Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Found malware-CW.MSConfig, BHO and BackWeb

Started by halfopus , May 07 2005 01:15 AM

  • Please log in to reply

#1
halfopus
Posted 07 May 2005 - 01:15 AM

halfopus

    Member

  • Member
  • PipPip
  • 44 posts
Hello,
I have been battling various malware programs.

Ad-Aware shows neg scan.

Spy-Bot S&D shows BackWeb-unable to remove even when started during booting up.

CW Shredder has identified CW.MSConfig and has deleted it several times but returns again.

Other scanners show unknown BHO.

Microsoft AntiSpyware detects a BHO but does not name it. It deletes it but then it shows up again on next boot.

I have seen About.htm trying to change IE page settings.

I have system restore turned off.

I can only boot up on safe mode only now--normal boot causes my system to hang and no response to mouse or keyboard.

Here is my HiJack This log.

Any help will be appreciated!
Thanks,

Logfile of HijackThis v1.99.1
Scan saved at 11:34:26 PM, on 5/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Documents and Settings\Lance\Local Settings\Temp\HijackThis.exe
C:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1026;https=;ftp=;gopher=;socks=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ay.com;disney.go.com;msa_e1.eba.com;msa_e1.ebay.com;rhapsody_app*.listen.com;<local>
F1 - win.ini: load=c:\01comm32\bin\01comm32.exe
O3 - Toolbar: AdSubtract Toolbar - {F14AABDD-0232-4e5a-9B52-4178AC0A62B5} - C:\WINDOWS\system32\adsubtb.dll
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\System32\umonit.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [fspr] "C:\Program Files\Folder Shield\FolderShield.exe" CR
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [eTrust PestPatrol Active Protection] none
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - Startup: AdSubtract.lnk = C:\Program Files\InterMute\AdSubtract\AdSub.exe
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O4 - Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O4 - Global Startup: acltray.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: AdSubtract: Bypass Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/360
O8 - Extra context menu item: AdSubtract: Cloak Image - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/361
O8 - Extra context menu item: AdSubtract: Report Site - res://C:\Program Files\interMute\AdSubtract\AdSub.exe/359
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {11F8D6A0-01C6-4A23-A40F-1C3A560B99EA} (MavenInstallerAXControl Class) - http://client.maven....enInstaller.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.errornuke...erInstaller.exe
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop...cpConnCheck.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093236713921
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futurema...lobal/msc34.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v5.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...352/mcfscan.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop...irus/PitPav.cab
O18 - Protocol: mavencache - {DB47FDC2-8C38-4413-9C78-D1A68BF24EED} - C:\Program Files\Maven\protocolHandlers.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: FSService - Unknown owner - C:\Program Files\Folder Shield\FSService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: V2i Protector - PowerQuest Corporation - C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe

Edited by coachwife6, 07 August 2005 - 07:15 PM.

  • 0

Advertisements

#2
coachwife6
Posted 14 May 2005 - 07:20 PM

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Do you still need help? Sorry you were overlooked. Please post another log since it's been so long. :tazz:
  • 0

#3
halfopus
Posted 18 May 2005 - 01:44 AM

halfopus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Hello, Thanks for your interest in helping me!

I am now able to boot normally but it takes a long time for IE to load (also, it takes a long time for "my computer" to open).

You can see that I have many "checkers" on my system.

I have deleted Effective-i Inc related adware.

When I open IE to my home page set to www.google.com, the writing is in italics! Also, Ad-Aware and Norton AV also shows writing in italics which is not normal.

Is it possible i have a hacker? Certain programs will suddenly be deleted against my will and settings will change (had to reinstall video driver). Some temp files were unable to be deleted (in use).

Now when I open IE, the following address is displayed at the bottom: 64.233.187.104 -- does this mean my home page is being redirected without my approval?

Thanks in advance for your thoughts on this matter.

Here is my current log:

Logfile of HijackThis v1.99.1
Scan saved at 12:02:51 AM, on 5/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\Program Files\Folder Shield\FSService.exe
C:\Program Files\Folder Shield\fsp.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Documents and Settings\Lance\Desktop\RegFirstAid\rfagent.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\solarSoft\madeSafe\ControlPad.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program Files\a2\a2upd.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TSC.EXE
C:\Documents and Settings\Lance\Desktop\HijackThis.exe
C:\WINDOWS\system32\MsiExec.exe

R3 - Default URLSearchHook is missing
F1 - win.ini: load=c:\01comm32\bin\01comm32.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [fspr] "C:\Program Files\Folder Shield\FolderShield.exe" CR
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [rfagent] C:\Documents and Settings\Lance\Desktop\RegFirstAid\rfagent.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [madeSafe ControlPad] C:\Program Files\solarSoft\madeSafe\ControlPad.exe
O4 - HKLM\..\Run: [StealthSurf] C:\Program Files\StealthSurf\StealthSurf.exe /startup
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
O4 - Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O4 - Global Startup: acltray.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O16 - DPF: {11F8D6A0-01C6-4A23-A40F-1C3A560B99EA} (MavenInstallerAXControl Class) - http://client.maven....enInstaller.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.errornuke...erInstaller.exe
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop...cpConnCheck.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093236713921
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futurema...lobal/msc34.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.game...aploader_v5.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...484/mcfscan.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop...irus/PitPav.cab
O18 - Protocol: mavencache - {DB47FDC2-8C38-4413-9C78-D1A68BF24EED} - C:\Program Files\Maven\protocolHandlers.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: FSService - Unknown owner - C:\Program Files\Folder Shield\FSService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: V2i Protector - PowerQuest Corporation - C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
  • 0

#4
coachwife6
Posted 18 May 2005 - 03:41 AM

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Let's disable microsoft anti-spyware for now - it may interfere with our fix. ;)

Click Start > Run > type services.msc, then click OK
Scroll down and right click on 'COM+ System Service'
Select 'Properties' and set the "Service Status" option to "Stop"
Set "Startup type" to "Disabled", click Apply, then OK.


You are running HijackThis from the Desktop; please create a new folder for it and move the program into the new folder

Please set your system to show
all hidden files; please see here if you're unsure how to do this.

Press Control-Alt-Del to enter the Task Manager.

Click on the Processes tab and end the following processes:

C:\Program Files\Folder Shield\FSService.exe <<can you tell me what this is? If you don't know and don't need it, include it in the following fixes I've recommended. If you know what it is and need it, ignore all instructions regarding this file.

Exit the Task Manager when finished.

Close all programs and all windows, leaving only HijackThis running. Please disconnect from the internet. Place a check narj against each of the following, making sure you get each one and not any others by mistake:

R3 - Default URLSearchHook is missing
F1 - win.ini: load=c:\01comm32\bin\01comm32.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [StealthSurf] C:\Program Files\StealthSurf\StealthSurf.exe /startup
O4 - Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe<<may interfere with fix
O4 - Global Startup: acltray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O16 - DPF: {11F8D6A0-01C6-4A23-A40F-1C3A560B99EA} (MavenInstallerAXControl Class) - http://client.maven....enInstaller.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.errornuke...erInstaller.exe
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O23 - Service: FSService - Unknown owner - C:\Program Files\Folder Shield\FSService.exe

Click on Fix Checked when finished and exit HijackThis.

Reboot into Safe Mode: please see here if you are not sure how to do this.


Using Windows Explorer, locate the following files/folders, and delete them:

C:\Program Files\Folder Shield\FSService.exe
C:\Program Files\StealthSurf\StealthSurf.exe /startup
O4 - Global Startup: acltray.exe
Exit Explorer, and reboot as normal afterwards.

If you were unable to find any of the files then please follow these additional instructions:

Download Pocket Killbox and unzip it; save it to your Desktop.

Run it, and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.

The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes.

Let the system reboot.

Please reboot and post a fresh HijackThis log and we will take another look to see how we did. :tazz:
  • 0

#5
halfopus
Posted 18 May 2005 - 10:47 PM

halfopus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Your help is very appreciated!

I shutdown COM+Event System as I couldn't find 'COM+ System Service' as a choice. The other choice was COM+ System Application which didn't look like the one to stop and disable. I hope I made the right move.

Folder Shield/FSService.exe is a known program to hide important files that I have used for two years with no problem. Is it OK to leave it alone? I let it remain as it is a trusted program.

Here is my new log:
Logfile of HijackThis v1.99.1
Scan saved at 9:32:02 PM, on 5/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\Program Files\Folder Shield\FSService.exe
C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Folder Shield\fsp.exe
C:\Documents and Settings\Lance\Desktop\RegFirstAid\rfagent.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\solarSoft\madeSafe\ControlPad.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\notepad.exe
C:\Program Files\hijackthis\HijackThis.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TSC.EXE

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [fspr] "C:\Program Files\Folder Shield\FolderShield.exe" CR
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [rfagent] C:\Documents and Settings\Lance\Desktop\RegFirstAid\rfagent.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [madeSafe ControlPad] C:\Program Files\solarSoft\madeSafe\ControlPad.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop...cpConnCheck.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093236713921
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futurema...lobal/msc34.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.game...aploader_v5.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...484/mcfscan.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop...irus/PitPav.cab
O18 - Protocol: mavencache - {DB47FDC2-8C38-4413-9C78-D1A68BF24EED} - C:\Program Files\Maven\protocolHandlers.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: FSService - Unknown owner - C:\Program Files\Folder Shield\FSService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: V2i Protector - PowerQuest Corporation - C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe

:tazz:
  • 0

#6
coachwife6
Posted 19 May 2005 - 10:24 AM

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
You did great. :tazz: How is it running?
  • 0

#7
halfopus
Posted 22 May 2005 - 04:49 PM

halfopus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Hello ;)

My system worked well for 48 hrs, then is beginning to hang and demonstrate slow program startups. :)
It locks up in normal mode but works well in safe mode with networking.

I have found the following:

1. Should “MSConfig.exe /auto” be in my startup programs?

2. Microsoft antispyware (MSAS) has found the following browser hijacker located in an incompletely described file location as C:/windows/system32/Bl..... I cannot find this item in system32 folder. When finding out more about hijacker, MSAS shows C:htm as only description.

3. Panda online scan found and removed virus W32/Mytob. R. Worm

4. Cannot update microsoft windows—a blank webpage results

5. SpySubtract warns about webbrowser setting has been changed to C:/windows/about.htm IELocalPage(User)C:/windows/about.htm and IELocalPage(System)C:/windows/about.htm

6. PC-Cillin found HTML_MHTREDIR.Bl

7. XOFTSpy found but did not delete IRC Contact (IRC WAR) Pathname.dll and Adware.LinkMaker (Browser Hijacker) Uninst.log both being located in C:/windows/system32/ folder

8. NOAdware v3.0 found but did not delete Click The Button registry value noted as dangerous

9. PAL Spyware Removal found but did not delete C:/windows/patch.exe named as eAcceleration Spyware

10. Spyware Doctor fond but did not remove Cclient man in HKCU/Software/microsoft/windows/current version/ext/stats/{FCADDC14-BD46-408A-9842-CDBEIC6D37EB} and HKCU/Software/microsoft/windows/current version/ext/stats/ {FCADDC14-BD46-408A-9842-CDBEIC6D37EB}\iexplore

11. Warning popped up regarding AVSniff.dll
;)

Past scans have found Ezula, Effective-I Inc, and nCase by Pest Patrol, TR/DLDR.SecondTh.HA, W95/Blumblebee.1738, W32/downloader.HU

My Google Start page is still showing Font in italics, indication that there is still something hanging on! Also, Lavasoft Ad-Aware is corrupted with italics on its fonts and nothing ever shows as abnormal in its scan. Before my Norton AV was suddenly deleted from my system it to was corrupted with italics. :tazz:

A Free Norton security scan shows two unprotected areas: ICMP Ping OPEN port and port 1723 OPEN (PPTP or Port to Port Tunneling Protocol). Is there a way to close these ports?

Sorry there is so much information but I hope it helps you in your diagnostics! :)

My COM+ Event System in services is disabled. Should I change it back again?
Thanks so much for your help! I will post a new HijackThis log in next post.
  • 0

#8
halfopus
Posted 22 May 2005 - 04:52 PM

halfopus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Here is my HiJack This log:
Logfile of HijackThis v1.99.1
Scan saved at 1:05:08 PM, on 5/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Folder Shield\FSService.exe
C:\Program Files\Folder Shield\fsp.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Documents and Settings\Lance\Desktop\RegFirstAid\rfagent.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\PROGRA~1\SPYWAR~4\SpywareKilla.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\Program Files\hijackthis\HijackThis.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPC129~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPC129~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [fspr] "C:\Program Files\Folder Shield\FolderShield.exe" CR
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [rfagent] C:\Documents and Settings\Lance\Desktop\RegFirstAid\rfagent.exe
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKCU\..\Run: [SpywareKilla] "C:\PROGRA~1\SPYWAR~4\SpywareKilla.exe" /s
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPC129~1\tools\iesdpb.dll
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop...cpConnCheck.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca....r/axscanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093236713921
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futurema...lobal/msc34.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.game...aploader_v5.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...484/mcfscan.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop...irus/PitPav.cab
O18 - Protocol: mavencache - {DB47FDC2-8C38-4413-9C78-D1A68BF24EED} - C:\Program Files\Maven\protocolHandlers.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: FSService - Unknown owner - C:\Program Files\Folder Shield\FSService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: V2i Protector - PowerQuest Corporation - C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
  • 0

#9
coachwife6
Posted 22 May 2005 - 09:00 PM

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
You remind me of myself when I first got infected. You have a lot of stuff running. Sometimes they work against each other. So, let's take a breath and take it one step at a time.

1. First off, we need to disable Microsoft antispyware and winpatrol. They will prohibit fixes.

2. Uninstall spykilla. It's a rogue program.

See HERE

3. You have two antiviral programs running: Kaspersky and Trend Micro. They don't play well together. Get rid of one.

4. Reset your restore points

5. Run Hijack This and put a check mark next to this one:

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

6. Run CleanUp!

7. Reboot and post a new log. :tazz:
  • 0

#10
halfopus
Posted 23 May 2005 - 12:13 AM

halfopus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
I took your point #4 to mean turn on system restore. was i correct?

I did all else as you recommended. :tazz:

Thanks!
Here is my new log:
Logfile of HijackThis v1.99.1
Scan saved at 11:04:47 PM, on 5/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\DigitalPersona\Bin\DpHost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Folder Shield\FSService.exe
C:\Program Files\Folder Shield\fsp.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\hijackthis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TSC.EXE
C:\WINDOWS\system32\MsiExec.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPC129~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPC129~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [fspr] "C:\Program Files\Folder Shield\FolderShield.exe" CR
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPC129~1\tools\iesdpb.dll
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop...cpConnCheck.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca....r/axscanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093236713921
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) - http://ccon.futurema...lobal/msc34.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.game...aploader_v5.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...484/mcfscan.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop...irus/PitPav.cab
O18 - Protocol: mavencache - {DB47FDC2-8C38-4413-9C78-D1A68BF24EED} - C:\Program Files\Maven\protocolHandlers.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: FSService - Unknown owner - C:\Program Files\Folder Shield\FSService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: V2i Protector - PowerQuest Corporation - C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
  • 0

Advertisements

#11
coachwife6
Posted 23 May 2005 - 09:02 AM

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Tell me what, if any problems you're having.
  • 0

#12
halfopus
Posted 24 May 2005 - 01:12 AM

halfopus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
I am still having problems with Microsoft Antispyware finding a browser modifier of high severity. It finds it in the Internet Explorer page C:Windows/System32/Bl..... which sometimes reads C:Windows/System32/Blank. It deletes it, however, even before reboot it will often come back.

About.htm is still trying to set itself as my home page.

Many programs (antivirus and spyware variety) and webpages (Google, CompUSA) are corrupted with the font being changed to italics. This indicates to me there is still something malicious on my system.

Also, microsoft.com windows update page is blank and non responsive for updates.

Thanks again for your time and interest! :tazz:
  • 0

#13
coachwife6
Posted 24 May 2005 - 02:27 AM

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Please go HERE and follow the instructions. I want you to run both Kasperski and Microsoft AntiSpyware according to the instructions.
To post a log from Microsoft AntiSpyware do as follows:
Open Microsoft AntiSpyware.
Click "Tools" > "Spyware Scan" > View Spyware Scan History.
Highlight the latest scan.
Click [u]"View full details of scan"[/b] found in the lower right corner.
Right-click on the window with the details of the scan.
Click "Select All"
Click Ctrl + c to copy the contents
Paste the content into a new post in this topic.

Do a new HijackThis scan and post the log together with the information from Kasperski and from Microsoft AntiSpyware. :tazz:
  • 0

#14
halfopus
Posted 24 May 2005 - 04:38 PM

halfopus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Hello again,

Ran Kapersky and MSAS as you said. You are right, Kapersky and Trend does not play well together. Had to uninstall Kapersky to get my system to boot normally!

I see two bad guys in HJT log!!!! But will restrain myself from correcting until I hear from you again! :tazz:

Thanks for your perseverence!

Here is K-log
Statistics:
Task start time: 5/24/2005 12:01:37 PM
Task completion time: 5/24/2005 1:39:51 PM
Objects scanned: 339550
Viruses detected: 0
Viruses disinfected: 0
Objects deleted: 0
Objects quarantined: 0

Settings:
Objects to be scanned:
My Computer
If an infected object is found:
Perform recommended action
Scan level:
Recommended
Objects to be excluded from the scan scope:
Option not used

Report:
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom.zip\[email protected][2].txt password protected, has not been processed 5/24/2005 12:28:22 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:22 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom1.zip\lance@advertising[2].txt password protected, has not been processed 5/24/2005 12:28:23 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom1.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:23 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom2.zip\[email protected][2].txt password protected, has not been processed 5/24/2005 12:28:23 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom2.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:23 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom3.zip\lance@advertising[1].txt password protected, has not been processed 5/24/2005 12:28:23 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom3.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:23 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom4.zip\[email protected][2].txt password protected, has not been processed 5/24/2005 12:28:23 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom4.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:23 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom5.zip\lance@advertising[1].txt password protected, has not been processed 5/24/2005 12:28:23 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom5.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:23 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom6.zip\[email protected][1].txt password protected, has not been processed 5/24/2005 12:28:23 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom6.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:23 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom7.zip\lance@advertising[1].txt password protected, has not been processed 5/24/2005 12:28:23 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom7.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:23 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated.zip\RELATED.HTM password protected, has not been processed 5/24/2005 12:28:23 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:23 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated1.zip\RELATED.HTM password protected, has not been processed 5/24/2005 12:28:23 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated1.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:23 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Aureate.zip\htmdeng.exe password protected, has not been processed 5/24/2005 12:28:23 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Aureate.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:23 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Aureate1.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:23 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Aureate1.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:23 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Aureate10.zip\ipcclient.dll password protected, has not been processed 5/24/2005 12:28:23 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Aureate10.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:23 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Aureate11.zip\adimage.dll password protected, has not been processed 5/24/2005 12:28:23 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Aureate11.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:23 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Aureate2.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:23 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Aureate2.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:23 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Aureate3.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:23 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Aureate3.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:23 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Aureate4.zip\tfde.dll password protected, has not been processed 5/24/2005 12:28:24 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Aureate4.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:24 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Aureate5.zip\msipcsv.exe password protected, has not been processed 5/24/2005 12:28:24 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Aureate5.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:24 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Aureate6.zip\ipcclient.dll password protected, has not been processed 5/24/2005 12:28:24 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Aureate6.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:24 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Aureate7.zip\adimage.dll password protected, has not been processed 5/24/2005 12:28:24 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Aureate7.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:24 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Aureate8.zip\msipcsv.exe password protected, has not been processed 5/24/2005 12:28:24 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Aureate8.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:24 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Aureate9.zip\tfde.dll password protected, has not been processed 5/24/2005 12:28:24 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Aureate9.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:24 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AvenueAInc.zip\lance@atdmt[1].txt password protected, has not been processed 5/24/2005 12:28:24 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AvenueAInc.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:24 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AvenueAInc1.zip\lance@atdmt[2].txt password protected, has not been processed 5/24/2005 12:28:24 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AvenueAInc1.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:24 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AvenueAInc2.zip\lance@atdmt[2].txt password protected, has not been processed 5/24/2005 12:28:24 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AvenueAInc2.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:24 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AvenueAInc3.zip\lance@atdmt[2].txt password protected, has not been processed 5/24/2005 12:28:24 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AvenueAInc3.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:24 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:24 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:24 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite1.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:24 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite1.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:24 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite10.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:24 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite10.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:24 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite11.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:24 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite11.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:24 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite12.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:24 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite12.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:24 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite13.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:24 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite13.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:24 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite14.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:24 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite14.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:24 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite15.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:24 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite15.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:24 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite16.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:24 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite16.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:24 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite17.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:25 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite17.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:25 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite18.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:25 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite18.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:25 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite19.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:25 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite19.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:25 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite2.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:25 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite2.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:25 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite20.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:25 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite20.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:25 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite21.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:25 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite21.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:25 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite22.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:25 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite22.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:25 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite23.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:25 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite23.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:25 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite24.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:25 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite24.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:25 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite25.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:25 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite25.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:25 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite26.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:25 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite26.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:25 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite27.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:25 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite27.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:25 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite28.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:25 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite28.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:25 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite29.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:25 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite29.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:25 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite3.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:25 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite3.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:25 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite30.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:25 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite30.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:25 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite31.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:25 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite31.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:25 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite32.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:25 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite32.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:25 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite33.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:25 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite33.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:25 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite34.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:25 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite34.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:25 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite35.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:25 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite35.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:25 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite36.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:25 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite36.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:25 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite37.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:25 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite37.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:25 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite38.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:25 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite38.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:25 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite39.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:25 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite39.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:25 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite4.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:26 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite4.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:26 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite40.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:26 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite40.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:26 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite41.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:26 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite41.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:26 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite42.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:26 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite42.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:26 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite43.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:26 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite43.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:26 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite44.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:26 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite44.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:26 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite45.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:26 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite45.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:26 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite46.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:26 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite46.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:26 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite47.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:26 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite47.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:26 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite48.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:26 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite48.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:26 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite49.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:26 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite49.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:26 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite5.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:26 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite5.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:26 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite50.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:26 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite50.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:26 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite51.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:26 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite51.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:26 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite52.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:26 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite52.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:26 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite53.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:26 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite53.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:26 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite54.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:26 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite54.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:26 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite55.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:26 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite55.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:26 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite56.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:26 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite56.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:26 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite57.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:26 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite57.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:26 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite58.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:26 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite58.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:26 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite59.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:26 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite59.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:26 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite6.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:26 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite6.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:26 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite60.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:26 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite60.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:26 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite61.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:26 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite61.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:26 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite62.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:27 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite62.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:27 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite63.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:27 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite63.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:27 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite64.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:27 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite64.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:27 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite65.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:27 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite65.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:27 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite66.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:27 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite66.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:27 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite67.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:27 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite67.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:27 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite68.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:27 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite68.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:27 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite69.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:27 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite69.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:27 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite7.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:27 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite7.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:27 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite70.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:27 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite70.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:27 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite71.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:27 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite71.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:27 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite72.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:27 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite72.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:27 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite8.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:27 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite8.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:27 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite9.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:27 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite9.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:27 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BargainBuddy.zip\apuc.dll password protected, has not been processed 5/24/2005 12:28:27 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BargainBuddy.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:27 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BargainBuddy1.zip\bin/apuc.dll password protected, has not been processed 5/24/2005 12:28:27 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BargainBuddy1.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:27 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BargainBuddy2.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:27 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BFast.zip\lance@bfast[2].txt password protected, has not been processed 5/24/2005 12:28:27 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BFast.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:27 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BFast1.zip\lance@bfast[2].txt password protected, has not been processed 5/24/2005 12:28:27 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BFast1.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:27 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Bluemountain.zip\[email protected][2].txt password protected, has not been processed 5/24/2005 12:28:27 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Bluemountain.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:27 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Bluemountain1.zip\[email protected][1].txt password protected, has not been processed 5/24/2005 12:28:27 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Bluemountain1.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:27 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Bluemountain2.zip\lance@bluemountain[2].txt password protected, has not been processed 5/24/2005 12:28:27 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Bluemountain2.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:27 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:28 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:28 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace1.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:28 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BookedSpace1.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:28 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommissionJunction.zip\lance@qksrv[1].txt password protected, has not been processed 5/24/2005 12:28:28 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommissionJunction.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:28 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommissionJunction1.zip\lance@qksrv[1].txt password protected, has not been processed 5/24/2005 12:28:28 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommissionJunction1.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:28 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommissionJunction2.zip\lance@qksrv[2].txt password protected, has not been processed 5/24/2005 12:28:28 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommissionJunction2.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:28 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommissionJunction3.zip\lance@commission-junction[1].txt password protected, has not been processed 5/24/2005 12:28:28 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommissionJunction3.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:28 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommissionJunction4.zip\lance@qksrv[1].txt password protected, has not been processed 5/24/2005 12:28:28 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CommissionJunction4.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:28 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoreMetrics.zip\[email protected][2].txt password protected, has not been processed 5/24/2005 12:28:28 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoreMetrics.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:28 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoreMetrics1.zip\[email protected][2].txt password protected, has not been processed 5/24/2005 12:28:28 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoreMetrics1.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:28 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoreMetrics2.zip\[email protected][2].txt password protected, has not been processed 5/24/2005 12:28:28 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoreMetrics2.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:28 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoreMetrics3.zip\[email protected][2].txt password protected, has not been processed 5/24/2005 12:28:28 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CoreMetrics3.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:28 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DoubleClick.zip\lance@doubleclick[1].txt password protected, has not been processed 5/24/2005 12:28:28 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DoubleClick.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:28 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DoubleClick1.zip\lance@doubleclick[1].txt password protected, has not been processed 5/24/2005 12:28:28 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DoubleClick1.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:28 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DoubleClick2.zip\lance@doubleclick[1].txt password protected, has not been processed 5/24/2005 12:28:28 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DoubleClick2.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:28 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DoubleClick3.zip\lance@doubleclick[2].txt password protected, has not been processed 5/24/2005 12:28:28 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DoubleClick3.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:28 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DoubleClick4.zip\lance@doubleclick[1].txt password protected, has not been processed 5/24/2005 12:28:28 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DoubleClick4.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:28 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DoubleClick5.zip\lance@doubleclick[1].txt password protected, has not been processed 5/24/2005 12:28:28 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DoubleClick5.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:28 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:28 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:28 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit1.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:29 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit1.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:29 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit2.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:29 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit2.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:29 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit3.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:29 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit3.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:29 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit4.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:29 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit4.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:29 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eAcceleration.zip\Install Party Babes 2004.lnk password protected, has not been processed 5/24/2005 12:28:29 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eAcceleration.zip\Uninstall Party Babes 2004.lnk password protected, has not been processed 5/24/2005 12:28:29 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eAcceleration.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:29 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eAccelerationSpyHunter.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:29 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FastClick.zip\lance@fastclick[1].txt password protected, has not been processed 5/24/2005 12:28:29 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FastClick.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:29 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FastClick1.zip\lance@fastclick[1].txt password protected, has not been processed 5/24/2005 12:28:29 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FastClick1.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:29 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FastClick2.zip\lance@fastclick[1].txt password protected, has not been processed 5/24/2005 12:28:29 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FastClick2.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:29 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FastClick3.zip\lance@fastclick[2].txt password protected, has not been processed 5/24/2005 12:28:29 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FastClick3.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:29 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FastClick4.zip\lance@fastclick[2].txt password protected, has not been processed 5/24/2005 12:28:29 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FastClick4.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:29 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Gator.zip\lance@gator[1].txt password protected, has not been processed 5/24/2005 12:28:29 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Gator.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:29 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Gator1.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:29 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Gator1.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:29 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Gator2.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:29 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Gator2.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:29 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Gator3.zip\sbRecovery.reg password protected, has not been processed 5/24/2005 12:28:29 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Gator3.zip\sbRecovery.ini password protected, has not been processed 5/24/2005 12:28:29 PM
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Gator4.zip\FSG/fsg.exe password protected,
  • 0

#15
coachwife6
Posted 24 May 2005 - 05:36 PM

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
did it get cut off at the bottom?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP