PDA

View Full Version : Virus Burster & Pest Capture, part 1



annpodlozny
2006-12-15, 22:10
I can't seem to get rid of Virus Burster and/or Pest Capture. HJT and Panda scan logs below.
Thanks in advance for your help.

hjt log
Logfile of HijackThis v1.99.1
Scan saved at 2:57:35 PM, on 12/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\INSTAN~1\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {1a1ddc19-5893-43ab-a73f-f41a0f34d115} - C:\Program Files\Video ActiveX Object\isaddon.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Protection Bar - {5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2} - C:\Program Files\Video ActiveX Object\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [Gnetmous] C:\Program Files\COMPAQ\Scroll Mouse\gnetmous.exe
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\4.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\INSTAN~1\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\QUICKENW\bagent.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe (file missing)
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe (file missing)
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\INSTAN~1\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .LabelGenerationServlet: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://start.earthlink.net
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15014/CTSUEng.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (eAssist NetAgent Customer ActiveX Control version 3) - https://quicken.ehosts.net/netagent/objects/custappx3.CAB
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124844022046
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://tv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_4.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\ISO Recorder\ImapiHelper.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

annpodlozny
2006-12-15, 22:19
Panda Online Scan Log

Incident Status Location

Adware:Adware/VideoActiveXObject Not disinfected C:\Program Files\Video ActiveX Object\isaddon.dll
Potentially unwanted tool:application/mywebsearch Not disinfected c:\windows\system32\f3PSSavr.scr
Potentially unwanted tool:application/funweb Not disinfected c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf
Potentially unwanted tool:application/zango Not disinfected c:\program files\Zango Programs
Adware:adware/netword Not disinfected Windows Registry
Adware:adware/exact.bargainbuddy Not disinfected Windows Registry
Adware:adware/exact.searchbar Not disinfected Windows Registry
Adware:adware/comet Not disinfected Windows Registry
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\qn933v0v.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\qn933v0v.default\cookies.txt[.2o7.net/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\qn933v0v.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\qn933v0v.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\qn933v0v.default\cookies.txt[.atwola.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\qn933v0v.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\qn933v0v.default\cookies.txt[.com.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\qn933v0v.default\cookies.txt[.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\qn933v0v.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\qn933v0v.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\qn933v0v.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\qn933v0v.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\qn933v0v.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\qn933v0v.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\qn933v0v.default\cookies.txt[.target.com/]
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\qn933v0v.default\cookies.txt[.tickle.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\qn933v0v.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\qn933v0v.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\qn933v0v.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\qn933v0v.default\cookies.txt[hc2.humanclick.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\qn933v0v.default\cookies.txt[hc2.humanclick.com/hc/89518444]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\qn933v0v.default\cookies.txt[landing.domainsponsor.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\qn933v0v.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Ann\Application Data\Mozilla\Firefox\Profiles\qn933v0v.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Ann\Application Data\Mozilla\Profiles\default\47yaofqy.slt\cookies.txt[.webpower.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Ann\Cookies\ann@2o7[1].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Ann\Cookies\ann@ads.addynamix[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Ann\Cookies\ann@ads.pointroll[1].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Ann\Cookies\ann@adultfriendfinder[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Ann\Cookies\ann@atwola[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Ann\Cookies\ann@belnk[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Ann\Cookies\ann@cgi-bin[6].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Ann\Cookies\ann@com[1].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Ann\Cookies\ann@ct.360i[1].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Ann\Cookies\ann@did-it[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Ann\Cookies\ann@dist.belnk[2].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Ann\Cookies\ann@fortunecity[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Ann\Cookies\ann@go[2].txt
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Ann\Cookies\ann@hc2.humanclick[2].txt

annpodlozny
2006-12-15, 22:20
Panda, continued

Spyware:Cookie/Kount Not disinfected C:\Documents and Settings\Ann\Cookies\ann@kount[1].txt
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Ann\Cookies\ann@landing.domainsponsor[1].txt
Spyware:Cookie/Malwarewipe Not disinfected C:\Documents and Settings\Ann\Cookies\ann@malwarewipe[2].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Ann\Cookies\ann@maxserving[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Ann\Cookies\ann@perf.overture[1].txt
Spyware:Cookie/Qsrch Not disinfected C:\Documents and Settings\Ann\Cookies\ann@qsrch[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Ann\Cookies\ann@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Ann\Cookies\ann@realmedia[2].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Ann\Cookies\ann@rightmedia[1].txt
Spyware:Cookie/Clicktracks Not disinfected C:\Documents and Settings\Ann\Cookies\ann@stats1.clicktracks[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Ann\Cookies\ann@target[2].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Ann\Cookies\ann@webpower[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Ann\Cookies\ann@xiti[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\1j3l261p.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\1j3l261p.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\1j3l261p.default\cookies.txt[.overture.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\1j3l261p.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\1j3l261p.default\cookies.txt[.overture.com/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\1j3l261p.default\cookies.txt[.clickbank.net/]
Spyware:Cookie/Virusbursters Not disinfected C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\1j3l261p.default\cookies.txt[www.virusbursters.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\1j3l261p.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\1j3l261p.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\1j3l261p.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\1j3l261p.default\cookies.txt[data.coremetrics.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\1j3l261p.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\1j3l261p.default\cookies.txt[.advertising.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\1j3l261p.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\1j3l261p.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\1j3l261p.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\1j3l261p.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\1j3l261p.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\1j3l261p.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\1j3l261p.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\1j3l261p.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\1j3l261p.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\1j3l261p.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\1j3l261p.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\1j3l261p.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\1j3l261p.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\1j3l261p.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\1j3l261p.default\cookies.txt[citi.bridgetrack.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\1j3l261p.default\cookies.txt[.citi.bridgetrack.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\1j3l261p.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\1j3l261p.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\1j3l261p.default\cookies.txt[server.iad.liveperson.net/hc/21496075]

annpodlozny
2006-12-15, 22:22
Panda, continued

Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\1j3l261p.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/7search Not disinfected C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\1j3l261p.default\cookies.txt[.7search.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\1j3l261p.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\1j3l261p.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\1j3l261p.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\1j3l261p.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\1j3l261p.default\cookies.txt[.com.com/]
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\1j3l261p.default\cookies.txt[.entrepreneur.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\1j3l261p.default\cookies.txt[.go.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\1j3l261p.default\cookies.txt[.landing.domainsponsor.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\1j3l261p.default\cookies.txt[.microsofteup.112.2o7.net/]
Spyware:Cookie/Omniture Not disinfected C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\1j3l261p.default\cookies.txt[.omniture.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\1j3l261p.default\cookies.txt[.searchportal.information.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\1j3l261p.default\cookies.txt[.target.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\default\i9g0io8s.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\default\i9g0io8s.slt\cookies.txt[.atwola.com/]
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\default\i9g0io8s.slt\cookies.txt[.centrport.net/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\default\i9g0io8s.slt\cookies.txt[.overture.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\default\i9g0io8s.slt\cookies.txt[.target.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\default\i9g0io8s.slt\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\default\i9g0io8s.slt\cookies.txt[.xiti.com/]
Spyware:Cookie/Eyeblaster Not disinfected C:\Documents and Settings\Jim\Application Data\Mozilla\Profiles\default\i9g0io8s.slt\cookies.txt[www.eyeblaster-ds.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Jim\Cookies\jim@2o7[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jim\Cookies\jim@ad.yieldmanager[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Jim\Cookies\jim@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Jim\Cookies\jim@adrevolver[3].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Jim\Cookies\jim@ads.pointroll[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Jim\Cookies\jim@apmebf[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Jim\Cookies\jim@as-us.falkag[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Jim\Cookies\jim@atwola[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Jim\Cookies\jim@azjmp[2].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\Jim\Cookies\jim@banner[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Jim\Cookies\jim@belnk[1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Jim\Cookies\jim@bravenet[2].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Jim\Cookies\jim@cassava[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Jim\Cookies\jim@cgi-bin[4].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Jim\Cookies\jim@cgi-bin[6].txt
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Jim\Cookies\jim@citi.bridgetrack[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Jim\Cookies\jim@com[1].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Jim\Cookies\jim@ct.360i[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Jim\Cookies\jim@dist.belnk[2].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Jim\Cookies\jim@entrepreneur[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Jim\Cookies\jim@go[2].txt
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Jim\Cookies\jim@landing.domainsponsor[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jim\Cookies\jim@questionmarket[2].txt

annpodlozny
2006-12-15, 22:22
Panda, continued
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jim\Cookies\jim@realmedia[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Jim\Cookies\jim@searchportal.information[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Jim\Cookies\jim@target[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Jim\Cookies\jim@tribalfusion[2].txt
Spyware:Cookie/Affiliate fuel Not disinfected C:\Documents and Settings\Jim\Cookies\jim@www.affiliatefuel[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Jim\Cookies\jim@z1.adserver[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Jim\Cookies\jim@zedo[2].txt
Adware:Adware/FlashTrack Not disinfected C:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\OPGN4RS7\channels_02[1].gif
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Roue\Application Data\Mozilla\Firefox\Profiles\k207l45h.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Roue\Application Data\Mozilla\Firefox\Profiles\k207l45h.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Roue\Application Data\Mozilla\Firefox\Profiles\k207l45h.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Roue\Application Data\Mozilla\Firefox\Profiles\k207l45h.default\cookies.txt[.zedo.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Roue\Application Data\Mozilla\Firefox\Profiles\k207l45h.default\cookies.txt[.2o7.net/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Roue\Application Data\Mozilla\Firefox\Profiles\k207l45h.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Roue\Application Data\Mozilla\Firefox\Profiles\k207l45h.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Roue\Application Data\Mozilla\Firefox\Profiles\k207l45h.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Roue\Application Data\Mozilla\Firefox\Profiles\k207l45h.default\cookies.txt[media.fastclick.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Roue\Application Data\Mozilla\Firefox\Profiles\k207l45h.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Roue\Application Data\Mozilla\Firefox\Profiles\k207l45h.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Roue\Application Data\Mozilla\Firefox\Profiles\k207l45h.default\cookies.txt[.overture.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Roue\Application Data\Mozilla\Firefox\Profiles\k207l45h.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Roue\Application Data\Mozilla\Firefox\Profiles\k207l45h.default\cookies.txt[.belnk.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Roue\Application Data\Mozilla\Firefox\Profiles\k207l45h.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Roue\Application Data\Mozilla\Firefox\Profiles\k207l45h.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Roue\Application Data\Mozilla\Firefox\Profiles\k207l45h.default\cookies.txt[.ads.addynamix.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Roue\Application Data\Mozilla\Firefox\Profiles\k207l45h.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Roue\Application Data\Mozilla\Firefox\Profiles\k207l45h.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Roue\Application Data\Mozilla\Firefox\Profiles\k207l45h.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Roue\Application Data\Mozilla\Firefox\Profiles\k207l45h.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Virusbursters Not disinfected C:\Documents and Settings\Roue\Application Data\Mozilla\Firefox\Profiles\k207l45h.default\cookies.txt[www.virusbursters.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Roue\Application Data\Mozilla\Firefox\Profiles\k207l45h.default\cookies.txt[.112.2o7.net/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Roue\Application Data\Mozilla\Firefox\Profiles\k207l45h.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Roue\Application Data\Mozilla\Firefox\Profiles\k207l45h.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Roue\Application Data\Mozilla\Firefox\Profiles\k207l45h.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Roue\Application Data\Mozilla\Firefox\Profiles\k207l45h.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Roue\Application Data\Mozilla\Firefox\Profiles\k207l45h.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Roue\Application Data\Mozilla\Firefox\Profiles\k207l45h.default\cookies.txt[.com.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Roue\Application Data\Mozilla\Firefox\Profiles\k207l45h.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Roue\Application Data\Mozilla\Firefox\Profiles\k207l45h.default\cookies.txt[.did-it.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Roue\Application Data\Mozilla\Firefox\Profiles\k207l45h.default\cookies.txt[.drivecleaner.com/]
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Roue\Application Data\Mozilla\Firefox\Profiles\k207l45h.default\cookies.txt[.fortunecity.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Roue\Application Data\Mozilla\Firefox\Profiles\k207l45h.default\cookies.txt[.go.com/]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Roue\Application Data\Mozilla\Firefox\Profiles\k207l45h.default\cookies.txt[.gostats.com/]
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Roue\Application Data\Mozilla\Firefox\Profiles\k207l45h.default\cookies.txt[.hotlog.ru/]
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Roue\Application Data\Mozilla\Firefox\Profiles\k207l45h.default\cookies.txt[.i.screensavers.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Roue\Application Data\Mozilla\Firefox\Profiles\k207l45h.default\cookies.txt[.landing.domainsponsor.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Roue\Application Data\Mozilla\Firefox\Profiles\k207l45h.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Roue\Application Data\Mozilla\Firefox\Profiles\k207l45h.default\cookies.txt[.offeroptimizer.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Roue\Application Data\Mozilla\Firefox\Profiles\k207l45h.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Roue\Application Data\Mozilla\Firefox\Profiles\k207l45h.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Roue\Application Data\Mozilla\Firefox\Profiles\k207l45h.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Roue\Application Data\Mozilla\Firefox\Profiles\k207l45h.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Roue\Application Data\Mozilla\Firefox\Profiles\k207l45h.default\cookies.txt[.serving-sys.com/]

annpodlozny
2006-12-15, 22:23
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Roue\Application Data\Mozilla\Firefox\Profiles\k207l45h.default\cookies.txt[.spylog.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Roue\Cookies\roue@2o7[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Roue\Cookies\roue@888[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Roue\Cookies\roue@ad.sensismediasmart.com[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Roue\Cookies\roue@adopt.hbmediapro[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Roue\Cookies\roue@ads.pointroll[1].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Roue\Cookies\roue@adtech[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Roue\Cookies\roue@adultfriendfinder[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Roue\Cookies\roue@as-us.falkag[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Roue\Cookies\roue@ath.belnk[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Roue\Cookies\roue@atwola[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Roue\Cookies\roue@azjmp[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Roue\Cookies\roue@belnk[2].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Roue\Cookies\roue@bravenet[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Roue\Cookies\roue@bs.serving-sys[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Roue\Cookies\roue@burstnet[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Roue\Cookies\roue@cassava[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Roue\Cookies\roue@ccbill[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Roue\Cookies\roue@cgi-bin[3].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Roue\Cookies\roue@cgi-bin[4].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Roue\Cookies\roue@cgi-bin[7].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Roue\Cookies\roue@cgi-bin[8].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Roue\Cookies\roue@cgi-bin[9].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Roue\Cookies\roue@com[1].txt
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Roue\Cookies\roue@cs.sexcounter[2].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Roue\Cookies\roue@ct.360i[1].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Roue\Cookies\roue@did-it[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Roue\Cookies\roue@dist.belnk[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Roue\Cookies\roue@drivecleaner[1].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Roue\Cookies\roue@entrepreneur[2].txt
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Roue\Cookies\roue@findwhat[1].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Roue\Cookies\roue@fortunecity[1].txt
Spyware:Cookie/Powerscan Not disinfected C:\Documents and Settings\Roue\Cookies\roue@gammae[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Roue\Cookies\roue@gostats[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Roue\Cookies\roue@go[1].txt
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Roue\Cookies\roue@hc2.humanclick[1].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Roue\Cookies\roue@i.screensavers[2].txt
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Roue\Cookies\roue@landing.domainsponsor[1].txt
Spyware:Cookie/Malwarewipe Not disinfected C:\Documents and Settings\Roue\Cookies\roue@malwarewipe[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Roue\Cookies\roue@maxserving[2].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Roue\Cookies\roue@offeroptimizer[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Roue\Cookies\roue@overture[1].txt
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Roue\Cookies\roue@paycounter[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Roue\Cookies\roue@perf.overture[1].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Roue\Cookies\roue@qksrv[1].txt
Spyware:Cookie/Qsrch Not disinfected C:\Documents and Settings\Roue\Cookies\roue@qsrch[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Roue\Cookies\roue@questionmarket[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Roue\Cookies\roue@realmedia[2].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Roue\Cookies\roue@revenue[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Roue\Cookies\roue@searchportal.information[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Roue\Cookies\roue@server.iad.liveperson[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Roue\Cookies\roue@serving-sys[1].txt

annpodlozny
2006-12-15, 22:25
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Roue\Cookies\roue@tickle[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Roue\Cookies\roue@toplist[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Roue\Cookies\roue@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Roue\Cookies\roue@tribalfusion[1].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Roue\Cookies\roue@webpower[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Roue\Cookies\roue@www.burstbeacon[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Roue\Cookies\roue@www.drivecleaner[2].txt
Spyware:Cookie/Luckynugget Not disinfected C:\Documents and Settings\Roue\Cookies\roue@www.luckynugget[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Roue\Cookies\roue@xiti[1].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Roue\Cookies\roue@xmts[1].txt
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Documents and Settings\Roue\Desktop\CursorManiaSetup2.1.50.3-3.ZCfox000.exe
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Roue\Local Settings\Temp\Cookies\roue@entrepreneur[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Roue\Local Settings\Temp\Cookies\roue@maxserving[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Roue\Local Settings\Temp\Cookies\roue@toplist[1].txt
Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\Roue\Local Settings\Temp\Temporary Internet Files\Content.IE5\CMCJW7LR\zango[1].htm
Adware:Adware/PestTrap Not disinfected C:\Documents and Settings\Roue\Local Settings\Temporary Internet Files\Content.IE5\CAWHTDQW\iesafetywarning[2].htm
Adware:Adware/VideoActiveXObject Not disinfected C:\Documents and Settings\Roue\Local Settings\Temporary Internet Files\Content.IE5\OP0N8B8Z\mediasetup.301[1].exe
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll
Potentially unwanted tool:Application/Processor Not disinfected C:\Program Files\Mozilla Firefox\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Program Files\SmitfraudFix\SmitfraudFix\Process.exe
Possible Virus. Not disinfected C:\Program Files\SmitfraudFix\SmitfraudFix\swreg.exe
Adware:Adware/VideoActiveXObject Not disinfected C:\Program Files\Video ActiveX Object\isamini.exe
Adware:Adware/VideoActiveXObject Not disinfected C:\Program Files\Video ActiveX Object\isamonitor.exe
Adware:Adware/VideoActiveXObject Not disinfected C:\Program Files\Video ActiveX Object\isauninst.exe
Adware:Adware/VideoActiveXObject Not disinfected C:\Program Files\Video ActiveX Object\pmmon.exe
Adware:Adware/VideoActiveXObject Not disinfected C:\Program Files\Video ActiveX Object\pmsngr.exe
Adware:Adware/VideoActiveXObject Not disinfected C:\Program Files\Video ActiveX Object\pmuninst.exe
Adware:Adware/VideoActiveXObject Not disinfected C:\Program Files\Video ActiveX Object\uninst.exe
Spyware:Cookie/Statcounter Not disinfected C:\RECYCLER\NPROTECT\00424847.MOZ[.statcounter.com/]
Spyware:Cookie/Overture Not disinfected C:\RECYCLER\NPROTECT\00424847.MOZ[.overture.com/]
Spyware:Cookie/Statcounter Not disinfected C:\RECYCLER\NPROTECT\00424847.MOZ[.statcounter.com/]
Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00424847.MOZ[.as-us.falkag.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00424847.MOZ[.atdmt.com/]
Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00424847.MOZ[.as-us.falkag.net/]
Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\NPROTECT\00424847.MOZ[.doubleclick.net/]
Spyware:Cookie/Adtech Not disinfected C:\RECYCLER\NPROTECT\00424847.MOZ[.adtech.de/]
Spyware:Cookie/QuestionMarket Not disinfected C:\RECYCLER\NPROTECT\00424847.MOZ[.questionmarket.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\RECYCLER\NPROTECT\00424847.MOZ[.trafficmp.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00424847.MOZ[.tribalfusion.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\RECYCLER\NPROTECT\00424847.MOZ[.trafficmp.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00424847.MOZ[.tribalfusion.com/]
Spyware:Cookie/2o7 Not disinfected C:\RECYCLER\NPROTECT\00424847.MOZ[.2o7.net/]
Spyware:Cookie/FastClick Not disinfected C:\RECYCLER\NPROTECT\00424847.MOZ[.fastclick.net/]
Spyware:Cookie/Maxserving Not disinfected C:\RECYCLER\NPROTECT\00424847.MOZ[.maxserving.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\RECYCLER\NPROTECT\00424847.MOZ[.mediaplex.com/]
Spyware:Cookie/2o7 Not disinfected C:\RECYCLER\NPROTECT\00424847.MOZ[.112.2o7.net/]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00424847.MOZ[ad.yieldmanager.com/]
Spyware:Cookie/did-it Not disinfected C:\RECYCLER\NPROTECT\00424847.MOZ[.did-it.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00424847.MOZ[statse.webtrendslive.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00424847.MOZ[statse.webtrendslive.com/S005-01-10-10-282544-109022]
Spyware:Cookie/Target Not disinfected C:\RECYCLER\NPROTECT\00424847.MOZ[.target.com/]

annpodlozny
2006-12-15, 22:25
Spyware:Cookie/Advertising Not disinfected C:\RECYCLER\NPROTECT\00424847.MOZ[.advertising.com/]
Spyware:Cookie/GoStats Not disinfected C:\RECYCLER\NPROTECT\00424847.MOZ[.gostats.com/]
Spyware:Cookie/Atwola Not disinfected C:\RECYCLER\NPROTECT\00424847.MOZ[.atwola.com/]
Spyware:Cookie/PointRoll Not disinfected C:\RECYCLER\NPROTECT\00424847.MOZ[.ads.pointroll.com/]
Spyware:Cookie/Hitbox Not disinfected C:\RECYCLER\NPROTECT\00424847.MOZ[.hitbox.com/]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00424847.MOZ[.realmedia.com/]
Spyware:Cookie/BurstNet Not disinfected C:\RECYCLER\NPROTECT\00424847.MOZ[.burstnet.com/]
Spyware:Cookie/Weborama Not disinfected C:\RECYCLER\NPROTECT\00424847.MOZ[.weborama.fr/]
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\NPROTECT\00424847.MOZ[.247realmedia.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\NPROTECT\00424847.MOZ[.adultfriendfinder.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\RECYCLER\NPROTECT\00424847.MOZ[.cs.sexcounter.com/]
Spyware:Cookie/Overture Not disinfected C:\RECYCLER\NPROTECT\00424847.MOZ[.perf.overture.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00424847.MOZ[.com.com/]
Spyware:Cookie/HotLog Not disinfected C:\RECYCLER\NPROTECT\00424847.MOZ[.hotlog.ru/]
Spyware:Cookie/SpyLog Not disinfected C:\RECYCLER\NPROTECT\00424847.MOZ[.spylog.com/]
Spyware:Cookie/FortuneCity Not disinfected C:\RECYCLER\NPROTECT\00424847.MOZ[.fortunecity.com/]
Spyware:Cookie/Belnk Not disinfected C:\RECYCLER\NPROTECT\00424847.MOZ[.belnk.com/]
Spyware:Cookie/bravenetA Not disinfected C:\RECYCLER\NPROTECT\00424847.MOZ[.bravenet.com/]
Spyware:Cookie/DriveCleaner Not disinfected C:\RECYCLER\NPROTECT\00424847.MOZ[.drivecleaner.com/]
Spyware:Cookie/Go Not disinfected C:\RECYCLER\NPROTECT\00424847.MOZ[.go.com/]
Spyware:Cookie/Screensavers Not disinfected C:\RECYCLER\NPROTECT\00424847.MOZ[.i.screensavers.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\RECYCLER\NPROTECT\00424847.MOZ[.landing.domainsponsor.com/]
Spyware:Cookie/OfferOptimizer Not disinfected C:\RECYCLER\NPROTECT\00424847.MOZ[.offeroptimizer.com/]
Spyware:Cookie/QkSrv Not disinfected C:\RECYCLER\NPROTECT\00424847.MOZ[.qksrv.net/]
Spyware:Cookie/WUpd Not disinfected C:\RECYCLER\NPROTECT\00424847.MOZ[.revenue.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\RECYCLER\NPROTECT\00424847.MOZ[.serving-sys.com/]
Spyware:Cookie/Statcounter Not disinfected C:\RECYCLER\NPROTECT\00424849.MOZ[.statcounter.com/]
Spyware:Cookie/Overture Not disinfected C:\RECYCLER\NPROTECT\00424849.MOZ[.overture.com/]
Spyware:Cookie/Statcounter Not disinfected C:\RECYCLER\NPROTECT\00424849.MOZ[.statcounter.com/]
Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00424849.MOZ[.as-us.falkag.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\NPROTECT\00424849.MOZ[.atdmt.com/]
Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\NPROTECT\00424849.MOZ[.as-us.falkag.net/]
Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\NPROTECT\00424849.MOZ[.doubleclick.net/]
Spyware:Cookie/Adtech Not disinfected C:\RECYCLER\NPROTECT\00424849.MOZ[.adtech.de/]
Spyware:Cookie/QuestionMarket Not disinfected C:\RECYCLER\NPROTECT\00424849.MOZ[.questionmarket.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\RECYCLER\NPROTECT\00424849.MOZ[.trafficmp.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00424849.MOZ[.tribalfusion.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\RECYCLER\NPROTECT\00424849.MOZ[.trafficmp.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\NPROTECT\00424849.MOZ[.tribalfusion.com/]
Spyware:Cookie/2o7 Not disinfected C:\RECYCLER\NPROTECT\00424849.MOZ[.2o7.net/]
Spyware:Cookie/FastClick Not disinfected C:\RECYCLER\NPROTECT\00424849.MOZ[.fastclick.net/]
Spyware:Cookie/Maxserving Not disinfected C:\RECYCLER\NPROTECT\00424849.MOZ[.maxserving.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\RECYCLER\NPROTECT\00424849.MOZ[.mediaplex.com/]
Spyware:Cookie/2o7 Not disinfected C:\RECYCLER\NPROTECT\00424849.MOZ[.112.2o7.net/]
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\NPROTECT\00424849.MOZ[ad.yieldmanager.com/]
Spyware:Cookie/did-it Not disinfected C:\RECYCLER\NPROTECT\00424849.MOZ[.did-it.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00424849.MOZ[statse.webtrendslive.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\NPROTECT\00424849.MOZ[statse.webtrendslive.com/S005-01-10-10-282544-109022]
Spyware:Cookie/Target Not disinfected C:\RECYCLER\NPROTECT\00424849.MOZ[.target.com/]
Spyware:Cookie/Advertising Not disinfected C:\RECYCLER\NPROTECT\00424849.MOZ[.advertising.com/]
Spyware:Cookie/GoStats Not disinfected C:\RECYCLER\NPROTECT\00424849.MOZ[.gostats.com/]
Spyware:Cookie/Atwola Not disinfected C:\RECYCLER\NPROTECT\00424849.MOZ[.atwola.com/]
Spyware:Cookie/PointRoll Not disinfected C:\RECYCLER\NPROTECT\00424849.MOZ[.ads.pointroll.com/]
Spyware:Cookie/Hitbox Not disinfected C:\RECYCLER\NPROTECT\00424849.MOZ[.hitbox.com/]

annpodlozny
2006-12-15, 22:27
so...I just noticed most of this was from my norton-protected trash. I've skipped the rest of that (there is A LOT more)...

These are the last few lines:

Adware:Adware/IST.ISTBar Not disinfected C:\RECYCLER\S-1-5-21-4247568029-4282951562-813958858-1008\Dc5478.exe
Adware:Adware/Trymedia Not disinfected C:\RECYCLER\S-1-5-21-4247568029-4282951562-813958858-1008\Dc5496.exe
Virus:W32/Bobax.C.worm Disinfected C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\G7CUXEIB\209.86.250[1].gif

annpodlozny
2006-12-17, 17:12
SmitFraudFix v2.47

Scan done at 10:01:27.25, Sat 12/16/2006
Run from C:\Program Files\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Ann\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Ann\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{01b55afa-f451-474b-9e91-c35b24d02641}"="boob"

[HKEY_CLASSES_ROOT\CLSID\{01b55afa-f451-474b-9e91-c35b24d02641}\InProcServer32]
@="C:\WINDOWS\system32\qrzsyr.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{01b55afa-f451-474b-9e91-c35b24d02641}\InProcServer32]
@="C:\WINDOWS\system32\qrzsyr.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

tashi
2006-12-22, 08:57
Hello and sorry for the wait.

If you have not resolved the problem, we do have this sticky topic:

If you have waited three days for advice post here. (http://forums.spybot.info/showthread.php?p=4836#post4836)

pskelley
2006-12-23, 13:12
Welcome to the forum and sorry for the wait, if you still need help, let's try to sort through all of the junk you posted.
The version of Smitfraudfix you are running. Could you provide me a link to the where you downloaded it. Assuming you have not run the "Clean" function yet, please remove the version of Smitfraudfix you have and download it from the creator's site here, version v2.131
http://siri.geekstogo.com/SmitfraudFix.php

Since you know you have the infection, follow these directions at that point:
Clean:
Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
Double-click SmitfraudFix.exe
Select 2 and hit Enter to delete infect files.
You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt

Optional:
To restore Trusted and Restricted site zone, select 3 and hit Enter.
You will be prompted: Restore Trusted Zone ? answer Y (yes) and hit Enter to delete trusted zone.
Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.

Panda Online Scan Log

Please remove all cookies unless they deal with secure sites or passwords:
http://support.microsoft.com/kb/283185
http://mozilla.gunnars.net/firefox_help_firefox_cookie_tutorial.html

C:\RECYCLER\NPROTECT\ <<< delete the contents of this folder:
http://service1.symantec.com/support/nsw.nsf/ba62122e5d142a6588256d87006b22be/831aa5c6ef0d750685256c370048ad89?OpenDocument&src=bar_sch_nam

Follow the direction in this link and make sure you delete or at least guarantine what it locates. Save that scan report, I need to see it and please don't run it until you get rid of those cookes Panda is showing.
http://forums.security-central.us/showthread.php?t=3165

Restart the computer and post the C:\rapport.txt from Smitfraudfix, the scan results from AVG Anti-Spyware and a new HJT log. Let me know how the computer is running and anything else you think will help.

Thanks

annpodlozny
2006-12-24, 01:47
The "Critical Updates" Virus Bursters window is gone. And the Trojan that showed up on my Friday-night Norton scan (that neither it nor I could delete, even with various permission changes) seems to be gone, too (qrzsyr.dll)

Thanks very much for your help . Sorry for all of the 'junk' in my original post. Once I realized how full my trash was and how many cookies there were, I was going to delete, re-run, and repost, but I couldn't figure out how to delete my original post...and then I got busy. Thanks for wading through it all.

Here are the logs:

Smitfraudfix (I downloaded my original version from siri.urz.free.fr/Fix/SmitFraudFix_En.php, which is where the geekstogo site ends up...)

SmitFraudFix v2.47

Scan done at 16:06:30.06, Sat 12/23/2006
Run from C:\Program Files\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{01b55afa-f451-474b-9e91-c35b24d02641}"="boob"

[HKEY_CLASSES_ROOT\CLSID\{01b55afa-f451-474b-9e91-c35b24d02641}\InProcServer32]
@="C:\WINDOWS\system32\qrzsyr.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{01b55afa-f451-474b-9e91-c35b24d02641}\InProcServer32]
@="C:\WINDOWS\system32\qrzsyr.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\system32\qrzsyr.dll -> Missing File


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{01b55afa-f451-474b-9e91-c35b24d02641}"="boob"

[HKEY_CLASSES_ROOT\CLSID\{01b55afa-f451-474b-9e91-c35b24d02641}\InProcServer32]
@="C:\WINDOWS\system32\qrzsyr.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{01b55afa-f451-474b-9e91-c35b24d02641}\InProcServer32]
@="C:\WINDOWS\system32\qrzsyr.dll"

»»»»»»»»»»»»»»»»»»»»»»»» End

AVG log
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:20:27 PM 12/23/2006

+ Scan result:


C:\Program Files\LEGO Builder Bots\bfgt_silent_en.exe/nickarcade.dll -> Adware.BHO : Cleaned.
C:\Documents and Settings\Roue\Desktop\CursorManiaSetup2.1.50.3-3.ZCfox000.exe/mwsSrcSp.CommonCodebase.exe -> Adware.FunWeb : Cleaned.
C:\RECYCLER\S-1-5-21-4247568029-4282951562-813958858-1008\Dc5478.exe/mwsSrcSp.CommonCodebase.exe -> Adware.FunWeb : Cleaned.
HKLM\SOFTWARE\Classes\CLSID\{01b55afa-f451-474b-9e91-c35b24d02641} -> Adware.Generic : Cleaned.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2} -> Adware.Generic : Cleaned.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1a1ddc19-5893-43ab-a73f-f41a0f34d115} -> Adware.Generic : Cleaned.
HKU\S-1-5-21-4247568029-4282951562-813958858-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A1DDC19-5893-43AB-A73F-F41A0F34D115} -> Adware.Generic : Cleaned.
C:\Documents and Settings\Roue\Cookies\roue@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Roue\Desktop\CursorManiaSetup2.1.50.3-3.ZCfox000.exe/mwsSetup.CommonCodebase.exe -> Trojan.Isbar.s : Cleaned.

::Report end

HJT log
Logfile of HijackThis v1.99.1
Scan saved at 6:29:23 PM, on 12/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\System32\MDM.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [Gnetmous] C:\Program Files\COMPAQ\Scroll Mouse\gnetmous.exe
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\4.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\QUICKENW\bagent.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe (file missing)
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe (file missing)
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\INSTAN~1\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .LabelGenerationServlet: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://start.earthlink.net
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15014/CTSUEng.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (eAssist NetAgent Customer ActiveX Control version 3) - https://quicken.ehosts.net/netagent/objects/custappx3.CAB
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124844022046
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://tv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_4.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\ISO Recorder\ImapiHelper.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

pskelley
2006-12-24, 02:16
Thanks for the feedback, this program can be uninstalled:
C:\Program Files\ewido anti-malware\ewidoctrl.exe
Grisoft purchased ewido a while back and replaced it with AVG Anti-Spyware 7.5. Let's finish up like this.

1) How to make files and folders visible:
Click Start > Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

2) Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.

3) We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
Open Windows Defender, Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.
After all of the fixes are complete it is very important that you enable Real-time Protection again.

4) AVG Anti-Spyware: Deactivate the Resident Shield
- Before proceeding, deactivate the "Resident Shield" as this may prevent changes to the registry.
- To do this, click "Change State" to the right of the Resident Shield option in the main window.
- You will clearly see the status change to Inactive if you have done this correctly.

5) Start > Control Panel > Add Remove programs and uninstall ewido anti-malware, My Web Search Bar and any other program you know should not be there. If you are unsure let me know and I will look.

6) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\4.bin\MWSBAR.DLL,S
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...tml?p=ZJfox000
(next item does not identify, if you know what it is you can leave it)
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
(uninstaller should have removed the next item)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

Close all programs but HJT and all browser windows, then click on "Fix Checked"

7) RIGHT Click on Start then click on Explore. Locate and delete these items:

C:\Program Files\ewido anti-malware\ <<< delete that folder

C:\PROGRAM FILES~1\MYWEBS~1\ <<< delete that folder

8) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Restart the computer and post a last HJT log, let me know how the computer is running.

Thanks

annpodlozny
2006-12-24, 03:47
Hello,

I ran into a couple of things while I was finishing up:

Cannot delete:
C:\Program Files\ewido anti-malware\shellhook.dll
access denied

I control-panel uninstalled the software, and I was able to delete everything else that was left in the ewido folder, but not this particular .dll

Couldn't find:
C:\PROGRAM FILES~1\MYWEBS~1\

Although when I searched for "MYWEBS", I did find:

bar\1.bin\NPMYWEB.DLL
bar\4.bin\NPMYWEB.DLL
C:\Program Files\Mozilla Firefox\plugins\NPMYWEBS.dll

Can I delete those? I've been wanting to get rid of the last dregs of this My Web Search nuisance for a while, so thank you for this!!

Everything else seemed to go well. ATF Cleaner removed over 1G of stuff!
And everything seems to be running fine.

Oh, and I did a search on the DPF: ppctlcab item, and apparently it's from eTrust PestScan (www3.ca.com/securityadvisor/pest/content.aspx?q=71309), whatever that is. I deleted it.

Here's the HJT log. Thanks again, very much!!

Logfile of HijackThis v1.99.1
Scan saved at 8:39:08 PM, on 12/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HJT\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [Gnetmous] C:\Program Files\COMPAQ\Scroll Mouse\gnetmous.exe
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O12 - Plugin for .LabelGenerationServlet: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://start.earthlink.net
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15014/CTSUEng.cab
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1B9935E4-8A50-4DD8-BD09-A7518723BF97} (eAssist NetAgent Customer ActiveX Control version 3) - https://quicken.ehosts.net/netagent/objects/custappx3.CAB
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124844022046
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://tv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/my/yiebio5_0_2_4.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\ISO Recorder\ImapiHelper.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

pskelley
2006-12-24, 13:02
Good morning:) First let me say I see no malware in your HJT log. I do see programs you may not need to start everytime, you can use this information:
http://netsquirrel.com/msconfig/ and of course do not turn off any security programs.

You can delete those files you asked about:
C:\Program Files\ewido anti-malware\shellhook.dll
C:\Program Files\Mozilla Firefox\plugins\NPMYWEBS.dll

You can boot to safe mode and delete them there when they are not running:
http://www.bleepingcomputer.com/tutorials/tutorial61.html

Or use this tool if you wish:
How to use the Delete on Reboot tool
http://www.bleepingcomputer.com/tutorials/tutorial42.html#delreb
Start Hijackthis
Click on the Config button
Click on the Misc Tools button
Click on the button labeled Delete a file on reboot...
A new window will open asking you to select the file that you would like to delete on reboot. Navigate to the file: (complete pathway of the file) and click on it once, and then click on the Open button.
You will now be asked if you would like to reboot your computer to delete the file. Click on the Yes button if you would like to reboot now.

ATF-Cleaner is a good freeware tool that does a good job, here is a tutorial:
http://forums.security-central.us/showthread.php?t=1925

You can run another Panda scan if you wish, only post the results if you don't know the stuff in it. Let's clean out your System Restore files:
System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?Open&src=sec_doc_nam

AVG Anti-Spyware is a good program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually.

Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

Safe surfing and have a Merry Christmas:present:

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.

tashi
2006-12-28, 21:28
Glad we could help, as the problem appears to be resolved this topic has been archived.

If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread; this applies only to the original topic starter. Anyone else with similar problems please start a new topic.

Happy New Year. :)