PDA

View Full Version : cmdService infection



bradleas
2006-09-04, 14:43
Here is my HJT log, i cant get an online scan to successfully complete due to the instability. Ive run spybot in safemode, ad-aware, virus checks. spybot can see cmdService but cant remove it because its in memory-- even in safe mode.

Logfile of HijackThis v1.99.1
Scan saved at 9:36:09 p.m., on 4/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\outlook\outlook.exe
C:\dfndrff_15.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Common Files\{C404835B-07DA-5129-0405-050809050040}\Update.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\kybrdff_15.exe
c:\dfndrff_16.exe
C:\PROGRA~1\COMMON~1\fwfm\fwfmm.exe
C:\WINDOWS\VXNlcg\command.exe
C:\Program Files\Network Monitor\netmon.exe
c:\ac3_0010.exe
C:\WINDOWS\system32\RUNDLL32.EXE
c:\ucmoreiex.exe
c:\nwnmff_15.exe
C:\WINDOWS\explorer.exe
C:\temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [defender] c:\\dfndrff_16.exe
O4 - HKLM\..\Run: [tdof32fe] RUNDLL32.EXE w03a5b45.dll,n 003f32fb0000000a03a5b45
O4 - HKLM\..\Run: [keyboard] c:\\kybrdff_15.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [newname] c:\\nwnmff_15.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [fwfm] C:\PROGRA~1\COMMON~1\fwfm\fwfmm.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O15 - Trusted Zone: http://activescan.pandasoftware.com
O15 - Trusted Zone: http://acs.pandasoftware.com
O15 - Trusted Zone: http://www.pandasoftware.com
O15 - Trusted Zone: http://www.pandasoftware.es
O15 - Trusted Zone: http://www.pokerroom.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147682717296
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37680.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab
O20 - AppInit_DLLs: repairs303169590.dll
O20 - Winlogon Notify: OptimalLayout - C:\WINDOWS\system32\dnl8013ue.dll
O23 - Service: AVG6 Service (AvgServ) - GRISOFT s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VXNlcg\command.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe



really desperate for some help here, my system is blowing smoke!!!

thanks a lot...

Rawe
2006-09-08, 18:11
Hello and welcome.. :) I'm sorry for the delay.

There's a lot more in that log than just cmdservice.. Very typical load of malware from alcan.

Please download Combofix (http://download.bleepingcomputer.com/sUBs/combofix.exe) to your desktop:
Double-click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

bradleas
2006-09-09, 03:21
Here it is:



User - 06-09-09 10:08:17.46
ComboFix 06.09.07 - Running from: C:\Documents and Settings\User\Desktop

Microsoft Windows XP [Version 5.1.2600]

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

REGISTRY ENTRIES REMOVED:

[HKEY_CLASSES_ROOT\CLSID\{C0F74E2F-20F7-48AB-9A47-8D91FDF1DD59}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C0F74E2F-20F7-48AB-9A47-8D91FDF1DD59}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C0F74E2F-20F7-48AB-9A47-8D91FDF1DD59}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{C0F74E2F-20F7-48AB-9A47-8D91FDF1DD59}\InprocServer32]
@="C:\\WINDOWS\\system32\\mntscax.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{91B139AC-55B4-4D69-83AE-63F01B495EDC}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{91B139AC-55B4-4D69-83AE-63F01B495EDC}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{91B139AC-55B4-4D69-83AE-63F01B495EDC}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{91B139AC-55B4-4D69-83AE-63F01B495EDC}\InprocServer32]
@="C:\\WINDOWS\\system32\\pufmgr.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{14116DD4-BE84-4806-9163-42D8A69CCD30}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{14116DD4-BE84-4806-9163-42D8A69CCD30}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{14116DD4-BE84-4806-9163-42D8A69CCD30}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{14116DD4-BE84-4806-9163-42D8A69CCD30}\InprocServer32]
@="C:\\WINDOWS\\system32\\wunstrm.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{3330CE22-0E45-4FC1-862C-4593BB3A5358}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3330CE22-0E45-4FC1-862C-4593BB3A5358}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3330CE22-0E45-4FC1-862C-4593BB3A5358}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3330CE22-0E45-4FC1-862C-4593BB3A5358}\InprocServer32]
@="C:\\WINDOWS\\system32\\njprovau.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{40F85E65-7180-458C-9E95-7A737745B83F}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{40F85E65-7180-458C-9E95-7A737745B83F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{40F85E65-7180-458C-9E95-7A737745B83F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{40F85E65-7180-458C-9E95-7A737745B83F}\InprocServer32]
@="C:\\WINDOWS\\system32\\cLmocx.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{3B900061-45CE-4CCD-9F68-40ED25B85779}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3B900061-45CE-4CCD-9F68-40ED25B85779}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3B900061-45CE-4CCD-9F68-40ED25B85779}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{3B900061-45CE-4CCD-9F68-40ED25B85779}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


FILES REMOVED:

C:\WINDOWS\system32\cLmocx.dll
C:\WINDOWS\system32\dfmodemx.dll
C:\WINDOWS\system32\dn8s01l7e.dll
C:\WINDOWS\system32\hr2805fue.dll
C:\WINDOWS\system32\iym32.dll
C:\WINDOWS\system32\k8pm0i71e8.dll
C:\WINDOWS\system32\kgdinben.dll
C:\WINDOWS\system32\loexpand.dll
C:\WINDOWS\system32\mllbui.dll
C:\WINDOWS\system32\moswch.dll
C:\WINDOWS\system32\njprovau.dll
C:\WINDOWS\system32\o6pq0g75e6.dll
C:\WINDOWS\system32\tfappcmp.dll
C:\WINDOWS\system32\wkps.dll
C:\WINDOWS\system32\wlps.dll
C:\WINDOWS\system32\wlps2.dll
C:\WINDOWS\system32\wunstrm.dll


Granting sedebugprivilege to Administrators ... successful


((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\repairs303169590.dll_tobedeleted
C:\Documents and Settings\User\Application Data\Sskdmns.dll
C:\Documents and Settings\User\Application Data\Sskknwrd.dll
C:\WINDOWS\system32\bk.exe
C:\Program Files\surfsidekick 3\Ssk.exe
C:\Program Files\surfsidekick 3\SskBho.dll
C:\Program Files\surfsidekick 3\SskCore.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


C:\Program Files\surfsidekick 3\Ssk.exe
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\drsmartload2.dat
C:\WINDOWS\keyboard1.dat
C:\WINDOWS\newname.dat
C:\WINDOWS\teller2.chk
C:\dfndrff_16.exe
C:\drsmartload.exe
C:\drsmartload45a45p.exe
C:\drsmartload46a46p.exe
C:\deskbar3.exe
C:\kybrdff_16.exe
C:\kybrdff_17.exe
C:\MTE3NDI6ODoxNg.exe
C:\MTE3NDI6ODoxNgnew.exe
C:\nwnmff_16.exe
C:\nwnmff_17.exe
C:\stub_113_4_0_4_0newer.exe
C:\warebundlenewer.exe
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\ERQN2H09\dfndrff_15[1].exe
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\OHEF6B8N\kybrdff_15[1].exe
C:\WINDOWS\system32\aaa00000.sys
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\cmd.com
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\regedit.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tracert.com
C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\system32\winlog.exe
C:\ac3_0010.exe
C:\Installer3.exe
C:\mte3ndi6odoxng.exe
C:\ucmoreiex.exe
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\w005fbcc.dll
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Program Files\TheSearchAccelerator
C:\Program Files\ToolBar888
C:\WINDOWS\system32\aaa00000.dll
C:\WINDOWS\system32\w002ea46.dll
C:\Program Files\Deskbar
C:\Program Files\network monitor
C:\Program Files\outlook
C:\Program Files\Common Files\{C404835B-07DA-5129-0405-050809050040}
C:\WINDOWS\VXNlcg


((((((((((((((((((((((((((((((( Files Created from 2006-08-09 to 2006-09-09 ))))))))))))))))))))))))))))))))))


2006-09-09 10:06 30,208 --a------ C:\SS1001newer.exe
2006-09-04 21:05 96,768 --a------ C:\WINDOWS\system32\repairs303169590.dll
2006-09-04 20:59 0 ---hs---- C:\WINDOWS\system32\tasklist.com
2006-09-03 19:31 1,233 --a------ C:\WINDOWS\system32\tdof32fe.sys
2006-09-03 18:40 61,952 --a------ C:\WINDOWS\system32\tdof32fe.dll
2006-09-03 17:34 32,768 --a------ C:\WINDOWS\system32\setup9x.exe
2006-09-02 15:55 753,664 --------- C:\WINDOWS\system32\Tablet.exe
2006-09-02 15:55 102,400 --------- C:\WINDOWS\system32\Wintab32.dll
2006-09-01 16:27 29,752 --------- C:\WINDOWS\system32\InstHelper.dll
2006-09-01 16:26 197,680 --a------ C:\WINDOWS\system32\vpnapi.dll
2006-08-24 20:37 16,384 --a------ C:\WINDOWS\system32\FileOps.exe
2006-08-14 01:21 90,112 --a------ C:\WINDOWS\unvise32.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-09 10:16 -------- d-------- C:\Program Files\SurfSideKick 3
2006-09-09 10:16 -------- d-------- C:\Program Files\Common Files
2006-09-09 10:07 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-06 17:07 -------- d-------- C:\Program Files\Common Files\fwfm
2006-09-04 21:52 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-04 18:49 -------- d-------- C:\Program Files\AIM
2006-09-04 18:49 -------- d-------- C:\Documents and Settings\User\Application Data\Aim
2006-09-04 18:48 -------- d-------- C:\Program Files\eMule
2006-09-04 18:37 -------- d-------- C:\Program Files\Common Files\Adobe
2006-09-04 18:37 -------- d-------- C:\Program Files\Adobe
2006-09-04 18:36 -------- d-------- C:\Documents and Settings\User\Application Data\Adobe
2006-09-03 22:29 76560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2006-09-03 16:30 -------- d-------- C:\Program Files\Common Files\Macromedia
2006-09-03 16:29 -------- d-------- C:\Program Files\Macromedia
2006-09-03 07:44 -------- d-------- C:\Program Files\Corel
2006-09-02 18:40 -------- d-------- C:\Documents and Settings\User\Application Data\Skype
2006-09-02 15:55 -------- d-------- C:\Program Files\Tablet
2006-09-02 00:44 -------- d-------- C:\Program Files\Flickr Uploadr
2006-09-02 00:44 -------- d-------- C:\Documents and Settings\User\Application Data\Flickr
2006-09-01 22:06 -------- d-------- C:\Program Files\Mozilla Thunderbird
2006-09-01 21:24 -------- d-------- C:\Program Files\Bitvise Tunnelier
2006-09-01 16:26 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-01 16:26 -------- d-------- C:\Program Files\Common Files\Deterministic Networks
2006-09-01 16:26 -------- d-------- C:\Program Files\Cisco Systems
2006-08-30 15:35 -------- d-------- C:\Program Files\Trillian
2006-08-27 14:27 -------- d-------- C:\Program Files\WinZip
2006-08-24 22:07 -------- d-------- C:\Program Files\Hello
2006-08-24 21:13 -------- d-------- C:\Program Files\Picasa2
2006-08-24 20:58 -------- d-------- C:\Documents and Settings\User\Application Data\Lavasoft
2006-08-24 20:56 -------- d-------- C:\Documents and Settings\User\Application Data\Macromedia
2006-08-24 20:49 176222 --a------ C:\WINDOWS\GalleryPlayer Images Uninstaller.exe
2006-08-24 20:48 -------- d-------- C:\Program Files\Lavasoft
2006-08-24 20:46 159731 --a------ C:\WINDOWS\Google Pack Screensaver Uninstaller.exe
2006-08-24 20:45 -------- d-------- C:\Program Files\Google
2006-08-19 13:59 -------- d-------- C:\Program Files\Java
2006-08-14 15:42 -------- d-------- C:\Program Files\KODAK
2006-08-14 15:41 -------- d-------- C:\Program Files\CASIO
2006-08-14 03:41 -------- d-------- C:\Program Files\Internet Explorer
2006-08-14 01:37 -------- d-------- C:\Program Files\Yahoo!
2006-08-14 01:29 -------- d-------- C:\Program Files\InterActual
2006-08-14 01:27 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-08-14 01:25 -------- d-------- C:\Program Files\Audible
2006-08-14 01:21 -------- d-------- C:\Program Files\Inspiration 8 IE Trial
2006-08-14 01:21 -------- d-------- C:\Documents and Settings\User\Application Data\Inspiration Software
2006-07-27 23:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-22 19:26 -------- d-------- C:\Program Files\Free Audio Pack
2006-07-21 18:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-14 15:10 -------- d-------- C:\Program Files\Viewpoint
2006-07-14 10:01 -------- d-------- C:\Program Files\Microsoft Office


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="\"C:\\Program Files\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe\""
"RemoteControl"="\"C:\\Program Files\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe\""
"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"CTSysVol"="C:\\Program Files\\Creative\\SB Live! 24-bit\\Surround Mixer\\CTSysVol.exe /r"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"AVG_CC"="C:\\Program Files\\Grisoft\\AVG6\\avgcc32.exe /startup"
"BigPondCable"="\"C:\\Program Files\\Telstra\\Cable Login\\bpcable.exe\" /r"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"P17Helper"="Rundll32 P17.dll,P17Helper"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"tdof32fe"="RUNDLL32.EXE w03a5b45.dll,n 003f32fb0000000a03a5b45"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"googletalk"="\"C:\\Program Files\\Google\\Google Talk\\googletalk.exe\" /autostart"
"fwfm"="C:\\PROGRA~1\\COMMON~1\\fwfm\\fwfmm.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoActiveDesktopChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableTaskMgr"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000000
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"ClassicShell"=dword:00000000
"NoThemesTab"=dword:00000000
"ForceActiveDesktopOn"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"NoDispAppearancePage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""



Completion time: Sat 09/09/2006 10:16:48.59
ComboFix.txt


thanks!

Rawe
2006-09-09, 15:00
Lets continue :)

Please print these instructions out, or write them down, as you can't read them during the fix.

1. Please download Ewido Anti-spyware (http://www.ewido.net/en/download/) and save that file to your desktop.
This is a 30 day trial of the program
Once you have downloaded Ewido Anti-spyware, locate the icon on the desktop and double-click it to launch the setup program.
Once the setup is complete you will need run Ewido and update the definition files.
On the main screen select the icon "Update" then select the "Update now" link.
Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
If you aren't able to finish the update within Ewido for a reason or another, you can install the manual updates here (http://www.ewido.net/en/download/updates/).

Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
Select "Automatically generate report after every scan"
Un-select "Only if threats were found"

Close Ewido Anti-spyware, DO NOT run a scan just yet, we will shortly.

==

2. Please download Brute Force Uninstaller (http://www.merijn.org/files/bfu.zip) to your desktop.
Right-click the BFU folder on your desktop, and choose Extract All
Click "Next"
In the box to choose where to extract the files to,
Click "Browse"
Click on the + sign next to "My Computer"
Click on "Local Disk ( C: ) or whatever your primary drive is
Click "Make New Folder"
Type in BFU
Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
3. RIGHT-CLICK HERE (http://metallica.geekstogo.com/alcanshorty.bfu) and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!

==

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

==

4. Once in Safe Mode, please go to Start > My Computer and navigate to the C:\BFU folder.
Start the Brute Force Uninstaller by double-clicking BFU.exe
Behind the scriptline to execute field click the folder icon http://metallica.geekstogo.com/foldericon.png and select alcanshorty.bfu
Press Execute and let it do it’s job. (You ought to see a progress bar if you did this correctly.)
Wait for the Complete script execution box to pop up and hit OK.
Press Exit to terminate the BFU program.


==

5. IMPORTANT: Do not open any other windows or programs while Ewido is scanning, it may interfere with the scanning process:
Lauch Ewido Anti-spyware by double-clicking the icon on your desktop.
Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
Ewido will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all actions"
Next select the "Reports" icon at the top.
Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
Close Ewido.
Reboot into normal Windows and post the contents of Ewido log that you saved along with a fresh HiJackThis log. :bigthumb:

bradleas
2006-09-10, 01:59
sorry for the delay, i am in australia...

Logfile of HijackThis v1.99.1
Scan saved at 8:44:49 a.m., on 10/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\HJT\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [tdof32fe] RUNDLL32.EXE w03a5b45.dll,n 003f32fb0000000a03a5b45
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [fwfm] C:\PROGRA~1\COMMON~1\fwfm\fwfmm.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O15 - Trusted Zone: http://activescan.pandasoftware.com
O15 - Trusted Zone: http://acs.pandasoftware.com
O15 - Trusted Zone: http://www.pandasoftware.com
O15 - Trusted Zone: http://www.pandasoftware.es
O15 - Trusted Zone: http://www.pokerroom.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147682717296
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37680.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab
O20 - AppInit_DLLs: repairs303169590.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG6 Service (AvgServ) - GRISOFT s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

bradleas
2006-09-10, 02:03
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:28:08 a.m. 10/09/2006

+ Scan result:



C:\Program Files\SurfSideKick 3 -> Adware.SurfSide : No action taken.
C:\Program Files\SurfSideKick 3\Ssk.exe -> Adware.SurfSide : No action taken.
C:\Program Files\SurfSideKick 3\SskBho.dll -> Adware.SurfSide : No action taken.
C:\Program Files\SurfSideKick 3\SskCore.dll -> Adware.SurfSide : No action taken.
C:\WINDOWS\system32\repairs303169590.dll -> Adware.SurfSide : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf SideKick -> Adware.SurfSide : No action taken.
HKLM\SOFTWARE\SurfSideKick3 -> Adware.SurfSide : No action taken.
HKLM\SOFTWARE\SurfSideKick3\Internet Explorer -> Adware.SurfSide : No action taken.
HKU\S-1-5-21-2025429265-2000478354-725345543-1003\Software\SurfSideKick3 -> Adware.SurfSide : No action taken.
HKU\S-1-5-21-2025429265-2000478354-725345543-1003\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : No action taken.
[220] C:\WINDOWS\system32\repairs303169590.dll -> Adware.SurfSide : No action taken.
[268] C:\WINDOWS\system32\repairs303169590.dll -> Adware.SurfSide : No action taken.
[280] C:\WINDOWS\system32\repairs303169590.dll -> Adware.SurfSide : No action taken.
[428] C:\WINDOWS\system32\repairs303169590.dll -> Adware.SurfSide : No action taken.
[488] C:\WINDOWS\system32\repairs303169590.dll -> Adware.SurfSide : No action taken.
[532] C:\WINDOWS\system32\repairs303169590.dll -> Adware.SurfSide : No action taken.
[808] C:\WINDOWS\system32\repairs303169590.dll -> Adware.SurfSide : No action taken.
C:\Documents and Settings\User\Start Menu\Programs\UCmore - The Search Accelerator -> Adware.Ucmore : No action taken.
C:\Documents and Settings\User\Start Menu\Programs\UCmore - The Search Accelerator\How To Uninstall.lnk -> Adware.Ucmore : No action taken.
C:\Documents and Settings\User\Start Menu\Programs\UCmore - The Search Accelerator\UCmore - The Search Accelerator.lnk -> Adware.Ucmore : No action taken.
C:\Documents and Settings\User\Start Menu\Programs\UCmore - The Search Accelerator\UCmore Tour.lnk -> Adware.Ucmore : No action taken.
C:\Documents and Settings\User\Local Settings\Temp\Temporary Internet Files\Content.IE5\5I1KUPTF\ac3[1].txt -> Downloader.Agent.awb : No action taken.
C:\WINDOWS\system32\tdof32fe.dll -> Downloader.Agent.awb : No action taken.
C:\Documents and Settings\User\Local Settings\Temp\Temporary Internet Files\Content.IE5\9GQ94861\al3[1].txt -> Downloader.Small : No action taken.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\AXW7IBQX\al3[1].txt -> Downloader.Small : No action taken.
C:\Program Files\Common Files\fwfm\fwfmp.exe -> Downloader.TSUpdate.f : No action taken.
C:\Program Files\Common Files\fwfm\fwfma.exe -> Downloader.TSUpdate.l : No action taken.
C:\Program Files\Common Files\fwfm\fwfml.exe -> Downloader.TSUpdate.r : No action taken.
C:\SS1001newer.exe -> Dropper.Small.qn : No action taken.
:mozilla.716:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.217.73.66.16 : No action taken.
:mozilla.717:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.217.73.66.16 : No action taken.
:mozilla.74:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.100:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.101:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.102:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.103:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.104:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.105:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.106:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.107:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.108:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.109:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.110:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.111:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.112:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.113:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.114:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.215:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.455:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.489:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.668:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.70:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.71:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.72:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.73:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.76:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.77:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.78:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.79:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.80:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.81:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.82:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.83:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.84:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.85:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.86:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.87:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.88:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.89:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.90:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.91:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.92:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.93:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.94:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.95:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.96:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.97:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.98:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.99:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\User\Cookies\user@122.2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\User\Cookies\user@bigpond.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\User\Cookies\user@cnn.122.2o7[2].txt -> TrackingCookie.2o7 : No action taken.
:mozilla.130:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.131:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.132:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Guest\Cookies\guest@admarketplace[2].txt -> TrackingCookie.Admarketplace : No action taken.
:mozilla.142:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.143:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.193:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.858:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.67:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.69:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.210:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Clickbank : No action taken.
:mozilla.218:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.219:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.26:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.28:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.29:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.30:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.68:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Epilot : No action taken.
:mozilla.100:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\izaoatkq.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.101:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\izaoatkq.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.74:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\izaoatkq.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.83:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\izaoatkq.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.84:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\izaoatkq.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.85:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\izaoatkq.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.90:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\izaoatkq.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.91:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\izaoatkq.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.92:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\izaoatkq.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.93:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\izaoatkq.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.94:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\izaoatkq.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.95:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\izaoatkq.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.97:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\izaoatkq.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.98:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\izaoatkq.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.99:C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\izaoatkq.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wfl4kmd5ago.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wfmyaiajcdo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.

bradleas
2006-09-10, 02:05
:mozilla.173:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.891:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.892:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.893:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.894:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.895:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.896:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.897:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.898:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.899:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.900:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.901:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.902:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.903:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.904:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.905:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.372:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Hotlog : No action taken.
C:\Documents and Settings\User\Cookies\user@kmpads[2].txt -> TrackingCookie.Kmpads : No action taken.
:mozilla.788:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Masterstats : No action taken.
:mozilla.27:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.917:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : No action taken.
:mozilla.809:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Onestat : No action taken.
:mozilla.810:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Onestat : No action taken.
:mozilla.482:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.483:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.496:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\User\Cookies\user@data3.perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\User\Cookies\user@data4.perf.overture[1].txt -> TrackingCookie.Overture : No action taken.
:mozilla.138:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.139:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.140:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.141:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.510:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Qksrv : No action taken.
:mozilla.511:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Qksrv : No action taken.
:mozilla.512:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.513:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.838:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Realtracker : No action taken.
:mozilla.32:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.33:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.34:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.35:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.36:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.37:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.38:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.41:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.42:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.43:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.44:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.191:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.566:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.567:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.568:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.569:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.223:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.224:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.225:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.226:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.227:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.228:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.229:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.230:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.231:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.232:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.233:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.234:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.235:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.236:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.237:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.238:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.239:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.240:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.241:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.242:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.243:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.244:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.245:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.246:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.247:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.248:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.249:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.250:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.251:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.252:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.253:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.254:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.255:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.256:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.

bradleas
2006-09-10, 02:05
:mozilla.257:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.258:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.259:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.260:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.261:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.262:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.263:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.264:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.265:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.266:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.267:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.268:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.269:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.270:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.271:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.272:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.136:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.137:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.589:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.590:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.591:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.592:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.593:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.594:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.595:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.596:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.597:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.598:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.599:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.600:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.601:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.602:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.603:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.604:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.605:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.606:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.607:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.608:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.609:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.610:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.611:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.612:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.613:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.614:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.615:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.616:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.617:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.618:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.619:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.620:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.621:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.638:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.639:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\User\Cookies\user@tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.654:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.659:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.465:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Valueclick : No action taken.
:mozilla.466:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Valueclick : No action taken.
:mozilla.671:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Valueclick : No action taken.
:mozilla.682:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Web-stat : No action taken.
:mozilla.683:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Web-stat : No action taken.
:mozilla.684:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Web-stat : No action taken.
:mozilla.18:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.19:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\racfpceu.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\User\Cookies\user@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Program Files\eMedia Codec -> Trojan.Small : No action taken.
C:\Program Files\eMedia Codec\uninst.exe -> Trojan.Small : No action taken.
C:\Documents and Settings\User\Complete\1001 Tutorials Collection { www IPTorrents com }.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\3 Satans Code (Bush Codes) Cracked by Captain Eric May - Ghost Troop.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Abgeschleppt und durchgefickt xxx young girl banged.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\About CNET Networks.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Advanced search.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Age of Pirates Caribbean Tales-RELOADEDBRANDNEW[www.torrent.to].zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Air America Radio - The Al Franken Show 083106 [mp3].zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Air America Radio - The Al Franken Show 090106 [mp3].zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Air America Radio - The Majority Report 090106 [mp3].zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Ajax For Dummies 2006.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Akon Feat Eminem - Smack That (Promo CDs)-2006-Team DJ.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Alatriste TS-F Xvid MP3 [Spanish] [FeNiXP2p CoM].zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\All Mobile Unlock Software v3 01a1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\All RSS feeds.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\All Software.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\American Chopper S03E38 HDTV XviD-2HD [eztv].zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Asia-The Very Best of Asia Heat of the Moment (1982-1990)(Darkside RG).zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\B N P Newspaper - August 2006 - Blair's Britain Exposed pdf.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\BTZ-Wallpaperbabes Vol 1 by Trixxaer for www best-torrentz dl am.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Big Brother USA Live Feeds 08-30&31 & 09-01-06.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Browse categories.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Building Firewall with OpenBSD and PF [2nd Edition] pdf.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\CNET Channel.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\CNET Download.com.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\CNET News.com.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\CNET Reviews.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\CNET Shopper.com.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\CNET TV.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Call Of Juarez EMUDVD-Unleashed[www moviex info].zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Cisco - Advanced Security Technology Concepts 318 rar.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Cisco - Advanced Traffic Management (QOS) Concepts 319 rar.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Cisco - Advanced Voice over IP Tuning and Troubleshooting 409 rar.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Cisco - Advanced WAN Concepts and Troubleshooting 103 rar.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Color Atlas of Neurosciences, Neuroanatomy and Neurophysiology (Thieme 2000) { www IPTorrents com }.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Color Atlas of Ultrasound Anatomy (Thieme 2004) { www IPTorrents com }.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Compare Prices.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Copyright policy.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Dead Or Alive Xtreme Beach Volleyball ---- DVD ISO.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Def Jam Fight for NY the Takeover [EUR] [UMDRip] [PSP].zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Duran Duran [Complete Discography].zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\FFdshow-20060901-rev2618 Mega Codec Pack.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\FHM Magazine Calendar 2006.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Fantastic Four - 002 - Trial by Fire {C P} avi.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Forum back online!.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Free MP3s.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GIF Movie Gear 4.02.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GIF Prep 1.0.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GIFConverter 2.4.4.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GIFCruncher EA5.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GIHS Affiliate Master Program 1.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GIPALS General Interior-Point Algorithm Linear Solver 1.2.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GIPALS32 - Linear Programming Library 1.2.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GIS Image Analyzer 1.zip/Setup.exe -> Worm.VB.dw : No action taken.

bradleas
2006-09-10, 02:07
C:\Documents and Settings\User\Complete\GIS.NET 1.1.3.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GJ Pacman aMAZEment 1.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GL Golf 1.9.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GLBasic SDK 1.4.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GLHexen 2 Update 0.8.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GLMStat 5.7.4.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GLMStat X 5.7.7.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GLScene for Lazarus Install 6.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GLT Chaos Screen Saver 0.4.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GM Hockey 2.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GML GrowCut 1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GMP SQL Query 2005 1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GMail Bookmark 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GMail2 2.21.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GNCutter 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GNI Study Bible 1.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GNU Visual Debugger 1.2.5.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GNUMail.app 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GOFLOW Visual Designer 3.5.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GOGO Exif Image Viewer ActiveX Control 1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GOGO Photo To Movie Converter 1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GOGO Picture Viewer ActiveX Control 3.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GOGO Picture Viewer Pro ActiveX Control 3.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GOIM 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GOM Media Player 2.0.6.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GONG! 2.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GOlog 1.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Ghost Installer Free Edition 4.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Ghost Installer Studio 4.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Ghost Key Logger Lite 3.8.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Ghost Keylogger 3.73.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Ghost MP3 CD Maker 2.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Ghost Master UK bonus scenario .zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Ghost Ship Screen Saver 1.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Ghost-It 1.03.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Ghost-Tech Paranormal Investigator 1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GhostClip 2.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GhostForest Interactive Screensavers 3.5.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GhostSurf 2006 Platinum .zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GhostTyperXML 3.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Ghostfiles 2.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Ghostfiles Service 3.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Ghostmailer 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Ghostphrase 2.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Ghosts-n-Goblins 1.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Ghronos 2.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Giant Dogs 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Giants Citizen Kabuto 1.1 patch .zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Giants Citizen Kabuto 1.4 patch .zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Giants Citizen Kabuto Meccaryn demo .zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Giants Citizen Kabuto Reaper demo .zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Giants Citizen Kabuto Red Blood patch .zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gibson Screensaver 1.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gif2Swf 2.5.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GifSplitter 1.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gift 6.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gift Exchange 2.3.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gift Finder 1.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GiftBox Plus 3.7.2.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GiftBox Plus 3.7.6.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GiftWorks 2006 2.0.52.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gifts Of Love Christmas Screensaver 1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gifts and More Christmas Screensaver 1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GigAlarm 1.28.2.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Giga 5.7.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Giga Templates 2.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GigaBar 1.58.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GigaPacker 1.6.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GigaSoft ProEssentials 5.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GigaTask 2.17.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GigaTrust for Email 3.2.385.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gigaget Download Manager 1.0.0.23.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Giganews Binary Newsreader 3.1.6.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gigantic (A Tale of Two Johns) Trailer .zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gigli Trailer .zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GimmeFreeData 1.5.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GimmeSomeTune 1.6.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gimp-Print 4.3.18.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gin Rummy 2006.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gin Rummy Pro 2.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gin RummyVideo-Poker 2.1.59.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gink in Trouble 1.0.11.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Ginkgo Paint 1.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Girafa 2.12.06.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Giraffe 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Girder 3.3.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Girl On Playground Jigsaw Puzzle 96pc.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Girtab 1.6.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gish .zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gish 1.3.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gish v1.3 patch .zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gitarrero Beginner 1.2.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Give Me Too Network Sniffer 2.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Giving and Sharing Christmas Screensaver 1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Giza 2.1.7.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gizmo Database 2.0.2.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gizmo Drive 2.0.3.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gizmo Editor 2.0.5.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gizmo Hasher 2.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gizmo Project 2.0.0.165.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gizmo Script 2.0.4.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gizmo Synchronization 2.0.3.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gizmo Toolbar 2.0.8.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gizmo Village 2.0.8.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GlTron 0.62.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Glace 1.2.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Glacier Bay 1.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Glance 2.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Glary Utilities 1.5.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Glass Window 1.5.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GlassRoom 3.3.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Glassbox Troubleshooter 1.23.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Glest 1.1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Glg Toolkit 2.5.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GlidePics 3D 1.088.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GloPhone 2.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GlobFX Composer 1.0.9.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Global Audio Control 1.8.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Global Calendar Sharing 2002XP 2.1.9.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Global Calendar Sharing 2003 2.1.9.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Global City Weather 1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Global Clipboard 2.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Global Conquest 1.01.zip/Setup.exe -> Worm.VB.dw : No action taken.m.VB.dw : No action taken.

bradleas
2006-09-10, 02:08
C:\Documents and Settings\User\Complete\Global Defense Network 1.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Global Downloader 1.1.0.3.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Global IM 2.0.5.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Global Internet Dialer 9.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Global MU Online 1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Global Network Inventory 1.3.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Global Operations - GOEdit patch .zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Global Operations 1.1 demo patch .zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Global Operations 1.2 patch (Asia) .zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Global Operations multiplayer demo .zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Global Positioning Submitter 1.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Global Search And Replace 1.5.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Global Site Support 1.12.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Global Time Synchronizer 1.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Global Torrent Searcher 0.3.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Global Tracks 6.14.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Global Village 56K PC Card Firmware Update 2.081.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Global Village K56flex Firmware PC Card Updater 1.120.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Global Village TelePort 56 K56flex Firmware Updater 1.201.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Global Village TelePort Platinum Comm Slot Firmware Upgrade 1.511.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Global Watch List 1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GlobalAdventures Japan ARM 2.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GlobalDrive Virtual Disk Drive 3.0.2.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GlobalFax TelePort 56 x2 Updater 1.0.3.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GlobalFax for Teleport Modems 2.6.8.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GlobalOffice 2.02.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GlobalPatrol WebScout 2.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GlobalSale Software 5.6.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GlobalScape Secure FTP Server 3.1.5.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GlobalSpellChecker 1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GlobalTraceRoute 2005.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GlobalWx Weathermapper 1.81.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Globalbrain Personal Edition 2.0 build 189.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Globaltrust Verification Engine 1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Globe7 2.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Globe7 Video Phone 2.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Globex 3.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Globex Pro 3.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Glog 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GloopIt 1.04.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Glorious Waterfalls 1.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Glorm 1.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Glory Zone 1.2.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Glory of the Roman Empire demo .zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Glossary of International Banking and Finance 9984921700.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Glow Worm demo .zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GlowCode 4.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Glowing Skin Secrets Revealed 1.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GlowingWorld Screen Saver 3.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GlucoBase 1.64.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GlucoControl 2.3.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Glucose Journal and Database 2.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Glucose Tracker 5.9.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gluten Guard 2.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gluten Guard XP 1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gluten Guard for Palm 1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gluz 6.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Glycemic Index And Weight Loss 1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GlycoLoad 1.2.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Glyph 1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GlyphThis 4.04.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gmail Explorer 1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gmail Notifier 1.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gmail Opener 1.4.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gmail Space 0.3.3.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gmail for Windows 1.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gmail2Stream 1.7.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gmaps Pedometer .zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gnoseo QuickRun 1.6.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gnuplot 4.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gnutella Donkey 1.5.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gnutella Lite 5.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Bingo 1.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Fishin' 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Frame Go 1.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Assistant 8.74.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Attack and Defense for Handheld PC (ARM) 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Attack and Defense for Handheld PC (MIPS) 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Attack and Defense for Handheld PC (SH3) 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Attack and Defense for Handheld PC (SH4) 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Attack and Defense for Palm 1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Attack and Defense for Palmsize PC (MIPS) 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Attack and Defense for Palmsize PC (SH3) 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Attack and Defense for Pocket PC (ARM) 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Attack and Defense for Pocket PC (MIPS) 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Attack and Defense for Pocket PC (SH3) 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Attack and Defense for Pocket PC 2002 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Attack and Defense for Smartphone 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Attack and Defense for Symbian Series 60 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Attack and Defense for Symbian Series 80 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Attack and Defense for Symbian Series 90 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Attack and Defense for Symbian UIQ 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Attack and Defense for Windows Mobile 2003 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Hamete and Overplay for Handheld PC (ARM) 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Hamete and Overplay for Handheld PC (MIPS) 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Hamete and Overplay for Handheld PC (SH3) 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Hamete and Overplay for Handheld PC (SH4) 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Hamete and Overplay for Palm 1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Hamete and Overplay for Palmsize PC (MIPS) 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Hamete and Overplay for Palmsize PC (SH3) 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Hamete and Overplay for Pocket PC (ARM) 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Hamete and Overplay for Pocket PC (SH3) 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Hamete and Overplay for Pocket PC 2002 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Hamete and Overplay for Smartphone 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Hamete and Overplay for Symbian Series 60 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Hamete and Overplay for Symbian Series 80 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Hamete and Overplay for Symbian Series 90 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Hamete and Overplay for Symbian UIQ 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Hamete and Overplay for Windows Mobile 2003 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Life and Death for Handheld PC (ARM) 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Life and Death for Handheld PC (MIPS) 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Life and Death for Handheld PC (SH3) 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Life and Death for Handheld PC (SH4) 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Life and Death for Palm 1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Life and Death for Palmsize PC (MIPS) 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Life and Death for Palmsize PC (SH3) 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Life and Death for Pocket PC (ARM) 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Life and Death for Pocket PC (MIPS) 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Life and Death for Pocket PC (SH3) 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Life and Death for Pocket PC 2002 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Life and Death for Smartphone 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Life and Death for Symbian Series 60 1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Life and Death for Symbian Series 80 1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Life and Death for Symbian Series 90 1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Life and Death for Symbian UIQ 1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Life and Death for Windows Mobile 2003 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Skill of Endgame for Handheld PC (ARM) 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Skill of Endgame for Handheld PC (MIPS) 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Skill of Endgame for Handheld PC (SH3) 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Skill of Endgame for Handheld PC (SH4) 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Skill of Endgame for Palm 1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Skill of Endgame for Palmsize PC (MIPS) 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Skill of Endgame for Palmsize PC (SH3) 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Skill of Endgame for Pocket PC (ARM) 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Skill of Endgame for Pocket PC (MIPS) 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Skill of Endgame for Pocket PC (SH3) 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Skill of Endgame for Pocket PC 2002 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Skill of Endgame for Smartphone 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Skill of Endgame for Symbian Series 60 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Skill of Endgame for Symbian Series 80 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Skill of Endgame for Symbian Series 90 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Skill of Endgame for Symbian UIQ 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Game Skill of Endgame for Windows Mobile 2003 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.

Rawe
2006-09-10, 02:08
Please rerun the Ewido scan. It shows that you have applied no action against its findings.

Make sure you have this setting done:

Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".

Then please follow the steps for Ewido again (running the scan in Safe Mode and quarantining the findings), you can go ahead and delete alcanshorty.bfu.. Then also please post an fresh HijackThis log along with the Ewido results in your next reply.

bradleas
2006-09-10, 02:08
C:\Documents and Settings\User\Complete\Go Jack 1.0.18.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go Magical Boy 4.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go! Motorbike Manager 3.0d.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go-Budget 3 3.2.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go-For-It! 1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go-Go Database 2.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go-Liberty 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go2PDF 1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go4Customer Answering + Fax Machine 1.1b.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go4Customer Answering, Fax, Call Recording & IVR Machine 1.2.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Go4Customer IVR, ACD, Predictive Dialer Professional Edition 2.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GoBar 2.5.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GoBeProductive 3.0.4.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GoBinder 2006.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GoChron 2.2.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GoDB 3.4.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GoDB Enterprise Edition 3.6.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GoDB Lite Edition for Symbian Series 60 3.6.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GoGo CD To MP3 Ripper 1.4.5.4.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GoGoData Toolbar 3.0.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GoLandscape 2.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GoLinkUp Professional 1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GoMail mass mailer for Outlook 200X 2.4.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GoPOP 1.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GoRecord 1.0.3.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GoRound 2.6a.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GoSing Karaoke Player 2.70c.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GoSuRF Browser 2.62.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GoText 1.05.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Goal Master 3.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Goal Striker 1.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Goal-getter 1.9.3.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GoalEnforcer 1.6.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GoalMaker Lite Edition 3.1.5.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Goalwriter 2.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Goblin Toolbar 12.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Goblins Puzzle 2.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\God Bless America Screensaver 1.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\God Child Kaori Yuki RAW [complete] rar.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\God's Creatures 2.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gods Land of Infinity demo .zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gods Lands of Infinity 1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GodsofOlympus 1.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Goebel Desktop Search Toolbar 2.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Goforth AutoWeb 1.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Goforth Automated FTP 1.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gogame Hamete and Overplay for PocketPC (MIPS) 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gogame Hamete and Overplay for Windows 1.27.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gogame Life and death for Windows 3.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gogame Skill of Endgame for Windows 1.17.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gogo DVD To AVIVCDSVCD Ripper 1.2.3.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gogo DVD To Ipod Converter 1.2.1.4.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gogo DVD To PSP Converter 1.2.1.4.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gogo Explorer 2.1.4.6450.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Going Beyond Vaikuntha 1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gol AVIVCDDVD Converter 1.1.3.6.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gold Calculator 3.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gold Calculator Gold 3.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gold Calculator Lite 3.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gold Dia Suite 4.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gold Digger The Lost Mines 2.0.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gold Fever 1.0.55.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gold Frog 1.2.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gold Lace Screensaver 2.2.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gold Man 1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gold Mine 1.05.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gold Miner .zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gold Miner 1.10ra.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gold Miner Joe .zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gold Miner Joe 1.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gold Miner Joe 1.01.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gold Miner Special Edition .zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gold Miner Vegas 1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gold Nugget Backup 2.0.4.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gold Paintball Manager 1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gold Parser Builder 2.4.2.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gold Seeker 1.4.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gold Strike 1.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Gold Strike Deluxe 1.0.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GoldBug 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GoldLeo Audio Recorder 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GoldLeo MP3 Tag Editor 4.1 Build 2341.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GoldLeo Video Converter 1.1 build 784.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GoldMemory 6.68.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GoldMine 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GoldScrap 1.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GoldSoft Organizer 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GoldTach Pro 2.3.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GoldWave 5.06.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Goldberg (Classic) 2.3.2.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Goldberg 2.3.2.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Golden Bird 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Golden Collection Jokes 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Golden Dragon 5 17.7.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Golden Eye 4.01.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Golden FTP Server 1.92.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Golden Inventory System 2.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Golden Keywords 4.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Golden Records 1.01.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Golden Sales 11.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Golden Tut 3D Screensaver 1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GoldenFolders 4.06.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GoldenGem 1.4.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GoldenSection Notes 3 build 925.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Goldenseal 3.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Goldfish Aquarium 1.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\GoldfishHD iPod Video Converter 1.2.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Golf Adventure Galaxy 1.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Golf Animated Jigsaw Puzzle 100pc.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Golf Budde 5.4.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Golf Desktop Wallpaper 1.1.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Golf Handicap and Stats Recorder 1.3.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Golf Handicapper 6.0.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Golf Interactive Desktop Wallpaper 2.zip/Setup.exe -> Worm.VB.dw : No action taken.
C:\Documents and Settings\User\Complete\Golf King 1.16.zip/Setup.exe -> Worm.VB.dw : No action taken.

bradleas
2006-09-10, 03:52
my mistake, i neglected to tell ewido to apply actions.

there is a problem though: when i tell it to apply actions it freezes. so i have not been able to get it to generate a log after cleaning.

*************************


Logfile of HijackThis v1.99.1
Scan saved at 10:47:40 a.m., on 10/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\HJT\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [tdof32fe] RUNDLL32.EXE w03a5b45.dll,n 003f32fb0000000a03a5b45
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [fwfm] C:\PROGRA~1\COMMON~1\fwfm\fwfmm.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O15 - Trusted Zone: http://activescan.pandasoftware.com
O15 - Trusted Zone: http://acs.pandasoftware.com
O15 - Trusted Zone: http://www.pandasoftware.com
O15 - Trusted Zone: http://www.pandasoftware.es
O15 - Trusted Zone: http://www.pokerroom.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147682717296
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37680.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab
O20 - AppInit_DLLs: repairs303169590.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG6 Service (AvgServ) - GRISOFT s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

Rawe
2006-09-10, 12:57
Lets do something else then :)

I hope this scanner won't freeze... Its VERY effective & thorough.

Please print these instructions out, or write them down, as you can't read them during the fix.

Please download MWav (http://www.spywareinfo.dk/download/mwav.exe):

Unzip it to its predetermined directory (C:\Kaspersky)
Locate kavupd.exe in the new folder and double-click to Update.
If your firewall gives any messages about this program accessing to internet, allow it.
If it says the signatures are more than 30 days old, keep trying, until you get the actual definition updates.
When you see Updates Downloaded Successfully, hit Enter to continue.
Restart onto Safe Mode (http://www.pchell.com/support/safemode.shtml) and locate the Kaspersky folder.
Locate mwavscan.com and double-click on it to launch the MWAV Scanner.Now lets do the settings:
Leave the Default Settings checked.
Add a check to Drives
This will light up All Drives
Add a check to Scan all Files
Click Scan Clean to begin.
This scan might take around 3+ hours to finish when set to scan everything.
Please be sure it has finished before proceeding.
Once the scan has finished, all entries identified as Infected, will be displayed in the lower panel.
Highlight everything that is inside the lower panel and hit Ctrl+C at the same time to copy.
Open an empty notepad file and paste the results (Ctrl+V) to it. Save the notepad to your desktop, name it as you want (e.g; MWav Results).Reboot into normal Windows and post the results here along with a fresh HijackThis log. :bigthumb:

bradleas
2006-09-11, 14:37
here is kapersky log:


File C:\PROGRA~1\SURFSI~1\Ssk.exe tagged as not-a-virus:AdWare.Win32.SurfSide.av. No Action Taken.
File C:\WINDOWS\system32\bk.exe tagged as not-a-virus:AdWare.Win32.SurfSide.ay. No Action Taken.
File C:\WINDOWS\system32\repairs303169590.dll tagged as not-a-virus:AdWare.Win32.SurfSide.ap. No Action Taken.
File C:\Program Files\SurfSideKick 3\Ssk.exe tagged as not-a-virus:AdWare.Win32.SurfSide.av. No Action Taken.
File C:\Program Files\SurfSideKick 3\SskBho.dll tagged as not-a-virus:AdWare.Win32.SurfSide.ay. No Action Taken.
File C:\Program Files\SurfSideKick 3\SskCore.dll tagged as not-a-virus:AdWare.Win32.SurfSide.ay. No Action Taken.
File C:\WINDOWS\system32\bk.exe tagged as not-a-virus:AdWare.Win32.SurfSide.ay. No Action Taken.
File C:\WINDOWS\system32\repairs303169590.dll tagged as not-a-virus:AdWare.Win32.SurfSide.ap. No Action Taken.


hjt:


Logfile of HijackThis v1.99.1
Scan saved at 9:31:36 p.m., on 11/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [tdof32fe] RUNDLL32.EXE w03a5b45.dll,n 003f32fb0000000a03a5b45
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O15 - Trusted Zone: http://activescan.pandasoftware.com
O15 - Trusted Zone: http://acs.pandasoftware.com
O15 - Trusted Zone: http://www.pandasoftware.com
O15 - Trusted Zone: http://www.pandasoftware.es
O15 - Trusted Zone: http://www.pokerroom.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147682717296
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37680.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab
O20 - AppInit_DLLs: repairs303169590.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG6 Service (AvgServ) - GRISOFT s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe



thanks.

Rawe
2006-09-11, 16:02
Through Add/Remove programs uninstall the following entries if present:

Viewpoint <-- Anything that relates to Viewpoint
SurfSideKick <-- Anything that relates to SurfSideKick

After that, please reboot. Now, after reboot, navigate to and delete the following folders & files if present:

C:\WINDOWS\system32\repairs303169590.dll
C:\Program Files\SurfSideKick 3
C:\Program Files\Viewpoint
C:\WINDOWS\SYSTEM32\w03a5b45.dll

Empty recycle bin.

---

Next, please run a scan with HijackThis and check the following objects for removal if present:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [tdof32fe] RUNDLL32.EXE w03a5b45.dll,n 003f32fb0000000a03a5b45
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe

Now close ALL other open windows except for HijackThis and hit FIX CHECKED. Exit HijackThis.

----

Finally

Please run the F-Secure Online Scanner (http://support.f-secure.com/enu/home/ols3.shtml#)

Note: This scanner is for internet explorer only!
Follow the instructions here (http://support.f-secure.com/enu/home/ols3.shtml) for installation.
Accept the License Agreement.
Once the ActiveX installs, click Full System Scan
Once the download completes, the scan will begin automatically.
The scan will take some time to finish, so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and copy & paste the entire report in your next reply along with a fresh HijackThis log and also let me know how things went. :bigthumb:

bradleas
2006-09-12, 03:50
It seemed to go well, no surprises, although one of the hjt entries marked for delete claimed there was (no file). Instead of

R3-URLSearchHook: (no name) -{02EE etc...}- C:\ProgramFiles\SurfSideKick 3\SskBho.dll

It read:

R3-URLSearchHook: (no file) -{02EE etc...}-(no file)

but i checked it anyway. Here are the logs:


Scanning Report
Tuesday, September 12, 2006 10:10:57 - 10:41:00

Computer name: USER-EDFC52CE63
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\
Result: 2 malware found
Trojan-Clicker.Win32.VB.fl (virus)

* C:\WINDOWS\SYSTEM32\SETUP9X.EXE (Renamed)

UCmore (spyware)

* System (Disinfected)

Statistics
Scanned:

* Files: 31553
* System: 4294
* Not scanned: 21

Actions:

* Disinfected: 1
* Renamed: 1
* Deleted: 0
* None: 0
* Submitted: 0

Files not scanned:

* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{F2016008-5D9E-425F-BC5D-C0BE2114A234}.BIN
* C:\WINDOWS\PREFETCH\LAYOUT.INI
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0313C01A490ED809D707F24764732599_07007CF8-85FB-4C77-AFCE-EC2CF91FE31B
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\19E533D302E04D7AE5C6B76FB1D01401_07007CF8-85FB-4C77-AFCE-EC2CF91FE31B
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2A7ED340DEFFB78F44864EA8B983515B_07007CF8-85FB-4C77-AFCE-EC2CF91FE31B
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2AC9B7D528E0B18C51A048083AB055C3_07007CF8-85FB-4C77-AFCE-EC2CF91FE31B
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3EFE5754F66C4484A46CD0AB7A5F465C_07007CF8-85FB-4C77-AFCE-EC2CF91FE31B
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\593BF498073CEF2FA4A7E5DCB42383F3_07007CF8-85FB-4C77-AFCE-EC2CF91FE31B
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5D2163F4BAEFAAA9941284AFF6BA78B5_07007CF8-85FB-4C77-AFCE-EC2CF91FE31B
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6BF77FE98FED2AD5E39E66291B62CC70_07007CF8-85FB-4C77-AFCE-EC2CF91FE31B
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6EBA6A2FEA8735EDF652F08165CF72E2_07007CF8-85FB-4C77-AFCE-EC2CF91FE31B
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\72619E4B84A40E613E8D4A267A18D0D4_07007CF8-85FB-4C77-AFCE-EC2CF91FE31B
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\89848F47455A750059027C00EA1281E8_07007CF8-85FB-4C77-AFCE-EC2CF91FE31B
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A0EC5F618D0EDACC4AAA4F48167EA54D_07007CF8-85FB-4C77-AFCE-EC2CF91FE31B
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A689E92B788F6F87685FB075A52E8495_07007CF8-85FB-4C77-AFCE-EC2CF91FE31B
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BBFD839DDF4321FF2B6801B129B15DBF_07007CF8-85FB-4C77-AFCE-EC2CF91FE31B
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CC4C33729ECC6DBC7201A3EED5CD10F7_07007CF8-85FB-4C77-AFCE-EC2CF91FE31B
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D1F1DB1EA72FF68FAC1D119CA55757A4_07007CF8-85FB-4C77-AFCE-EC2CF91FE31B
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D60DC4E1F3D6F5D33897521EDC188118_07007CF8-85FB-4C77-AFCE-EC2CF91FE31B

Options
Scanning engines:

* F-Secure AVP: 6.0.171, 2006-09-11
* F-Secure Libra: 2.4.1, 2006-09-09
* F-Secure Orion: 1.2.37, 2006-09-11
* F-Secure Blacklight: 1.0.31, 0000-00-00
* F-Secure Pegasus: 1.19.0, 2006-08-08
* F-Secure Draco: 1.0.35, 0259-24-212

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
* Use Advanced heuristics

Copyright © 1998-2006 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.


***************************



Logfile of HijackThis v1.99.1
Scan saved at 10:44:52 a.m., on 12/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\User\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk32.exe
C:\DOCUME~1\User\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fssm32.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\HJT\HijackThis.exe

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [AVG_CC] C:\Program Files\Grisoft\AVG6\avgcc32.exe /startup
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O15 - Trusted Zone: http://activescan.pandasoftware.com
O15 - Trusted Zone: http://acs.pandasoftware.com
O15 - Trusted Zone: http://www.pandasoftware.com
O15 - Trusted Zone: http://www.pandasoftware.es
O15 - Trusted Zone: http://www.pokerroom.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147682717296
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37680.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG6 Service (AvgServ) - GRISOFT s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe


Thanks a lot for your great help so far!

Rawe
2006-09-12, 14:29
Your HijackThis log is starting to look good :)

----

Delete this file if found (it might not be .exe file, it might just be an .ren file):

C:\WINDOWS\SYSTEM32\SETUP9X.EXE.ren

----

Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune.
This program is for XP and Windows 2000 only.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

---

Then please rerun ComboFix with the same instructions as earlier. It won't delete any files probably, I just want to see the log for further info and possible remnants :)

bradleas
2006-09-12, 15:15
I ran another spybot sweep with new detection rules and that found a bunch of stuff too. Here is combofix log:


User - 06-09-12 22:05:53.57
ComboFix 06.09.11B - Running from: C:\Documents and Settings\User\Desktop

Microsoft Windows XP [Version 5.1.2600]

((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\User\Application Data\Sskdmns.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\tasklist.com


((((((((((((((((((((((((((((((( Files Created from 2006-08-12 to 2006-09-12 ))))))))))))))))))))))))))))))))))


2006-09-02 15:55 753,664 --------- C:\WINDOWS\system32\Tablet.exe
2006-09-02 15:55 102,400 --------- C:\WINDOWS\system32\Wintab32.dll
2006-09-01 16:27 29,752 --------- C:\WINDOWS\system32\InstHelper.dll
2006-09-01 16:26 197,680 --a------ C:\WINDOWS\system32\vpnapi.dll
2006-08-24 20:37 16,384 --a------ C:\WINDOWS\system32\FileOps.exe
2006-08-14 01:21 90,112 --a------ C:\WINDOWS\unvise32.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-12 21:55 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-12 20:12 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-09-12 19:07 -------- d-------- C:\Program Files\Trillian
2006-09-12 11:28 -------- d-------- C:\Program Files\SpywareBlaster
2006-09-12 11:22 777472 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-09-12 11:22 4992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-09-12 11:22 4288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-09-12 11:22 27904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-09-12 11:22 23424 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-09-12 11:22 -------- d-------- C:\Program Files\Grisoft
2006-09-12 11:22 -------- d-------- C:\Documents and Settings\User\Application Data\AVG7
2006-09-10 11:11 -------- d-------- C:\Program Files\Sunbelt Software
2006-09-10 09:37 -------- d-------- C:\Program Files\Common Files\fwfm
2006-09-09 10:16 -------- d-------- C:\Program Files\Common Files
2006-09-04 21:52 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-04 18:49 -------- d-------- C:\Program Files\AIM
2006-09-04 18:49 -------- d-------- C:\Documents and Settings\User\Application Data\Aim
2006-09-04 18:48 -------- d-------- C:\Program Files\eMule
2006-09-04 18:37 -------- d-------- C:\Program Files\Common Files\Adobe
2006-09-04 18:37 -------- d-------- C:\Program Files\Adobe
2006-09-04 18:36 -------- d-------- C:\Documents and Settings\User\Application Data\Adobe
2006-09-03 22:29 76560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2006-09-03 16:30 -------- d-------- C:\Program Files\Common Files\Macromedia
2006-09-03 16:29 -------- d-------- C:\Program Files\Macromedia
2006-09-03 07:44 -------- d-------- C:\Program Files\Corel
2006-09-02 18:40 -------- d-------- C:\Documents and Settings\User\Application Data\Skype
2006-09-02 15:55 -------- d-------- C:\Program Files\Tablet
2006-09-02 00:44 -------- d-------- C:\Program Files\Flickr Uploadr
2006-09-02 00:44 -------- d-------- C:\Documents and Settings\User\Application Data\Flickr
2006-09-01 22:06 -------- d-------- C:\Program Files\Mozilla Thunderbird
2006-09-01 21:24 -------- d-------- C:\Program Files\Bitvise Tunnelier
2006-09-01 16:26 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-01 16:26 -------- d-------- C:\Program Files\Common Files\Deterministic Networks
2006-09-01 16:26 -------- d-------- C:\Program Files\Cisco Systems
2006-08-27 14:27 -------- d-------- C:\Program Files\WinZip
2006-08-24 22:07 -------- d-------- C:\Program Files\Hello
2006-08-24 21:13 -------- d-------- C:\Program Files\Picasa2
2006-08-24 20:58 -------- d-------- C:\Documents and Settings\User\Application Data\Lavasoft
2006-08-24 20:56 -------- d-------- C:\Documents and Settings\User\Application Data\Macromedia
2006-08-24 20:49 176222 --a------ C:\WINDOWS\GalleryPlayer Images Uninstaller.exe
2006-08-24 20:48 -------- d-------- C:\Program Files\Lavasoft
2006-08-24 20:46 159731 --a------ C:\WINDOWS\Google Pack Screensaver Uninstaller.exe
2006-08-24 20:45 -------- d-------- C:\Program Files\Google
2006-08-19 13:59 -------- d-------- C:\Program Files\Java
2006-08-14 15:42 -------- d-------- C:\Program Files\KODAK
2006-08-14 15:41 -------- d-------- C:\Program Files\CASIO
2006-08-14 03:41 -------- d-------- C:\Program Files\Internet Explorer
2006-08-14 01:37 -------- d-------- C:\Program Files\Yahoo!
2006-08-14 01:29 -------- d-------- C:\Program Files\InterActual
2006-08-14 01:27 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-08-14 01:25 -------- d-------- C:\Program Files\Audible
2006-08-14 01:21 -------- d-------- C:\Program Files\Inspiration 8 IE Trial
2006-08-14 01:21 -------- d-------- C:\Documents and Settings\User\Application Data\Inspiration Software
2006-07-27 23:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-22 19:26 -------- d-------- C:\Program Files\Free Audio Pack
2006-07-21 18:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-18 12:02 91672 --a------ C:\WINDOWS\system32\drivers\khips.sys
2006-07-18 12:02 284184 --a------ C:\WINDOWS\system32\drivers\fwdrv.sys
2006-07-14 10:01 -------- d-------- C:\Program Files\Microsoft Office


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"googletalk"="\"C:\\Program Files\\Google\\Google Talk\\googletalk.exe\" /autostart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVMixerTray"="\"C:\\Program Files\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe\""
"RemoteControl"="\"C:\\Program Files\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe\""
"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"CTSysVol"="C:\\Program Files\\Creative\\SB Live! 24-bit\\Surround Mixer\\CTSysVol.exe /r"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"BigPondCable"="\"C:\\Program Files\\Telstra\\Cable Login\\bpcable.exe\" /r"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"P17Helper"="Rundll32 P17.dll,P17Helper"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e2,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"NoDispAppearancePage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000000
"NoActiveDesktop"=dword:00000000
"NoSaveSettings"=dword:00000000
"ClassicShell"=dword:00000000
"NoThemesTab"=dword:00000000
"ForceActiveDesktopOn"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoActiveDesktopChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Completion time: Tue 12/09/2006 22:09:51.62
ComboFix.txt
ComboFix2.txt

Rawe
2006-09-12, 15:35
I would also like to see the SpyBot log, but not quite yet, first we'll delete one bad file from the ComboFix log then you need to run another SpyBot scan for me :)

Delete the following file if found:

C:\WINDOWS\unvise32.exe

Then empty recycle bin. If you are unable to find this file, then make sure you can see hidden files (http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/hiddenfiles.mspx).

Then reboot. Rerun ATF-Cleaner. Then please run a fresh SpyBot scan, make sure to check for updates, then post back with it's log aswell as one more HijackThis log :bigthumb:

bradleas
2006-09-12, 15:55
Logfile of HijackThis v1.99.1
Scan saved at 10:50:38 p.m., on 12/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\HJT\HijackThis.exe

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O15 - Trusted Zone: http://activescan.pandasoftware.com
O15 - Trusted Zone: http://acs.pandasoftware.com
O15 - Trusted Zone: http://www.pandasoftware.com
O15 - Trusted Zone: http://www.pandasoftware.es
O15 - Trusted Zone: http://www.pokerroom.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147682717296
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37680.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe


***************************
spybot:



Congratulations!: No immediate threats were found. ()



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-09-28 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-09-08 Includes\Cookies.sbi (*)
2006-09-08 Includes\Dialer.sbi (*)
2006-09-08 Includes\Hijackers.sbi (*)
2006-09-08 Includes\Keyloggers.sbi (*)
2006-09-08 Includes\Malware.sbi (*)
2006-09-08 Includes\PUPS.sbi (*)
2006-09-08 Includes\Revision.sbi (*)
2006-09-08 Includes\Security.sbi (*)
2006-09-08 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-09-08 Includes\Trojans.sbi (*)

Rawe
2006-09-12, 16:39
Hows the system running?? Popups? Having other problems? Are scans turning up anything?? :)

bradleas
2006-09-13, 02:12
The system seems stable now. Popups ceased after Kapersky (no popups for 2 days now). Your dillegence seems to have swept out the remnants. Another symptom I didnt mention was that avg was damaged (couldnt update), so I reinstalled that and everything seems to work fine now.

Thanks a lot!

:) :bigthumb:

Rawe
2006-09-13, 11:38
Great to hear! :)

Please read here how to clear old restore points and create a new one (http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx).

Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Here's some tips for future to prevent spyware;

Detect and Remove Programs:
How to use Ad-Aware to remove Spyware (http://www.bleepingcomputer.com/forums/?showtutorial=48) <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
How to use Spybot to remove Spyware (http://www.bleepingcomputer.com/forums/?showtutorial=43) <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
Prevention Programs:
Spywareblaster (http://www.javacoolsoftware.com/spywareblaster.html) <= SpywareBlaster will prevent spyware from being installed. (My favourite)
MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Other necessary Programs:
AntiVirus Program <= An AntiVirus program is a must! Whether it is a free version like AVG (http://www.grisoft.com/) or Anti-Vir (http://www.free-av.com/), or a shareware version like Norton or Kaspersky, this is a must have. (Note to only use 1 at-the-time)
Firewall <= A firewall (http://www.google.com/search?hl=en&lr=&q=define%3Afirewall&btnG=Search) is definatley a must have. Two good free versions are Kerio Personal Firewall (http://www.kerio.com/us/kpf_download.html) and ZoneLabs (http://www.zonelabs.com/store/content/home.jsp). (Note to only use 1 at-the-time)
More Secure Browser <= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox (http://www.mozilla.com/).And also see TonyKlein's good advice;
So how did I get infected in the first place? (http://castlecops.com/postlite7736-.html)

tashi
2006-09-16, 05:50
As the problem appears to be resolved this topic has been archived. :)

If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread; this applies only to the original topic starter.

Glad we could help, thank you Rawe.