Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT log - slvnice


  • This topic is locked This topic is locked
8 replies to this topic

#1 slvnice

slvnice

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:37 PM

Posted 25 October 2005 - 07:39 AM

Could someone please help me this is my HijackThis Log. I know that I have many, many problems. I am trying to fix about 4 years of neglect!



Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\CTsvcCDA.EXE
C:\WINNT\System32\NMSSvc.exe
C:\WINNT\System32\wdfmgr.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\System32\alg.exe
C:\WINNT\system32\wscntfy.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINNT\system32\CTHELPER.EXE
C:\WINNT\system32\atiptaxx.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINNT\kdx\KHost.exe
C:\Program Files\STOPzilla!\Stopzilla.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\System32\cwm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Multimedia\main\ATISched.EXE
C:\Program Files\UltimateBuddy\UltimateBuddy.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\sder\dees.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\UltimateBet\UltimateBet.exe
C:\WINNT\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R3 - Default URLSearchHook is missing
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {66AC4C5D-B364-76EB-D753-6D550DAB294B} - C:\WINNT\System32\pmcnm.dll (file missing)
O2 - BHO: (no name) - {A663CC9F-2559-7CF8-2C55-0DC2B651469E} - C:\WINNT\System32\ewgad.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINNT\system32\StopzillaBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [kdx] C:\WINNT\kdx\KHost.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINNT\System32\mstask.exe
O4 - HKLM\..\RunOnce: [XoftSpy15508] "C:\Program Files\XoftSpy\XoftSpy.exe" -b
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Xwsabolc] C:\WINNT\System32\cwm.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\main\ATISched.EXE
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
O4 - HKCU\..\Run: [UltimateBuddy] C:\Program Files\UltimateBuddy\UltimateBuddy.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Pop up Blocker] "C:\Program Files\Pop up Blocker\pd.exe" Minimize
O4 - HKCU\..\Run: [Ltho] "C:\Program Files\sder\dees.exe" -vt ndrv
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: PD - {73AF1D3B-4193-4EB3-B858-DA23A076F188} - C:\Program Files\Pop up Blocker\pd.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ComcastHSI - {98351AFB-D49D-4217-839B-4FBAB2941937} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O9 - Extra button: Help - {CFC3F181-0D59-4CBC-BEE4-2B2FB3293416} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {F87906C6-71D7-4DA6-80FF-99A066F822E1} - http://www.comcastsupport.com (file missing) (HKCU)
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: Yahoo! MLB StatTracker - http://aud3.sports.dcn.yahoo.com/java/y/mlbst8408_x.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {379ED9F7-513C-11D1-840F-832E59556609} (SiteMenuCtrl Class) - http://www.grand-marnier.com/gmv2/download/sitemenu.dll
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/roing.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by8fd.bay8.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.EXE
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: Pml Driver HPH11 - HP - C:\WINNT\System32\HPHipm11.exe
O23 - Service: PrismXL - Unknown owner - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS (file missing)
O23 - Service: STOPzilla Local Service - International Software Systems Solutions - C:\Program Files\STOPzilla!\szntsvc.exe

BC AdBot (Login to Remove)

 


m

#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:37 PM

Posted 30 October 2005 - 12:30 PM

Hi,

The forums are really busy, that explains why logs get behind. We start with the oldest logs first. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then I'll take a look. :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 slvnice

slvnice
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:37 PM

Posted 31 October 2005 - 10:58 PM

Hi, thank you very much for the response..... I am in some serious need of help and really have no idea what I am doing. Your help would be very appreciated! This is my log as of about 1 min ago.

Logfile of HijackThis v1.99.1
Scan saved at 10:53:05 PM, on 10/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\CTsvcCDA.EXE
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\system32\wscntfy.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINNT\system32\CTHELPER.EXE
C:\WINNT\system32\atiptaxx.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINNT\kdx\KHost.exe
C:\Program Files\STOPzilla!\Stopzilla.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\System32\cwm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Multimedia\main\ATISched.EXE
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\sder\dees.exe
C:\Program Files\UltimateBet\UltimateBet.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R3 - Default URLSearchHook is missing
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {66AC4C5D-B364-76EB-D753-6D550DAB294B} - C:\WINNT\System32\pmcnm.dll (file missing)
O2 - BHO: (no name) - {A663CC9F-2559-7CF8-2C55-0DC2B651469E} - C:\WINNT\System32\ewgad.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINNT\system32\StopzillaBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [kdx] C:\WINNT\kdx\KHost.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINNT\System32\mstask.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Xwsabolc] C:\WINNT\System32\cwm.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\main\ATISched.EXE
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
O4 - HKCU\..\Run: [UltimateBuddy] C:\Program Files\UltimateBuddy\UltimateBuddy.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Pop up Blocker] "C:\Program Files\Pop up Blocker\pd.exe" Minimize
O4 - HKCU\..\Run: [Ltho] "C:\Program Files\sder\dees.exe" -vt ndrv
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_1 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: PD - {73AF1D3B-4193-4EB3-B858-DA23A076F188} - C:\Program Files\Pop up Blocker\pd.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ComcastHSI - {98351AFB-D49D-4217-839B-4FBAB2941937} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O9 - Extra button: Help - {CFC3F181-0D59-4CBC-BEE4-2B2FB3293416} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {F87906C6-71D7-4DA6-80FF-99A066F822E1} - http://www.comcastsupport.com (file missing) (HKCU)
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: Yahoo! MLB StatTracker - http://aud3.sports.dcn.yahoo.com/java/y/mlbst8408_x.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {379ED9F7-513C-11D1-840F-832E59556609} (SiteMenuCtrl Class) - http://www.grand-marnier.com/gmv2/download/sitemenu.dll
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/roing.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by8fd.bay8.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.EXE
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: Pml Driver HPH11 - HP - C:\WINNT\System32\HPHipm11.exe
O23 - Service: PrismXL - Unknown owner - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS (file missing)
O23 - Service: STOPzilla Local Service - International Software Systems Solutions - C:\Program Files\STOPzilla!\szntsvc.exe

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:37 PM

Posted 01 November 2005 - 03:55 AM

Hello,

I see PartyPoker and UltimateBuddy and Ultimatebet installed. So I assume you installed this yourself, because UltimateBuddy checks if your pokerbuddies are online... so I also assume you installed PartyPoker.
I just installed UltimateBuddy myself to check if there is any additional software present that comes with it as spyware, and it is clean, so you can keep those, because I still have my doubts about PartyPoker, because in most cases it's getting installed without permission or bundled with spyware.


I see a program present called Pop Up Blocker.
A lot of those so called pop up blockers have a bad reputation and install spyware with it which Causes popups as a goal to purchase that Popup blocker (if not free) to stop those popups.
I don't know if this popup blocker is free or a trial, So just let me know afterwards, because that's important.
Because this one is unknown for me, I suspect it.
Can you tell me where you installed it please?
I see you have googletoolbar installed and have SP2, so both have a built in popup blocker, which work great and personally I think they're the best, that's why an extra popup blocker is really not needed. It's spyware that is causing those popups, so let's get rid of the spyware now first. :thumbsup:

It's better to print out the next instructions or save it in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.
It is also important you don't miss a step and perform everything in the right order!!

* Please set your system to show all files; please see here if you're unsure how to do this.

* Download and install CCleaner
Do not use it yet.

* Please download ewido:
http://www.ewido.net/en/download/
Let it update, but don't let it scan yet!!

* Reboot into Safe Mode`: ( without networking support !)
įTo get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key.

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {66AC4C5D-B364-76EB-D753-6D550DAB294B} - C:\WINNT\System32\pmcnm.dll (file missing)
O2 - BHO: (no name) - {A663CC9F-2559-7CF8-2C55-0DC2B651469E} - C:\WINNT\System32\ewgad.dll (file missing)
O4 - HKCU\..\Run: [Xwsabolc] C:\WINNT\System32\cwm.exe
O4 - HKCU\..\Run: [Ltho] "C:\Program Files\sder\dees.exe" -vt ndrv
O9 - Extra button: ComcastHSI - {98351AFB-D49D-4217-839B-4FBAB2941937} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O9 - Extra button: Help - {CFC3F181-0D59-4CBC-BEE4-2B2FB3293416} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: Support - {F87906C6-71D7-4DA6-80FF-99A066F822E1} - http://www.comcastsupport.com (file missing) (HKCU)
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/roing.cab


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

* Using Windows Explorer, locate the following file and folder, and delete them:

C:\WINNT\System32\cwm.exe
C:\Program Files\sder <== folder

* Still in safe mode Start Ccleaner
click "Options", click the "Advanced" tab
Uncheck: "Only delete files older than 48 hrs.", click Ok
Click "Cleaner" and click Run Cleaner (bottom right)

* Open Ewido Security Suite
Click on scanner

* Click Complete System Scan and the scan will begin.
* During the scan it will prompt you to clean files, click OK
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop

Close Ewido

* Reboot your system back to normal mode.

Post back a fresh HijackThis log and the log from ewido so I can take another look.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 slvnice

slvnice
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:37 PM

Posted 01 November 2005 - 05:08 PM

Hi,

I will say that I cant thank you enough for all the time you have taken to help my out with my problems. First I will start out with the info the you requested.

The Program Popup Blocker was a free trial (misleading). It never gave any indication that I was as such! I installed it from Synergenticsoft.com , and now that I have ended the free trial I am getting a popup at start up trying to sell me the program.

Starting at the top of your instructions I see "TYPE=PICT;ALT=smile.gif" I hope this wasn't something I was supposed to do! Was this a link of a copy and paste?


I did as you instructed and got the two programs and did as you instructed until you said delete WINNT\system32\cwm.exe. I could not find this file, so I went ahead with the rest.

Here are my new LOGS
Logfile of HijackThis v1.99.1
Scan saved at 4:37:23 PM, on 11/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\CTsvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINNT\system32\CTHELPER.EXE
C:\WINNT\system32\atiptaxx.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINNT\kdx\KHost.exe
C:\Program Files\STOPzilla!\Stopzilla.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINNT\system32\wscntfy.exe
C:\Program Files\ATI Multimedia\main\ATISched.EXE
C:\Program Files\UltimateBuddy\UltimateBuddy.exe
C:\PROGRA~1\AIM\aim.exe
C:\WINNT\System32\macromed\flash\GetFlash.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINNT\system32\StopzillaBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [kdx] C:\WINNT\kdx\KHost.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINNT\System32\mstask.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\main\ATISched.EXE
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\LaunchPd.exe"
O4 - HKCU\..\Run: [UltimateBuddy] C:\Program Files\UltimateBuddy\UltimateBuddy.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Pop up Blocker] "C:\Program Files\Pop up Blocker\pd.exe" Minimize
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: PD - {73AF1D3B-4193-4EB3-B858-DA23A076F188} - C:\Program Files\Pop up Blocker\pd.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: Yahoo! MLB StatTracker - http://aud3.sports.dcn.yahoo.com/java/y/mlbst8408_x.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {379ED9F7-513C-11D1-840F-832E59556609} (SiteMenuCtrl Class) - http://www.grand-marnier.com/gmv2/download/sitemenu.dll
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by8fd.bay8.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: Pml Driver HPH11 - HP - C:\WINNT\System32\HPHipm11.exe
O23 - Service: PrismXL - Unknown owner - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS (file missing)
O23 - Service: STOPzilla Local Service - International Software Systems Solutions - C:\Program Files\STOPzilla!\szntsvc.exe


and my EWIDO LOG

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 3:55:06 PM, 11/1/2005
+ Report-Checksum: 2CB92563

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E004800A-73C6-4587-B855-98D0CE0C16B1} -> Spyware.BrowserAid : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WhenUSave -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/HDPlugin1015.dll\\.Owner -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/HDPlugin1015.dll\\{DBAE7000-01EC-4162-8FEB-8A27AC937CA0} -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/MediaTicketsInstaller.ocx\\.Owner -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/MediaTicketsInstaller.ocx\\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/roing18.ocx\\.Owner -> Spyware.Roimoi : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/roing18.ocx\\{E0CE16CB-741C-4B24-8D04-A817856E07F4} -> Spyware.Roimoi : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/System32/mfc42.dll\\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/System32/msvcrt.dll\\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/System32/ObjSafe.tlb\\.Owner -> Spyware.Roimoi : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/System32/ObjSafe.tlb\\{E0CE16CB-741C-4B24-8D04-A817856E07F4} -> Spyware.Roimoi : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/System32/olepro32.dll\\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunWindowsUpdate -> Spyware.BrowserAid : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunWindowsUpdate\Active -> Spyware.BrowserAid : Cleaned with backup
HKLM\SOFTWARE\PerfectNav -> Spyware.KeenValue : Cleaned with backup
HKU\.DEFAULT\Software\WinTools -> Spyware.WebSearch : Cleaned with backup
HKU\S-1-5-21-718204237-473866232-3689853989-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959} -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-21-718204237-473866232-3689853989-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87766247-311C-43B4-8499-3D5FEC94A183} -> Spyware.HuntBar : Cleaned with backup
HKU\S-1-5-21-718204237-473866232-3689853989-1003\Software\{12EE7A5E-0674-42f9-A76B-000000004D00} -> Spyware.BrowserAid : Cleaned with backup
HKU\S-1-5-18\Software\WinTools -> Spyware.WebSearch : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ct73wcuu.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ct73wcuu.slt\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ct73wcuu.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ct73wcuu.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ct73wcuu.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ct73wcuu.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ct73wcuu.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ct73wcuu.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ct73wcuu.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ct73wcuu.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ct73wcuu.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\default\ct73wcuu.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Owner\Complete\225 Jamba Ring Tones.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\AceReader 4.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Adobe Audition 1.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Adobe Photoshop CS2 9.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Adobe Photoshop Revealed.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Adobe Reader 7.0.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Advanced Call Corder 3.6.0.181.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Age Of Empires III.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ahead DVD Ripper 1.3.5 Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Akvis Coloriage.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Aladdin.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Album Rammstein - Mein Teil.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Amigo Easy Video Converter 4.2.11.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Anime-exclusive.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Antenna Web Design Studio 2.6.0.120.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Apple Quicktime Pro 7.0.3.25.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\AptiQuiz 1.42c.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ashlee Simpson - I Am Me (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Axialis IconWorkshop 5.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\BallSwapper 1.05.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Black and White 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\BlueMountain Ripper 1.1.0.12.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\BMP ICO Converter 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Bob Brolly - Loves To Sing.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Britney Spears - .Baby One More Time.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Britney Spears - Someday I Will Understa.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\BubbleDiff 2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\CASE Studio 2.21.0.333.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Cash Printer 2.22.0272.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\CDMenuPro 4.00.09.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Cerberus FTP Server 2.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Charlie Musselwhite - Takin Care Of Busi.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Chessmaster 9000.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Classyvelvet (18).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Clipboard Box 2.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\ClipMate Ver 6.5.11.545.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\CloneDVD 2.4.5.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Clothesfree - round the world.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Colin McRae Rally 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Cucusoft AVI to VCDDVD Converter P.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Cyberlink PowerDVD 6.0.2023 CJL Deluxe.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\David Gray - Life In Slow Motion.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\DBPut Pro 3.1.234.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Dear Wendy.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Deep Evil.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Deep Freeze Enterprise 5.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Deep Freeze Professional 5.30.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Depeche Mode - Playing the Angel (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Deuce Bigalow European Gigolo.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\DFX Audio Enhancer 7.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Digital Physiognomy 1.303.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Disc4You CDRWIN 6.1.1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Download Acelerator Plus 7.4.0.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Dragon Naturally Speaking 8 Professional.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\DVD X COPY Platinum.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Easy Date Converter 7.66.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Easy DVD CD Burner.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\EditPlus 2.20.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\F.E.A.R.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\FIFA 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Flash Decompiler 2.0.0.231.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Fresh UI 7.44.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\GameJack 5.0.4.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Getaway.In.Athens.2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\GetRight 5.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Grand Theft Auto San Andreas.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Guide to Ethical Hacking.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Gwen Stefani - Love Angel Music Baby.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Hackers Outlaws and Angels.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\HDDLife Pro 2.5.74.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\HiDownload 6.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\High Impact Email Pro 3.2.212.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Hitman 3 Contracts.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Hot reality girl (18).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\How To Get Your Personal Copy of SPY SWE.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\HTMLRunExe 2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Husker Du - Zen Arcade.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\In Flames - Lunar Strain-Subterranean.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\In Flames - Soundtrack To Your Escape.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Internet Download Manager 4.07.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Internet ScreenSaver Builder 5.10.040901.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\IpInterceptor 2.1.9.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\ISO Commander 1.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Jaes pantyhose (18).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Jazz Jackrabbit.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Kingdom.Of.Heaven.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\LanFlow Net Diagrammer 4.19.1792.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Letter Chase Speed Reading Software 1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Light Alloy 3.3.5865.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Linkin Park Reanimation.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\LiteMail 2.41.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Live Without Dead Time - mixed by DJ S.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Macromedia Dreamweaver 8.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Macromedia Fireworks 8.0.0.777.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Macromedia pack 3 in 1 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Magic File Renamer 6.12.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Maple 10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Mario.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\MaxBulk Mailer 4.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\McAfee Desktop Firewall 8.5 Enterprise.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\McFunSoft Products.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\MedianSoft Joiner-Converter 2.7.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Microsoft Internet Explorer 7 Beta 1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Microsoft Windows Vista.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Mind Technologies Visual Mind 7.0.1.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\MOBILedit! 1.98.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Moby - 4 Albums.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Moffsoft Calculator 2.1.1.30.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Mojo Club Presents Dancefloor Jazz, Vol.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Motorhead- Overkill.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Movie DVD Maker 1.3.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\MS Office Pro 2003.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\MS Visual Studio .net 2003 Professional.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\MultiBlog 1.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\NBA Live 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Nero 6 &amp; 7 keygen Only Options.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Nero 7 Premium.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Nero 7.0 Premium.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Nero 7.0 Ultra.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Newsleecher 2.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Norton Ghost 10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Norton PartitionMagic 8.05.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Passware Kit 7.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\PCMedik 6.8.15.2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Perfect Ace 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Perfect Keylogger 1.6.0.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Photoshop Interface Assistant 2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\PodPlus 1.0.3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Popup Ad Stopper 9.80.01.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Prince of Persia.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Product Key Editor 1.0-change ANY Windo.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\ProgeCAD 2006 Professional.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Quake 4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Queen - Live at wembly.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\QuickTime Pro 6.5.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\RAM Saver Pro 4.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ranking Toolbox 4.0.4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Rapid IE 1.00.0082.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\RapidHarvest 1.0.0.3 with support for R.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Real Spy Monitor 2.39.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Registry Help Pro 1.11.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\remover.exe 1.005.0133.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Research Systems ENVI 4.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Restorator 2005 3.50.1442.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Rome Total War - Barbarian Invasion.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Sarah Brightman - Classics.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Scansoft OmniPage Pro 15.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Scorched Earth.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Sean Paul - The Trinity (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\SearchMaestro 1.1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Secret Chiefs 3 - Book of Horizons.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Serv-U 5.2.0.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Sky High.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Sorenson Squeeze Compression Suite 4.2.301.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Spanish Bird Sounds - 3 CD.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\SpeedUpMyPC 2.04.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Spyware Doctor 2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Spyware Doctor 3.2.1.359.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Steganos Hacker Tools 7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Stereophonics - Language Sex Violence.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Stevie Wonder - A Time To Love.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Sweet Little Piano 2.03.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\SXBandMaster 0.92.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Sygate Personal Firewall Pro 5.6.3311.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Symantec Norton AntiVirus 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Symantec Norton GoBack 4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Talking Translator Pro 1.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The 40-Year Old Virgin.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Transporter 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The Used - In Love and Death.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\The White Stripes - Get Behind Me Sata.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Tribute.To.The.Busted.Groups-X.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\TrueTTY 2.50.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\TweakNow PowerPack 2005 Pro 1.6.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Ulead Video Studio 8.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Unlocker 1.7.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VA - Blues For A Rotten Afternoon.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VA - Naked Lunch Soundtrack.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VA - Pioneer Summer Lounge (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Video Vault 3.0180.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VIP Organizer 1.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Visual Mind 7.0.16.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VMware Workstation 4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\VueScan Professional Edition 8.3.01.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Web Cache Illuminator 4.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Webroot Desktop FireWall 1.3.0.52.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Webroot Window Washer 6.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinAVI DVD Copy.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Windows Server 2003 6 in 1 SP1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinRAR 3.51 (final).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WinZip 9.0 SR1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Witcobber Super Video Converter 2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Wolfenstein 3D.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\WordWeb AIO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\XiliSoft AIO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\XoftSpy 3.44.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Complete\Your Uninstaller! 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@-1shz2prbmdj6wvny-1sez2pra2dj6wjlyehdzmeog-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1kdzilpgidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1mcpskpw6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1nczkeqasdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1sczwdpqudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1sdpslpwqdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@a-1shz2prbmdj6wvny-1sez2pra2dj6wjkoalazglpw-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@a-1shz2prbmdj6wvny-1sez2pra2dj6wjliklc5ebqa-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@a-1shz2prbmdj6wvny-1sez2pra2dj6wjliojdpwboq-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@a-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1mczeepqwdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@a-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1nczkeqasdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@a-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1ndjcbogydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@a-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1pdzkloawdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@a-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1sczwdpqudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@a-1shz2prbmdj6wvny-1sez2pra2dj6wjnychcpmaow-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@adbrite[1].txt -> Spyware.Cookie.Adbrite : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@clickthrough.wegcash[2].txt -> Spyware.Cookie.Wegcash : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfk4soc5eco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkiwidpwfq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkyoldzgap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfl4wlajicp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjk4aoczshp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjk4ejc5wco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjk4kgdjmcq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjk4qmdjilp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjk4sgajwdp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkoapdjocp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkysnajmkp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjl4chdpeap.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjliajdpkbp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjliokc5oeq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjloamczslo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlogkdzwkp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlokhczmgo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjloulcpaeo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlyaocpmfp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlycmd5mgo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlycpdjidp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlyghazwlp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjmykgczidp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnyahdzmlq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnyondpekq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnyqgcjwdp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnyqncpklp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnyuncpebo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnywjc5aep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@free.wegcash[1].txt -> Spyware.Cookie.Wegcash : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@hypertracker[1].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@microsofteup.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@programs.wegcash[2].txt -> Spyware.Cookie.Wegcash : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@sales.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@server.lon.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@track-star[2].txt -> Spyware.Cookie.Track-star : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@tradedoubler[2].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@vegasred[2].txt -> Spyware.Cookie.Vegasred : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@www.burstbeacon[2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@www.burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@www.epilot[1].txt -> Spyware.Cookie.Epilot : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@www.goldenpalace[1].txt -> Spyware.Cookie.Goldenpalace : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@www.myaffiliateprogram[2].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@www.vegasred[1].txt -> Spyware.Cookie.Vegasred : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wfk4koajgaqaidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wfk4kocpccpwmdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wfk4qhajidoaqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkocndjalqaqdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkoumd5ccpwidj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkyalcpaaoawdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkyancjkbpw2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkyehc5khpg6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkyepcpakpaudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkyoodpsdpwsdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkyqpdjsbqq6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkysmcjsbpaqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wfliamcpehpqqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wfliglczcbpgwdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wfliupdjobqqidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wfliwpc5gcpgqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4egdjagqqwdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4ekcjwlow2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4elcjslqqidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4kicjocqq6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4koczefoqydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4qpdjgdqq2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4slcpgapawdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4unazwfqawdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkoagcziboasdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkokgdzohoaudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkoogajsboqudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:

#6 slvnice

slvnice
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:37 PM

Posted 01 November 2005 - 05:24 PM

Hi again,

I did want to mention that I still have the problem that prompted me to do all of this work. At start up I have a folder that is opening. The folder is C:programfiles\windows, this file is empty but I am sure this is a sign of something very wrong. Also I have a F drive and in it I have a folder that has copied itself every morning at 6:05am. The file name is different every time but it's the same if you open it. There are two folders inside that are SP1 SP2. It has stopped copying itself. Is this SP2 for windows XP? It would seem to fit that when I finally installed SP2 it stopped copying itself. Is there a was that I can delete all of these files.


Thanks again

Steve

#7 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:37 PM

Posted 01 November 2005 - 05:27 PM

Hello,

It seems like you were dealing with the Alcan worm here as well. I'll let you download and use another fix afterwards to get rid of the leftovers.

First going to reply to your questions. :thumbsup:

Starting at the top of your instructions I see "TYPE=PICT;ALT=smile.gif" I hope this wasn't something I was supposed to do! Was this a link of a copy and paste?


That's because you copied and pasted my instructions. The "TYPE=PICT;ALT=smile.gif" are the smileys posted in my reply ==> :flowers:

The Program Popup Blocker was a free trial (misleading). It never gave any indication that I was as such! I installed it from Synergenticsoft.com , and now that I have ended the free trial I am getting a popup at start up trying to sell me the program.


Ok, as I thought... a dubious reputation as a goad to purchase.
So, go to start > control panel > software > add/remove programs and uninstall Popup Blocker.

Reboot afterwards.

After reboot...

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:

O4 - HKCU\..\Run: [Pop up Blocker] "C:\Program Files\Pop up Blocker\pd.exe" Minimize
O9 - Extra button: PD - {73AF1D3B-4193-4EB3-B858-DA23A076F188} - C:\Program Files\Pop up Blocker\pd.exe
O16 - DPF: {379ED9F7-513C-11D1-840F-832E59556609} (SiteMenuCtrl Class) - http://www.grand-marnier.com/gmv2/download/sitemenu.dll


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Download Brute Force Uninstaller.
Unzip it to a folder of itís own (c:\BFU).
Read here how to unzip/extract properly:
http://metallica.geekstogo.com/xpcompressedexplanation.html
Start the Brute Force Uninstaller by doubleclicking BFU.exe

Next to the 'scriptfile to execute'-window you'll see a little icon as shown in next picture: Posted Image
When you click that icon, a little window will open that says: 'Please enter the full URL to the sript you want to execute'
In the field, copy and paste next URL:

http://metallica.geekstogo.com/p2pnetwork.bfu

Click Ok
Then click execute in Brute Force Uninstaller.

Wait for the complete script execution box to popup and press OK.
Press exit to terminate the BFU program.

I still have my doubts about C:\WINNT\System32\cwm.exe
Because it was present in a previous hijackthislog in your processes.
You couldn't find it, but I'm pretty sure it is still present, so let's take a better look and perform next:

Please set your system to show all files.
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Then, Go to start > run and copy and paste next command in the field:

EXPLORER.EXE /select, C:\WINNT\System32\cwm.exe

Click OK

Your explorer will open.
If the file is still present, it will automatically highlight/select cwm.exe in your explorer.
If nothing is selected, then most probably that file is indeed gone.
If it is there, delete it.

Let me know afterwards in your next reply and post a new hijackthislog as well.
Also let me know how things are running after performing my steps above.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:37 PM

Posted 01 November 2005 - 05:40 PM

I did want to mention that I still have the problem that prompted me to do all of this work. At start up I have a folder that is opening. The folder is C:programfiles\windows, this file is empty but I am sure this is a sign of something very wrong. Also I have a F drive and in it I have a folder that has copied itself every morning at 6:05am. The file name is different every time but it's the same if you open it. There are two folders inside that are SP1 SP2. It has stopped copying itself. Is this SP2 for windows XP? It would seem to fit that when I finally installed SP2 it stopped copying itself. Is there a was that I can delete all of these files.


Leave that for now, it's most possibly related with your updates. We'll see afterwards.
Also, Did you overinstall XP over a Win2000 installation? Because C:\WINNT is normally for Windows 2000
Maybe because of that, something went corrupted in the registry what causes that folder in your Program Files opening after reboot.
We'll take a look at that issue later. Let's deal with malware first. :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:37 PM

Posted 10 November 2005 - 10:52 AM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users