Hi, 1st post, reading similar ones i've DL'ed Hijackthis and combofix and have the same issue as other posters, i've got the above malware and Avast doesn't seem to be trying too hard to get rid of it! Anyway here are both logs, can you help please? Thanks in advance. ComboFix 08-07-24.6 - RobTreasure 2008-07-25 17:10:48.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1621 [GMT 1:00] Running from: C:\Documents and Settings\RobTreasure\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\Downloaded Program Files\setup.inf C:\WINDOWS\erms.exe C:\WINDOWS\system32\blphcardj0etb1.scr C:\WINDOWS\system32\phcardj0etb1.bmp . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_WINCOM32 -------\Service_npf ((((((((((((((((((((((((( Files Created from 2008-06-25 to 2008-07-25 ))))))))))))))))))))))))))))))) . 2008-07-24 13:53 . 2008-07-24 13:53 244 --ah----- C:\sqmnoopt19.sqm 2008-07-24 13:53 . 2008-07-24 13:53 232 --ah----- C:\sqmdata19.sqm 2008-07-23 08:04 . 2008-07-23 08:04 159 --a------ C:\WINDOWS\wininit.ini 2008-07-23 00:28 . 2008-07-23 00:28 244 --ah----- C:\sqmnoopt18.sqm 2008-07-23 00:28 . 2008-07-23 00:28 232 --ah----- C:\sqmdata18.sqm 2008-07-23 00:18 . 2008-07-23 00:18 244 --ah----- C:\sqmnoopt17.sqm 2008-07-23 00:18 . 2008-07-23 00:18 232 --ah----- C:\sqmdata17.sqm 2008-07-17 11:47 . 2008-07-17 11:47 244 --ah----- C:\sqmnoopt16.sqm 2008-07-17 11:47 . 2008-07-17 11:47 232 --ah----- C:\sqmdata16.sqm 2008-07-17 11:42 . 2008-07-17 11:42 244 --ah----- C:\sqmnoopt15.sqm 2008-07-17 11:42 . 2008-07-17 11:42 232 --ah----- C:\sqmdata15.sqm 2008-07-16 14:41 . 2008-07-16 14:41 244 --ah----- C:\sqmnoopt14.sqm 2008-07-16 14:41 . 2008-07-16 14:41 232 --ah----- C:\sqmdata14.sqm 2008-07-16 14:40 . 2008-07-16 14:40 244 --ah----- C:\sqmnoopt13.sqm 2008-07-16 14:40 . 2008-07-16 14:40 232 --ah----- C:\sqmdata13.sqm 2008-07-16 01:12 . 2008-07-16 01:12 244 --ah----- C:\sqmnoopt12.sqm 2008-07-16 01:12 . 2008-07-16 01:12 232 --ah----- C:\sqmdata12.sqm 2008-07-05 20:57 . 2008-07-05 20:57 <DIR> d-------- C:\Program Files\Download Manager 2008-07-05 20:57 . 2008-07-05 21:18 <DIR> d-------- C:\Documents and Settings\RobTreasure\Application Data\IGN_DLM 2008-07-05 20:40 . 2008-07-05 20:40 94,208 --a------ C:\WINDOWS\DIIUnin.exe 2008-07-05 20:40 . 2008-07-05 21:19 36,048 --a------ C:\WINDOWS\DIIUnin.dat 2008-07-05 20:40 . 2008-07-05 20:40 2,829 --a------ C:\WINDOWS\DIIUnin.pif 2008-07-05 20:16 . 2008-07-05 20:16 <DIR> d-------- C:\Diablo II 2008-07-05 09:17 . 2008-07-20 19:51 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-07-05 09:17 . 2008-07-05 09:17 1,409 --a------ C:\WINDOWS\QTFont.for 2008-06-30 08:00 . 2008-06-30 08:00 244 --ah----- C:\sqmnoopt11.sqm 2008-06-30 08:00 . 2008-06-30 08:00 232 --ah----- C:\sqmdata11.sqm . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-23 20:35 --------- d-----w C:\Program Files\Diablo II 2008-07-20 08:49 --------- d-----w C:\Program Files\Napster 2008-07-05 21:00 90,112 ----a-w C:\WINDOWS\Internet Logs\xDB1BD.tmp 2008-07-05 20:06 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll 2008-07-05 20:06 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll 2008-07-05 20:06 12,067 -c--atw C:\WINDOWS\system32\SIntf16.dll 2008-06-30 21:35 61,440 ----a-w C:\WINDOWS\Internet Logs\xDB1BC.tmp 2008-06-28 13:42 54,272 ----a-w C:\WINDOWS\Internet Logs\xDB1BB.tmp 2008-06-22 21:37 619,008 ----a-w C:\WINDOWS\Internet Logs\xDB1BA.tmp 2008-06-18 19:51 --------- d-----w C:\Documents and Settings\RobTreasure\Application Data\GetRightToGo 2008-06-18 19:50 --------- d-----w C:\Documents and Settings\RobTreasure\Application Data\Turbine 2008-06-18 19:28 --------- d-----w C:\Program Files\Codemasters 2008-06-17 19:22 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-17 19:14 24,968,227 -c--a-w C:\WINDOWS\Internet Logs\tvDebug.zip 2008-06-17 11:27 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-06-17 11:27 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf 2008-06-17 11:18 21,672 ----a-w C:\WINDOWS\system32\drivers\ggsemc.sys 2008-06-17 11:18 13,352 ----a-w C:\WINDOWS\system32\drivers\ggflt.sys 2008-06-17 11:18 1,419,232 ----a-w C:\WINDOWS\system32\wdfcoinstaller01005.dll 2008-06-17 11:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony Ericsson 2008-06-17 11:16 --------- d-----w C:\Program Files\Sony Ericsson 2008-06-14 07:04 --------- d-----w C:\Program Files\EA GAMES 2008-05-28 20:02 --------- d-----w C:\Program Files\Common Files\Stardock 2008-05-28 20:01 --------- d-----w C:\Program Files\Stardock 2008-05-18 11:36 52,736 ----a-w C:\WINDOWS\Internet Logs\xDB1B9.tmp 2008-05-18 07:12 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll 2008-05-18 06:45 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-05-16 22:36 389,632 ----a-w C:\WINDOWS\Internet Logs\xDB1B8.tmp 2008-04-27 14:34 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-03-13 19:06 22,328 ----a-w C:\Documents and Settings\RobTreasure\Application Data\PnkBstrK.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-10-05 09:52 98304] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:56 15360] "igndlm.exe"="C:\Program Files\Download Manager\DLM.exe" [2007-03-05 22:57 1103480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 18:14 8491008] "Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-03-16 11:34 755480] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51 257088] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 18:14 81920] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720] "nwiz"="nwiz.exe" [2007-10-04 18:14 1626112 C:\WINDOWS\system32\nwiz.exe] "SoundMan"="SOUNDMAN.EXE" [2005-05-17 19:48 77824 C:\WINDOWS\soundman.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:56 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Belkin Wireless G Desktop Card Client Utility.lnk - C:\Program Files\Belkin\PCI F5D700F\Wireless Utility\Belkinwcui.exe [2007-05-13 14:42:00 1556480] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "usnjsvc"=3 (0x3) "SandraTheSrv"=3 (0x3) "SandraDataSrv"=3 (0x3) "PnkBstrA"=2 (0x2) "iPod Service"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 00:20] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 00:16] R3 Belkin700F;Belkin Wireless G Desktop Card Service v7;C:\WINDOWS\system32\DRIVERS\BLKWGDv7.sys [2006-10-19 10:44] R3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2002-10-02 09:57] S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-06-17 12:18] S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2006-02-17 20:34] S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2006-11-19 19:10] S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2006-11-19 19:10] S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2006-11-19 19:10] S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2006-11-19 19:10] S3 se46bus;Sony Ericsson Device 070 driver (WDM);C:\WINDOWS\system32\DRIVERS\se46bus.sys [2006-11-30 15:11] S3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se46mdfl.sys [2006-11-30 15:11] S3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se46mdm.sys [2006-11-30 15:11] S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se46mgmt.sys [2006-11-30 15:11] S3 se46nd5;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se46nd5.sys [2006-11-30 15:11] S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se46obex.sys [2006-11-30 15:11] S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se46unic.sys [2006-11-30 15:11] S3 ULI5261;ULi Based Ethernet NT Driver;C:\WINDOWS\system32\DRIVERS\ULILAN.SYS [2004-07-26 22:19] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] \Shell\AutoRun\command - G:\LaunchU3.exe . Contents of the 'Scheduled Tasks' folder "2008-07-03 15:03:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . - - - - ORPHANS REMOVED - - - - SSODL-evgratsm-{0D96FBFB-E9D8-4F6C-A058-18731591ED24} - C:\WINDOWS\evgratsm.dll . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.google.co.uk R1 -: HKCU-SearchURL,(Default) = hxxp://search.aol.co.uk/web?isinit=true&query=%s O8 -: &Search - ?p=ZKxdm011YYGB O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-25 17:15:17 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\CTSVCCDA.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe . ************************************************************************** . Completion time: 2008-07-25 17:21:44 - machine was rebooted ComboFix-quarantined-files.txt 2008-07-25 16:21:38 Pre-Run: 14,236,442,624 bytes free Post-Run: 14,299,652,096 bytes free 186 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:46:35, on 25/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Belkin\PCI F5D700F\Wireless Utility\Belkinwcui.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Outlook Express\msimn.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Registration .LNK = C:\Program Files\Ubisoft\Dark Messiah of Might and Magic\RegistrationReminder.exe O4 - Global Startup: Belkin Wireless G Desktop Card Client Utility.lnk = ? O8 - Extra context menu item: &Search - ?p=ZKxdm011YYGB O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 6826 bytes
Hi rtreasure Before I tell you what things to fix from your logs, please do the following two steps: *************************************************** 1. Download Superantispyware Free, install it, and update it. We will use it later. 2.. Scan with Avast in safe mode. Quarantine (Move to chest) all detected items, and post a scan log here. To boot into safe mode, just press the F8 key repeatedly after you press the power button. 3. With your computer still in safe mode, scan with Superantispyware Free, quarantine all detected items, and then post a scan log here. *************************************************** Best Regards
Right, phew! Done all that, well almost all, going back to quarantine from Superantispyware but here's the logs. ..... I'm going to kill my mate who is staying and infected my lovely computer with this! A little knowledge is a dangerous thing ) Thanks for your help. AVAST did some odd stuff, I think it was trying to delete the file i'd already sent to vault. * * avast! Report * This file is generated automatically * * Task 'Simple user interface' used * Started on 25 July 2008 20:42:31 * VPS: 080725-0, 25/07/2008 * C:\Documents and Settings\Administrator\Local Settings\Temp\_avast4_\unp212071442.tmp\{app}\autostart.exe [L] Win32:Adware-gen [Adw] (0) While moving file to chest, error occurred: Virus chest server is not running. RPC communication failed. C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb1.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb1.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb10.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb10.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb11.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb11.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb12.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb12.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb13.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb13.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb14.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb14.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb15.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb15.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb2.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb2.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb3.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb3.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb4.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb4.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb5.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb5.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb6.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb6.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb7.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb7.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb8.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb8.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb9.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb9.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts1.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts1.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts10.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts10.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts11.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts11.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts12.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts12.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts13.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts13.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts14.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts14.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts15.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts15.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts16.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts16.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts17.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts17.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts18.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts18.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts19.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts19.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts2.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts2.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts20.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts20.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts21.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts21.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts22.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts22.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts23.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts23.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts24.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts24.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts25.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts25.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts26.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts26.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts27.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts27.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts28.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts28.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts29.zip\PopSwatr\History\allowed [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts29.zip\PopSwatr\History\notallow [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts29.zip\Shared\Cache\CursorManiaBtn.html [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts29.zip\Shared\Cache\MailStampBtn.html [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts29.zip\Shared\Cache\MyStationeryBtn.html [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts29.zip\Shared\Cache\SmileyCentralBtn.html [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts29.zip\Shared\Cache\WebfettiBtn.html [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts29.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts3.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts3.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts30.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts30.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts31.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts31.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts32.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts32.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts33.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts33.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts34.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts34.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts35.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts35.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts36.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts36.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts37.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts37.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts38.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts38.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts39.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts39.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts4.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts4.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts40.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts40.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts41.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts41.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts42.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts42.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts43.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts43.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts44.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts44.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts45.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts45.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts46.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts46.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts47.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts47.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts48.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts48.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts49.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts49.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts5.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts5.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts50.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts50.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts51.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts51.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts52.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts52.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts53.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts53.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts54.zip\f3PSSavr.scr [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts54.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts55.zip\f3initialsetup1.0.0.15-3.inf [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts55.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts56.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts56.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts57.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts58.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts59.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts59.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts6.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts6.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts7.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts7.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts8.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts8.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts9.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWebProducts9.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusDisableNotify.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusDisableNotify.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusDisableNotify1.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterAntiVirusDisableNotify1.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisableNotify.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisableNotify.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisableNotify1.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterFirewallDisableNotify1.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterUpdateDisableNotify.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterUpdateDisableNotify.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterUpdateDisableNotify1.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterUpdateDisableNotify1.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSystem.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSystem.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSystem1.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSystem1.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch.zip\MWSBAR.DLL [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch1.zip\MWSSRCAS.DLL [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch1.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch10.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch10.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch11.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch11.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch12.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch12.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch13.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch13.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch14.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch14.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch15.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch15.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch16.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch16.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch17.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch17.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch18.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch18.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch19.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch19.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch2.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch2.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch20.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch20.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch21.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch22.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch22.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch23.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch23.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch24.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch24.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch25.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch25.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch26.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch26.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch27.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch27.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch28.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch28.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch29.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch29.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch3.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch3.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch30.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch30.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch31.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch31.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch32.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch32.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch33.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch33.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\F3BKGERR.JPG [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\F3BROVLY.DLL [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\F3CJPEG.DLL [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\F3DTACTL.DLL [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\F3HISTSW.DLL [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\F3HTTPCT.DLL [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\F3IMSTUB.DLL [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\F3POPSWT.DLL [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\F3PSSAVR.SCR [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\F3REPROX.DLL [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\F3RESTUB.DLL [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\F3SCHMON.EXE [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\F3SCRCTR.DLL [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\F3SHLLVW.DLL [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\F3SPACER.WMV [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\F3WALLPP.DAT [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\F3WPHOOK.DLL [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\M3FFXTBR.JAR [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\M3FFXTBR.MANIFEST [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\M3HTML.DLL [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\M3IDLE.DLL [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\M3IMPIPE.EXE [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\M3MSG.DLL [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\M3NTSTBR.JAR [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\M3NTSTBR.MANIFEST [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\M3OUTLCN.DLL [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\M3PLUGIN.DLL [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\M3SKIN.DLL [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\M3SKPLAY.EXE [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\M3SLSRCH.EXE [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\M3SRCHMN.EXE [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\MWSOEMON.EXE [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\MWSOEPLG.DLL [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\MWSOESTB.DLL [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\1.bin\NPMYWEBS.DLL [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Avatar\COMMON.F3S [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Cache\01826ADA [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Cache\01826E25 [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Cache\01827039.bin [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Cache\01827886.bin [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Cache\01827B35.bin [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Cache\01827C4E.bin [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Cache\01827E04.bin [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Cache\01EA1F9E.bin [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Cache\01EA279D.bin [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Cache\01EA2933.bin [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Cache\01EA2A8B.bin [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Cache\files.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Game\CHECKERS.F3S [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Game\CHESS.F3S [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Game\REVERSI.F3S [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\History\search2 [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Message\COMMON.F3S [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Notifier\COMMON.F3S [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Notifier\DOG.F3S [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Notifier\FISH.F3S [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Notifier\KUNGFU.F3S [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Notifier\LIFEGARD.F3S [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Notifier\MAID.F3S [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Notifier\MAILBOX.F3S [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Notifier\OPERA.F3S [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Notifier\ROBOT.F3S [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Notifier\SEDUCT.F3S [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Notifier\SURFER.F3S [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Settings\prevcfg2.htm [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Settings\setting2.htm [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Settings\settings.dat [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\bar\Settings\s_pid.dat [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch34.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch35.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch35.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch36.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch36.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch37.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch37.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch38.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch38.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch39.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch39.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch4.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch4.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch40.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch40.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch41.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch41.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch42.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch42.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch43.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch43.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch44.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch44.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch45.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch45.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch46.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch46.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch47.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch47.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch48.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch48.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch49.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch49.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch5.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch5.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch50.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch50.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch51.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch51.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch52.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch52.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch53.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch53.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch54.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch54.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch55.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch55.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch56.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch56.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch57.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch57.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch58.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch58.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch59.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch59.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch6.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch6.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch60.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch60.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch61.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch61.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch62.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch62.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch63.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch63.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch64.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch64.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch65.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch65.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch66.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch66.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch67.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch67.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch68.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch68.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch69.zip\bar\1.bin\MWSOEMON.EXE [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch69.zip\bar\1.bin\MWSOESTB.DLL [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch69.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch7.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch7.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch70.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch70.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch71.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch71.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch8.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch8.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch9.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch9.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch1.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch1.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch10.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch10.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch11.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch11.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch12.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch12.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch13.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch13.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch14.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch14.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch15.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch15.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch16.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch16.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch17.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch17.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch18.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch18.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch19.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch19.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch2.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch2.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch20.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch20.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch21.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch21.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch3.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch3.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch4.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch4.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch5.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch5.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch6.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch6.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch7.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch7.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch8.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch8.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch9.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch9.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NurechA.zip\wincom32.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NurechA.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip\zlbw.dll [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC4.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC4.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCToolbar.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCToolbar.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCToolbar1.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCToolbar1.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCToolbar2.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCToolbar2.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Tibsvq.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Tibsvq.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Tibsvq1.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Tibsvq1.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde.zip\sbRecovery.reg [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloaderrid.zip\qndsfmao.dll [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloaderrid.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloadervcd.zip\evgratsm.dll [E] Archive is password protected. (42056) C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloadervcd.zip\sbRecovery.ini [E] Archive is password protected. (42056) C:\Documents and Settings\RobTreasure\Desktop\stuff\winzip81.exe\SETUP.WZ\WINZIP32.EX_ [E] Archive is password protected. (42056) C:\Downloads\mmsetup_10004015a_ENU.exe\TDM\TDMInstall.exe\Wise0010.bin [E] Installer archive is corrupted. (42146) C:\Program Files\Alwil Software\Avast4\DATA\moved\.tt6.tmp.vbs [L] VBS:Malware-gen (0) While moving file to chest, error occurred: Virus chest server is not running. RPC communication failed. While moving file to chest, error occurred: Virus chest server is not running. RPC communication failed. Infected files: 2 Total files: 425596 Total folders: 6502 Total size: 44.4 GB * * Task stopped: 26 July 2008 01:59:33 * Run-time was 5 hour(s), 17 minute(s), 2 second(s) * SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 07/26/2008 at 11:53 AM Application Version : 4.15.1000 Core Rules Database Version : 3514 Trace Rules Database Version: 1505 Scan type : Quick Scan Total Scan Time : 00:19:01 Memory items scanned : 386 Memory threats detected : 0 Registry items scanned : 392 Registry threats detected : 0 File items scanned : 13994 File threats detected : 69 Adware.Tracking Cookie C:\Documents and Settings\RobTreasure\Cookies\robtreasure@media.adrevolver[2].txt C:\Documents and Settings\RobTreasure\Cookies\robtreasure@chitika[2].txt C:\Documents and Settings\RobTreasure\Cookies\robtreasure@bs.serving-sys[1].txt C:\Documents and Settings\RobTreasure\Cookies\robtreasure@indextools[2].txt C:\Documents and Settings\RobTreasure\Cookies\robtreasure@serving-sys[2].txt C:\Documents and Settings\RobTreasure\Cookies\robtreasure@specificclick[2].txt C:\Documents and Settings\RobTreasure\Cookies\robtreasure@casalemedia[2].txt C:\Documents and Settings\RobTreasure\Cookies\robtreasure@doubleclick[1].txt C:\Documents and Settings\RobTreasure\Cookies\robtreasure@adrevolver[2].txt C:\Documents and Settings\RobTreasure\Cookies\robtreasure@pornvideosday[2].txt C:\Documents and Settings\RobTreasure\Cookies\robtreasure@www.system-defender[1].txt C:\Documents and Settings\RobTreasure\Cookies\robtreasure@ad.yieldmanager[2].txt C:\Documents and Settings\RobTreasure\Cookies\robtreasure@adviva[2].txt C:\Documents and Settings\RobTreasure\Cookies\robtreasure@revsci[1].txt C:\Documents and Settings\RobTreasure\Cookies\robtreasure@adultadworld[1].txt C:\Documents and Settings\RobTreasure\Cookies\robtreasure@atdmt[2].txt C:\Documents and Settings\RobTreasure\Cookies\robtreasure@kontera[2].txt C:\Documents and Settings\RobTreasure\Cookies\robtreasure@mediaplex[1].txt C:\Documents and Settings\RobTreasure\Cookies\robtreasure@adtech[1].txt C:\Documents and Settings\RobTreasure\Cookies\robtreasure@fuckingmotherfucker[2].txt C:\Documents and Settings\RobTreasure\Cookies\robtreasure@socialmedia[1].txt C:\Documents and Settings\RobTreasure\Cookies\robtreasure@media.adrevolver[3].txt C:\Documents and Settings\RobTreasure\Cookies\robtreasure@ads.techguy[1].txt C:\Documents and Settings\RobTreasure\Cookies\robtreasure@trinitymirror.112.2o7[1].txt C:\Documents and Settings\RobTreasure\Cookies\robtreasure@apmebf[2].txt C:\Documents and Settings\RobTreasure\Cookies\robtreasure@pornvideosday[1].txt C:\Documents and Settings\RobTreasure\Cookies\robtreasure@tribalfusion[2].txt D:\Documents and Settings\Rob T\Cookies\rob t@tribalfusion[1].txt D:\Documents and Settings\Rob T\Cookies\rob t@adtech[2].txt D:\Documents and Settings\Rob T\Cookies\rob t@etype.adbureau[2].txt D:\Documents and Settings\Rob T\Cookies\rob t@adviva[2].txt D:\Documents and Settings\Rob T\Cookies\rob t@ads.multimania.lycos[1].txt D:\Documents and Settings\Rob T\Cookies\rob t@www.dgm2[1].txt D:\Documents and Settings\Rob T\Cookies\rob t@bfast[2].txt D:\Documents and Settings\Rob T\Cookies\rob t@bluestreak[1].txt D:\Documents and Settings\Rob T\Cookies\rob t@www.burstbeacon[2].txt D:\Documents and Settings\Rob T\Cookies\rob t@as-us.falkag[2].txt D:\Documents and Settings\Rob T\Cookies\rob t@statcounter[1].txt D:\Documents and Settings\Rob T\Cookies\rob t@bannersng.yell[2].txt D:\Documents and Settings\Rob T\Cookies\rob t@burstnet[1].txt D:\Documents and Settings\Rob T\Cookies\rob t@atdmt[2].txt D:\Documents and Settings\Rob T\Cookies\rob t@as-eu.falkag[2].txt D:\Documents and Settings\Rob T\Cookies\rob t@247realmedia[1].txt D:\Documents and Settings\Rob T\Cookies\rob t@2o7[1].txt D:\Documents and Settings\Rob T\Cookies\rob t@advertising[1].txt D:\Documents and Settings\Rob T\Cookies\rob t@atwola[1].txt D:\Documents and Settings\Rob T\Cookies\rob t@bilbo.counted[1].txt D:\Documents and Settings\Rob T\Cookies\rob t@ehg-idg.hitbox[1].txt D:\Documents and Settings\Rob T\Cookies\rob t@buyonline.ontrack[1].txt D:\Documents and Settings\Rob T\Cookies\rob t@casalemedia[1].txt D:\Documents and Settings\Rob T\Cookies\rob t@doubleclick[1].txt D:\Documents and Settings\Rob T\Cookies\rob t@ehg-bestwestern.hitbox[2].txt D:\Documents and Settings\Rob T\Cookies\rob t@fastclick[2].txt D:\Documents and Settings\Rob T\Cookies\rob t@File-Investigator-File-Find[1].txt D:\Documents and Settings\Rob T\Cookies\rob t@hitbox[1].txt D:\Documents and Settings\Rob T\Cookies\rob t@mediaplex[1].txt D:\Documents and Settings\Rob T\Cookies\rob t@toplist[1].txt D:\Documents and Settings\Rob T\Cookies\rob t@ontrack[1].txt D:\Documents and Settings\Rob T\Cookies\rob t@questionmarket[1].txt D:\Documents and Settings\Rob T\Cookies\rob t@realmedia[2].txt D:\Documents and Settings\Rob T\Cookies\rob t@sdc.krollontrack[2].txt D:\Documents and Settings\Rob T\Cookies\rob t@servedby.advertising[1].txt D:\Documents and Settings\Rob T\Cookies\rob t@tripod[1].txt D:\Documents and Settings\Rob T\Cookies\rob t@valueclick[1].txt D:\Documents and Settings\Rob T\Cookies\rob t@www.click-now[1].txt D:\Documents and Settings\Rob T\Cookies\rob t@yadro[2].txt D:\Documents and Settings\Rob T\Cookies\rob t@www.ontrack[2].txt D:\Documents and Settings\Rob T\Cookies\rob t@xiti[1].txt D:\Documents and Settings\Rob T\Cookies\rob t@z1.adserver[1].txt
Hey rtreasure You seem clean! Avast detected a lot of stuff in Spybot's Recovery section, so the big log from Avast should be of no worry. Now, just post a new HijackThis log, and tell me what problems you have left. Best Regards
Wow! Great stuff, here's the latest Hijack log, all good still? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:28:43, on 27/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Belkin\PCI F5D700F\Wireless Utility\Belkinwcui.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Registration .LNK = C:\Program Files\Ubisoft\Dark Messiah of Might and Magic\RegistrationReminder.exe O4 - Global Startup: Belkin Wireless G Desktop Card Client Utility.lnk = ? O8 - Extra context menu item: &Search - ?p=ZKxdm011YYGB O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 6897 bytes
Here we go! All good still? >>>>>>>>>>>>>>>>> Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:28:43, on 27/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Belkin\PCI F5D700F\Wireless Utility\Belkinwcui.exe C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Registration .LNK = C:\Program Files\Ubisoft\Dark Messiah of Might and Magic\RegistrationReminder.exe O4 - Global Startup: Belkin Wireless G Desktop Card Client Utility.lnk = ? O8 - Extra context menu item: &Search - ?p=ZKxdm011YYGB O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 6897 bytes
Hey rtreasure So all your problems are gone? Please thoroughly check your system's functionality, and see if things such as Command Prompt, Control Panel, Regedit, etc, are working. Please also fix the following entries in HijackThis: O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O8 - Extra context menu item: &Search - ?p=ZKxdm011YYGB This one is optional and will disable the Dark Messiah of Might and Magic registration reminder if fixed. O4 - Startup: Registration .LNK = C:\Program Files\Ubisoft\Dark Messiah of Might and Magic\RegistrationReminder.exe Best Regards
