HJT help please!?!?!I'm going crazy....

Hi userE and welcome to A2K,
Need you to do a few things for us please,
Firtsly print out the following instructions as you need to be offline in order to clean properly,
However download the programs check them for updates, Then stay offline till you have completed the following please,

Dowload the following program
CWShredder
It should be the current version, but check for updates
Run Program cwshredder and have it fix anything it finds.
Make sure you click the "Fix" button
Next
Download Ad-Aware SE
Use the: "Check for Updates Now" option and download the latest reference files
Use the Start button, and on the next window, select: Perform Full System Scan
Press Next, and let Ad-aware scan the hard drive
When finished, right-click the window with the entries, choose: Select All from the menu, and click Next
Once AdAware has removed the entries, close the program
Restart the computer

Do not run the above programs yet I will ask to have you run them at the end

First:
Download AboutBuster
Then Unzip it to your desktop.. "Don't run it yet"

First, reboot into 'SAFE MODE'. (By tapping the F8 key on start up)
Next:
Run About Buster twice in safe Mode Save the logs it generates,
While still in safe mode,
Please restart HJT put a check next to the following if they still exist, close all open windows and click "fix.checked"
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\lfloe.dll/sp.html#89328
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lfloe.dll/sp.html#89328
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\lfloe.dll/sp.html#89328
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\lfloe.dll/sp.html#89328
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lfloe.dll/sp.html#89328
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\lfloe.dll/sp.html#89328
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\lfloe.dll/sp.html#89328
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {627786BB-6448-3092-7B9F-EC2C95F20347} - C:\WINDOWS\apidq32.dll
O4 - HKLM\..\Run: [d3xm.exe] C:\WINDOWS\system32\d3xm.exe
O4 - HKCU\..\Run: [winpack] C:\WINDOWS\System32\winpack.exe
O4 - HKCU\..\Run: [icfgnt5] C:\WINDOWS\system32\icfgnt5.exe


make sure you can view all View all Hidden Files/Folders search for and delete the following in BOLD if still present
C:\WINDOWS\apidq32.dll
C:\WINDOWS\system32\d3xm.exe
C:\WINDOWS\System32\winpack.exe
C:\WINDOWS\system32\icfgnt5.exe

Restart your computer,

Run About Buster twice again please, Again save the log from it.
Now run both CWS and Ad-aware as instructed above,
Restart your computer
and post back all the logs from AboutBuster and a fresh HJT log please.

Note you need to get your Windows updates in order the are serverly outdated

Ok, just got done with everything - still popups and the about homepage. I cannot get adaware to clear out the problems, even one at a time - computer just locks up - every single time. It never did this before all of this - I usually ran adaware and spybot at the same time with no problems...anywho


Scanned at: 12:40:44 PM on: 12/27/2004


-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 19


ADS not scanned System(FAT)
Removed 5 Random Key Entries
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 19


ADS not scanned System(FAT)
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!

************************************************************

Logfile of HijackThis v1.98.2
Scan saved at 12:55:26 PM, on 12/27/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\sdkuh32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\d3xm.exe
C:\WINDOWS\System32\winpack.exe
C:\hjt\HijackThis.exe
C:\WINDOWS\system32\icfgnt5.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\zfcpe.dll/sp.html#89328
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\zfcpe.dll/sp.html#89328
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\zfcpe.dll/sp.html#89328
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\zfcpe.dll/sp.html#89328
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\zfcpe.dll/sp.html#89328
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\zfcpe.dll/sp.html#89328
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\zfcpe.dll/sp.html#89328
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1F1BD9FA-B4F6-5967-29CB-15DD83E86AFE} - C:\WINDOWS\javacn32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [d3xm.exe] C:\WINDOWS\system32\d3xm.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [winpack] C:\WINDOWS\System32\winpack.exe
O4 - HKCU\..\Run: [icfgnt5] C:\WINDOWS\system32\icfgnt5.exe
O4 - Global Startup: VTAgentReboot.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\office\OSA9.EXE
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

Thanks for the help so far Don!

Lets go a different route with this,
First Reboot to safe mode,
Press Ctrl+Alt+Delete once.
Click Task Manager.
Click the Processes tab.
Scroll through the list and look for the bolded files below
click it, and then click End Process.
Exit the Task Manager

make sure you can view all View all Hidden Files/Folders search for and delete the following in BOLD
C:\WINDOWS\javacn32.dll
C:\WINDOWS\system32\d3xm.exe
C:\WINDOWS\System32\winpack.exe
C:\WINDOWS\system32\icfgnt5.exe
C:\WINDOWS\sdkuh32.exe


Next, while still in safe mode,
Please restart HJT put a check next to the following if they still exist, close all open windows and click "fix.checked"
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\lfloe.dll/sp.html#89328
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lfloe.dll/sp.html#89328
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\lfloe.dll/sp.html#89328
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\lfloe.dll/sp.html#89328
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\lfloe.dll/sp.html#89328
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\lfloe.dll/sp.html#89328
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\lfloe.dll/sp.html#89328
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {627786BB-6448-3092-7B9F-EC2C95F20347} - C:\WINDOWS\javacn32.dll
O4 - HKLM\..\Run: [d3xm.exe] C:\WINDOWS\system32\d3xm.exe
O4 - HKCU\..\Run: [winpack] C:\WINDOWS\System32\winpack.exe
O4 - HKCU\..\Run: [icfgnt5] C:\WINDOWS\system32\icfgnt5.exe


Now Run AboutBuster again while still in safe mode

Restart your computer run AboutBusters again please,


Next
Go Here BitDefender Scan Online
Run a scan with BitDefender , Be sure and Check Auto Clean. Make a note of anything it can't remove


Post back the AboutBuster logs and a fresh HJT log please

Logfile of HijackThis v1.98.2
Scan saved at 4:43:50 PM, on 12/27/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\explorer.exe
C:\hjt\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [winpack] C:\WINDOWS\System32\winpack.exe
O4 - HKCU\..\Run: [icfgnt5] C:\WINDOWS\system32\icfgnt5.exe
O4 - Global Startup: VTAgentReboot.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\office\OSA9.EXE
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

************************************************************
Scanned at: 4:36:05 PM on: 12/27/2004

-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 19

ADS not scanned System(FAT)
Removed! : C:\WINDOWS\peshi.dat
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 19

ADS not scanned System(FAT)
Attempted Clean Of Temp folder.
Removed Uninstall Key (HSA)
Removed Uninstall Key (SE)
Removed Uninstall Key (SW)
Pages Reset... Done!

************************************************************
C:\DELL\wbt.dat=>WINDOWS/CLASSES.DAT: password protected
C:\DELL\wbt.dat=>WINDOWS/HWINFO.DAT: password protected
C:\DELL\wbt.dat=>WINDOWS/JAUTOEXP.DAT: password protected
C:\DELL\wbt.dat=>WINDOWS/SYSTEM.DAT: password protected
C:\DELL\wbt.dat=>WINDOWS/USER.DAT: password protected
C:\WINDOWS\system32\xigdx.dll: infected with Trojan.Downloader.WinShow.AK
C:\WINDOWS\system32\xigdx.dll: deleted
C:\WINDOWS\system32\wwnon.dll: infected with Trojan.Downloader.WinShow.AK
C:\WINDOWS\system32\wwnon.dll: deleted
C:\WINDOWS\system32\remove_me.dll: suspect BehavesLike:Trojan.StartPage
C:\WINDOWS\system32\remove_me.dll: disinfection failed
C:\WINDOWS\tbikeo.txt: infected with Trojan.Downloader.Agent.BQ
C:\WINDOWS\tbikeo.txt: disinfection failed
C:\WINDOWS\mbbpyq.log: infected with Trojan.Downloader.Agent.AP
C:\WINDOWS\mbbpyq.log: disinfection failed
C:\WINDOWS\sewcuc.dat: infected with Trojan.Downloader.Agent.BC
C:\WINDOWS\sewcuc.dat: disinfection failed
C:\WINDOWS\hhrptz.dat: infected with Trojan.Downloader.WinShow.AK
C:\WINDOWS\hhrptz.dat: deleted
C:\WINDOWS\remove_me.dll: suspect BehavesLike:Trojan.StartPage
C:\WINDOWS\remove_me.dll: disinfection failed
C:\WINDOWS\dheoxl.dat: infected with Trojan.Downloader.Agent.BC
C:\WINDOWS\dheoxl.dat: disinfection failed
C:\WINDOWS\njdlwr.dat: infected with Trojan.Downloader.Agent.BC
C:\WINDOWS\njdlwr.dat: disinfection failed
C:\WINDOWS\ouwlbg.dat: infected with Trojan.Downloader.Agent.BC
C:\WINDOWS\ouwlbg.dat: disinfection failed
C:\WINDOWS\zzsvre.dat: infected with Trojan.Downloader.Agent.BC
C:\WINDOWS\zzsvre.dat: disinfection failed
C:\WINDOWS\vajegd.log: infected with Trojan.Downloader.WinShow.AK
C:\WINDOWS\vajegd.log: deleted
C:\WINDOWS\rimygh.dat: infected with Trojan.Downloader.Agent.BC
C:\WINDOWS\rimygh.dat: disinfection failed
C:\WINDOWS\lpqbmq.dat: infected with Trojan.Downloader.Agent.BC
C:\WINDOWS\lpqbmq.dat: disinfection failed
C:\WINDOWS\xosfjq.dat: infected with Trojan.Downloader.Agent.BC
C:\WINDOWS\xosfjq.dat: disinfection failed
C:\WINDOWS\vzpnbd.dat: infected with Trojan.Downloader.Agent.BC
C:\WINDOWS\vzpnbd.dat: disinfection failed
C:\WINDOWS\fbkcwk.dat: infected with Trojan.Downloader.Agent.AP
C:\WINDOWS\fbkcwk.dat: disinfection failed
C:\WINDOWS\izjlrn.dat: infected with Trojan.Downloader.Agent.BC
C:\WINDOWS\izjlrn.dat: disinfection failed
C:\WINDOWS\jkxnbq.dat: infected with Trojan.Downloader.Agent.BQ
C:\WINDOWS\jkxnbq.dat: disinfection failed
C:\WINDOWS\psmpnm.dat: infected with Trojan.Downloader.Agent.BQ
C:\WINDOWS\psmpnm.dat: disinfection failed
C:\WINDOWS\itxupw.dat: infected with Trojan.Downloader.Agent.AP
C:\WINDOWS\itxupw.dat: disinfection failed
C:\WINDOWS\wlxie.dll: infected with Trojan.Downloader.WinShow.AK
C:\WINDOWS\wlxie.dll: deleted
C:\WINDOWS\sjqeew.log: infected with Trojan.Downloader.WinShow.AK
C:\WINDOWS\sjqeew.log: deleted
C:\WINDOWS\ienn32.dll: infected with Trojan.Downloader.Agent.BC
C:\WINDOWS\ienn32.dll: disinfection failed
C:\WINDOWS\loopny.log: infected with Trojan.Downloader.Agent.BQ
C:\WINDOWS\loopny.log: disinfection failed
C:\WINDOWS\dhzupj.log: infected with Trojan.Downloader.Agent.AP
C:\WINDOWS\dhzupj.log: disinfection failed
C:\WINDOWS\pipoll.dat: infected with Trojan.Downloader.Agent.BC
C:\WINDOWS\pipoll.dat: disinfection failed
C:\WINDOWS\mfcmu.exe: infected with Trojan.Downloader.Agent.Z
C:\WINDOWS\mfcmu.exe: disinfection failed
C:\WINDOWS\qiynxy.dat: infected with Trojan.Downloader.Agent.BQ
C:\WINDOWS\qiynxy.dat: disinfection failed
C:\WINDOWS\xfpjes.txt: infected with Trojan.Downloader.Agent.AP
C:\WINDOWS\xfpjes.txt: disinfection failed
C:\WINDOWS\apidq32.exe: infected with Trojan.Downloader.Agent.Z
C:\WINDOWS\apidq32.exe: disinfection failed
C:\WINDOWS\iidqqx.dat: infected with Trojan.Downloader.Agent.BC
C:\WINDOWS\iidqqx.dat: disinfection failed
C:\WINDOWS\apidq32.exe.bak: infected with Trojan.Downloader.Agent.AP
C:\WINDOWS\apidq32.exe.bak: disinfection failed
C:\WINDOWS\jussrz.dat: infected with Trojan.Downloader.Agent.BC
C:\WINDOWS\jussrz.dat: disinfection failed
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>arrow1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>arrow2.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bck1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bck2.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt11.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt12.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt13.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt21.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt22.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt23.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt31.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt32.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt33.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt41.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt42.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt43.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt51.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt52.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt53.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt61.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>bt62.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>checkbox1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>checkbox2.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>checkbox3.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>checkbox4.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>default.skn: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>defbtn1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>defbtn2.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>defbtn3.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph2.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph3.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph4.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph5.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph6.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>glyph7.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>main.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>preview.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>sprite1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>tab1.bmp: password protected
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask=>tab2.bmp: password protected
C:\Documents and Settings\default\Local Settings\Temp\CometU.DLL: suspect Trojan.Downloader.Gen
C:\Documents and Settings\default\Local Settings\Temp\CometU.DLL: disinfection failed
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CommissionJunction2.zip=>don@qksrv[1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CommissionJunction2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\HitBox8.zip=>don@hitbox[2].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\HitBox8.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom.zip=>don@advertising[1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\HitBox9.zip=>[email protected][1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\HitBox9.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated.zip=>related.htm: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\DoubleClick3.zip=>don@doubleclick[1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\DoubleClick3.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FastClick1.zip=>don@fastclick[2].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FastClick1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BFast3.zip=>don@bfast[1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BFast3.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AllInOneTelcom.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AllInOneTelcom.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MediaPlex4.zip=>don@mediaplex[1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MediaPlex4.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom9.zip=>[email protected][1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom9.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Gator.zip=>don@gator[1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Gator.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AllInOneTelcom1.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AllInOneTelcom1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Prolivation8.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Prolivation8.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\HitBox10.zip=>[email protected][1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\HitBox10.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AvenueAInc.zip=>don@atdmt[1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AvenueAInc.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Prolivation9.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Prolivation9.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\HitBox11.zip=>[email protected][1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\HitBox11.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AvenueAInc1.zip=>don@atdmt[2].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AvenueAInc1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom10.zip=>don@advertising[1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom10.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AvenueAInc6.zip=>don@atdmt[2].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AvenueAInc6.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\HitBox12.zip=>don@hitbox[2].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\HitBox12.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CommissionJunction3.zip=>don@qksrv[1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CommissionJunction3.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\DoubleClick4.zip=>don@doubleclick[2].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\DoubleClick4.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Search.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Search.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit1.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FastClick2.zip=>don@fastclick[1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FastClick2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\LinkSynergy.zip=>don@linksynergy[1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\LinkSynergy.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Gator1.zip=>don@gator[1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Gator1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit2.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MediaPlex5.zip=>don@mediaplex[1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MediaPlex5.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ValueClick3.zip=>don@valueclick[1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ValueClick3.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\HitBox13.zip=>[email protected][1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\HitBox13.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit3.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit3.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Prolivation10.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Prolivation10.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Prolivation11.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Prolivation11.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\HitBox14.zip=>don@hitbox[2].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\HitBox14.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit4.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\DSOExploit4.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom11.zip=>[email protected][1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom11.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\HitBox.zip=>[email protected][1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\HitBox.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom12.zip=>don@advertising[1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom12.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\HitBox1.zip=>don@hitbox[1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\HitBox1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AvenueAInc7.zip=>don@atdmt[1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AvenueAInc7.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MediaPlex.zip=>don@mediaplex[2].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MediaPlex.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom13.zip=>[email protected][2].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom13.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom14.zip=>don@advertising[1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom14.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Gator2.zip=>don@gator[1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Gator2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaPlayer.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaPlayer.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AvenueAInc8.zip=>don@atdmt[2].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AvenueAInc8.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CommissionJunction4.zip=>don@qksrv[1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CommissionJunction4.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\HitBox15.zip=>[email protected][1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\HitBox15.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaPlayer1.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaPlayer1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\DoubleClick5.zip=>don@doubleclick[1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\DoubleClick5.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FastClick3.zip=>don@fastclick[2].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FastClick3.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\HitBox16.zip=>don@hitbox[1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\HitBox16.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaPlayer2.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\WindowsMediaPlayer2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MediaPlex6.zip=>don@mediaplex[1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MediaPlex6.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Spex.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Spex.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom1.zip=>[email protected][1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ValueClick4.zip=>don@valueclick[2].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ValueClick4.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Spex1.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Spex1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom2.zip=>don@advertising[1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom15.zip=>[email protected][1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom15.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\TwainTech.zip=>sub.dll: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\TwainTech.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AvenueAInc2.zip=>don@atdmt[2].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AvenueAInc2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom16.zip=>don@advertising[1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom16.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BFast.zip=>don@bfast[2].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BFast.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AvenueAInc9.zip=>don@atdmt[2].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AvenueAInc9.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Spex2.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Spex2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CommissionJunction.zip=>don@qksrv[1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CommissionJunction.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\DoubleClick6.zip=>don@doubleclick[1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\DoubleClick6.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\nCase.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\nCase.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\DoubleClick.zip=>don@doubleclick[1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\DoubleClick.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AvenueAInc10.zip=>don@atdmt[1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AvenueAInc10.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\HitBox2.zip=>[email protected][1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\HitBox2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MediaPlex7.zip=>don@mediaplex[1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MediaPlex7.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\HitBox3.zip=>don@hitbox[2].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\HitBox3.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom17.zip=>[email protected][1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom17.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\HitsLink.zip=>[email protected][2].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\HitsLink.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Prolivation12.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Prolivation12.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\TIBS.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\TIBS.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MediaPlex1.zip=>don@mediaplex[1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MediaPlex1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Prolivation13.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Prolivation13.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom18.zip=>don@advertising[1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom18.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Prolivation.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Prolivation.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AvenueAInc11.zip=>don@atdmt[2].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AvenueAInc11.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\DoubleClick7.zip=>don@doubleclick[1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\DoubleClick7.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Prolivation1.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Prolivation1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FastClick4.zip=>don@fastclick[2].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FastClick4.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ValueClick.zip=>don@valueclick[1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ValueClick.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MediaPlex8.zip=>don@mediaplex[1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MediaPlex8.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ValueClick5.zip=>don@valueclick[1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ValueClick5.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Prolivation2.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Prolivation2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Prolivation14.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Prolivation14.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Prolivation15.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Prolivation15.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Prolivation3.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Prolivation3.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom19.zip=>[email protected][1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom19.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom3.zip=>[email protected][1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom3.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom20.zip=>don@advertising[1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom20.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom4.zip=>don@advertising[1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom4.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AvenueAInc12.zip=>don@atdmt[1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AvenueAInc12.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AvenueAInc3.zip=>don@atdmt[2].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AvenueAInc3.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\DoubleClick8.zip=>don@doubleclick[1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\DoubleClick8.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BFast1.zip=>don@bfast[1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BFast1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FastClick5.zip=>don@fastclick[1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FastClick5.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\DoubleClick1.zip=>don@doubleclick[1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\DoubleClick1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom21.zip=>don@advertising[2].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom21.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\HitBox4.zip=>don@hitbox[2].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\HitBox4.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom22.zip=>[email protected][1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom22.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\HitBox5.zip=>[email protected][1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\HitBox5.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AvenueAInc13.zip=>don@atdmt[2].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AvenueAInc13.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MediaPlex2.zip=>don@mediaplex[2].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MediaPlex2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\DoubleClick9.zip=>don@doubleclick[1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\DoubleClick9.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FastClick6.zip=>don@fastclick[2].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FastClick6.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Possiblehijacker.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Possiblehijacker.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated1.zip=>related.htm: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\TwainTech1.zip=>Searchx.htm: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\TwainTech1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Prolivation4.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Prolivation4.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\TwainTech2.zip=>datastore.dll: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\TwainTech2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated2.zip=>related.htm: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Prolivation5.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Prolivation5.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchService.zip=>apijj.exe: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchService.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ValueClick1.zip=>don@valueclick[1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ValueClick1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchFeatInstaller.zip=>ogzkqx.dat: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchFeatInstaller.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom5.zip=>[email protected][2].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom5.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchFeatInstaller1.zip=>uxqtj.dat: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchFeatInstaller1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom6.zip=>don@advertising[1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom6.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchFeatInstaller2.zip=>mfcxy32.exe: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchFeatInstaller2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AvenueAInc4.zip=>don@atdmt[2].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AvenueAInc4.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchService1.zip=>apijj.exe_tobedeleted: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchService1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BFast2.zip=>don@bfast[2].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\BFast2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchFeatInstaller3.zip=>mfcxy32.exe_tobedeleted: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchFeatInstaller3.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CommissionJunction1.zip=>don@qksrv[2].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CommissionJunction1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchFeatInstaller4.zip=>pdeau.dat: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchFeatInstaller4.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\DoubleClick2.zip=>don@doubleclick[1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\DoubleClick2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchService2.zip=>appdl32.exe: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchService2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FastClick.zip=>don@fastclick[1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\FastClick.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchService3.zip=>appdl32.exe_tobedeleted: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchService3.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\HitBox6.zip=>don@hitbox[1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\HitBox6.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\HitBox7.zip=>[email protected][1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\HitBox7.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchFeatInstaller5.zip=>ogzkqx.dat: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchFeatInstaller5.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MediaPlex3.zip=>don@mediaplex[2].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\MediaPlex3.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchFeatInstaller6.zip=>uxqtj.dat: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchFeatInstaller6.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchFeatInstaller7.zip=>d3fv.exe: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchFeatInstaller7.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Prolivation6.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Prolivation6.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchFeatInstaller8.zip=>d3fv.exe_tobedeleted: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchFeatInstaller8.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchFeatInstaller9.zip=>mklccv.dat: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchFeatInstaller9.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Prolivation7.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Prolivation7.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchFeatInstaller10.zip=>ojknm.dat: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchFeatInstaller10.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ValueClick2.zip=>don@valueclick[2].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ValueClick2.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchFeatInstaller11.zip=>pdeau.dat: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchFeatInstaller11.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom7.zip=>don@advertising[1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom7.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchFeatInstaller12.zip=>diwrz.dat: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchFeatInstaller12.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom8.zip=>[email protected][2].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Advertisingcom8.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchFeatInstaller13.zip=>bjaroi.dat: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchFeatInstaller13.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AvenueAInc5.zip=>don@atdmt[2].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\AvenueAInc5.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchFeatInstaller14.zip=>loopn.dat: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchFeatInstaller14.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ClickAgents.zip=>don@clickagents[1].txt: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\ClickAgents.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchFeatInstaller15.zip=>psmpn.dat: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchFeatInstaller15.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchFeatInstaller16.zip=>netjl32.exe: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchFeatInstaller16.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchService4.zip=>d3qb.exe: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchService4.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\TIBS1.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\TIBS1.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Winpup.zip=>sbRecovery.reg: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\Winpup.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchFeatInstaller17.zip=>mfcmu.exe: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchFeatInstaller17.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchFeatInstaller18.zip=>netjl32.exe_tobedeleted: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchFeatInstaller18.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchService5.zip=>d3qb.exe_tobedeleted: password protected
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CoolWWWSearchService5.zip=>sbRecovery.ini: password protected
C:\Documents and Settings\Don\Local Settings\Temp\6.tmp: infected with Trojan.Hideprocs.B
C:\Documents and Settings\Don\Local Settings\Temp\6.tmp: disinfection failed
C:\Documents and Settings\Don\Local Settings\Temp\B.tmp: suspect BehavesLike:Trojan.Downloader
C:\Documents and Settings\Don\Local Settings\Temp\B.tmp: disinfection failed
C:\Documents and Settings\Don\Local Settings\Temp\F.tmp: infected with Trojan.Hideprocs.B
C:\Documents and Settings\Don\Local Settings\Temp\F.tmp: disinfection failed
C:\Documents and Settings\Don\Local Settings\Temp\2.tmp: infected with Trojan.Hideprocs.B
C:\Documents and Settings\Don\Local Settings\Temp\2.tmp: disinfection failed
C:\Documents and Settings\Don\Local Settings\Temp\10.tmp: suspect BehavesLike:Trojan.Downloader
C:\Documents and Settings\Don\Local Settings\Temp\10.tmp: disinfection failed
C:\Documents and Settings\Don\Local Settings\Temp\4.tmp: suspect BehavesLike:Trojan.Downloader
C:\Documents and Settings\Don\Local Settings\Temp\4.tmp: disinfection failed
C:\System Volume Information\_restore{99C83739-05B9-4B8B-B8D6-4F2BB14F73A5}\RP4\A0000947.exe: infected with Trojan.Sandbox.A
C:\System Volume Information\_restore{99C83739-05B9-4B8B-B8D6-4F2BB14F73A5}\RP4\A0000947.exe: disinfection failed
C:\System Volume Information\_restore{99C83739-05B9-4B8B-B8D6-4F2BB14F73A5}\RP10\snapshot\MFEX-8.DAT: infected with Trojan.Downloader.Agent.BQ
C:\System Volume Information\_restore{99C83739-05B9-4B8B-B8D6-4F2BB14F73A5}\RP10\snapshot\MFEX-8.DAT: disinfection failed
C:\System Volume Information\_restore{99C83739-05B9-4B8B-B8D6-4F2BB14F73A5}\RP10\snapshot\MFEX-10.DAT: infected with Trojan.Downloader.Agent.AP
C:\System Volume Information\_restore{99C83739-05B9-4B8B-B8D6-4F2BB14F73A5}\RP10\snapshot\MFEX-10.DAT: disinfection failed
C:\System Volume Information\_restore{99C83739-05B9-4B8B-B8D6-4F2BB14F73A5}\RP10\A0001923.exe: infected with Trojan.Downloader.Agent.BQ
C:\System Volume Information\_restore{99C83739-05B9-4B8B-B8D6-4F2BB14F73A5}\RP10\A0001923.exe: disinfection failed
C:\System Volume Information\_restore{99C83739-05B9-4B8B-B8D6-4F2BB14F73A5}\RP10\A0001925.exe: infected with Trojan.Downloader.Agent.AP
C:\System Volume Information\_restore{99C83739-05B9-4B8B-B8D6-4F2BB14F73A5}\RP10\A0001925.exe: disinfection failed
C:\System Volume Information\_restore{99C83739-05B9-4B8B-B8D6-4F2BB14F73A5}\RP11\A0001935.dll: infected with Trojan.Downloader.Agent.BC
C:\System Volume Information\_restore{99C83739-05B9-4B8B-B8D6-4F2BB14F73A5}\RP11\A0001935.dll: disinfection failed
C:\System Volume Information\_restore{99C83739-05B9-4B8B-B8D6-4F2BB14F73A5}\RP11\A0001963.exe: infected with Trojan.Downloader.WinShow.AP
C:\System Volume Information\_restore{99C83739-05B9-4B8B-B8D6-4F2BB14F73A5}\RP11\A0001963.exe: deleted
C:\System Volume Information\_restore{99C83739-05B9-4B8B-B8D6-4F2BB14F73A5}\RP12\A0001967.exe: infected with Trojan.Downloader.Agent.AP
C:\System Volume Information\_restore{99C83

We are getting there userE.

Please restart HJT put a check next to the following, close all open windows and click "Fix Checked"
R3 - Default URLSearchHook is missing
O4 - HKCU\..\Run: [winpack] C:\WINDOWS\System32\winpack.exe
O4 - HKCU\..\Run: [icfgnt5] C:\WINDOWS\system32\icfgnt5.exe


Next reboot to safe mode ( By tapping the F8 key on start up) Make sure you can view all Hidden Files/Folders search for and delete the above files highlighted in BOLD
C:\WINDOWS\System32\winpack.exe
C:\WINDOWS\system32\icfgnt5.exe
C:\WINDOWS\system32\xigdx.dll
C:\WINDOWS\system32\wwnon.dll
C:\WINDOWS\system32\remove_me.dll
C:\WINDOWS\tbikeo.txt
C:\WINDOWS\mbbpyq.log
C:\WINDOWS\sewcuc.dat
C:\WINDOWS\hhrptz.dat
C:\WINDOWS\dheoxl.dat
C:\WINDOWS\njdlwr.dat
C:\WINDOWS\ouwlbg.dat
C:\WINDOWS\zzsvre.dat
C:\WINDOWS\vajegd.log
C:\WINDOWS\rimygh.dat
C:\WINDOWS\lpqbmq.dat
C:\WINDOWS\xosfjq.dat
C:\WINDOWS\vzpnbd.dat
C:\WINDOWS\fbkcwk.dat
C:\WINDOWS\izjlrn.dat
C:\WINDOWS\jkxnbq.dat
C:\WINDOWS\psmpnm.dat
C:\WINDOWS\itxupw.dat
C:\WINDOWS\wlxie.dll
C:\WINDOWS\sjqeew.log
C:\WINDOWS\ienn32.dll
C:\WINDOWS\loopny.log
C:\WINDOWS\dhzupj.log
C:\WINDOWS\pipoll.dat
C:\WINDOWS\mfcmu.exe
C:\WINDOWS\qiynxy.dat
C:\WINDOWS\xfpjes.txt
C:\WINDOWS\apidq32.exe
C:\WINDOWS\iidqqx.dat
C:\WINDOWS\apidq32.exe
C:\WINDOWS\jussrz.dat
C:\Documents and Settings\Don\Local Settings\Temp\6.tmp
C:\Documents and Settings\Don\Local Settings\Temp\B.tmp
C:\Documents and Settings\Don\Local Settings\Temp\F.tmp
C:\Documents and Settings\Don\Local Settings\Temp\2.tmp
C:\Documents and Settings\Don\Local Settings\Temp\10.tmp
C:\Documents and Settings\Don\Local Settings\Temp\4.tmp

Restart your computer,
If you clear out the quarantine for both Ad-aware and Spybot. That will clear up most of those files found with bitdefender,
Run another scan with bitdefender,
We will get rid of the files found in system restore after we get rid of the rest of these


Post back a fresh log please

Ok don, its a lot better - you kick ass I must say....

Logfile of HijackThis v1.98.2
Scan saved at 8:17:56 PM, on 12/27/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\hjt\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: VTAgentReboot.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\office\OSA9.EXE
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab


Scanned at: 8:16:20 PM on: 12/27/2004


-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 19


ADS not scanned System(FAT)
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 19


ADS not scanned System(FAT)
Attempted Clean Of Temp folder.
Pages Reset... Done!

Good deal, It looks clean now,
Now I need you to do a couple things to keep your sysytem protected a bit better,

Download the following programs, For keeping crap off your system to begin with
Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests. Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox. Restrict the actions of potentially dangerous sites in Internet Explorer.
Download Spyware Blaster and SpywareGaurd
Check for updates after you install them, And check weekly as well
Keep Ad-aware and Spybot handy, Check them for updates and run them weekly
Same with your Anti Virus,

Be sure and give the Temp folders a cleaning out now and then as well, Make sure after you clean your Temp files to empty out your Recycle bin as well.

Remeber to Check Windows for updates

Make sure you get your windows updates, You are more than likely to get reinfected,

Also,
Please disable System Restore, Then renable it
How to turn off or turn on Windows XP System Restore

Create a new restore point name it system clean or something like that in the event you have problems down the road,