followed your steps with spybot and ad aware and this is the results from adaware
Ad-Aware SE Build 1.06r1
Logfile Created on:15 December 2005 23:11:32
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R80 14.12.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie(TAC index:3):3 total references
UKVideo2 Dialer(TAC index:5):4 total references
Win32.Dluca.TrojanDownloader(TAC index:6):10 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
15/12/2005 23:11:32 - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 572
ThreadCreationTime : 15/12/2005 20:24:27
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 1000
ThreadCreationTime : 15/12/2005 20:24:29
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 1024
ThreadCreationTime : 15/12/2005 20:24:30
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1068
ThreadCreationTime : 15/12/2005 20:24:30
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1080
ThreadCreationTime : 15/12/2005 20:24:30
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1224
ThreadCreationTime : 15/12/2005 20:24:31
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1272
ThreadCreationTime : 15/12/2005 20:24:31
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1312
ThreadCreationTime : 15/12/2005 20:24:31
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [fws.exe]
FilePath : C:\Program Files\blueyonder\PCguard\
ProcessID : 1344
ThreadCreationTime : 15/12/2005 20:24:31
BasePriority : Normal
FileVersion : 5.2.0.45215
ProductVersion : 5.2.0.45215
ProductName : Radialpoint Security Services 5.2.0
CompanyName : Radialpoint Inc.
FileDescription : Radialpoint 5.2.0
InternalName : Radialpoint Client
LegalCopyright : Copyright (C) 2002-2005
LegalTrademarks : Radialpoint Inc.
OriginalFilename : Freedom.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1456
ThreadCreationTime : 15/12/2005 20:24:32
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1564
ThreadCreationTime : 15/12/2005 20:24:33
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:12 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1996
ThreadCreationTime : 15/12/2005 20:24:38
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:13 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2032
ThreadCreationTime : 15/12/2005 20:24:38
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:14 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 440
ThreadCreationTime : 15/12/2005 20:24:39
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
#:15 [fxssvc.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 496
ThreadCreationTime : 15/12/2005 20:24:39
BasePriority : Normal
FileVersion : 5.2.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.2.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Fax Service
InternalName : FXSSVC.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : FXSSVC.EXE
#:16 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 608
ThreadCreationTime : 15/12/2005 20:24:40
BasePriority : Normal
FileVersion : 5.0.0.35
ProductVersion : 5.0.0.35
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2005 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe
#:17 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 640
ThreadCreationTime : 15/12/2005 20:24:40
BasePriority : Normal
FileVersion : 7.0.2
ProductVersion : QuickTime 7.0.2
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
FileDescription : QuickTime Task
InternalName : QuickTime Task
LegalCopyright : Copyright Apple Computer, Inc. 1989-2005
OriginalFilename : QTTask.exe
#:18 [mdnsresponder.exe]
FilePath : C:\Program Files\Bonjour\
ProcessID : 680
ThreadCreationTime : 15/12/2005 20:24:40
BasePriority : Normal
FileVersion : 1,0,1,2
ProductVersion : 1,0,1,2
ProductName : Bonjour
CompanyName : Apple Computer, Inc.
FileDescription : Bonjour Service
InternalName : mDNSResponder.exe
LegalCopyright : Copyright (C) 2003-2005 Apple Computer, Inc.
OriginalFilename : mDNSResponder.exe
#:19 [msqsrc.exe]
FilePath : C:\program files\common files\system\
ProcessID : 688
ThreadCreationTime : 15/12/2005 20:24:40
BasePriority : Normal
FileVersion : 3, 0, 0, 33
ProductVersion : 3, 0, 0, 33
#:20 [rps.exe]
FilePath : C:\Program Files\blueyonder\PCguard\
ProcessID : 704
ThreadCreationTime : 15/12/2005 20:24:40
BasePriority : Normal
FileVersion : 5.2.0.45215
ProductVersion : 5.2.0.45215
ProductName : PCguard
CompanyName : blueyonder
FileDescription : PCguard
InternalName : Radialpoint Client
LegalCopyright : Copyright (C) 2002-2005
LegalTrademarks : Radialpoint Inc.
OriginalFilename : Freedom.exe
#:21 [wlancfg5.exe]
FilePath : C:\Program Files\NETGEAR\WG511v2\
ProcessID : 940
ThreadCreationTime : 15/12/2005 20:24:41
BasePriority : Normal
FileVersion : 3, 1, 4, 300
ProductVersion : 1, 0, 0, 1
ProductName : NetgearCUv2 Application
FileDescription : NetgearCUv2 MFC Application
InternalName : NETGEAR WG511v2 Smart Configuration
LegalCopyright : Copyright (C) 2003
OriginalFilename : NetgearCUv2.EXE
#:22 [mpbtn.exe]
FilePath : C:\Program Files\blueyonder IST\bin\
ProcessID : 1528
ThreadCreationTime : 15/12/2005 20:24:42
BasePriority : Normal
FileVersion : 5.0.2.4.asst_classic.asst_mpbtn.20020806_105000
ProductVersion : 5.0.2.4.asst_classic.asst_mpbtn
ProductName : Motive System
CompanyName : Motive Communications, Inc.
FileDescription : Motive Chorus System Tray Button
InternalName : mpbtn
LegalCopyright : Copyright 1998, 1999, 2000
OriginalFilename : mpbtn
#:23 [wscntfy.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1416
ThreadCreationTime : 15/12/2005 20:24:42
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Security Center Notification App
InternalName : wscntfy.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wscntfy.exe
#:24 [ymsgr_tray.exe]
FilePath : C:\Program Files\Yahoo!\Messenger\
ProcessID : 1908
ThreadCreationTime : 15/12/2005 20:24:44
BasePriority : Normal
#:25 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 768
ThreadCreationTime : 15/12/2005 20:24:46
BasePriority : Normal
FileVersion : 5.0.0.35
ProductVersion : 5.0.0.35
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2005 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe
#:26 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 924
ThreadCreationTime : 15/12/2005 20:24:46
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:27 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 3492
ThreadCreationTime : 15/12/2005 20:27:28
BasePriority : Normal
FileVersion : 7.5.0311
ProductVersion : 7.5.0311
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright (c) Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe
#:28 [dvpapi.exe]
FilePath : C:\Program Files\Common Files\Command Software\
ProcessID : 2524
ThreadCreationTime : 15/12/2005 20:28:07
BasePriority : Normal
#:29 [rsvp.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3628
ThreadCreationTime : 15/12/2005 20:59:30
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Microsoft RSVP
InternalName : rsvp.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : rsvp.exe
#:30 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2868
ThreadCreationTime : 15/12/2005 22:55:58
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
UKVideo2 Dialer Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3937741838-1488971740-154504494-1005\software\video1\dialers
Win32.Dluca.TrojanDownloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3937741838-1488971740-154504494-1005\software\infosoft\qsearch
Win32.Dluca.TrojanDownloader Object Recognized!
Type : RegValue
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3937741838-1488971740-154504494-1005\software\infosoft\qsearch
Value : CCINFO
Win32.Dluca.TrojanDownloader Object Recognized!
Type : RegValue
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3937741838-1488971740-154504494-1005\software\infosoft\qsearch
Value : LastWNK
Win32.Dluca.TrojanDownloader Object Recognized!
Type : RegValue
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3937741838-1488971740-154504494-1005\software\infosoft\qsearch
Value : DaytimeDocID
Win32.Dluca.TrojanDownloader Object Recognized!
Type : RegValue
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3937741838-1488971740-154504494-1005\software\infosoft\qsearch
Value : DaytimeDocTime
Win32.Dluca.TrojanDownloader Object Recognized!
Type : RegValue
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3937741838-1488971740-154504494-1005\software\infosoft\qsearch
Value : GetInfoRetryCounter
Win32.Dluca.TrojanDownloader Object Recognized!
Type : RegValue
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3937741838-1488971740-154504494-1005\software\infosoft\qsearch
Value : DocID
Win32.Dluca.TrojanDownloader Object Recognized!
Type : RegValue
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3937741838-1488971740-154504494-1005\software\infosoft\qsearch
Value : DocTime
Win32.Dluca.TrojanDownloader Object Recognized!
Type : RegValue
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3937741838-1488971740-154504494-1005\software\infosoft\qsearch
Value : GetIDRetryCounter
UKVideo2 Dialer Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\video1\dialers
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 11
Objects found so far: 11
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 11
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@server.iad.liveperson[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:user@server.iad.liveperson.net/
Expires : 15/12/2006 22:00:20
LastSync : Hits:3
UseCount : 0
Hits : 3
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@adtech[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:user@adtech.de/
Expires : 13/12/2015 21:46:34
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : user@servedby.netshelter[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:user@servedby.netshelter.net/
Expires : 22/12/2005 21:30:34
LastSync : Hits:4
UseCount : 0
Hits : 4
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 14
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 14
Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 14
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 14
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
UKVideo2 Dialer Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\video1
UKVideo2 Dialer Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\video1
Win32.Dluca.TrojanDownloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 6
Category : Data Miner
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\infosoft
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 17
23:18:23 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:06:51.321
Objects scanned:115349
Objects identified:17
Objects ignored:0
New critical objects:17