BleepingComputer.com: My Hjt Log, Please Review.

Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

My Hjt Log, Please Review. running slow and freezing up!

#1 User is offline   Daisydux 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 2
  • Joined: 31-October 05

Posted 31 October 2005 - 07:34 PM

Hello,would like someone to tell me what needs to go......p.c is freezing up and alot of partypoker adds everywhere?? I ran ccleaner,spybot ,ad-aware and trend micro-found and deleted TVmedia.Dr and Zapchast.J . but still having same problems. Thank you very much, Daisydux




my log

Logfile of HijackThis v1.99.1
Scan saved at 7:18:59 PM, on 10/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\WINDOWS\ctfmon.exe
C:\HijackThis\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rd.yahoo.com/customize/ymsgr/defaul...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/ymsgr/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/ymsgr/defaul...://my.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8080
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [Registry Defender] "C:\Program Files\Registry Defender Trial\RegClean.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\ctfmon.exe
O4 - HKCU\..\Run: [ctfmon] C:\WINDOWS\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://chat.msn.com
O16 - DPF: Aces Up! by pogo - http://game3.pogo.com/applet-6.0.3.35/aces...s-ob-assets.cab
O16 - DPF: EZ Win Bingo by pogo - http://bingoe.pogo.com/applet-6.0.3.35/bin...e-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://game3.pogo.com/applet-6.0.4.31/soli...2-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.2.1.34/supe...o-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.2.1.34/harv...t-ob-assets.cab
O16 - DPF: Hearts by pogo - http://hearts.pogo.com/applet-6.0.3.35/hea...s-ob-assets.cab
O16 - DPF: High Stakes Pool by pogo - http://game4.pogo.com/applet-6.0.4.31/pool...l-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet-6.0.3.35/gin/gin-ob-assets.cab
O16 - DPF: LearnKey LTF Applet - file://C:\WINDOWS\system32\lktest.cab
O16 - DPF: Mah Jong Garden by pogo - http://game4.pogo.com/applet-6.0.3.35/mahj...g-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://waterwheel.pogo.com/applet-6.0.3.35...l-ob-assets.cab
O16 - DPF: Pirate's Gold by pogo - http://swashbucks.pogo.com/applet-6.0.4.37...d-ob-assets.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.2.1.34/popp...2-ob-assets.cab
O16 - DPF: Poppit TM by pogo - http://game5.pogo.com/applet-6.0.4.31/popp...t-ob-assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.2.1.27/spid...r-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://sweettooth.pogo.com/applet-6.0.3.35...h-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game4.pogo.com/applet-6.0.4.31/hold...m-ob-assets.cab
O16 - DPF: WordJong by pogo - http://wordjong.pogo.com/applet-6.0.4.31/w...g-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://game4.pogo.com/applet-6.0.3.35/worl...s-ob-assets.cab
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.scd.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB
O16 - DPF: {9BB641DB-045B-42B4-BAE2-CBAAD66B0CC4} (Spotlife Composer) - http://yahoo.spotlife.net/install/composer...19/SLCmpser.cab
O16 - DPF: {9E6C7461-FE4A-41A9-9D35-7468796CF9E7} (AVXControl Class) - http://threatlevel.pcsecurityshield.com/control/avxnew.dll
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/...ymmapi_0727.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://fun.gamesville.lycos.com/blockdot/popcaploader_v6.cab
O16 - DPF: {FE92CB1A-9719-4206-8E7D-BFD4C0169A25} (XClient Class) - http://chat.cuteandsingle.com/downloads-cgi-bin/achat.cab
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#2 User is offline   Mat2 

  • Malware Fighter
  • PipPipPipPip
  • Find Topics
  • Group: Members
  • Posts: 374
  • Joined: 25-September 05
  • Gender:Male
  • Location:Derbyshire, UK

Posted 03 November 2005 - 12:05 PM

Posted Image

Welcome to the forum. I am checking your log now and will return as soon as I have researched all the items.

While we are working together, please ....
  • Reply to this thread. Do not start a new topic.
  • If you are unsure of what to do, stop and ask! Don't keep going on.
  • Be patient. HijackThis logs take some time to research.

Please note the following:
  • I will be working on your Malware issues: This may or may not, solve other issues you may have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine is clear. (Absence of symptoms does not mean that everything is clear.)
  • The process may take considerable time.

Mat2



Posted Image

#3 User is offline   Mat2 

  • Malware Fighter
  • PipPipPipPip
  • Find Topics
  • Group: Members
  • Posts: 374
  • Joined: 25-September 05
  • Gender:Male
  • Location:Derbyshire, UK

Posted 03 November 2005 - 01:40 PM

Hi

You may want to print out these instructions or save them as a text file with Notepad to your desktop for easy reference. Read this instructions carefully and feel free to ask if you're unsure about something

====================
You will need to unhinde some system files as follow:
  • Click Start
  • Open My Computer
  • Select the Tools menu and click Folder Options
  • Select the View Tab
  • Under the Hidden files and folders heading select Show hidden files and folders
  • Uncheck the Hide protected operating system files (recommended) option
  • Click Yes to confirm
  • Click OK
====================

We need to disable your Microsoft AntiSpyware Real-time Protection as it may interfere with the fixes that we need to make.

Open Microsoft AntiSpyware.
Click on Options, Settings.
In the left pane, click on Real-time Protection.
Under Startup Options uncheck Enable the Microsoft AntiSpyware Security Agents on startup (recommended).
Under Real-time spyware threat protection uncheck Enable real-time spyware threat protection (recommended).
After you uncheck these, click on the Save button and close Microsoft AntiSpyware.

Right click on the Microsoft AntiSpyware icon on the taskbar and select Shutdown Microsoft AntiSpyware.

=================

Please download Ewido Security Suite, it is a free version of the program.
  • Install ewido security suite
  • When installing the program, under "Additonal Options" uncheck...
    • Install background guard
    • Install scan via context menu

  • Launch ewido, there should now be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files:
    • On the left hand side of the main screen click update.
    • Then click on Start Update.

  • The update will start and a progress bar will show the updates being installed.
          (the status bar at the bottom will display "Update successful")
  • Close Ewido Security Suite
If you are having problems with the updater, you can use this link to manually update ewido.
Ewido manual updates
 
Once the updates are installed, do the following:
  • Reboot computer into "Safe Mode" using the "F8" method...
    • As soon as the BIOS is loaded begin tapping the F8 key until the Boot Menu appears
    • Use the arrow keys to select the Safe Mode menu item

  • Once in Safe Mode start Ewido Security Suite
  • Click on scanner. (Note: Do not start any programs or open any windows while Ewido is scanning)
  • Click on Complete System Scan, the scan will now begin.
  • While the scan is in progress you will be promted to clean files, click OK.
  • When it asks if you want to clean the first file, put a checkmark in the lower left corner of the box that says "Perform action on all infections", then choose clean and click OK.
  • Once the scan has completed, there will be a button located at the bottom of the screen named Save Report.
  • Click Save Report.
  • Now save the report .txt file to your desktop.
  • Close Ewido Security Suite
===============

Run HiJackThis then:

1. Click "Config..."
2. Click "Misc Tools"
3. Click "Open Process manager"

Next, while holding down the CTRL key, locate (if present) and click on (highlight) each of the following:

C:\WINDOWS\ctfmon.exe

Now double-check and make sure that only those item(s) above are highlighted, then click "Kill process". Now, click "Refresh", check again, and repeat this step if any remain.

===============

Run HiJackThis and click "Scan", then check(tick) the following, if present:

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\ctfmon.exe
O4 - HKCU\..\Run: [ctfmon] C:\WINDOWS\ctfmon.exe
O16 - DPF: {9E6C7461-FE4A-41A9-9D35-7468796CF9E7} (AVXControl Class) - http://threatlevel.pcsecurityshield.com/control/avxnew.dll

Now, with all windows closed except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders:

files...

C:\WINDOWS\ctfmon.exe

Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them from "Safe Mode".

===============

Post back a new log & Ewido log, and let me know how everything goes.
Mat2



Posted Image

#4 User is offline   Daisydux 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 2
  • Joined: 31-October 05

Posted 04 November 2005 - 06:38 PM

hello again, That seems to have fixed it! My p.c is running much better and the sites I visit are running normal again. Thank you very much for all your help. Here are my knew logs,please inform me if anything else needs to go.



Logfile of HijackThis v1.99.1
Scan saved at 6:27:39 PM, on 11/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HijackThis\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rd.yahoo.com/customize/ymsgr/defaul...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/ymsgr/defaul...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/ymsgr/defaul...://my.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8080
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [Registry Defender] "C:\Program Files\Registry Defender Trial\RegClean.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://chat.msn.com
O16 - DPF: Aces Up! by pogo - http://game3.pogo.com/applet-6.0.3.35/aces...s-ob-assets.cab
O16 - DPF: EZ Win Bingo by pogo - http://bingoe.pogo.com/applet-6.0.3.35/bin...e-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://game3.pogo.com/applet-6.0.4.31/soli...2-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.2.1.34/supe...o-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.2.1.34/harv...t-ob-assets.cab
O16 - DPF: Hearts by pogo - http://hearts.pogo.com/applet-6.0.3.35/hea...s-ob-assets.cab
O16 - DPF: High Stakes Pool by pogo - http://game4.pogo.com/applet-6.0.4.31/pool...l-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet-6.0.3.35/gin/gin-ob-assets.cab
O16 - DPF: LearnKey LTF Applet - file://C:\WINDOWS\system32\lktest.cab
O16 - DPF: Mah Jong Garden by pogo - http://game4.pogo.com/applet-6.0.3.35/mahj...g-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://waterwheel.pogo.com/applet-6.0.3.35...l-ob-assets.cab
O16 - DPF: Pirate's Gold by pogo - http://swashbucks.pogo.com/applet-6.0.4.37...d-ob-assets.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.2.1.34/popp...2-ob-assets.cab
O16 - DPF: Poppit TM by pogo - http://game5.pogo.com/applet-6.0.4.31/popp...t-ob-assets.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.2.1.27/spid...r-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://sweettooth.pogo.com/applet-6.0.3.35...h-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game4.pogo.com/applet-6.0.4.31/hold...m-ob-assets.cab
O16 - DPF: WordJong by pogo - http://wordjong.pogo.com/applet-6.0.4.31/w...g-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://game4.pogo.com/applet-6.0.3.35/worl...s-ob-assets.cab
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/games/clients/y/xt0_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.scd.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.com/fixes/PROFILER.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9BB641DB-045B-42B4-BAE2-CBAAD66B0CC4} (Spotlife Composer) - http://yahoo.spotlife.net/install/composer...19/SLCmpser.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/...ymmapi_0727.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://fun.gamesville.lycos.com/blockdot/popcaploader_v6.cab
O16 - DPF: {FE92CB1A-9719-4206-8E7D-BFD4C0169A25} (XClient Class) - http://chat.cuteandsingle.com/downloads-cgi-bin/achat.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



and Ewido, I CANT BELIEVE ALL IT FOUND AND DELETED!

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 5:24:22 AM, 11/4/2005
+ Report-Checksum: 4273948

+ Scan result:

HKLM\SOFTWARE\Altnet -> Spyware.Altnet : Error during cleaning
HKLM\SOFTWARE\Altnet\Dashboard -> Spyware.Altnet : Error during cleaning
HKLM\SOFTWARE\Altnet\Dashboard\Messages -> Spyware.Altnet : Error during cleaning
HKLM\SOFTWARE\Classes\CLSID\{9F95F736-0F62-4214-A4B4-CAA6738D4C07} -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{1A8BBF6D-E27B-4E5D-8FA6-B2C56B2B3B86} -> Spyware.iLookup : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{49DB48FF-02B5-4645-B676-94A4DF1AA026} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{49DB48FF-02B5-4645-B676-94A4DF1AA026}\Forward\\ -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C285D18D-43A2-4AEF-83FB-BF280E660A97} -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{D309267C-4699-4E70-B09E-B50B674493FA} -> Spyware.iLookup : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{D65377CD-5BA2-4108-B670-D2565DE0FB69} -> Spyware.iLookup : Cleaned with backup
HKLM\SOFTWARE\Classes\OpenSite.CBrowserHelper\Clsid\\ -> Spyware.OpenSite : Cleaned with backup
HKLM\SOFTWARE\Classes\PopOops2.PopOops -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\PopOops2.PopOops\Clsid -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\PopOops2.PopOops\Clsid\\ -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\RunMSC.Loader\CLSID\\ -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Classes\RunMSC.Loader.1\CLSID\\ -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Classes\SWLAD1.SWLAD -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\SWLAD1.SWLAD\Clsid -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\TopSearch.TSLink -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\TopSearch.TSLink\CLSID -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\TopSearch.TSLink\CurVer -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\TopSearch.TSLink.1 -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/aj8sml3fo_.exe\\.Owner -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/aj8sml3fo_.exe\\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7} -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/BM.dll\\.Owner -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/BM.dll\\{DDFFA75A-E81D-4454-89FC-B9FD0631E726} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/BM.dll\\.Owner -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/BM.dll\\{DDFFA75A-E81D-4454-89FC-B9FD0631E726} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/h63v2629j_.exe\\.Owner -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/h63v2629j_.exe\\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7} -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/h63v2629j_.ini\\.Owner -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/h63v2629j_.ini\\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7} -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/lcp4q80t9_.dll\\.Owner -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/lcp4q80t9_.dll\\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7} -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/loader2.ocx\\{79849612-A98F-45B8-95E9-4D13C7B6B35C} -> Spyware.Crazywinnings : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/loader4.ocx\\.Owner -> Spyware.Crazywinnings : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/loader4.ocx\\{79849612-A98F-45B8-95E9-4D13C7B6B35C} -> Spyware.Crazywinnings : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/QDow.dll\\.Owner -> Spyware.HuntBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/QDow.dll\\{26E8361F-BCE7-4F75-A347-98C88B418322} -> Spyware.HuntBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/tl4000.dll\\.Owner -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/tl4000.dll\\{C1C2AC28-5E4B-4228-B7A0-05E986FFCE14} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/uu1en13ec_.exe\\.Owner -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/uu1en13ec_.exe\\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7} -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/uu1en13ec_.ini\\.Owner -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/uu1en13ec_.ini\\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7} -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WEBInstaller.dll\\.Owner -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WEBInstaller.dll\\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7} -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/websetup.ini\\.Owner -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/websetup.ini\\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7} -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/ASYCFILT.DLL\\{1FDEC088-A699-46FE-BF76-D5FD6DAE6150} -> Spyware.UCmore : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/bmeb.dll\\.Owner -> Spyware.i-Lookup : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/bmeb.dll\\{D35A69A7-7A34-4C67-814A-3F508C0BF371} -> Spyware.i-Lookup : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/COMCAT.DLL\\{1FDEC088-A699-46FE-BF76-D5FD6DAE6150} -> Spyware.UCmore : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/mfc42.dll\\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7} -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mmview_ic.dll\\.Owner -> Spyware.FavoriteMan : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mmview_ic.dll\\{EBBD88E5-C372-469D-B4C5-1FE00352AB9B} -> Spyware.FavoriteMan : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/MSINET.OCX\\{1FDEC088-A699-46FE-BF76-D5FD6DAE6150} -> Spyware.UCmore : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/msvbvm60.dll\\{1FDEC088-A699-46FE-BF76-D5FD6DAE6150} -> Spyware.UCmore : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/msvcrt.dll\\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7} -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/objsafe.tlb\\.Owner -> Spyware.Roimoi : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/objsafe.tlb\\{E0CE16CB-741C-4B24-8D04-A817856E07F4} -> Spyware.Roimoi : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/OLEAUT32.DLL\\{1FDEC088-A699-46FE-BF76-D5FD6DAE6150} -> Spyware.UCmore : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/OLEPRO32.DLL\\{1FDEC088-A699-46FE-BF76-D5FD6DAE6150} -> Spyware.UCmore : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/OLEPRO32.DLL\\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7} -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/STDOLE2.TLB\\{1FDEC088-A699-46FE-BF76-D5FD6DAE6150} -> Spyware.UCmore : Cleaned with backup
HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\bmeb -> Spyware.iLookup : Cleaned with backup
HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\bmeb\assoc2 -> Spyware.iLookup : Cleaned with backup
HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\bmeb\kws -> Spyware.iLookup : Cleaned with backup
HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\bmeb\sit -> Spyware.iLookup : Cleaned with backup
HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\bmeb\size -> Spyware.iLookup : Cleaned with backup
HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Bundles -> Spyware.SecondThought : Cleaned with backup
HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000EF1-0786-4633-87C6-1AA7A44296DA} -> Spyware.FavoriteMan : Cleaned with backup
HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{002EB272-2590-4693-B166-FBD5D9B6FEA6} -> Spyware.MultiMPP : Cleaned with backup
HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00320615-B6C2-40A6-8F99-F1C52D674FAD} -> Spyware.Transponder : Cleaned with backup
HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} -> Spyware.MyWebSearch : Cleaned with backup
HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{014DA6C9-189F-421A-88CD-07CFE51CFF10} -> Spyware.MySearch : Cleaned with backup
HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} -> Spyware.PeopleOnPage : Cleaned with backup
HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01F44A8A-8C97-4325-A378-76E68DC4AB2E} -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02FFC86E-283E-4FAA-95D6-ADDCA024F30A} -> Spyware.180Solutions : Cleaned with backup
HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{13197ACE-6851-45C3-A7FF-C281324D5489} -> Spyware.2nsSearch : Cleaned with backup
HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -> Spyware.PopularScreensavers : Cleaned with backup
HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{269B6797-664E-48AA-B283-B012BDF6E525} -> Spyware.eUniverse : Cleaned with backup
HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30A56549-9D5B-4D34-AFA7-440A7F0538A9} -> Spyware.OpenSite : Cleaned with backup
HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6} -> Spyware.E2Give : Cleaned with backup
HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Spyware.NewDotNet : Cleaned with backup
HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-C0FF-FA7FB592BF30} -> Spyware.MegaSearch : Cleaned with backup
HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-DCF7-F96DA086B434} -> Spyware.MyWebSearch : Cleaned with backup
HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{79849612-A98F-45B8-95E9-4D13C7B6B35C} -> Spyware.Crazywinnings : Cleaned with backup
HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7} -> Spyware.CashBack : Cleaned with backup
HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C900B400-CDFE-11D3-976A-00E02913A9E0} -> Spyware.Webhancer : Cleaned with backup
HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE188402-6EE7-4022-8868-AB25173A3E14} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E0CE16CB-741C-4B24-8D04-A817856E07F4} -> Spyware.Roimoi : Cleaned with backup
HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBBD88E5-C372-469D-B4C5-1FE00352AB9B} -> Spyware.FavoriteMan : Cleaned with backup
HKU\S-1-5-21-1180395095-4025279379-689279713-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
C:\Documents and Settings\Amanda\Cookies\amanda@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Amanda\Cookies\amanda@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Amanda\Cookies\amanda@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Amanda\Cookies\amanda@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Amanda\Cookies\amanda@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Amanda\Cookies\amanda@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Amanda\Cookies\amanda@as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Amanda\Cookies\amanda@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Amanda\Cookies\amanda@bfast[1].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\Amanda\Cookies\amanda@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Amanda\Cookies\amanda@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Amanda\Cookies\amanda@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Amanda\Cookies\amanda@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Amanda\Cookies\amanda@counter2.hitslink[2].txt -> Spyware.Cookie.Hitslink : Cleaned with backup
C:\Documents and Settings\Amanda\Cookies\amanda@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Amanda\Cookies\amanda@edge.ru4[1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Amanda\Cookies\amanda@ehg-buyseasons.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Amanda\Cookies\amanda@ehg-dig.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Amanda\Cookies\amanda@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Amanda\Cookies\amanda@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Amanda\Cookies\amanda@hypertracker[1].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\Amanda\Cookies\amanda@linksynergy[1].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\Amanda\Cookies\amanda@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Amanda\Cookies\amanda@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Amanda\Cookies\amanda@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Amanda\Cookies\amanda@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Amanda\Cookies\amanda@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Amanda\Cookies\amanda@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Amanda\Cookies\amanda@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Amanda\Cookies\amanda@valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Amanda\Cookies\amanda@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Amanda\Local Settings\Temp\Cookies\amanda@a.tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Amanda\Local Settings\Temp\Cookies\amanda@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Amanda\Local Settings\Temp\Cookies\amanda@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Amanda\Local Settings\Temporary Internet Files\Content.IE5\1D89MB0D\mm[2].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\Howard\Cookies\howard@112.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Howard\Cookies\howard@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Howard\Cookies\howard@cbs.112.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Howard\Cookies\howard@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Kelly Sue.KELLY\Cookies\kelly sue@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Kelly Sue.KELLY\Cookies\kelly sue@com[1].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Kelly Sue.KELLY\Cookies\kelly sue@rotator.adjuggler[2].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Kelly Sue.KELLY\Cookies\kelly sue@statcounter[2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Kelly Sue.KELLY\Cookies\kelly sue@www.myaffiliateprogram[2].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Kelly Sue.KELLY\Cookies\kelly sue@www2.enigmasoftwaregroup[1].txt -> Spyware.Cookie.Enigmasoftwaregroup : Cleaned with backup
C:\Documents and Settings\Kelly Sue.KELLY\Cookies\kelly sue@yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Kelly Sue.KELLY\Local Settings\Temp\winlogon.exe -> TrojanSpy.VB.fc : Cleaned with backup
C:\Documents and Settings\Sara\Cookies\sara@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Sara\Cookies\sara@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Sara\Cookies\sara@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Sara\Cookies\sara@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Sara\Cookies\sara@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Sara\Cookies\sara@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Sara\Cookies\sara@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Sara\Cookies\sara@bfast[1].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\Sara\Cookies\sara@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Sara\Cookies\sara@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Sara\Cookies\sara@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Sara\Cookies\sara@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Sara\Cookies\sara@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Sara\Cookies\sara@ehg-dig.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Sara\Cookies\sara@ehg.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Sara\Cookies\sara@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Sara\Cookies\sara@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Sara\Cookies\sara@mediaplex[2].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Sara\Cookies\sara@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Sara\Cookies\sara@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Sara\Cookies\sara@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Sara\Cookies\sara@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Sara\Cookies\sara@server.iad.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Sara\Cookies\sara@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Sara\Cookies\sara@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Sara\Cookies\sara@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Sara\Cookies\sara@valueclick[2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Sara\Cookies\sara@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Sara\Cookies\sara@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Program Files\1 Nutty Santa Screen Saver 2.5\WUSVInst.exe/Save.exe -> Adware.SaveNow : Cleaned with backup
C:\Program Files\1 Nutty Santa Screen Saver 2.5\WUSVInst.exe/SaveUninst.exe -> Adware.SaveNow : Cleaned with backup
C:\Program Files\1 Nutty Santa Screen Saver 2.5\WUSVInst.exe/Save.exe -> Adware.SaveNow : Cleaned with backup
C:\Program Files\1 Nutty Santa Screen Saver 2.5\WUSVInst.exe/SaveUninst.exe -> Adware.SaveNow : Cleaned with backup
C:\Program Files\Screensavers.com\Installer\bin\ScreensaversInst.dll -> Spyware.Comet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\20041214071007.zip/WINDOWS/NDNuninstall4_80.exe -> Spyware.NewDotNet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\20041214071007.zip/WINDOWS/NDNuninstall5_20.exe -> Spyware.NewDotNet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\20041214071007.zip/WINDOWS/NDNuninstall5_40.exe -> Spyware.NewDotNet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\20041223192511.zip/WINDOWS/NDNuninstall6_38.exe -> Spyware.NewDotNet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\20041223192511.zip/Program Files/newdot~1/newdotnet6_38.dll -> Spyware.NewDotNet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\20041223192511.zip/Program Files/newdotnet/newdotnet6_38.to_be_deleted -> Spyware.NewDotNet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\20041223192511.zip/Program Files/newdotnet/uninstall6_38.exe -> Spyware.NewDotNet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\20041223192511.zip/Program Files/newdotnet/newdotnet6_38.to_be_deleted_x -> Spyware.NewDotNet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\20041223192511.zip/Program Files/newdot~1/newdotnet6_38.to_be_deleted -> Spyware.NewDotNet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3D.tmp -> Spyware.VirtualBouncer : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq41.tmp -> Spyware.Cookie.Cj : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq49.tmp -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4A.tmp -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4B.tmp -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq50.tmp -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq52.tmp -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq53.tmp -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq54.tmp -> Spyware.Cookie.Com : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq55.tmp -> Spyware.Cookie.Euniverseads : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5A.tmp -> TrojanDownloader.Rameh.c : Cleaned with backup
C:\RECYCLER\S-1-5-21-1180395095-4025279379-689279713-1006\Dc3\backups\backup-20041030-133712-796.dll -> Not-A-Virus.PornWare.PopCap.b : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP335\A0043290.exe -> Spyware.Monker : Cleaned with backup
C:\WINDOWS\bundles\vl_ezstub.exe -> Adware.eZula : Cleaned with backup
C:\WINDOWS\ctfmon.exe -> Spyware.Monker : Cleaned with backup
C:\WINDOWS\cxtpls_loader.exe -> Spyware.AproposMedia : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\BM.dll -> TrojanDownloader.Lookme.j : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.PornWare.PopCap.b : Cleaned with backup
C:\WINDOWS\SYSTEM\UpdInstall.exe -> Spyware.VX2 : Cleaned with backup
C:\WINDOWS\SYSTEM32\carules.dll -> Spyware.Coupon : Cleaned with backup
C:\WINDOWS\SYSTEM32\IfMegaWbr.dll -> TrojanDropper.Small.xm : Cleaned with backup
C:\WINDOWS\SYSTEM32\in10thinInstall11s.dll -> TrojanDropper.Small.op : Cleaned with backup
C:\WINDOWS\SYSTEM32\MyDailyHoroscope17307.dll -> TrojanDropper.Small.nj : Cleaned with backup
C:\WINDOWS\SYSTEM32\ntsfrf.exe -> Spyware.Adstart : Cleaned with backup
C:\WINDOWS\SYSTEM32\svc.dll -> TrojanDropper.Miewer.a : Cleaned with backup
C:\WINDOWS\unstall.exe -> Spyware.MediaMotor : Cleaned with backup


::Report End

#5 User is offline   Mat2 

  • Malware Fighter
  • PipPipPipPip
  • Find Topics
  • Group: Members
  • Posts: 374
  • Joined: 25-September 05
  • Gender:Male
  • Location:Derbyshire, UK

Posted 05 November 2005 - 04:24 AM

Hi, thanks for the logs.

Please do the following: Download, install, update, configure, and run Ad-Aware SE Personal 1.06.


Download Ad-Aware SE Personal 1.06:

Download Ad-Aware SE Personal.

Save aawsepersonal.exe to a convenient location (eg. the Desktop).


Install Ad-Aware SE Personal
    Double-click on aawsepersonal.exe to install the program.

    Follow the default settings for installation.

    After the program has finished installing, uncheck the "Perform a full system scan now", "Update definition file now", and "Open the help file now" boxes.
Update Ad-Aware SE Personal
    Double-click the Ad-Aware SE Personal icon on your Desktop.

    Click "Check for updates now" then click "Connect".

    It will check for any updates. If any are found click "OK" to download and install the updates. Once it has finished click "Finish".

Configure Ad-Aware SE Personal
    Click on the Gear button at the top of the window.

    Click "General" on the left hand side to display the General Settings box.
Make sure the following items have a green check/tick next to them. If they do not, click once on the circle next to them to put a green checkmark:
    "Automatically save logfile"

    "Automatically quarantine objects prior to removal"

    "Safe Mode (always request confirmation)"

    "Prompt to update outdated definitions" - change to 7 days from the default 14.
Click "Scanning" on the left hand side to display the Scan Settings box.

Make sure the following items have a green check/tick next to them. If they do not, click once on the circle next to them to put a green checkmark:
    "Scan within archives"

    "Select drives & folders to scan" - select your hard drive(s).

    "Scan active processes"

    "Scan registry"

    "Deep-scan registry"

    "Scan my IE favorites for banned URLs"

    "Scan my Hosts file"
Click "Advanced" on the left hand side to display the Advanced Settings box.

Make sure the following items have a green check/tick next to them. If they do not, click once on the circle next to them to put a green checkmark:
    "Move deleted files to Recycle Bin"

    "Include additional object information"

    "Include negligible objects information"

    "Include environment information"
Click "Defaults" on the left hand side to display the Default Settings box.

Make sure the following items have your preferred settings in them.:
    "Default homepage"

    "Default searchpage"
Click "Tweak" on the left hand side to display the Tweak Settings box.

Click the + (plus) sign next to the Log Files section. This will expand the section.

Make sure the following items have a green check/tick next to them. If they do not, click once on the circle next to them to put a green checkmark:
    "Include basic Ad-Aware settings in log file"

    "Include additional Ad-Aware settings in log file"

    "Include reference summary in log file"

    "Include alternate data stream details in log file"
Click the + (plus) sign next to the Scanning Engine section. This will expand the section.

Make sure the following items have a green check/tick next to them. If they do not, click once on the circle next to them to put a green checkmark:
    "Unload recognized processes & modules during scan"

    "Scan registry for all users instead of current user only"

    "Obtain command line of scanned processes"
Click the + (plus) sign next to the Cleaning Engine section. This will expand the section.

Make sure the following items have a green check/tick next to them. If they do not, click once on the circle next to them to put a green checkmark:
    "Always try to unload modules before deletion"

    "During removal, unload Explorer and IE if necessary"

    "Let Windows remove files in use at next reboot"

    "Delete quarantined objects after restoring"
Once you are done with these settings, click "Proceed" to save them.

This will take you back to the main screen.

Run Ad-Aware SE Personal
    Click the "Start" button.

    Uncheck the "Search for negligible risk entries" entry.

    Choose the "Use custom scanning options" scan mode.

    Click the "Next" button.

    Ad-Aware will begin to scan for malware residing on your computer.

    Allow the scan to finish.

    Right-click on any entry in the list and click "Select All" to select the whole list.

    Click "Next" and choose "OK" at the prompt to quarantine and remove the objects.
Next

Download CCleaner from here to clean temp files from your computer.
  • Double click on the file to start the installation of the program.
  • Select your language and click OK, then next.
  • Read the license agreement and click I Agree.
  • Click next to use the default install location. Click Install then finish to complete installation.
  • Double click the CCleaner shortcut on the desktop to start the program.
  • On the "Windows" tab, under "Internet Explorer," uncheck "Cookies" if you do not want them deleted.  (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
  • If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla.
  • Click Run Cleaner to run the program.
  • Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.
  • After CCleaner has completed its process, click Exit.
Next

First is download Spybot S & D available from here.

1. Downloaded and Install Spybot S&D, accepting the Default Settings

2. In the Menu Bar at the top of the Spybot window you will see 'Mode'. Make certain that 'default mode' has a check mark beside it.

3. Close ALL windows except Spybot S&D

4. Click the button to ‘Search for Updates’ then download and install the Updates.

5. Next click the button ‘Check for Problems'

6. When Spybot is complete, it will be showing ‘RED’ entries bold 'Black' entries and ‘GREEN’ entries in the window

7. Make certain there is a check mark beside all of the RED entries ONLY.

8. Choose ‘Fix Selected Problems’ and allow Spybot to fix the RED entries.

9. REBOOT to complete the scan and clear memory.

After you have restarted windows you will need to do another Ewido scan. Once it has done can you post the log from it back here. Also can you tell me if adaware and spybot find anything.
Mat2



Posted Image

#6 User is offline   Mat2 

  • Malware Fighter
  • PipPipPipPip
  • Find Topics
  • Group: Members
  • Posts: 374
  • Joined: 25-September 05
  • Gender:Male
  • Location:Derbyshire, UK

Posted 23 November 2005 - 12:13 PM

Hi

I am contacting you to see if you still require the help, as i have not heard anything from you.

If you do still need help, please can you Copy/Paste a new HJT Log, back here in this thread.


Do Not Start a New Topic


Regards
Mat2



Posted Image

#7 User is offline   Mat2 

  • Malware Fighter
  • PipPipPipPip
  • Find Topics
  • Group: Members
  • Posts: 374
  • Joined: 25-September 05
  • Gender:Male
  • Location:Derbyshire, UK

Posted 12 December 2005 - 06:09 PM

Due lack of response from the poster, this thread will now be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
Mat2



Posted Image

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users