When I connect to the internet I get this message to install a toolbar, I have run adaware but can`t get rid of it. http:web.links4all.biz and asks me if I want to install Toolbar888 publisher YAWSA LLC.I have downloaded hijack this but need further help as I am not sure which things I can delete with safety.
Thanks so much!
Full Version: toolbar
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive General Support Issues
Hi lalenia,
In order for the malware experts to assist you, please post scan-logs from both Ad-Aware and HijackThis, as set out in my post here: Unable to remove spywares Boran.g et Smitfraud-C (the 2nd post in the thread)
Once you have posted the logs, please do not "bump" your thread (by adding further posts), as the logs are read from oldest to newest. It may take a little while before an expert subscribes to your post, so your patience would be appreciated
Regards,
Spike
In order for the malware experts to assist you, please post scan-logs from both Ad-Aware and HijackThis, as set out in my post here: Unable to remove spywares Boran.g et Smitfraud-C (the 2nd post in the thread)
Once you have posted the logs, please do not "bump" your thread (by adding further posts), as the logs are read from oldest to newest. It may take a little while before an expert subscribes to your post, so your patience would be appreciated
Regards,
Spike
Logfile of HijackThis v1.99.1
Scan saved at 9:02:58, on 5/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Documents and Settings\Lal\Bureaublad\Yinstall.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\PROGRA~1\PRINTV~1\pvmodule.exe
C:\Program Files\Common Files\{320D180E-0578-2067-0614-050315050020}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\DOCUME~1\Lal\LOCALS~1\Temp\Tijdelijke map 1 voor hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe"
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows APCI Verifier] dhcpserv.exe
O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\Lal\Bureaublad\Yinstall.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe
O4 - HKLM\..\RunServices: [Windows APCI Verifier] dhcpserv.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe"
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
I added the other log onto this for adaware but it gave me an error message! zill try and send it again, THKS
Scan saved at 9:02:58, on 5/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Documents and Settings\Lal\Bureaublad\Yinstall.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\PROGRA~1\PRINTV~1\pvmodule.exe
C:\Program Files\Common Files\{320D180E-0578-2067-0614-050315050020}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\DOCUME~1\Lal\LOCALS~1\Temp\Tijdelijke map 1 voor hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe"
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows APCI Verifier] dhcpserv.exe
O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\Lal\Bureaublad\Yinstall.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe
O4 - HKLM\..\RunServices: [Windows APCI Verifier] dhcpserv.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe"
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
I added the other log onto this for adaware but it gave me an error message! zill try and send it again, THKS
this is adaware it is huge!
avast! Report
* This file is generated automatically
*
* Task 'Simple user interface' used
* Started on donderdag 5 oktober 2006 14:41:59
* VPS: 0640-3, 05/10/2006
*
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloader.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloader.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DeskMateTahni.zip\ac3_0010.exe [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DeskMateTahni.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechYSB.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechYSB.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip\drsmartload1.exe [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC4.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC5.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC5.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC6.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC6.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC7.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC7.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCToolbar.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCToolbar.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCToolbar1.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCToolbar1.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SystemDoctor.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Torpig.zip\$_2341233.TMP [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Torpig.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Torpig1.zip\ibm00003.exe [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Torpig1.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Torpig2.zip\$_2341234.TMP [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Torpig2.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\UCmore.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinPE.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinPE.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinPE1.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinPE1.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\Lal\Local Settings\Temporary Internet Files\Content.IE5\Y29DN3VH\Installer[1].exe [L] Win32:Lookme-gen [Adw] (0)
While moving file to chest, error occurred: Virus chest server is not running. RPC communication failed.
File was successfully renamed/moved...
C:\Documents and Settings\Lal\Local Settings\Temporary Internet Files\Content.IE5\ODQVGTY7\ac3_0010[1].exe [L] Win32:Small-BIW [Trj] (0)
File was successfully renamed/moved...
C:\Documents and Settings\Lal\Local Settings\Temporary Internet Files\Content.IE5\ODQVGTY7\ucmoreiex[1].exe\UCMTSAIE.DLL [L] Win32:Adware-gen. [Adw] (0)
C:\Documents and Settings\Lal\Local Settings\Temporary Internet Files\Content.IE5\ODQVGTY7\ucmoreiex[1].exe\IUCMORE.DLL [L] Win32:Adware-gen. [Adw] (0)
During the file rename/move, error occurred: Gegevens van dit type worden niet ondersteund
During the file rename/move, error occurred: Gegevens van dit type worden niet ondersteund
C:\Documents and Settings\Lal\Local Settings\Temporary Internet Files\Content.IE5\ODQVGTY7\ucmoreiex[1].exe [L] Win32:Adware-gen. [Adw] (0)
File was successfully renamed/moved...
C:\Documents and Settings\Lal\Local Settings\Temporary Internet Files\Content.IE5\O34JU107\MTE3NDI6ODoxNg[1].exe [L] Win32:Trojano-2873 [Trj] (0)
File was successfully renamed/moved...
C:\Documents and Settings\Lal\passchk.exe\server2.exe [L] Win32:Agent-UA [Drp] (0)
File was successfully renamed/moved...
C:\Program Files\Alwil Software\Avast4\DATA\moved\pagefile.sys.vir [L] Win32:Sinowal-L [Trj] (0)
File was successfully renamed/moved...
C:\Program Files\Alwil Software\Avast4\DATA\moved\[UPX].2.vir\[UPX] [L] Win32:Trojano-P [Trj] (0)
File was successfully renamed/moved...
C:\Program Files\Alwil Software\Avast4\DATA\moved\wqjbtp.exe.vir [L] Win32:Trojan-gen. {Other} (0)
File was successfully renamed/moved...
C:\Program Files\Alwil Software\Avast4\DATA\moved\A0018849.exe.vir [L] Win32:Trojan-gen. {Other} (0)
File was successfully renamed/moved...
C:\Program Files\Alwil Software\Avast4\DATA\moved\MTE3NDI6ODoxNgnew.exe.vir [L] Win32:Trojano-2873 [Trj] (0)
File was successfully renamed/moved...
C:\Program Files\Alwil Software\Avast4\DATA\moved\warebundlenewer.exe.vir [L] Win32:Lookme-gen [Adw] (0)
File was successfully renamed/moved...
C:\Program Files\Alwil Software\Avast4\DATA\moved\Installer[1].exe.vir [L] Win32:Lookme-gen [Adw] (0)
File was successfully renamed/moved...
C:\Program Files\Alwil Software\Avast4\DATA\moved\ac3_0010[1].exe.vir [L] Win32:Small-BIW [Trj] (0)
File was successfully renamed/moved...
C:\Program Files\Alwil Software\Avast4\DATA\moved\UCMTSAIE.DLL.vir [L] Win32:Adware-gen. [Adw] (0)
File was successfully renamed/moved...
C:\Program Files\Alwil Software\Avast4\DATA\moved\IUCMORE.DLL.vir [L] Win32:Adware-gen. [Adw] (0)
File was successfully renamed/moved...
C:\Program Files\Alwil Software\Avast4\DATA\moved\ucmoreiex[1].exe.vir\UCMTSAIE.DLL [L] Win32:Adware-gen. [Adw] (0)
C:\Program Files\Alwil Software\Avast4\DATA\moved\ucmoreiex[1].exe.vir\IUCMORE.DLL [L] Win32:Adware-gen. [Adw] (0)
During the file rename/move, error occurred: Gegevens van dit type worden niet ondersteund
During the file rename/move, error occurred: Gegevens van dit type worden niet ondersteund
C:\Program Files\Alwil Software\Avast4\DATA\moved\ucmoreiex[1].exe.vir [L] Win32:Adware-gen. [Adw] (0)
File was successfully renamed/moved...
C:\Program Files\Alwil Software\Avast4\DATA\moved\MTE3NDI6ODoxNg[1].exe.vir [L] Win32:Trojano-2873 [Trj] (0)
File was successfully renamed/moved...
C:\Program Files\Alwil Software\Avast4\DATA\moved\server2.exe.vir [L] Win32:Agent-UA [Drp] (0)
File was successfully renamed/moved...
C:\Program Files\Alwil Software\Avast4\DATA\moved\UCMTSAIE.DLL.2.vir [L] Win32:Adware-gen. [Adw] (0)
File was successfully renamed/moved...
C:\Program Files\Alwil Software\Avast4\DATA\moved\IUCMORE.DLL.2.vir [L] Win32:Adware-gen. [Adw] (0)
File was successfully renamed/moved...
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\Ad-Aware SE Default.skn [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\arrow1.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\arrow2.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bck1.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt11.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt12.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt13.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt21.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt22.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt23.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt31.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt32.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt33.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt41.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt42.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt43.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt51.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt52.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt53.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt61.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt62.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox1.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox2.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox3.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox4.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn1.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn2.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn3.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph1.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph2.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph3.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph4.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph5.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph6.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph7.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\main.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\preview.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\sprite1.bmp [E] Archive is password protected. (42056)
C:\System Volume Information\_restore{04610B1F-2FD5-42C2-95F7-38B217AA2694}\RP197\A0017788.exe\server2.exe [L] Win32:Agent-UA [Drp] (0)
File was successfully renamed/moved...
C:\System Volume Information\_restore{04610B1F-2FD5-42C2-95F7-38B217AA2694}\RP197\A0018801.exe\server2.exe [L] Win32:Agent-UA [Drp] (0)
File was successfully renamed/moved...
C:\System Volume Information\_restore{04610B1F-2FD5-42C2-95F7-38B217AA2694}\RP198\A0018970.exe [L] Win32:Small-BIW [Trj] (0)
File was successfully renamed/moved...
C:\System Volume Information\_restore{04610B1F-2FD5-42C2-95F7-38B217AA2694}\RP198\A0018973.exe\UCMTSAIE.DLL [L] Win32:Adware-gen. [Adw] (0)
C:\System Volume Information\_restore{04610B1F-2FD5-42C2-95F7-38B217AA2694}\RP198\A0018973.exe\IUCMORE.DLL [L] Win32:Adware-gen. [Adw] (0)
During the file rename/move, error occurred: Gegevens van dit type worden niet ondersteund
During the file rename/move, error occurred: Gegevens van dit type worden niet ondersteund
C:\System Volume Information\_restore{04610B1F-2FD5-42C2-95F7-38B217AA2694}\RP198\A0018973.exe [L] Win32:Adware-gen. [Adw] (0)
File was successfully renamed/moved...
C:\System Volume Information\_restore{04610B1F-2FD5-42C2-95F7-38B217AA2694}\RP198\A0018983.exe\server2.exe [L] Win32:Agent-UA [Drp] (0)
File was successfully renamed/moved...
C:\FOUND.001\FILE0012.CHK\FILE0012 [E] GZIP archive is corrupted. (42129)
Infected files: 31
Total files: 121103
Total folders: 2528
Total size: 8,1 GB
*
* Task stopped: donderdag 5 oktober 2006 15:52:14
* Run-time was 1 hour(s), 10 minute(s), 15 second(s)
Thanks, hope you receive it ok!
avast! Report
* This file is generated automatically
*
* Task 'Simple user interface' used
* Started on donderdag 5 oktober 2006 14:41:59
* VPS: 0640-3, 05/10/2006
*
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloader.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZlobDownloader.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DeskMateTahni.zip\ac3_0010.exe [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DeskMateTahni.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechYSB.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISearchTechYSB.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip\drsmartload1.exe [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC4.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC5.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC5.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC6.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC6.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC7.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC7.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCToolbar.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCToolbar.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCToolbar1.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCToolbar1.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SystemDoctor.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Torpig.zip\$_2341233.TMP [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Torpig.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Torpig1.zip\ibm00003.exe [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Torpig1.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Torpig2.zip\$_2341234.TMP [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Torpig2.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\UCmore.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinPE.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinPE.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinPE1.zip\sbRecovery.reg [E] Archive is password protected. (42056)
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinPE1.zip\sbRecovery.ini [E] Archive is password protected. (42056)
C:\Documents and Settings\Lal\Local Settings\Temporary Internet Files\Content.IE5\Y29DN3VH\Installer[1].exe [L] Win32:Lookme-gen [Adw] (0)
While moving file to chest, error occurred: Virus chest server is not running. RPC communication failed.
File was successfully renamed/moved...
C:\Documents and Settings\Lal\Local Settings\Temporary Internet Files\Content.IE5\ODQVGTY7\ac3_0010[1].exe [L] Win32:Small-BIW [Trj] (0)
File was successfully renamed/moved...
C:\Documents and Settings\Lal\Local Settings\Temporary Internet Files\Content.IE5\ODQVGTY7\ucmoreiex[1].exe\UCMTSAIE.DLL [L] Win32:Adware-gen. [Adw] (0)
C:\Documents and Settings\Lal\Local Settings\Temporary Internet Files\Content.IE5\ODQVGTY7\ucmoreiex[1].exe\IUCMORE.DLL [L] Win32:Adware-gen. [Adw] (0)
During the file rename/move, error occurred: Gegevens van dit type worden niet ondersteund
During the file rename/move, error occurred: Gegevens van dit type worden niet ondersteund
C:\Documents and Settings\Lal\Local Settings\Temporary Internet Files\Content.IE5\ODQVGTY7\ucmoreiex[1].exe [L] Win32:Adware-gen. [Adw] (0)
File was successfully renamed/moved...
C:\Documents and Settings\Lal\Local Settings\Temporary Internet Files\Content.IE5\O34JU107\MTE3NDI6ODoxNg[1].exe [L] Win32:Trojano-2873 [Trj] (0)
File was successfully renamed/moved...
C:\Documents and Settings\Lal\passchk.exe\server2.exe [L] Win32:Agent-UA [Drp] (0)
File was successfully renamed/moved...
C:\Program Files\Alwil Software\Avast4\DATA\moved\pagefile.sys.vir [L] Win32:Sinowal-L [Trj] (0)
File was successfully renamed/moved...
C:\Program Files\Alwil Software\Avast4\DATA\moved\[UPX].2.vir\[UPX] [L] Win32:Trojano-P [Trj] (0)
File was successfully renamed/moved...
C:\Program Files\Alwil Software\Avast4\DATA\moved\wqjbtp.exe.vir [L] Win32:Trojan-gen. {Other} (0)
File was successfully renamed/moved...
C:\Program Files\Alwil Software\Avast4\DATA\moved\A0018849.exe.vir [L] Win32:Trojan-gen. {Other} (0)
File was successfully renamed/moved...
C:\Program Files\Alwil Software\Avast4\DATA\moved\MTE3NDI6ODoxNgnew.exe.vir [L] Win32:Trojano-2873 [Trj] (0)
File was successfully renamed/moved...
C:\Program Files\Alwil Software\Avast4\DATA\moved\warebundlenewer.exe.vir [L] Win32:Lookme-gen [Adw] (0)
File was successfully renamed/moved...
C:\Program Files\Alwil Software\Avast4\DATA\moved\Installer[1].exe.vir [L] Win32:Lookme-gen [Adw] (0)
File was successfully renamed/moved...
C:\Program Files\Alwil Software\Avast4\DATA\moved\ac3_0010[1].exe.vir [L] Win32:Small-BIW [Trj] (0)
File was successfully renamed/moved...
C:\Program Files\Alwil Software\Avast4\DATA\moved\UCMTSAIE.DLL.vir [L] Win32:Adware-gen. [Adw] (0)
File was successfully renamed/moved...
C:\Program Files\Alwil Software\Avast4\DATA\moved\IUCMORE.DLL.vir [L] Win32:Adware-gen. [Adw] (0)
File was successfully renamed/moved...
C:\Program Files\Alwil Software\Avast4\DATA\moved\ucmoreiex[1].exe.vir\UCMTSAIE.DLL [L] Win32:Adware-gen. [Adw] (0)
C:\Program Files\Alwil Software\Avast4\DATA\moved\ucmoreiex[1].exe.vir\IUCMORE.DLL [L] Win32:Adware-gen. [Adw] (0)
During the file rename/move, error occurred: Gegevens van dit type worden niet ondersteund
During the file rename/move, error occurred: Gegevens van dit type worden niet ondersteund
C:\Program Files\Alwil Software\Avast4\DATA\moved\ucmoreiex[1].exe.vir [L] Win32:Adware-gen. [Adw] (0)
File was successfully renamed/moved...
C:\Program Files\Alwil Software\Avast4\DATA\moved\MTE3NDI6ODoxNg[1].exe.vir [L] Win32:Trojano-2873 [Trj] (0)
File was successfully renamed/moved...
C:\Program Files\Alwil Software\Avast4\DATA\moved\server2.exe.vir [L] Win32:Agent-UA [Drp] (0)
File was successfully renamed/moved...
C:\Program Files\Alwil Software\Avast4\DATA\moved\UCMTSAIE.DLL.2.vir [L] Win32:Adware-gen. [Adw] (0)
File was successfully renamed/moved...
C:\Program Files\Alwil Software\Avast4\DATA\moved\IUCMORE.DLL.2.vir [L] Win32:Adware-gen. [Adw] (0)
File was successfully renamed/moved...
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\Ad-Aware SE Default.skn [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\arrow1.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\arrow2.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bck1.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt11.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt12.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt13.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt21.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt22.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt23.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt31.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt32.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt33.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt41.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt42.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt43.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt51.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt52.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt53.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt61.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\bt62.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox1.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox2.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox3.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\checkbox4.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn1.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn2.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\defbtn3.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph1.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph2.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph3.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph4.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph5.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph6.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\glyph7.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\main.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\preview.bmp [E] Archive is password protected. (42056)
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Skins\Ad-Aware SE default.ask\sprite1.bmp [E] Archive is password protected. (42056)
C:\System Volume Information\_restore{04610B1F-2FD5-42C2-95F7-38B217AA2694}\RP197\A0017788.exe\server2.exe [L] Win32:Agent-UA [Drp] (0)
File was successfully renamed/moved...
C:\System Volume Information\_restore{04610B1F-2FD5-42C2-95F7-38B217AA2694}\RP197\A0018801.exe\server2.exe [L] Win32:Agent-UA [Drp] (0)
File was successfully renamed/moved...
C:\System Volume Information\_restore{04610B1F-2FD5-42C2-95F7-38B217AA2694}\RP198\A0018970.exe [L] Win32:Small-BIW [Trj] (0)
File was successfully renamed/moved...
C:\System Volume Information\_restore{04610B1F-2FD5-42C2-95F7-38B217AA2694}\RP198\A0018973.exe\UCMTSAIE.DLL [L] Win32:Adware-gen. [Adw] (0)
C:\System Volume Information\_restore{04610B1F-2FD5-42C2-95F7-38B217AA2694}\RP198\A0018973.exe\IUCMORE.DLL [L] Win32:Adware-gen. [Adw] (0)
During the file rename/move, error occurred: Gegevens van dit type worden niet ondersteund
During the file rename/move, error occurred: Gegevens van dit type worden niet ondersteund
C:\System Volume Information\_restore{04610B1F-2FD5-42C2-95F7-38B217AA2694}\RP198\A0018973.exe [L] Win32:Adware-gen. [Adw] (0)
File was successfully renamed/moved...
C:\System Volume Information\_restore{04610B1F-2FD5-42C2-95F7-38B217AA2694}\RP198\A0018983.exe\server2.exe [L] Win32:Agent-UA [Drp] (0)
File was successfully renamed/moved...
C:\FOUND.001\FILE0012.CHK\FILE0012 [E] GZIP archive is corrupted. (42129)
Infected files: 31
Total files: 121103
Total folders: 2528
Total size: 8,1 GB
*
* Task stopped: donderdag 5 oktober 2006 15:52:14
* Run-time was 1 hour(s), 10 minute(s), 15 second(s)
Thanks, hope you receive it ok!
Hi Spike,
I am still waiting for a reply from my previos post dated the 5th October. Or maybe someone else will be able to help me.
Thanks
I am still waiting for a reply from my previos post dated the 5th October. Or maybe someone else will be able to help me.
Thanks
Hi lalenia, 
Regards,
Spike
QUOTE
Once you have posted the logs, please do not "bump" your thread (by adding further posts), as the logs are read from oldest to newest. It may take a little while before an expert subscribes to your post, so your patience would be appreciated
The experts were almost up to your posting-date - now you have sent yourself to the end of the queue, by posting again - sorry Regards,
Spike
QUOTE(spike-nz @ Oct 11 2006, 01:04 AM) 
Hi lalenia, The experts were almost up to your posting-date - now you have sent yourself to the end of the queue, by posting again - sorry
Regards,
Spike
Regards,
Spike
Note by Admin: Insults removed. This poster is on Moderator Preview indefinitely
Last ned CCleaner, og kjør en rens.
Oppdater AVG-antispyware
Kjør HJT og fjern:
O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\bjoffe\winstall.exe
Sørg for at du ser skjulte filer og mapper (kontrollpanel->Mappealternativer->Vis->"Vis skjulte filer og mapper"
Restart i sikker modus (tapp f8 under oppstart)
I utforsker sletter du fila (i bold)
C:\Documents and Settings\bjoffe\winstall.exe
Kjør en full scan med AVG
Restart i normal modus og post en ny HJT
Admin Note: Quote of insult removed
I regret that you feel so strongly about the wording of my post.
Blunt though it was (and yes, I admit that I could have softened the wording), it was the literal truth for the over-stretched resources of the forum at that time. To speed-up their assistance once an expert log-reader had subscribed to their topic, I asked posters to submit both Ad-Aware and HijackThis logs.
I also clearly requested that the Topics not be "bumped", as logs were read from oldest to newest. I also knew (from previous "behind-the-scenes" attempts to get "bumped" posts re-instated to their previous posting-date) that the "oldest to newest" policy of the forum was being strictly enforced.
Not being trained in reading logs myself, I gave lalenia an honest response.
Spike
I regret that you feel so strongly about the wording of my post.
Blunt though it was (and yes, I admit that I could have softened the wording), it was the literal truth for the over-stretched resources of the forum at that time. To speed-up their assistance once an expert log-reader had subscribed to their topic, I asked posters to submit both Ad-Aware and HijackThis logs.
I also clearly requested that the Topics not be "bumped", as logs were read from oldest to newest. I also knew (from previous "behind-the-scenes" attempts to get "bumped" posts re-instated to their previous posting-date) that the "oldest to newest" policy of the forum was being strictly enforced.
Not being trained in reading logs myself, I gave lalenia an honest response.
Spike
Due to lack of response by the original poster, I am closing this thread.
If the original poster still needs assistance, please send me a private message and I will be happy to re-open it.
If the original poster still needs assistance, please send me a private message and I will be happy to re-open it.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.