully
1/25/2008 12:36:04 PM Update completed successfully
1/25/2008 2:08:07 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: detected: Trojan program 'Backdoor.Win32.Agent.cym'.
1/25/2008 2:08:07 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: access denied.
1/25/2008 2:08:13 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: detected: Trojan program 'Backdoor.Win32.Agent.cym'.
1/25/2008 2:08:13 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: access denied.
1/25/2008 2:08:19 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: detected: Trojan program 'Backdoor.Win32.Agent.cym'.
1/25/2008 2:08:19 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: access denied.
1/25/2008 2:08:20 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: detected: Trojan program 'Backdoor.Win32.Agent.cym'.
1/25/2008 2:08:20 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: access denied.
1/25/2008 2:08:22 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: detected: Trojan program 'Backdoor.Win32.Agent.cym'.
1/25/2008 2:08:22 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: access denied.
1/25/2008 2:08:23 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: detected: Trojan program 'Backdoor.Win32.Agent.cym'.
1/25/2008 2:08:23 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: access denied.
1/25/2008 2:08:24 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: detected: Trojan program 'Backdoor.Win32.Agent.cym'.
1/25/2008 2:08:24 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: access denied.
1/25/2008 2:08:26 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: detected: Trojan program 'Backdoor.Win32.Agent.cym'.
1/25/2008 2:08:26 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: access denied.
1/25/2008 2:08:27 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: detected: Trojan program 'Backdoor.Win32.Agent.cym'.
1/25/2008 2:08:27 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: access denied.
1/25/2008 2:08:29 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: detected: Trojan program 'Backdoor.Win32.Agent.cym'.
1/25/2008 2:08:29 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: access denied.
1/25/2008 2:08:30 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: detected: Trojan program 'Backdoor.Win32.Agent.cym'.
1/25/2008 2:08:30 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: access denied.
1/25/2008 2:08:32 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: detected: Trojan program 'Backdoor.Win32.Agent.cym'.
1/25/2008 2:08:32 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: access denied.
1/25/2008 2:08:33 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: detected: Trojan program 'Backdoor.Win32.Agent.cym'.
1/25/2008 2:08:33 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: access denied.
1/25/2008 2:08:35 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: detected: Trojan program 'Backdoor.Win32.Agent.cym'.
1/25/2008 2:08:35 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: access denied.
1/25/2008 2:08:37 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: detected: Trojan program 'Backdoor.Win32.Agent.cym'.
1/25/2008 2:08:37 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: access denied.
1/25/2008 2:08:38 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: detected: Trojan program 'Backdoor.Win32.Agent.cym'.
1/25/2008 2:08:38 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: access denied.
1/25/2008 2:08:40 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: detected: Trojan program 'Backdoor.Win32.Agent.cym'.
1/25/2008 2:08:40 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: access denied.
1/25/2008 2:08:41 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: detected: Trojan program 'Backdoor.Win32.Agent.cym'.
1/25/2008 2:08:41 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: access denied.
1/25/2008 2:08:42 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: detected: Trojan program 'Backdoor.Win32.Agent.cym'.
1/25/2008 2:08:42 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: access denied.
1/25/2008 2:08:44 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: detected: Trojan program 'Backdoor.Win32.Agent.cym'.
1/25/2008 2:08:44 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: access denied.
1/25/2008 2:09:02 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: detected: Trojan program 'Backdoor.Win32.Agent.cym'.
1/25/2008 2:09:02 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: access denied.
1/25/2008 2:09:04 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: detected: Trojan program 'Backdoor.Win32.Agent.cym'.
1/25/2008 2:09:04 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: access denied.
1/25/2008 2:09:08 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: detected: Trojan program 'Backdoor.Win32.Agent.cym'.
1/25/2008 2:09:08 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: access denied.
1/25/2008 2:09:10 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: detected: Trojan program 'Backdoor.Win32.Agent.cym'.
1/25/2008 2:09:10 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: access denied.
1/25/2008 2:09:11 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: detected: Trojan program 'Backdoor.Win32.Agent.cym'.
1/25/2008 2:09:11 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: access denied.
1/25/2008 2:09:12 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: detected: Trojan program 'Backdoor.Win32.Agent.cym'.
1/25/2008 2:09:12 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: access denied.
1/25/2008 2:09:14 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: detected: Trojan program 'Backdoor.Win32.Agent.cym'.
1/25/2008 2:09:14 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: access denied.
1/25/2008 2:09:20 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: detected: Trojan program 'Backdoor.Win32.Agent.cym'.
1/25/2008 2:09:20 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: access denied.
1/25/2008 2:09:21 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: detected: Trojan program 'Backdoor.Win32.Agent.cym'.
1/25/2008 2:09:21 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: access denied.
1/25/2008 2:09:23 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: detected: Trojan program 'Backdoor.Win32.Agent.cym'.
1/25/2008 2:09:23 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: access denied.
1/25/2008 2:09:24 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: detected: Trojan program 'Backdoor.Win32.Agent.cym'.
1/25/2008 2:09:24 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: access denied.
1/25/2008 2:09:25 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: detected: Trojan program 'Backdoor.Win32.Agent.cym'.
1/25/2008 2:09:25 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: access denied.
1/25/2008 2:09:26 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: detected: Trojan program 'Backdoor.Win32.Agent.cym'.
1/25/2008 2:09:26 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: access denied.
1/25/2008 2:09:37 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: detected: Trojan program 'Backdoor.Win32.Agent.cym'.
1/25/2008 2:09:37 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: access denied.
1/25/2008 2:09:38 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: detected: Trojan program 'Backdoor.Win32.Agent.cym'.
1/25/2008 2:09:38 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: access denied.
1/25/2008 2:09:39 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: detected: Trojan program 'Backdoor.Win32.Agent.cym'.
1/25/2008 2:09:39 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: access denied.
1/25/2008 2:09:39 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: detected: Trojan program 'Backdoor.Win32.Agent.cym'.
1/25/2008 2:09:39 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: access denied.
1/25/2008 2:18:53 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts.zip/sbRecovery.ini: is password protected.
1/25/2008 2:18:53 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts1.zip/sbRecovery.ini: is password protected.
1/25/2008 2:18:53 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts2.zip/sbRecovery.reg: is password protected.
1/25/2008 2:18:53 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts2.zip/sbRecovery.ini: is password protected.
1/25/2008 2:18:53 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MagicAntiSpy.zip/sbRecovery.reg: is password protected.
1/25/2008 2:18:53 PM File C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MagicAntiSpy.zip/sbRecovery.ini: is password protected.
1/25/2008 2:21:26 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\FunWeb.zip/sbRecovery.reg: is password protected.
1/25/2008 2:21:26 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\FunWeb.zip/sbRecovery.ini: is password protected.
1/25/2008 2:21:26 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\FunWeb1.zip/sbRecovery.reg: is password protected.
1/25/2008 2:21:26 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\FunWeb1.zip/sbRecovery.ini: is password protected.
1/25/2008 2:21:26 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts.zip/sbRecovery.reg: is password protected.
1/25/2008 2:21:26 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts.zip/sbRecovery.ini: is password protected.
1/25/2008 2:21:26 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts1.zip/sbRecovery.ini: is password protected.
1/25/2008 2:21:26 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts2.zip/sbRecovery.reg: is password protected.
1/25/2008 2:21:26 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts2.zip/sbRecovery.ini: is password protected.
1/25/2008 2:21:26 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts3.zip/sbRecovery.ini: is password protected.
1/25/2008 2:21:26 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts4.zip/sbRecovery.reg: is password protected.
1/25/2008 2:21:26 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts4.zip/sbRecovery.ini: is password protected.
1/25/2008 2:21:26 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch.zip/MWSBAR.DLL: is password protected.
1/25/2008 2:21:26 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch.zip/sbRecovery.ini: is password protected.
1/25/2008 2:21:26 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch1.zip/MWSSRCAS.DLL: is password protected.
1/25/2008 2:21:26 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch1.zip/sbRecovery.ini: is password protected.
1/25/2008 2:21:26 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch10.zip/sbRecovery.ini: is password protected.
1/25/2008 2:21:26 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch11.zip/sbRecovery.reg: is password protected.
1/25/2008 2:21:26 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch11.zip/sbRecovery.ini: is password protected.
1/25/2008 2:21:26 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch12.zip/sbRecovery.reg: is password protected.
1/25/2008 2:21:26 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch12.zip/sbRecovery.ini: is password protected.
1/25/2008 2:21:26 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch13.zip/bar/History/search2: is password protected.
1/25/2008 2:21:26 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch13.zip/bar/Settings/s_pid.dat: is password protected.
1/25/2008 2:21:26 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch13.zip/sbRecovery.ini: is password protected.
1/25/2008 2:21:26 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch14.zip/sbRecovery.reg: is password protected.
1/25/2008 2:21:26 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch14.zip/sbRecovery.ini: is password protected.
1/25/2008 2:21:26 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch15.zip/sbRecovery.reg: is password protected.
1/25/2008 2:21:26 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch15.zip/sbRecovery.ini: is password protected.
1/25/2008 2:21:26 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch16.zip/sbRecovery.reg: is password protected.
1/25/2008 2:21:26 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch16.zip/sbRecovery.ini: is password protected.
1/25/2008 2:21:26 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch17.zip/sbRecovery.reg: is password protected.
1/25/2008 2:21:26 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch17.zip/sbRecovery.ini: is password protected.
1/25/2008 2:21:27 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch2.zip/sbRecovery.reg: is password protected.
1/25/2008 2:21:27 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch2.zip/sbRecovery.ini: is password protected.
1/25/2008 2:21:27 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch3.zip/sbRecovery.reg: is password protected.
1/25/2008 2:21:27 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch3.zip/sbRecovery.ini: is password protected.
1/25/2008 2:21:27 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch4.zip/bar/1.bin/F3HTMLMU.DLL: is password protected.
1/25/2008 2:21:27 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch4.zip/bar/1.bin/MWSOEMON.EXE: is password protected.
1/25/2008 2:21:27 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch4.zip/bar/1.bin/MWSOESTB.DLL: is password protected.
1/25/2008 2:21:27 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch4.zip/bar/History/search2: is password protected.
1/25/2008 2:21:27 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch4.zip/bar/Settings/s_pid.dat: is password protected.
1/25/2008 2:21:27 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch4.zip/sbRecovery.ini: is password protected.
1/25/2008 2:21:27 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch5.zip/sbRecovery.reg: is password protected.
1/25/2008 2:21:27 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch5.zip/sbRecovery.ini: is password protected.
1/25/2008 2:21:27 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch6.zip/sbRecovery.reg: is password protected.
1/25/2008 2:21:27 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch6.zip/sbRecovery.ini: is password protected.
1/25/2008 2:21:27 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch7.zip/sbRecovery.reg: is password protected.
1/25/2008 2:21:27 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch7.zip/sbRecovery.ini: is password protected.
1/25/2008 2:21:27 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch8.zip/sbRecovery.reg: is password protected.
1/25/2008 2:21:27 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch8.zip/sbRecovery.ini: is password protected.
1/25/2008 2:21:27 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch9.zip/bar/1.bin/MWSOEMON.EXE: is password protected.
1/25/2008 2:21:27 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch9.zip/bar/1.bin/MWSOESTB.DLL: is password protected.
1/25/2008 2:21:27 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch9.zip/sbRecovery.ini: is password protected.
1/25/2008 2:21:27 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch.zip/sbRecovery.reg: is password protected.
1/25/2008 2:21:27 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch.zip/sbRecovery.ini: is password protected.
1/25/2008 2:21:27 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch1.zip/sbRecovery.reg: is password protected.
1/25/2008 2:21:27 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch1.zip/sbRecovery.ini: is password protected.
1/25/2008 2:21:27 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch2.zip/sbRecovery.reg: is password protected.
1/25/2008 2:21:27 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch2.zip/sbRecovery.ini: is password protected.
1/25/2008 2:21:27 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch3.zip/sbRecovery.reg: is password protected.
1/25/2008 2:21:27 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch3.zip/sbRecovery.ini: is password protected.
1/25/2008 2:21:27 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\WildTangent.zip/sbRecovery.ini: is password protected.
1/25/2008 2:21:27 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\WildTangent1.zip/sbRecovery.ini: is password protected.
1/25/2008 2:21:27 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXObject.zip/sbRecovery.reg: is password protected.
1/25/2008 2:21:27 PM File C:\Documents and Settings\Owner\Application Data\Spybot - Search & Destroy\Recovery\ZlobVideoActiveXObject.zip/sbRecovery.ini: is password protected.
1/25/2008 2:22:27 PM File C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-25-2008 - 05-29-55.SBU/{2DE2EC85-1776-4422-A502-9C8CC28A8A92}: is password protected.
1/25/2008 2:22:27 PM File C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-25-2008 - 05-29-55.SBU/{41E09D51-28D6-43B3-A9E1-7F67525DAE28}: is password protected.
1/25/2008 2:22:27 PM File C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-25-2008 - 05-29-55.SBU/{53E13DE9-C5BD-4783-B494-3C5A3BEA3158}: is password protected.
1/25/2008 2:22:27 PM File C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-25-2008 - 05-29-55.SBU/{96C8338A-36A6-479A-8B62-930379A5A408}: is password protected.
1/25/2008 2:22:27 PM File C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\Quarantine - 01-25-2008 - 05-29-55.SBU/backup.db: is password protected.
1/25/2008 3:40:26 PM File C:\Program Files\Common Files\PKWARE\PKZIP7\Collections\clihelp.ttd//tmp/..PKText.CLIHelp.en_US: is password protected.
1/25/2008 3:40:26 PM File C:\Program Files\Common Files\PKWARE\PKZIP7\Collections\Common.ttd//tmp/..PKText.Common.en_US: is password protected.
1/25/2008 3:40:26 PM File C:\Program Files\Common Files\PKWARE\PKZIP7\Collections\Common.ttd//tmp/..PKText.Common.en_US-RSA: is password protected.
1/25/2008 3:40:26 PM File C:\Program Files\Common Files\PKWARE\PKZIP7\Collections\pkbrowse.ttd//tmp/..PKText.PKBrowse.en_US: is password protected.
1/25/2008 3:40:26 PM File C:\Program Files\Common Files\PKWARE\PKZIP7\Collections\PKCmnDlg.ttd//tmp/..PKText.PKCmnDlg.en_US: is password protected.
1/25/2008 3:40:26 PM File C:\Program Files\Common Files\PKWARE\PKZIP7\Collections\PKCmnDlg.ttd//tmp/..PKText.PKCmnDlg.en_US-SECURE: is password protected.
1/25/2008 3:40:26 PM File C:\Program Files\Common Files\PKWARE\PKZIP7\Collections\PKCOM700.ttd//tmp/..PKText.PKCOM700.en_US: is password protected.
1/25/2008 3:40:26 PM File C:\Program Files\Common Files\PKWARE\PKZIP7\Collections\PKCOM700.ttd//tmp/..PKText.PKCOM700.en_US-SECURE: is password protected.
1/25/2008 3:40:26 PM File C:\Program Files\Common Files\PKWARE\PKZIP7\Collections\PKMail.ttd//tmp/..PKText.PKMail.en_US: is password protected.
1/25/2008 3:40:26 PM File C:\Program Files\Common Files\PKWARE\PKZIP7\Collections\PKMail.ttd//tmp/..PKText.PKMail.en_US-RSA: is password protected.
1/25/2008 3:40:26 PM File C:\Program Files\Common Files\PKWARE\PKZIP7\Collections\PKMail.ttd//tmp/..PKText.PKMail.en_US-SECURE: is password protected.
1/25/2008 3:40:26 PM File C:\Program Files\Common Files\PKWARE\PKZIP7\Collections\pknsetup.ttd//tmp/..PKText.PKNSetup.en_US: is password protected.
1/25/2008 3:40:26 PM File C:\Program Files\Common Files\PKWARE\PKZIP7\Collections\PKOPT700Text.ttd//tmp/..PKText.PKOPT700Text.en_US: is password protected.
1/25/2008 3:40:26 PM File C:\Program Files\Common Files\PKWARE\PKZIP7\Collections\PKOPT700Text.ttd//tmp/..PKText.PKOPT700Text.en_US-SECURE: is password protected.
1/25/2008 3:40:27 PM File C:\Program Files\Common Files\PKWARE\PKZIP7\Collections\PKSerial.ttd//tmp/..PKText.PKSerial.en_US: is password protected.
1/25/2008 3:40:27 PM File C:\Program Files\Common Files\PKWARE\PKZIP7\Collections\PKSerial.ttd//tmp/..PKText.PKSerial.en_US-RSA: is password protected.
1/25/2008 3:40:27 PM File C:\Program Files\Common Files\PKWARE\PKZIP7\Collections\PKSerial.ttd//tmp/..PKText.PKSerial.en_US-SECURE: is password protected.
1/25/2008 3:40:27 PM File C:\Program Files\Common Files\PKWARE\PKZIP7\Collections\PKTLV700.ttd//tmp/..PKText.PKTLV700.en_US: is password protected.
1/25/2008 3:40:27 PM File C:\Program Files\Common Files\PKWARE\PKZIP7\Collections\PKTLV700.ttd//tmp/..PKText.PKTLV700.en_US-SECURE: is password protected.
1/25/2008 3:40:27 PM File C:\Program Files\Common Files\PKWARE\PKZIP7\Collections\PKWizardText.ttd//tmp/..PKText.PKWizardText.en-US-SECURE: is password protected.
1/25/2008 3:40:27 PM File C:\Program Files\Common Files\PKWARE\PKZIP7\Collections\PKWizardText.ttd//tmp/..PKText.PKWizardText.en_US: is password protected.
1/25/2008 3:40:27 PM File C:\Program Files\Common Files\PKWARE\PKZIP7\Collections\pkzipc.ttd//tmp/..PKText.pkzipc.en_US: is password protected.
1/25/2008 3:40:27 PM File C:\Program Files\Common Files\PKWARE\PKZIP7\Collections\pkzipgui.ttd//tmp/..PKText.PKZIPGUI.en_US: is password protected.
1/25/2008 3:40:27 PM File C:\Program Files\Common Files\PKWARE\PKZIP7\Collections\pkzipgui.ttd//tmp/..PKText.PKZIPGUI.en_US-SECURE: is password protected.
1/25/2008 3:40:27 PM File C:\Program Files\Common Files\PKWARE\PKZIP7\Collections\Vendor.ttd//tmp/..PKText.Vendor.en_US: is password protected.
1/25/2008 3:40:27 PM File C:\Program Files\Common Files\PKWARE\PKZIP7\Collections\Vendor.ttd//tmp/..PKText.Vendor.en_US-SECURE: is password protected.
1/25/2008 4:28:52 PM File C:\WINDOWS\Downloaded Installations\{EDAD26BD-57D3-4BDA-993D-424C8C1ED399}\ZIP Reader 8.00.0018.msi//Data1.cab/clihelp.ttd//tmp/..PKText.CLIHelp.en_US: is password protected.
1/25/2008 4:28:52 PM File C:\WINDOWS\Downloaded Installations\{EDAD26BD-57D3-4BDA-993D-424C8C1ED399}\ZIP Reader 8.00.0018.msi//Data1.cab/Common.ttd//tmp/..PKText.Common.en_US: is password protected.
1/25/2008 4:28:52 PM File C:\WINDOWS\Downloaded Installations\{EDAD26BD-57D3-4BDA-993D-424C8C1ED399}\ZIP Reader 8.00.0018.msi//Data1.cab/Common.ttd//tmp/..PKText.Common.en_US-RSA: is password protected.
1/25/2008 4:28:52 PM File C:\WINDOWS\Downloaded Installations\{EDAD26BD-57D3-4BDA-993D-424C8C1ED399}\ZIP Reader 8.00.0018.msi//Data1.cab/pkbrowse.ttd//tmp/..PKText.PKBrowse.en_US: is password protected.
1/25/2008 4:28:52 PM File C:\WINDOWS\Downloaded Installations\{EDAD26BD-57D3-4BDA-993D-424C8C1ED399}\ZIP Reader 8.00.0018.msi//Data1.cab/PKCmnDlg.ttd//tmp/..PKText.PKCmnDlg.en_US: is password protected.
1/25/2008 4:28:52 PM File C:\WINDOWS\Downloaded Installations\{EDAD26BD-57D3-4BDA-993D-424C8C1ED399}\ZIP Reader 8.00.0018.msi//Data1.cab/PKCmnDlg.ttd//tmp/..PKText.PKCmnDlg.en_US-SECURE: is password protected.
1/25/2008 4:28:52 PM File C:\WINDOWS\Downloaded Installations\{EDAD26BD-57D3-4BDA-993D-424C8C1ED399}\ZIP Reader 8.00.0018.msi//Data1.cab/PKCOM700.ttd//tmp/..PKText.PKCOM700.en_US: is password protected.
1/25/2008 4:28:52 PM File C:\WINDOWS\Downloaded Installations\{EDAD26BD-57D3-4BDA-993D-424C8C1ED399}\ZIP Reader 8.00.0018.msi//Data1.cab/PKCOM700.ttd//tmp/..PKText.PKCOM700.en_US-SECURE: is password protected.
1/25/2008 4:28:52 PM File C:\WINDOWS\Downloaded Installations\{EDAD26BD-57D3-4BDA-993D-424C8C1ED399}\ZIP Reader 8.00.0018.msi//Data1.cab/PKMail.ttd//tmp/..PKText.PKMail.en_US: is password protected.
1/25/2008 4:28:52 PM File C:\WINDOWS\Downloaded Installations\{EDAD26BD-57D3-4BDA-993D-424C8C1ED399}\ZIP Reader 8.00.0018.msi//Data1.cab/PKMail.ttd//tmp/..PKText.PKMail.en_US-RSA: is password protected.
1/25/2008 4:28:52 PM File C:\WINDOWS\Downloaded Installations\{EDAD26BD-57D3-4BDA-993D-424C8C1ED399}\ZIP Reader 8.00.0018.msi//Data1.cab/PKMail.ttd//tmp/..PKText.PKMail.en_US-SECURE: is password protected.
1/25/2008 4:28:52 PM File C:\WINDOWS\Downloaded Installations\{EDAD26BD-57D3-4BDA-993D-424C8C1ED399}\ZIP Reader 8.00.0018.msi//Data1.cab/pknsetup.ttd//tmp/..PKText.PKNSetup.en_US: is password protected.
1/25/2008 4:28:52 PM File C:\WINDOWS\Downloaded Installations\{EDAD26BD-57D3-4BDA-993D-424C8C1ED399}\ZIP Reader 8.00.0018.msi//Data1.cab/PKOPT700Text.ttd//tmp/..PKText.PKOPT700Text.en_US: is password protected.
1/25/2008 4:28:52 PM File C:\WINDOWS\Downloaded Installations\{EDAD26BD-57D3-4BDA-993D-424C8C1ED399}\ZIP Reader 8.00.0018.msi//Data1.cab/PKOPT700Text.ttd//tmp/..PKText.PKOPT700Text.en_US-SECURE: is password protected.
1/25/2008 4:28:53 PM File C:\WINDOWS\Downloaded Installations\{EDAD26BD-57D3-4BDA-993D-424C8C1ED399}\ZIP Reader 8.00.0018.msi//Data1.cab/PKSerial.ttd//tmp/..PKText.PKSerial.en_US: is password protected.
1/25/2008 4:28:53 PM File C:\WINDOWS\Downloaded Installations\{EDAD26BD-57D3-4BDA-993D-424C8C1ED399}\ZIP Reader 8.00.0018.msi//Data1.cab/PKSerial.ttd//tmp/..PKText.PKSerial.en_US-RSA: is password protected.
1/25/2008 4:28:53 PM File C:\WINDOWS\Downloaded Installations\{EDAD26BD-57D3-4BDA-993D-424C8C1ED399}\ZIP Reader 8.00.0018.msi//Data1.cab/PKSerial.ttd//tmp/..PKText.PKSerial.en_US-SECURE: is password protected.
1/25/2008 4:28:53 PM File C:\WINDOWS\Downloaded Installations\{EDAD26BD-57D3-4BDA-993D-424C8C1ED399}\ZIP Reader 8.00.0018.msi//Data1.cab/PKTLV700.ttd//tmp/..PKText.PKTLV700.en_US: is password protected.
1/25/2008 4:28:53 PM File C:\WINDOWS\Downloaded Installations\{EDAD26BD-57D3-4BDA-993D-424C8C1ED399}\ZIP Reader 8.00.0018.msi//Data1.cab/PKTLV700.ttd//tmp/..PKText.PKTLV700.en_US-SECURE: is password protected.
1/25/2008 4:28:53 PM File C:\WINDOWS\Downloaded Installations\{EDAD26BD-57D3-4BDA-993D-424C8C1ED399}\ZIP Reader 8.00.0018.msi//Data1.cab/PKWizardText.ttd//tmp/..PKText.PKWizardText.en-US-SECURE: is password protected.
1/25/2008 4:28:53 PM File C:\WINDOWS\Downloaded Installations\{EDAD26BD-57D3-4BDA-993D-424C8C1ED399}\ZIP Reader 8.00.0018.msi//Data1.cab/PKWizardText.ttd//tmp/..PKText.PKWizardText.en_US: is password protected.
1/25/2008 4:28:53 PM File C:\WINDOWS\Downloaded Installations\{EDAD26BD-57D3-4BDA-993D-424C8C1ED399}\ZIP Reader 8.00.0018.msi//Data1.cab/pkzipc.ttd//tmp/..PKText.pkzipc.en_US: is password protected.
1/25/2008 4:28:53 PM File C:\WINDOWS\Downloaded Installations\{EDAD26BD-57D3-4BDA-993D-424C8C1ED399}\ZIP Reader 8.00.0018.msi//Data1.cab/pkzipgui.ttd//tmp/..PKText.PKZIPGUI.en_US: is password protected.
1/25/2008 4:28:53 PM File C:\WINDOWS\Downloaded Installations\{EDAD26BD-57D3-4BDA-993D-424C8C1ED399}\ZIP Reader 8.00.0018.msi//Data1.cab/pkzipgui.ttd//tmp/..PKText.PKZIPGUI.en_US-SECURE: is password protected.
1/25/2008 4:28:53 PM File C:\WINDOWS\Downloaded Installations\{EDAD26BD-57D3-4BDA-993D-424C8C1ED399}\ZIP Reader 8.00.0018.msi//Data1.cab/Vendor.ttd//tmp/..PKText.Vendor.en_US: is password protected.
1/25/2008 4:28:53 PM File C:\WINDOWS\Downloaded Installations\{EDAD26BD-57D3-4BDA-993D-424C8C1ED399}\ZIP Reader 8.00.0018.msi//Data1.cab/Vendor.ttd//tmp/..PKText.Vendor.en_US-SECURE: is password protected.
1/25/2008 5:19:31 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: detected: Trojan program 'Backdoor.Win32.Agent.cym'.
1/25/2008 5:19:31 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: access denied.
1/25/2008 5:19:47 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: detected: Trojan program 'Backdoor.Win32.Agent.cym'.
1/25/2008 5:19:47 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: access denied.
1/25/2008 5:19:54 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: detected: Trojan program 'Backdoor.Win32.Agent.cym'.
1/25/2008 5:19:54 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: access denied.
1/25/2008 5:19:58 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: detected: Trojan program 'Backdoor.Win32.Agent.cym'.
1/25/2008 5:19:58 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: access denied.
1/25/2008 5:19:58 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: detected: Trojan program 'Backdoor.Win32.Agent.cym'.
1/25/2008 5:19:58 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: access denied.
1/25/2008 5:19:59 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: detected: Trojan program 'Backdoor.Win32.Agent.cym'.
1/25/2008 5:19:59 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: access denied.
1/25/2008 5:20:00 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: detected: Trojan program 'Backdoor.Win32.Agent.cym'.
1/25/2008 5:20:00 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: access denied.
1/25/2008 5:20:01 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: detected: Trojan program 'Backdoor.Win32.Agent.cym'.
1/25/2008 5:20:01 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: access denied.
1/25/2008 5:20:01 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: detected: Trojan program 'Backdoor.Win32.Agent.cym'.
1/25/2008 5:20:01 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: access denied.
1/25/2008 5:20:02 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: detected: Trojan program 'Backdoor.Win32.Agent.cym'.
1/25/2008 5:20:02 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: access denied.
1/25/2008 5:20:03 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: detected: Trojan program 'Backdoor.Win32.Agent.cym'.
1/25/2008 5:20:03 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: access denied.
1/25/2008 5:20:04 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: detected: Trojan program 'Backdoor.Win32.Agent.cym'.
1/25/2008 5:20:04 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: access denied.
1/25/2008 5:20:05 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: detected: Trojan program 'Backdoor.Win32.Agent.cym'.
1/25/2008 5:20:05 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: access denied.
1/25/2008 5:20:05 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: detected: Trojan program 'Backdoor.Win32.Agent.cym'.
1/25/2008 5:20:05 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: access denied.
1/25/2008 5:20:06 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: detected: Trojan program 'Backdoor.Win32.Agent.cym'.
1/25/2008 5:20:06 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: access denied.
1/25/2008 5:20:07 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: detected: Trojan program 'Backdoor.Win32.Agent.cym'.
1/25/2008 5:20:07 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: access denied.
1/25/2008 5:20:07 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: detected: Trojan program 'Backdoor.Win32.Agent.cym'.
1/25/2008 5:20:07 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: access denied.
1/25/2008 5:20:08 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: detected: Trojan program 'Backdoor.Win32.Agent.cym'.
1/25/2008 5:20:08 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: access denied.
1/25/2008 5:20:09 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: detected: Trojan program 'Backdoor.Win32.Agent.cym'.
1/25/2008 5:20:09 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: access denied.
1/25/2008 5:20:09 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: detected: Trojan program 'Backdoor.Win32.Agent.cym'.
1/25/2008 5:20:09 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: access denied.
1/25/2008 5:20:10 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: detected: Trojan program 'Backdoor.Win32.Agent.cym'.
1/25/2008 5:20:10 PM Malicious HTTP object <http://xtraload.net/...atch.UPX//UPX>: access denied.
Reports
-------
Component Status Start Finish Size
--------- ------ ----- ------ ----
Firewall completed 1/24/2008 6:12:01 PM 1/24/2008 6:33:59 PM 0 bytes
Anti-Spam completed 1/24/2008 6:12:01 PM 1/24/2008 6:33:57 PM 0 bytes
Privacy Control completed 1/24/2008 6:12:01 PM 1/24/2008 6:33:57 PM 0 bytes
Proactive Defense completed 1/24/2008 6:12:02 PM 1/24/2008 6:34:05 PM 0 bytes
File Anti-Virus completed 1/24/2008 6:12:03 PM 1/24/2008 6:33:57 PM 0 bytes
Mail Anti-Virus completed 1/24/2008 6:12:03 PM 1/24/2008 6:33:57 PM 0 bytes
Web Anti-Virus completed 1/24/2008 6:12:03 PM 1/24/2008 6:34:00 PM 0 bytes
Update completed 1/24/2008 6:14:04 PM 1/24/2008 6:18:53 PM 0 bytes
Scan startup objects completed 1/24/2008 6:14:04 PM 1/24/2008 6:17:56 PM 0 bytes
Firewall completed 1/24/2008 6:37:06 PM 1/24/2008 6:47:26 PM 0 bytes
Anti-Spam completed 1/24/2008 6:37:06 PM 1/24/2008 6:47:25 PM 0 bytes
Privacy Control completed 1/24/2008 6:37:07 PM 1/24/2008 6:47:25 PM 0 bytes
Proactive Defense completed 1/24/2008 6:37:07 PM 1/24/2008 6:47:25 PM 0 bytes
Mail Anti-Virus completed 1/24/2008 6:37:07 PM 1/24/2008 6:47:25 PM 0 bytes
Web Anti-Virus completed 1/24/2008 6:37:07 PM 1/24/2008 6:47:25 PM 0 bytes
File Anti-Virus completed 1/24/2008 6:37:07 PM 1/24/2008 6:47:25 PM 0 bytes
Scan startup objects completed 1/24/2008 6:39:10 PM 1/24/2008 6:41:15 PM 0 bytes
Firewall completed 1/24/2008 8:28:14 PM 1/25/2008 5:30:25 AM 0 bytes
Anti-Spam completed 1/24/2008 8:28:14 PM 1/25/2008 5:30:23 AM 0 bytes
Privacy Control completed 1/24/2008 8:28:14 PM 1/25/2008 5:30:22 AM 0 bytes
Proactive Defense completed 1/24/2008 8:28:16 PM 1/25/2008 5:30:28 AM 0 bytes
Mail Anti-Virus completed 1/24/2008 8:28:16 PM 1/25/2008 5:30:23 AM 0 bytes
Web Anti-Virus completed 1/24/2008 8:28:16 PM 1/25/2008 5:30:25 AM 0 bytes
File Anti-Virus completed 1/24/2008 8:28:16 PM 1/25/2008 5:30:22 AM 0 bytes
Update completed 1/24/2008 8:29:55 PM 1/24/2008 8:33:06 PM 0 bytes
Scan startup objects completed 1/24/2008 8:30:21 PM 1/24/2008 8:32:02 PM 0 bytes
Update completed 1/24/2008 10:48:54 PM 1/24/2008 10:50:39 PM 0 bytes
Update completed 1/25/2008 1:08:50 AM 1/25/2008 1:10:17 AM 0 bytes
Update completed 1/25/2008 3:28:48 AM 1/25/2008 3:30:12 AM 0 bytes
Firewall running 1/25/2008 5:33:19 AM 16.4 KB
Anti-Spam running 1/25/2008 5:33:19 AM 0 bytes
Privacy Control running 1/25/2008 5:33:19 AM 10.5 KB
Mail Anti-Virus running 1/25/2008 5:33:19 AM 0 bytes
Web Anti-Virus running 1/25/2008 5:33:19 AM 434.7 KB
Proactive Defense running 1/25/2008 5:33:19 AM 11 KB
File Anti-Virus running 1/25/2008 5:33:19 AM 11.9 MB
Update completed 1/25/2008 5:34:34 AM 1/25/2008 5:36:41 AM 0 bytes
Scan startup objects completed 1/25/2008 5:35:26 AM 1/25/2008 5:36:57 AM 353.8 KB
Update Not all components were updated 1/25/2008 7:54:29 AM 1/25/2008 8:12:49 AM 0 bytes
Update completed 1/25/2008 10:14:29 AM 1/25/2008 10:16:30 AM 0 bytes
Update completed 1/25/2008 12:34:27 PM 1/25/2008 12:36:03 PM 0 bytes
Scan My Computer completed 1/25/2008 2:12:09 PM 1/25/2008 5:18:15 PM 57.9 MB
Update completed 1/25/2008 5:28:10 PM 1/25/2008 5:30:47 PM 0 bytes
Update completed 1/25/2008 5:40:52 PM 1/25/2008 5:42:42 PM 18.9 KB
Quarantine
----------
Status Object Size Added
------ ------ ---- -----
Backup
------
Status Object Size
------ ------ ----
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:31:44 PM, on 1/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\lwinupdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\S3apphk.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Leapfrog\FlyWorld\bin\FlyMonitor.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us5.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us5.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us5.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us5.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896<